This evening, I’m planning to be at the inaugural Windows Server UK user group meeting, prompting me to write up my notes from the Windows Server 2008 Technical Overview event held at Microsoft UK last month. Presented by Andy Malone from Quality Training, I’ve already given my (negative, but hopefully constructive) feedback to Microsoft on this event (so I won’t dwell here on why I thought it was so bad – although the presenter seems to think that it went rather well…) but I did at least manage to glean some information about the latest Windows Server release – what follows picks out some of the highlights.
Formerly codenamed Longhorn Server, Windows Server 2008 shares a common code base with Windows Vista and, not surprisingly, Microsoft is touting it as the most secure and highest quality version of Windows ever produced.
The first change is the setup; with three distinct phases of:
- Setup (product installation).
- Server welcome (initial configuration) – except in upgrades.
- Role configuration and management.
Whilst looking at deployment, it’s worth mentioning that remote installation services (RIS) has been replaced by Windows Deployment Services (actually, this is also available with Windows Server 2003 SP2) which, unlike ADS, supports client and server operating systems as well as multicast deployment.
Windows Server 2008 also pulls much of the administration into one console – Server Manager (which made me smile, casting my mind back to the old Windows NT Server Manager console). There are some new component concepts to get around – components are now known as roles and features but more significant is Windows Server Core, an installation option consisting of a subset of executable files and libraries, providing a small footprint for a much reduced attack surface. Offering a number of server roles, Server Core provides core functionality in either a standalone (e.g. headless) scenario or as part of a larger Windows Server infrastructure. There are no GUI tools for Server Core – management is via command line tools (local and remote), terminal services (remote) or Microsoft Management Console (MMC) snap-ins (remote). Server core is an installation-time choice (there is no option to convert to a standard installation later) and Server Core will not support application installations (such as SQL Server, Exchange Server, etc.) but I can see it being very useful for running core infrastructure (AD, DNS, DHCP, etc.) servers in a secure fashion.
Other security features (some of which are already present in Windows Vista) include support for the trusted platform module, BitLocker drive encryption, a redesigned TCP/IP stack with native support for IPv6 (alongside IPv4), the updated Windows firewall, new Group Policy settings and Windows Service hardening whereby services run in their own address space and a number of layers are used to separate the kernel, service, administration, user and low-rights program layers. Windows Server 2008 will also (finally) see Microsoft introduce network access protection (NAP).
Some network features are being removed from Windows Server: the file replication service (FRS) is replaced by remote differential compression (RDC); bandwidth allocation protocol (BAP) is out, as is X.25 support, serial line interface protocol (SLIP) support, and services for Macintosh (SFM); there are also a number of changes to routing and remote access with the removal of open shortest path first (OSPF), the basic firewall and static IP filter APIs.
Terminal Services gains new functionality too – including a version 6 of the remote desktop protocol (RDP) and:
- Terminal Service Gateway – providing RDP over HTTPS support for remote access to corporate applications.
- Terminal Service Remote Programs – centralised management of line of business applications on a roaming basis, integrated with Terminal Service Web Access.
- Single sign-on for managed clients.
At least in the beta product, Active Directory sees a number of name changes – some of which make sense and others which seem be be inteded just to cause confusion:
|Old name||New name|
|Active Directory||Active Directory Domain Services|
|Active Directory Application Mode (ADAM)||Active Directory Lightweight Directory|
|Windows Rights Management||Active Directory Rights Management|
|Windows Certificate Services||Active Directory Certificate Services|
|Identity Integration Feature Pack||Active Directory Metadirectory|
(I fully expect at least some of these to change again before product release!)
There are some Active Directory goodies too:
- Backup domain controllers (BDCs) are back! Except that now they are called read-only domain controllers (with unidirectional replication to offer credential caching and whilst increasing the physical security of remote domain controllers, e.g. in branch offices).
dcpromo.exenow supports Server Core (i.e. it will run in command line mode), uses the logged on credentials for promotion and allows the seed method to be chosen (e.g. populate from a specific server offering Active Directory domain services), enables site selection (with automatic detection), provides automatic DNS configuration (for resolvers and delegation), and allows role selection for DNS (on by default), global catalog (on by default) and read-only domain controllers.
- Active Directory can be restarted without rebooting (e.g. to run
ntdsutil.exewith the server online, just stopping and restarting Active Directory services).
- An attribute editor is available in the Active Directory Users and Computers snap-in with advanced features enabled, avoiding the need to use the ADSIedit support tool.
Of course, Internet Information Services (IIS) gets an overhaul and the new IIS version 7 features a much-improved (MMC v3) administrative interface (as well as application and architectural enhancements). Windows Server 2008 also gains improved Unix interoperability features with authentication integration, Unix scripting and application migration tools, support for both 32 and 64-bit applications and extensions to the AD schema to support UNIX-related attributes (using LDAP as a NIS service – see RFC 2307). Clustering is also improved with a new MMC v3 management interface, enhanced infrastructure (e.g. support for graphically dispersed clusters and for GUID partition table disks in cluster storage) and improved security.
Before I wrap up, I’ll mention that there is a lot of misinformation circulating around Windows Server Virtualization (WSV). WSV is not part of Windows Server 2008 but it has been announced that it will ship as a separate product within 180 days of Windows Server 2008. Some features were recently cut from the initial release (Microsoft prefers to use the term postponed) and may make it into a future service pack or other update.
As one might guess from the name Windows Server 2008, the product looks set to be released late in 2007. Looking further out at the Windows Server roadmap, we can expect a 64-bit only “release 2” in late 2009 and the next major release in 2011. It looks to me as if there’s a lot of good features in Windows Server 2008 – watch this space to learn more just as fast as I do!