Looking Ahead to Windows Server 2008
Changes in store for Windows Server 2008 improve directory services, refine IIS, and offer a GUI-free alternative if all you need is a server.
Windows Server 2008, previously known as Windows Server "Longhorn" is scheduled to be released in the second half of this year. We'll see if they actually make it, but either way we are looking at the arrival of a brand new server operating system in a matter of months. Now is the time to start absorbing new features and improvements so you will be ready to deploy Win2k8 when the time comes.
Let's begin this crash course in Win2k8 by taking a look at improvements to server virtualization. Virtual Server 2005 has been replaced by what's called "Windows Server virtualization" or WSv for short. One of the most exciting features of WSv is dynamic processor addition. This is extremely powerful because it means that you can shift CPU resources on the fly to virtual hosts that need them most. WSv also allows you to dynamically add/remove network adapters and virtual hard drive files (.VHD files).
Other highlights of WSv include the ability to host supported Linux operating systems, memory page file sharing among virtual hosts, PXE boot on virtual hosts, and hot backup of hosts using volume shadow copy. WSv also adds the ability for virtual hosts to see and use data on the parent OS. For large environments with an assortment of IT groups running various services, WSv will make your life easier by adding the ability to delegate control of virtual hosts to sub-administrators. Finally, if you enter the clustering arena then you will have the ability to use "Live Migration." This feature allows live virtual machines to be moved among different parent operating systems in the cluster with little or no down time.
"Server Core" provides an installation of Windows Server 2008 without a graphical user interface (GUI) or the ability to run applications. The crowd is roaring on this one because we can finally install Windows server without a bloated GUI. The following subset of services can run on Server Core:
- Windows Server virtualization (WSv)
- Dynamic Host Configuration Protocol (DHCP) server
- Domain Name System (DNS) server
- File server
- Active Directory Directory Services (AD DS)
- Active Directory Lightweight Directory Services (AD LDS)
- Windows Media Services
- Print Management
It's particularly important to notice that WSv is one of the available services under Server Core. This is extremely powerful because it will allow us to mimic the model that a VMware ESX server uses for free! There is no need for a GUI on the base OS when all it is doing is hosting virtual servers.
Next up are the improvements to Terminal Services. A nice little feature, that comes with Vista as well, is the ability to use the remote desktop client in conjunction with a spanned monitor desktop. Don't get too excited though because the maximum combined resolution for all monitors is 4096 x 2048, and it doesn't support vertical spanning. This will probably prove to be more useful for a Vista desktop than for managing servers, but nonetheless it is there if you want it.
Terminal Services also includes a new feature called the "TS Session broker." This is supposed to provide a simpler alternative to functionality previously handled by Microsoft Network Load Balancing, and allows for end users to be directed to the least used terminal server. "TS Easy Print" is designed to make local/network printers available through a terminal services session without needing drivers installed on the server side. A new feature called "RemoteApp" allows a terminal server hosted application to appear on a user's desktop just as any other local program would appear. "TS Web Access" allows users to launch terminal server applications from a web page, and last but not least, are some improvements to terminal server licensing.
Active Directory (AD) has been given some attention in Win2k8 as well. A new and more comprehensive wizard has been created for promoting domain controllers. We also have the ability to restart AD Domain Services without having to reboot the entire server. Perhaps the most interesting addition to AD functionality is the new Read Only Domain Controller (RODC). This feature will probably be most useful at remote sites where central IT control is limited. The RODC does not permanently store passwords, but can cache credentials used by users at that location. It can also provide read-only AD integrated DNS. Finally, the RODC has the handy ability to provide administrator access to the server without giving access to any other domain controllers. This is great for remote administrators that might need to patch the server, but don't need additional domain access.
Internet Information Services (IIS) 7 has several nice improvements in Win2k8. First, it has been re-designed with modular components. This makes it easy to strip out pieces that aren't needed for a reduced attack surface. Second, IIS 7 has been given a new management interface that operates via HTTP/SSL. Remote administration will be more secure because there will be no need for punching additional holes through a firewall. The new interface also allows for delegation of rights to sub-administrators, a feature that will be particularly useful for large environments hosting multiple sites with different owners. Finally, IIS 7 claims to give more detailed error messages, and now includes support for PHP!
The Windows firewall has been vastly improved, and now supports filtering of incoming and outgoing packets. Microsoft has also merged IPSec configuration with Windows firewall configuration in a new MMC snap-in called Windows Firewall with Advanced Security.
Long awaited improvements to the Event Viewer are finally here in Win2k8. Highlights include more granular event logging and the ability to "subscribe" to events on other servers. By subscribing to events on other servers they can be propagated to a central location.
That's it for now, of course there are many more updates that had to be left out for brevity. Here is a list of some other nice enhancements that may be worth further research on your own:
- Certificate Services
- SMB 2.0
- TCP/IP stack
- Network Access Protection