Windows Server 2008: preview, part 2

In the second part of our preview of Windows Server 2008, we examine its new virtualisation functionality, take a look at the enhancements to Terminal Services, and more.

In the first part of this preview we said that Windows Server 2008 was more or less complete and ready for launch. That, it seems, was a little premature, as a number of important announcements have been made since then that affect both the content and release schedule of the product. First the release date, which won’t be the end of 2007 as everyone had anticipated. The official launch has now been put back to 27 February 2008, although the product may slip out to enterprise customers before that — the February date is more about being able to stage a glitzy launch event than finalising the code.

As well as being a lot later than expected, the new release schedule also has implications for the much-talked-about Windows Server Virtualization (WSV) option — which we'll examine in more detail shortly. Microsoft had already announced that this wouldn’t be released along with the main server software, promising that it would be launched sometime within the following 180 days. As such, it may now appear as late as July/August 2008.

Another change is an about-face on deploying the IIS 7.0 Web server on the new cut-down Server Core implementation of Windows Server 2008. Originally this wasn’t included as one of the possible roles but 'due to customer demand', it is now a supported configuration. However, there are a few provisos such as a lack of graphical management tools. There’s also no .NET Framework for Server Core, which means that ASP.NET won’t be available either — although standard ASP will work, and you will get the new FastCGI support and PHP facilities provided as part of IIS 7.0.

Virtual enhancements
The most keenly anticipated feature of Windows Server 2008 is the virtualisation technology codenamed Viridian, now officially called Windows Server Virtualization (WSV). First, it’s important to understand how WSV will differ from the current Virtual Server 2005 product, which will continue to be developed alongside the Windows Server 2008 solution.

The principal difference is that, like many virtualisation products, Virtual Server 2005 runs as an application on top of a host operating system, sharing out the physical resources on that host among one or more virtual machines (VMs) running guest operating systems. This arrangement means that the virtualisation software can only communicate with the underlying hardware indirectly, through the host operating system. Also, for the sake of compatibility, it emulates standard hardware interfaces for things like storage and network access, further impacting performance.

By contrast, WSV is a 'hypervisor' implementation whereby the virtualisation software runs directly on the underlying hardware, without the need for a host operating system. In theory, this results in enhanced performance and security compared to hosted alternatives such as both Virtual Server 2005 and market leader VMWare’s rival VMWare Server product.

WSV is not the first hypervisor solution, though. VMWare also leads the market here with ESX Server (now part of its VMware Infrastructure platform), with Xen increasingly popular in the open source space. Moreover, it’s not quite the case that you don’t need a host OS with WSV, as Microsoft has opted for what it calls a 'micro-kernelised' implementation, with the drivers needed to communicate with the underlying hardware stripped out of the hypervisor to minimise its size. So, although the hypervisor doesn’t run as a Windows application, WSV does need a primary partition running Windows Server 2008 to work, although this can be Server Core rather than the full graphical operating system.

Another big difference compared to Virtual Server 2005 is the replacement of standard hardware interfaces and emulators with new drivers that are optimised to use the underlying hypervisor technology more effectively. For these to work, however, the guest virtual machines need to run so-called 'enlightened' operating systems containing the necessary code to work with this new technology.

That restricts compatibility, although Windows Server 2008 will itself come with these 'enlightened' drivers, allowing it to be run as a guest on WSV, as does Windows Vista. Microsoft will also provide enlightened extensions for Windows XP and Windows Server 2003 and is partnering with XenSource to develop enlightenments to enable Linux to be employed as a guest OS.

Windows Server Virtualisation (WSV) employs a 'micro-kernelised' hypervisor with a primary partition running Windows Server 2008 and 'enlightened' guests configured to use its optimised I/O drivers.

Like Virtual Server 2005, Windows Server Virtualisation will be available free of charge — although because it’s dependent on Windows Server 2008, you do have to spend money to deploy it. Also, WSV can only be used on 64-bit server hardware equipped with the latest Intel or AMD processors with hardware virtualisation support. Although the latest R2 SP1 release of Virtual Server 2005 can also exploit these processor extensions, WSV is totally dependent on them.

On the plus side, WSV will be a lot more scalable than Virtual Server 2005. For example, whereas Virtual Server 2005 is limited to 32-bit virtual machines with a single virtual CPU, WSV can run either 32-bit or 64-bit guests with up to eight virtual processors/cores per VM. Each guest will also get up to 32GB of memory (Virtual Server 2005 VMs can be configured with just 3.6GB) and perhaps more as Microsoft has yet to determine what the final limit will be.

WSV wasn’t in the Beta 3 of Windows Server 2008 released in May, but at that time Microsoft announced that it would be available to run on host servers with up to 64 processors/cores. Since then, however, that number has been cut back to 16. The company has also back-pedalled on plans to support dynamic allocation of VM resources and live migration of active VMs from one host to another — key features in VMWare’s market-leading alternative.

These options will now be made available in a later release — possibly the first service pack, although that’s far from definite and no dates have been specified. It’s also worth noting that the live migration feature will be dependent on the enhanced high-availability clustering services provided by Windows Server 2008 (see below). There’s one other caveat: basic management tools are included with WSV, but if you want to manage multiple implementations you’ll need to wait until System Center Virtual Machine Manager is available. Beta 2 of the software can be downloaded now, but the release version isn’t due until the end of 2007 and could possibly be delayed given the issues getting WSV itself off the blocks.


Terminal time
Another big change in Windows Server 2008 is a major revamp of Terminal Services, which Microsoft now likes to refer to as 'presentation virtualisation'. The most notable change here is a bundling of features previously only available through third-party add-ons, from companies like Citrix. In particular, the ability to host individual applications as well as complete desktops via a module called TS RemoteApp. With TS RemoteApp, individual applications can be integrated directly into the local desktop or accessed via a web portal with minimal setup required at the client end.

Printing, another long-time bugbear, is similarly addressed by a new TS Easy Print option where the drivers on the local PC or terminal can be used rather than having to install new server-side drivers into hosted sessions. There’s also a new Terminal Services Gateway to deliver hosted sessions securely over the internet using HTTPS rather than having to configure complex VPN connections.

An updated implementation of the Remote Desktop Protocol is required to support these features — RDP 6.0 — with an updated client included with both Windows Server 2008 and Vista. Versions are also available for Windows Server 2003 and Windows XP SP2, and all incorporate the previously separate ActiveX component for browser-based access.

Terminal Services get a makeover in Windows Server 2008, with support for hosted applications and an updated RDP 6.0 client.

The new RDP client also adds support for multiple monitors and 32-bit colour displays with resolutions of up to 4,096 by 2,048. Even with these bandwidth-consuming enhancements, Microsoft claims big improvements in performance thanks to a new compression algorithm, claining that multimedia applications can now be hosted using Terminal Services; Plug and Play redirection for USB and other local devices is another useful addition here.

Windows takes a NAP
Yet another new feature in Windows Server 2008 is Network Access Protection (NAP), which is designed to stop infected or poorly configured clients gaining access to a Windows network. Not to be confused with the much simpler Network Access Quarantine Control in Windows Server 2003, NAP is a more pervasive technology designed to protect not just VPN connections, but general IPsec-protected traffic, 802.1x-authenticated connections and those configured using DHCP.

To do this, NAP implements a system of System Health Agents (SHAs) and System Health Validators (SHVs) to perform checks on any PC trying to connect to the network. Working together, these will make sure that each system has the required security patches installed, appropriate antivirus software, a desktop firewall and so on. If it doesn't, NAP can redirect the connection to a quarantine network (typically, using VLAN technology), where, optionally, remediation servers can be configured to bring the client PC into compliance before allowing it onto the network proper.

NAP consists of both client- and server-side components with a client included in Windows Vista and also available for Windows XP SP2. The server-side components are integrated into Windows Server 2008, with System Center management additions also being developed.

Microsoft claims that NAP will be compatible with similar network access control technologies such as Cisco’s Network Admission Control (NAC) and others, but as currently implemented it doesn’t provide very much in the way of granularity. For example, NAP can be used to check whether Windows Firewall is running, and switch it on if it has been disabled. However, it can’t check the firewall's configuration or change the rules setup. Instead, Microsoft is relying on third parties to provide a lot of the more detailed health checking and enforcement functionality.

A lot more besides
Among numerous other enhancements in Windows Server 2008 are major changes to the Windows Server Clustering Services. This is now renamed Windows Server Failover Clustering (WSFC) to better reflect the fact that it’s a disaster protection technology rather than high-performance clustering as provided by Microsoft SoftGrid.

The reliance on a Storage Area Network (SAN) to enable volume sharing between nodes is completely removed in WSFC. You can still use a SAN, but any network share can be used instead, including those on NAS appliances, making clustering a lot more attractive to smaller businesses. Moreover, you no longer have to buy expensive hardware configurations expressly certified for clustering, as a new validation tool can simply check that it will work with what you’ve got. Support for clustering of virtual servers has also been added, while cluster setup and management is vastly simplified in WSFC. All of this should extend the appeal of the technology.

Larger customers are also catered for with support for up to 16 nodes per cluster, larger volumes (greater than 2TB) and the fact that clustered nodes no longer have to be on the same subnet. As such, WSFC can, in theory, now be implemented over ordinary router links instead of having to configure a supporting VLAN. With configurable heartbeats, it should therefore be possible to extend a cluster over much longer distances.

Elsewhere, the TCP/IP stack gets a makeover in Windows Server 2008, with native IPv4 and IPv6 support plus improved performance through hardware acceleration and auto-tuning of the send/receive window to suit prevailing network conditions. The associated network processing can also be balanced across multiple CPUs/cores rather than just one as in previous implementations (Receive Side Scaling), with new Quality of Service (QoS) facilities to prioritise traffic. Filtering at all layers of the protocol stack is also added to support the enhanced firewall built into the new OS.

As already mentioned in the first part of this preview, the management tools in Windows Server 2008 are vastly improved, with a lot more integration and a more intuitive grouping of functionality. A lot of work has also gone into improving performance, although no concrete claims are being made at present and for maximum benefit Windows Vista is required on the client side. Moreover, there could still be a few changes between now and the revised February launch, making it very much a case of 'watch this space' until that happens.