This week I received a copy of Windows Server 2008, (formerly Longhorn Beta 3) at Tech-Ed 2007 in Orlando, Florida and I wanted to briefly share some of the enhancements the next major version of Windows Server has to offer.
The installation of Windows Server 2008 has been simplified and it mirrors the Windows Vista installation in ease of use: several screens, about an hour and I was booting into Windows Server 2008.
Once the installation of Windows Server 2008 is complete, you’ll notice an Initial Configuration Tasks window. In Windows 2003 Server, you had a similar screen that allowed you to download updates, specify an administrator password, and allow inbound traffic to your server.
In Windows Server 2008, this is taken much further. On this window, you can specify an Administrator password, time zone settings, networking, download updates, configuration of your firewall, and server role customization.
In Windows Server 2008, a role is defined as what primary purpose the server is being created for. For example, if you turn on the Domain controller role, this server will be a Domain Controller. You can have multiple roles as well. You could turn on the Domain Controller role as well as the DHCP serve role. It all depends on the requirements of your infrastructure.
Windows Server 2008 offers you a vast amount of roles but you have the flexibility to choose only the roles that apply to your organization. Examples of roles include: Active Directory (AD) Certificate Services, AD Domain Services, Application Server, DHCP server, DNS Server, Fax Server, Web Server, Terminal Server, and a host of others.
By choosing only the applicable roles, you have a slim, streamlined Windows server running which increases security and decreases risk.
From a security perspective Windows Server 2008 includes Network Access Protection (NAP). The NAP engine ensures that workstation computers that connect to your network meet minimum computer defined requirements set forth in the security policy your administrator creates.
For example, a virtual employee visits corporate HQ for the first time in four weeks with his laptop. When he hooks up to the network, he is required to update security and critical windows patches before connecting to the network. Until all this work is done, the laptop via NAP can be quarantined or denied access completely until the computer meets the minimum health requirements.
In a perfect world, all domain controllers would be in a single server room with unlimited bandwidth and power with constant surveillance. We do not live in this world and in many corporations there are quite a few satellite or branch offices throughout the country or world. In Window Server 2008, you can configure Read-Only Domain Controllers (RODC).
An RODC is a domain controller that you could install at a remote location and its sole purpose is to host a read-only copy of your Active Directory (AD) database. This method gives you peace of mind in not having to worry about the physical security of a domain controller hundreds or thousands of miles away. The RODC holds a minimal set of information and all changes made must come from a domain controller with full control that replicates to the RODC.
For example, a major car dealership could have all of their domain controllers in corporate headquarters and put an RODC in every dealership location throughout the country instead of the current common practice of a full-control domain controller. I am really excited about this feature in Windows Server 2008.
Windows Server Core
When installing Windows Server 2008, you can do a full installation or perform a Windows server core installation of the product that is new in 2008. I think this is very cool and will be used in many organizations. It allows for a lean, mean running Windows machine. There will be a learning curve and it requires configuration via command line after installation.
The Windows Server Core installs the minimum environment necessary to run the specific role you have in mind. If your server is going to just be a DHCP server, you can configure the role to just be a DHCP server and only a DHCP server.
After installing Windows Server Core and booting up, all you get is a command line box and a minimum user interface (UI). With a Windows Server Core installation, you get none of the following: desktop shell (aero, wallpaper, etc.), CLR and .NET Framework, MMC console or snap-ins, start menu, control panel, Internet Explorer, Windows Mail, WordPad, Paint, Windows Explorer, run box, etc. It is bare bones.
You do get the kernel and that is all you need. It allows you to have a very secure deployment of a specific role of Windows.
For all of your imaging and deployment needs, Remote Installation Services has been updated and renamed Windows Deployment Services and is a role that can be configured in Server Manager. When configured, you can deploy Windows operating systems without being physically present at the computer in question or needing media. It is very worthwhile to take a look at this feature if you are spending money with third-party tools that may no longer be necessary.
There are new tools available to make life easier as you manage Windows on a day-to-day basis. Windows Server 2008 provides you with a new MMC console called Server Manager where you can manage your roles, features, and server status. Microsoft even included a command line utility if you prefer that method of management.