It’s taken five years, but it looks like the successor to Windows Server 2003, until recently known as Longhorn Server, is just about ready for release. A public beta (Beta 3) came out in April and it now has an official name — Windows Server 2008 — the addition of a date being a sure sign of its imminent launch.
But don’t hold your breath. Officially, the product will ship in the second half of 2007, but, given Microsoft’s record in such matters, the end of the year seems a good bet. Moreover the long-awaited Server Virtualisation technology (previously known by the codename Viridian) won’t be included at launch, and could be delayed by anything up to 180 days. Neither will it deliver everything originally promised — something we’ll look at in more detail in the second part of this preview. In the meantime, the feature set of the main operating system is complete, so little will change from the Beta 3 we’ve been testing.
We also know quite a bit about the packaging, with Windows Server 2008 set to be available in both 32-bit and 64-bit implementations, just like Windows Server 2003. The 64-bit products will, similarly, work with industry-standard x86-derived Intel and AMD processors; a separate Itanium version is also due.
The same Standard, Enterprise and Datacenter editions are planned, along with a cut-down Web server package. Likewise, you can expect the usual small business bundle, which will include Exchange, SQL Server and, optionally, ISA servers, although this won’t be available immediately. Indeed, the small business server is unlikely to put in an appearance until well into 2008, and will only be available in 64-bit format.
A completely new implementation for medium-sized companies, codenamed Centro, is also set to be introduced next year — think small-business server but rejigged for deployment on larger, multiple, servers.
The three pillars
According to Microsoft, Windows Server 2008 has three main aims, or 'pillars'. The first is to improve server control — allowing customers to cut the time they spend on everyday tasks. The second is greater flexibility — to enable companies to respond quicker to changing business needs. And the third is increased protection against ever-present security threats.
How well Server 2008 measures up against these aims only time will tell, and inevitably there’s a lot of functionality that's designed to address more than just one area. So let's press on and look at what’s new in Windows Server 2008 and discover what benefits the new features might deliver.
Ready, set, go
One of the first things we noticed was that it’s a lot easier and quicker to configure a Windows Server using the new software. As in previous releases, Microsoft has hacked away at the underlying code to make it much more modular; as a result, only the code required to support a chosen server role, and nothing else, gets installed. This time, however, the number of different roles you can choose from has gone up substantially — to eighteen in fact, with five Active Directory roles plus separate application and Web server roles. File and print server roles have also been separated, with other roles dedicated to SharePoint Services and Windows deployment services.
The idea is clearly to reduce the potential attack surface presented to would-be hackers and virus writers. However, it also reduces the amount of code that has to be installed when configuring a new server for the first time, and the amount of operator input required during that process. In most cases, all you have to do is choose your country settings, specify the product code for the type of install (standard, enterprise, datacentre and so on) and leave the installer to get on with it. You’re then presented with a new Initial Configuration Tasks tool, from which you configure the server and decide which roles you need.
There are lots of changes here, too. It’s no longer a case, for example, of adding a new role then spending hours tweaking the supporting software. Instead, wizard-driven setup routines do as much as possible for you, from making sure the required components are copied to hard disk, to setting firewall ports (enabled by default in Windows Server 2008) and ensuring that any dependent services are up and running.
You’re also advised of potential conflicts and possible security issues, plus you can choose to add optional features — another innovation in Windows Server 2008. Some 35 of these new add-ons are available in the Beta 3 product, including BitLocker whole disk encryption (similar to that provided in Windows Vista) and a new command-line and scripting interface called PowerShell.
It’s a powerful shell
Microsoft has long claimed to listen to what customers tell it, and at long last the company seems to have understood that, when it comes to server management, graphical tools are of limited value. What most administrators want is a scriptable command line — especially those who need to perform repetitive tasks, day in, day out on multiple servers.
This has always been possible in Windows Server using batch files and the built-in CMD.EXE command line. But, as a DOS throwback, you’re strictly limited in what CMD lets you do. And although you can also use VBScript and WMI, the tools involved are really aimed at programmers rather than network administrators and, again, don’t cover all the options.
PowerShell, on the other hand, is designed from the ground up to be used by server and network administrators. That doesn’t mean that it won’t take time to learn, but it compares well against what went before and the scripting shells available to UNIX/Linux users. It will run existing scripts and is also available now for use with Windows Server 2003, Windows Vista and Windows XP (check out Microsoft's web site for download details).
Another big plus is PowerShell's ability to automate just about anything. The claim is that if you can do it from the GUI you can also do it using PowerShell. For example, you can mount the server registry and access it as though it were a standard file system. You can even manage IIS and Exchange Server 2007, plus it’s possible for both end users and third parties to develop so-called 'cmdlets' that can be saved and used to create custom management tools.
Good news, then, for those who are into scripting. But that doesn’t leave those addicted to the GUI out in the cold. Far from it, Microsoft has also put a lot of effort into revamping and integrating together its graphical tools, the end result being a totally new Server Manager console that consolidates a lot of hitherto individual utilities.
Now a Microsoft Management Console (MMC) snap-in, Server Manager is much more than just an amalgamation of those tools. The interface is cleaner and easier to understand, with important status information displayed immediately rather than having to drill down through long tree structures to get to where you want. You’re also presented with intuitive context-sensitive links to HTML dashboards, wizards and other tools needed for day-to-day management.
It still takes a while to get used to, and doesn’t do away entirely with the need for separate utilities. However, Server Manager is a big improvement and really does help make Windows Server 2008 easier to administer.
Server to the core
Another innovation is Server Core, which takes the stripped-down approach to its logical conclusion, doing away with anything not absolutely needed on a network server, including the GUI. Indeed, if you opt for Server Core rather than a full setup when you install Windows Server 2008, all you’ll get is a command line plus a couple of very simple graphical tools such as Notepad and a Control Panel time and date applet.
It’s still a powerful server though, and you can still use Server Core to host server roles. The list, however, is much shorter, with just seven roles to choose from — namely Active Directory, Active Directory Lightweight Directory Services, DHCP, DNS, File, Print and Windows Media Services (media streaming). Server Core can also be used with Server Virtualisation and, although it’s not designed to be an application platform, to host SQL Server for local use.
Server Core also provides support for some of the new Windows Server features such as Backup and BitLocker full drive encryption, plus High Availability clustering.
On the downside, one of the biggest issues is that there’s no .NET Framework in Server Core, which means it’s not possible to run the new Windows PowerShell scripting language. Neither can you choose a Web server role, as IIS also depends on.NET. Microsoft representatives have spoken openly about plans to develop a cut-down framework for Server Core, but it certainly won’t be in the first release and may take a long time to arrive.
In the meantime, you do get SNMP support, and Server Core systems can also be managed remotely using the graphical tools available on other Windows Server 2008 servers.
Root and branch
Server Core is one of several enhancements aimed primarily at the branch office; another is the ability to configure a Read-Only Domain Controller (RODC). Introduced because Domain Controllers (DCs) often have to be sited in insecure remote offices to compensate for slow WAN links and provide continuity in the event of a connection failure. Unfortunately, conventional DCs all hold a compete replicated copy of the entire Active Directory database, including every single user name and password. If the host server is stolen, that’s a potential security risk requiring all of those details to be changed — often a Herculean task.
With an RODC, the database is not only read-only, but it also only stores passwords for non-administrator users who log on locally. So should the server be stolen, only a few users will be at risk. Moreover, changing the passwords and resetting and deleting the RODC has become very quick and easy.
Add BitLocker full drive encryption and branch office servers can be made even more secure, with EFS (Encrypting File System) technology also available for complete belt-and-braces protection.
And so to Web
Finally, at least for now, Windows Server 2008 includes a completely re-architected Web server in the form of Internet Information Services (IIS) 7.0 which, like the host operating system, is now much more modular.
With previous versions of IIS, all of the available functionality was built in by default, with no easy way to extend or replace what was on offer. The core of IIS 7.0, by comparison, provides only basic static web server capabilities. Over 40 separate optional modules are then available to add to that functionality, each of which can be installed independently. This approach is designed to improve security and reduce management as you only have to patch the modules you’ve installed.
Included in both the 32-bit and 64-bit editions of Windows Server 2008, IIS 7.0 still promises full compatibility with existing ASP (Active Server Pages), ASP .NET 1.1, and ASP .NET 2.0 applications, and most ISAPI extensions and filters. There’s also a new API accessible to developers using managed .NET languages such as Visual C# and Visual Basic 2005. Additional diagnostic and troubleshooting tools are provided to, for example, view requests running on the server in real time. Native PHP support is also provided, and an IIS 7.0 server can now support different PHP versions and ASP .NET applications side by side.
A new IIS Manager tool makes for much simpler management, with remote administration over HTTP plus a new command line interface, scriptable using PowerShell or WMI. Moreover, the old metabase store is replaced by a new simpler configuration file that can shared between servers, enabling global changes to be made much more quickly and easily. Web application settings can also now be stored in simple configuration files, allowing for rapid deployment simply by copying the files involved.
More to come
And that’s not all. There’s plenty more in Windows Server 2008, including a revamped High Availability clustering service, Network Access Protection (NAP) , and the much-talked-about Server Virtualisation facilities. We’ll look at all of this in more depth in part 2 of this preview.