It all started with Windows NT, Microsoft’s first serious entry into the network server market. Versions 3.1 and 3.5 of Windows NT didn’t garner very much attention in a NetWare-dominated world because they were sluggish and refused to play well with others. Along came Windows NT 4.0, which used the new Windows 95 interface (revolutionary only to those who didn’t recognize Apple’s Macintosh OS user interface) to put a friendlier face on some simple yet fundamental architectural improvements. With version 4.0, larger organizations saw that Microsoft was serious about entering the enterprise computing market, even if the product currently being offered was still limited in scalability and availability. For one, Microsoft made concessions to NetWare users, giving them an easy way to integrate with a new NT network. The company also included a revised security feature set, including finely grained permissions and domains, which signified that Microsoft considered enterprise computing an important part of Windows.
After a record six and one-half service packs, NT 4.0 is considered by some to be the most stable operating system ever to come out of Redmond. However, despite that, most administrators with Unix experience required an OS more credible in an enterprise environment—one that could compare to the enormous Unix machines that penetrated that market long ago and had unquestionably occupied it ever since. It wasn’t until February 2000, when Windows 2000 Server was released, that these calls were answered. Windows 2000 was a complete revision of NT 4.0 and was designed with stability and scalability as first priorities.
However, something was still lacking. Sun and IBM included application server software and developer-centric capabilities with their industrial-strength operating systems, Solaris and AIX. Windows 2000 lacked this functionality. In addition, the infamous security problems associated with the bundled Windows 2000 web server, Internet Information Services (IIS), cast an ominous cloud over the thought that Windows could ever be a viable Internet-facing enterprise OS. Given that many saw Microsoft as “betting the company” on a web services initiative called .NET, it was critical that Microsoft save face and do it right the next time. It wasn’t too late, but customers were very concerned about the numerous security vulnerabilities and the lack of a convenient patch management system to apply corrections to those vulnerabilities. Things had to change.
From stage left, enter Windows Server 2003. What distinguished the release other than a longer name and a three-year difference in release dates? Security, primarily. Windows Server 2003 came more secure out of the box and was heavily influenced by the month-long halt of new development in March 2002, referred to by Microsoft as the beginning of the Trustworthy Computing Initiative, wherein all developers and product managers did nothing but review existing source code for security flaws and attend training on new best practices for writing secure code. Performance was also improved in the Windows Server 2003 release, focus was put on making the operating system scalable, and in general enterprise administration was made more efficient and easier to automate. Microsoft also updated some bundled software via the Windows Server 2003 R2 release, making it more straightforward to manage identities over different directory services and security boundaries, distribute files and replicate directory structures among many servers, and more.
But as always, no software is perfect, and there’s always room for improvement. As business requirements have changed, Microsoft developers worked in tandem on Windows Vista and the next release of Windows on the server. When Windows Vista was released to manufacturing, the teams split again, and the Windows Server 2008 group added a few new features and then focused on performance and reliability until the release.
Unlike the transition from Windows 2000 Server to Windows Server 2003, which was a fairly minor “point"-style update, Windows Server 2008 is a radical revision to the core code base that makes up the Windows Server product. Windows Server 2008 shares quite a bit of fundamental code with Windows Vista, which was a product derived directly from the techniques of the secure development model (SDM)—sea change in programming methodologies at Microsoft that puts secure code at the forefront of all activity. Thus, a lot of new features and enhancements you will see in the product are a result of a more secure code base and an increased focus on system integrity and reliability.
The most radical changes to Windows Server 2008 include Server Core and the new Internet Information Services 7.0.
Server Core is a minimal installation option for Windows Server 2008 that contains only a subset of executable files and server roles. Management is done through the command line or through an unattended configuration file. According to Microsoft:
Server Core is designed for use in organizations that either have many servers, some of which need only to perform dedicated tasks but with outstanding stability, or in environments where high security requirements require a minimal attack surface on the server.
Accordingly, there are limited roles that Core servers can perform. They are:
Dynamic Host Configuration Protocol (DHCP) server
Domain Name System (DNS) server
Domain controller, including a read-only domain controller
Active Directory Lightweight Directory Services (AD LDS) server
Windows Server Virtualization
IIS, although only with a portion of its normal abilities—namely only static HTML hosting, and no dynamic web application support
Additionally, Server Core machines can participate in Microsoft clusters, use network load balancing, host Unix applications, encrypt their drives with Bitlocker, be remotely managed using Windows PowerShell on a client machine, and be monitored through Simple Network Management Protocol, or SNMP.
Most administrators will find placing Server Core machines in branch offices to perform domain controller functions is an excellent use of slightly older hardware that might otherwise be discarded. The smaller footprint of Server Core allows the OS to do more with fewer system resources, and the reduced attack surface and stability make it an excellent choice for an appliance-like machine. Plus, with a branch office, you can combine Server Core with the ability to deploy a read-only domain controller and encrypt everything with BitLocker, giving you a great, lightweight, and secure solution.
The venerable Microsoft web server has undergone quite a bit of revision in Windows Server 2008. IIS 7 is, for the first time, fully extensible and fully componentized—you only install what you want, so the service is lighter, more responsive, and less vulnerable to attack. The administrative interface for IIS has also been completely redesigned. Key improvements include:
For the first time in IIS history, administrators exercise complete control over exactly what pieces of IIS are installed and running at any given time. You can run the exact services you require—no more, no less. This is of course more secure, not to mention easier to manage and better performing.
IIS 7 allows developers to access a brand-new set of APIs that can interact with the IIS core directly, making module development and customization much easier than it ever has been. Developers can even hook into the configuration, scripting, event logging, and administration areas of IIS, which opens a lot of doors for enterprising administrators and third-party software vendors to extend IIS’ capabilities sooner rather than later.
Configuration can be accomplished entirely through XML files. Central IIS configuration can be spread across multiple files, allowing many sites and applications hosted by the same server to have independent but still easily managed configurations. One of Microsoft’s favorite demos of IIS 7 is setting up a web farm with identically configured machines; as new members of the farm are brought online, the administrator simply uses XCOPY and moves existing configuration files over to the new server, and in a matter of seconds, the IIS setup on the new machine is identical to that on the existing machines. This is perhaps the most meaningful, and most welcome, change in IIS 7.
Much like Active Directory allows administrators to assign permissions to perform certain administrative functions to other users, IIS administrators can delegate control of some functions to other people, like site owners.
The Windows Server 2008 team has made a special effort at improving network performance and efficiency. For the first time, there is a dual-IP layer architecture for native IPv4 and IPv6 support together, simultaneously. (If you’ve ever configured IPv4 and IPv6 on a Windows Server 2003 machine, you’ll know what a pain it is to get them to interoperate without falling all over each other.) Communications security is enhanced through better IPsec integration throughout the various pieces of the TCP/IP stack. Hardware is used more efficiently and robustly to speed up performance of network transmissions, intelligent tuning and optimization algorithms run regularly to ensure efficient communication, and APIs to the network stack are more directly exposed, making it easier for developers to interact with the stack. Let’s take a look at some of the improvements in what the team is calling Next Generation Networking.
As I alluded to earlier, many changes in Windows Server 2008 were made to the TCP/IP stack itself. One such improvement is the auto-tuning TCP window size: Windows Server 2008 can automatically tune the size of the receive window by each individual connection, increasing the efficiency of large data transfers between machines on the same network. Microsoft quotes the following example: " ... on a 10 Gigabit Ethernet network, packet size can be negotiated up to 6 Megabytes in size.”
The dead gateway detection algorithm present in Windows Server 2003 has been slightly improved: Windows Server 2008 now tries every so often to send TCP traffic through what it thinks to be a dead gateway. If the transmission doesn’t error out, then Windows automatically changes the default gateway to the previously detected dead gateway, which is now live. And Windows Server 2008 supports offloading network processing functions from the CPU itself to the processing circuitry on the network interface card, freeing up the CPU to manage other processes.
There are also improvements to network scaling. For example, in previous versions of Windows Server, one NIC was associated with one single, physical processor. However, with the right network card, Windows Server 2008 supports scaling NICs and their associated traffic among multiple CPUs (a feature called receive-side scaling), permitting much higher amounts of traffic to be received by one NIC on a highly loaded server. This particularly benefits multiprocessor servers, since more scale can be added simply by adding processors or NICs and not by adding entirely new servers.
Network applications are growing in popularity with each passing week. Windows Server 2008 sees more work in the Terminal Services/Remote Desktop area than might have been expected, and some of the new capabilities are very welcome improvements. Aside from the three new features, the team worked on improving the core processes that make TS tick, including single sign-on to Terminal Services sessions, monitor spanning and high-resolution support for sessions, integration with the Windows System Resource Manager to better monitor performance and resource usage, and themes that make TS sessions seamless to the client.
There are three key new features added in the Windows Server 2008 release. The first is Terminal Services RemoteApp. Like the functionality offered by Citrix MetaFrame years ago, Windows Server 2008 will support—out of the box—the ability to define programs to be run directly from a TS-enabled server but be integrated within the local copy of Windows, adding independent taskbar buttons, resizable application window areas, Alt-Tab switching functionality, remote population of system tray icons, and more. Users will have no idea that their application is hosted elsewhere, except for the occasional slow response because of network latency or server overload. It’s also simple to enable this functionality: administrators create .RDP files, which are essentially text-based profiles of a Terminal Services connection that the client reads and uses to configure an RDP session for that particular program. They can also create .MSI files that can populate profiles; the main advantage here is that .MSI files are traditionally very easy to deploy via automated system management methods like Systems Management Server, Group Policy and IntelliMirror, and so on.
Next, there’s the Terminal Services Gateway. This feature allows users to access Terminal Services-hosted applications from a web portal anywhere on the Internet, secured via an encrypted HTTPS channel. The gateway can send connections through firewalls and correctly navigate NAT translation situations that stymied the use of this technology before. This saves corporations from having to deploy VPN access to remote users for the sole purpose of accessing a Terminal Services machine; plus, since the data is sent over HTTPS, almost anyone can access the sessions, even at locations where the RDP protocol is blocked by the firewall. Administrators can set connection authorization policies, or CAPs, that define user groups that are permitted to access TS through the TS Gateway machine.
Finally, in conjunction with the Terminal Services RemoteApp feature, there is also in Windows Server 2008 the TS Web Access feature, which lets administrators publicly display available TS Remote Programs on a web page. Users can browse the list for the application they want to run, click on it, and then be seamlessly embedded in the application—using all the features of TS Remote Programs—while retaining the ability to launch other programs from the same Web Access site. The service is smart enough to know that multiple programs launched by the same user should reside in the same Terminal Services session, making resource management a bit simpler. And, you can even integrate TS Web Access within SharePoint sites using an included web part.
Windows Server 2008 introduces the concept of a read-only domain controller (RODC), which is great for branch offices and other locations where the machines hosting the domain controller role can’t be physically protected in the same way as a machine in a datacenter might be. RODCs hold a read-only copy of Active Directory, which allows for the immediate benefits of faster logons and quicker authentication turnaround times for other network resources, but also for the long-term security benefits. No attacker can create changes in an easily accessible DC in a branch office that will then replicate up to the main tree at the corporate office, since the DC is read-only. The RODC can also cache the credentials of branch office users and, with just one contact to a regular, writeable domain controller up the tree, can directly service users’ logon requests. However, this caching is left off by default in the Password Replication Policy for security reasons.
Security problems have plagued Microsoft since the Windows inception, but only in the last few years, as more people have become connected, have those flaws been exploited by malcontents. Indeed, some of the vulnerabilities in products that we see patches for on “Patch Tuesdays” are the results of poor design decisions. These types of flaws are the ones Microsoft is hoping to stamp out in the release of Windows Server 2008. You’ll see quite a bit of change to the architecture of services in Windows Server 2008, including increasing the number of layers required to get to the kernel, segmenting services to reduce buffer overflows, and reducing the size of the high-risk, privileged layers to make the attack surface smaller.
While fundamentally changing the design of the operating system, the Windows Server 2008 team has also included several features designed to eliminate security breaches and malware infestations, as well as capabilities meant to protect corporate data from leakage and interception. Let’s take a look at some of the improvements.
A new feature currently known as operating system file protection ensures the integrity of the boot process for your servers. Windows Server 2008 creates a validation key based on the kernel file in use, a specific hardware abstraction layer (HAL) for your system, and drivers that start at boot time. If, at any subsequent boot after this key is created, these files change, the operating system will know and halt the boot process so you can repair the problem.
Operating system file protection also extends to each binary image that resides on the disk drive. OS file protection in this mode consists of a filesystem filter driver that reads every page that is loaded into memory, checking its hashes, and validating any image that attempts to load itself into a protected process (processes that are often the most sensitive to elevation attacks). These hashes are stored in a specific system catalog, or in an X.509 certificate embedded within a secure file on the drive. If any of these tests result in failure, OS file protection will halt the process to keep your machine secure. This is active protection against problematic malware.
The need for drive encryption has been a popular topic in a lot of security channels lately, and in both Windows Vista and Windows Server 2008 Microsoft has risen to the call by developing a feature called BitLocker. BitLocker is designed especially for scenarios where a thief may gain physical access to a hard drive. Without encryption, the hacker could simply boot another operating system or run a hacking tool and access files, completely bypassing the NTFS filesystem permissions. The Encrypting File System in Windows 2000 Server and Windows Server 2003 went a step farther, actually scrambling bits on the drive, but the keys to decrypt the files weren’t as protected as they should have been. With BitLocker, the keys are stored within either a Trusted Platform Module (TPM) chip on board your system, or a USB flash drive that you insert upon boot up.
BitLocker is certainly complete: when enabled, the feature encrypts the entire Windows volume including both user data and system files, the hibernation file, the page file, and temporary files. The boot process itself is also protected by BitLocker—the feature creates a hash based on the properties of individual boot files, so if one is modified and replaced by, for example, a Trojan file, BitLocker will catch the problem and prevent the boot. It’s definitely a step up from the limitations of EFS, and a significant improvement to system security over unencrypted drives.
Another security problem plaguing businesses everywhere is the proliferation of the USB thumb drive. No matter how securely you set your permissions on your file servers, no matter how finely tuned your document destruction capabilities are, and no matter what sort of internal controls you have on “eyes-only” documentation, a user can simply pop a thumb drive into any open USB port and copy data over, completely bypassing your physical security. These drives often contain very sensitive information that ideally should never leave the corporate campus, but they’re just as often found on keychains that are lost, inside computer bags left unattended in an airport lounge, or in some equally dangerous location. The problem is significant enough that some business have taken to disabling USB ports by pouring hot glue into the actual ports. Effective, certainly, but also messy.
In Windows Server 2008, an administrator will have the ability to block all new device installs, including USB thumb drives, external hard drives, and other new devices. You can simply deploy a machine and allow no new devices to be installed. You’ll also be able to set exceptions based on device class or device ID—for example, to allow keyboards and mice to be added, but nothing else. Or, you can allow specific device IDs, in case you’ve approved a certain brand of product to be installed, but no others. This is all configurable via Group Policy, and these policies are set at the computer level.
The Windows Firewall version included with Windows Server 2003 Service Pack 1 was exactly the same as that included in Windows XP Service Pack 2. Microsoft bundled that firewall with Service Pack 1 as a stopgap measure—deploy this firewall now, Microsoft said, so you will be protected, and we will work to improve the firewall in the next version of Windows.
That time is here. The new Windows Firewall with Advanced Security combines firewall and IPsec management into one convenient MMC snap-in. The firewall engine itself has been rearchitected to reduce coordination overhead between filtering and IPsec. More rules functionality has been enabled, and you can specify explicit security requirements such as authentication and encryption very easily. Settings can be configured on a per-AD computer or user group basis. Outbound filtering has been enabled; there was nothing but internal filtering in the previous version of Windows Firewall. And finally, profile support has been improved as well—on a per-computer basis, there is now a profile for when a machine is connected to a domain, a profile for a private network connection, and a profile for a public network connection, such as a wireless hotspot. Policies can be imported and exported easily, making management of multiple computers’ firewall configuration consistent and simple.
Viruses and malware are often stopped by software defenses before they can run within a user’s session, but the ultimate protection would be if they never even got access to the network. In Windows Server 2008, Microsoft has created a platform whereby computers are examined against a baseline set by the administrator, and if a machine doesn’t stack up in any way against that baseline, that system can be prevented from accessing the network—quarantined, as it were, from the healthy systems until the user is able to fix his broken machine. This functionality is called Network Access Protection.
NAP can be broken down into three key components:
Validation is the process wherein the machine attempting to connect to the network is examined and checked against certain health criteria that an administrator sets.
Compliance policies can be set so that managed computers that fail the validation process can be automatically updated or fixed via Systems Management Server or some other management software, as well as by Microsoft Update or Windows Update.
Access limiting can be the enforcement mechanism for NAP. It’s possible to run NAP in monitoring-only mode—which logs the compliance and validation state of computers connecting to the network—but in active mode, computers that fail validations are put into a limited-access area of the network, which typically blocks almost all network access and restricts traffic to a set of specially hardened servers that contain the tools most commonly needed to get machines up to snuff.
Keep in mind that NAP is only a platform by which these checks can be made—pieces of the puzzle are still needed after deploying Windows Server 2008, including system health agents (SHAs) and system health validators (SHVs) that ensure the checks and validations are made on each individual client machine. Windows Vista ships with default SHAs and SHVs that can be customized.
Servers are only effective if the administrator configures them properly. Windows Server products have traditionally been fairly simple to operate, but in Windows Server 2008 there are many improvements to the initial setup and configuration experience. Much of these details are still being worked out, and these elements may change as we draw nearer to the anticipated release date, but let’s take a look anyway and see what Windows Server 2008 has to offer in terms of manageability enhancements.
Server Manager is a one-stop shop for viewing information on a server, looking at its stability and integrity, managing installed roles, and troubleshooting configuration issues that may arise. Server Manager replaces the Configure Your Server, Manage Your Server, and Security Configuration Wizard interfaces. It centralizes a variety of MMC 3.0 snap-ins, allowing you to see at a glance what roles and features are installed on any given machine, and giving you an easy jumping-off point to begin management of those pieces.
Many an administrator have come to love Remote Installation Services (RIS), the add-on to Windows 2000 Server and Windows Server 2003 that streamed an installation of client and server operating systems over the network and provided the ability to customize installations and set them off with just a few keystrokes. In Windows Server 2008, Microsoft has radically revised RIS and renamed it Windows Deployment Services (WDS). WDS still works using pre-boot execution environment (PXE) and trivial file transfer protocol (TFTP) to an OS, but it includes Windows PE, a graphical frontend to the installation process that replaces the ugly, less functional text-based blue screen setup phase that’s plagued corporate Windows since NT 3.0.
Among the other enhancements in Windows Server 2008, work was done to improve overall system reliability and performance. For example, to view processes in previous versions of Windows Server, you had two basic tools, both of which were virtually unchanged from release to release—the Task Manager and the Performance Monitor. In Windows Server 2008, these tools have been combined into a single interface, called the Performance Diagnostics Console (which is also integrated into the aforementioned Server Manager), to make it easier to view statistics and alerts about how well your machine is handling its duties.
The Resource View is a simpler, but more powerful, view of how certain processes and services, among other metrics, are using the available resources on your machine. The Reliability Monitor shows a detailed view of exactly what events are occurring on a regular or intermittent basis to degrade the stability of your server. For example, you can see problems and degradations based on software installation activity, application failures, hardware missteps, Windows failures, and other, uncategorized problems. The Reliability Monitor generates a “stability index,” which is a painfully arbitrary number supposedly representing, on a scale of 1 to 10, how pristine your system is.
As always, Microsoft has split up the various editions of Windows Server 2008 so that, in theory, each customer segment is served by the right product with the right feature set at the right price. Windows Server 2008 is available in the following editions:
This version of Windows Server 2008 is optimized to host web sites using IIS and is therefore limited in its support of hardware and in its feature set. It’s designed specifically as a web server, so you won’t find many features enabled other than IIS, ASP.NET, and some other web hosting-specific capabilities. Avoid this edition unless you have machines whose sole purpose is serving web and other Internet content.
This is the plain-vanilla version of Windows that most corporations likely will deploy. Included with it is support for up to two processors and 4 GB of memory. SE includes most of the features and support of the other editions, including the .NET Framework, IIS 7, Active Directory, the distributed and encrypting filesystems, and various management tools. You also receive Network Load Balancing (a feature previously reserved for the “premium editions” of the NT server product) and a simple Post Office Protocol 3 (POP3) server which, coupled with the existing Simple Mail Transfer Protocol (SMTP) server bundled with IIS, can turn your Windows Server 2003 machine into an Internet mail server.
Aimed squarely at more demanding environments, EE adds clustering support, support for eight processors, 64 GB of RAM for x86-based systems and up to 2 TB of RAM for x64 systems, the ability to hot-add memory to a running server, and unlimited network connections, among other things.
This performance- and scalability-enhanced Windows Server 2008 edition supports from 8 to 32 processors, hot-adding of processors and their replacement, and features the same memory support of the Enterprise Edition. With the exception of more extensive firewalling features and some increase in virtual machine licensing, DE is identical to EE.
For more information, visit the Microsoft web site at http://www.microsoft.com/windowsserver2008/en/us/editions-overview.aspx.
Table 1-1 lists Microsoft’s minimum and recommended system requirements for running Windows Server 2008.
1 GHz (x86 processor) or 1.4 GHz (x64 processor)
2 GHz or faster
512 MB RAM
2 GB RAM or greater
Available Disk Space
40 GB or greater
Super VGA (800 × 600) or higher resolution monitor
Keyboard and Microsoft Mouse or compatible pointing device
However, anyone with prior experience with Windows operating systems is likely familiar with the simple fact that Microsoft’s minimum system requirements (and often, the recommended requirements as well) are woefully inadequate for all but the most casual serving duties. Based on price and performance considerations as of this writing, I recommend the following specifications for any Windows Server 2008 version available through traditional channels. I’ll refer to these as the “realistic minimums” from this point on in the book.
A Pentium III 1GHz processor
A server machine capable of using dual processors
At least 512 MB of RAM
At least 9 GB of disk space
In this day and age, PC hardware changes in value, speed, and availability on what seems like a daily basis. Unless your sole job is to continually specify the hardware platforms and configurations on which your client and server computers will run, it only takes missing a week’s worth of developments to miss out on new processor speeds, chipset replacements or introductions, and hard-drive enhancements.
Of course, the methodology for selecting hardware for your servers remains true regardless of the operating system—disk speed is the single most prominent bottleneck in a fileserver, whereas an application server has performance obstacles in the processor and memory.
Windows Server 2008 presents an interesting set of features that result in tangible benefits for many administrators. The Server Core version of the product is perhaps the most useful new installation option of Windows on the server in quite a while, and it’s appropriate for use in many situations where rock-solid servers are required. If your server farm hosts network-intensive applications, you’ll find the changes to the TCP/IP stack and other network performance improvements tantalizing, and hardware assistance now makes network scaling much more cost effective by requiring fewer physical servers than before. Security is of course of paramount importance, and NAP alone is worth investing in Windows Server 2008. Management capabilities are improved as well.
Two general camps of people and their organizations will find compelling reasons to immediately upgrade to Windows Server 2008:
NT Server 4.0 reached the end of its supportable life on December 31, 2004. Windows 2000 Server’s mainstream support ended June 30, 2005, and while extended support will be available until July 13, 2010, it’s smart to consider a move. Windows Server 2008, a fundamentally major release, provides a good jump up to new features, although it will likely require a hardware refresh if you are still running Windows NT or Windows 2000 in production.
If there’s no fee or additional monetary outlay for your upgrade, you can get the benefit of Windows Server 2008 for little overall monetary cost.
If you are not a member of either group, the value of upgrading to Windows Server 2008 is less clear, though a strong case could be made for moving up. If you’re happily chugging away with Windows Server 2003 or R2, have read this chapter and don’t see any features you absolutely must have now, and don’t have an update agreement with Microsoft, you might want to skip this release and wait for Windows Server 2009 (or whatever the appropriate year might be).
For most corporations, it’s a question of timing. Consider that the next radically different revision of Windows is about three years away on the desktop and four to five years away on the server. You’ll have plenty of time to move to Windows Server 2008 in that window. For others, it’s a question of finances: if you can’t afford to upgrade to Windows Server 2008, then it’s a dead end. If you are satisfied with Windows Server 2003, or the R2 edition, and have secured it properly, nothing in Windows Server 2008 is absolutely mandatory. The same goes with those running the original release of Windows Server 2003 with Service Pack 1 without a complimentary upgrade route to R2.