Saturday, December 17, 2011

Top 10 Features in Windows Server 2008



1. Virtualization

Although it will not be available with the initial launch of Server 2008, Microsoft's Hyper-V 

hypervisor-based virtualization technology promises to be a star attraction of Server 2008 for many 

organisations.

Although some 75 percent of large
businesses have started using virtualization, only an estimated 10 

percent of servers out are running virtual machines. This means the market is still immature. For 

Windows shops, virtualization using Server 2008 will be a relatively low-cost and low-risk way to dip a 

toe in the water.

At the moment, Hyper-V lacks the virtualized infrastructure support virtualization market leader VMware 

can provide. Roy Illsley, senior research analyst at U.K.-based Butler Group, noted that Microsoft is 

not as far behind as many people seem to think, however. "Don't forget Microsoft's System Center, which 

is a fully integrated management suite and which includes VM Manager. Obviously it only works in a 

Wintel environment, but if you have Server 2008 and System Center, you have a pretty compelling 

proposition.

"What Microsoft is doing by embedding virtualization technology in Server 2008 is a bit like embedding 

Internet Explorer into Windows," said Illsley. "This is an obvious attempt to get a foothold into the 

virtualization market."

At launch, Microsoft is unlikely to have a similar product to VMware's highly popular VMotion (which 

enables administrators to move virtual machines from one physical server to another while they are 

running), but such a product is bound to available soon after.

2. Server Core

Many server administrators, especially those used to working in a Linux environment, instinctively 

dislike having to install a large, feature-packed operating system to run a particular specialized 

server. Server 2008 offers a Server Core installation, which provides the minimum installation required 

to carry out a specific server role, such as for a DHCP, DNS or print server. From a security 

standpoint, this is attractive. Fewer applications and services on the sever make for a smaller attack 

surface. In theory, there should also be less maintenance and management with fewer patches to install, 

and the whole server could take up as little as 3Gb of disk space according to Microsoft. This comes at 

a price — there's no upgrade path back to a "normal" version of Server 2008 short of a reinstall. In 

fact there is no GUI at all — everything is done from the command line.

3. IIS

IIS 7, the Web server bundled with Server 2008, is a big upgrade from the previous version. "There are 

significant changes in terms of security and the overall implementation which make this version very 

attractive," said Barb Goldworm, president and chief analyst at Boulder, Colorado-based Focus 

Consulting. One new feature getting a lot of attention is the ability to delegate administration of 

servers (and sites) to site admins while restricting their privileges.

4. Role-based installation Role-based installation is a less extreme version of Server Core. Although 

it was included in 2003, it is far more comprehensive in this version. The concept is that rather than 

configuring a full server install for a particular role by uninstalling unnecessary components (and 

installing needed extras), you simply specify the role the server is to play, and Windows will install 

what's necessary — nothing more. This makes it easy for anyone to provision a particular server without 

increasing the attack surface by including unwanted components that will not do anything except present 

a security risk.

5. Read Only Domain Controllers (RODC)

It's hardly news that branch offices often lack skilled IT staff to administer their servers, but they 

also face another, less talked about problem. While corporate data centers are often physically 

secured, servers at branch offices rarely have the same physical security protecting them. This makes 

them a convenient launch pad for attacks back to the main corporate servers. RODC provides a way to 

make an Active Directory database read-only. Thus, any mischief carried out at the branch office cannot 

propagate its way back to poison the Active Directory system as a whole. It also reduces traffic on WAN 

links.

6. Enhanced terminal services

Terminal services has been beefed up in Server 2008 in a number of ways. TS RemoteApp enables remote 

users to access a centralized application (rather than an entire desktop) that appears to be running on 

the local computer's hard drive. These apps can be accessed via a Web portal or directly by double-

clicking on a correctly configured icon on the local machine. TS Gateway secures sessions, which are 

then tunnelled over https, so users don't need to use a VPN to use RemoteApps securely over the 

Internet. Local printing has also been made significantly easier.

7. Network Access Protection

Microsoft's system for ensuring that clients connecting to Server 2008 are patched, running a firewall 

and in compliance with corporate security policies — and that those that are not can be remediated — is 

useful. However, similar functionality has been and remains available from third parties.

8. Bitlocker

System drive encryption can be a sensible security measure for servers located in remote branch offices 

or anywhere where the physical security of the server is sub-optimal. Bitlocker encryption protects 

data if the server is physically removed or booted from removable media into a different operating 

system that might otherwise give an intruder access to data which is protected in a Windows 

environment. Again, similar functionality is available from third-party vendors.

9. Windows PowerShell

Microsoft's new(ish) command line shell and scripting language has proved popular with some server 

administrators, especially those used to working in Linux environments. Included in Server 2008, 

PowerShell can make some jobs quicker and easier to perform than going through the GUI. Although it 

might seem like a step backward in terms of user friendly operation, it's one of those features that 

once you've gotten used to it, you'll never want to give up.

10. Better security

We've already mentioned various security features built into Server 2008, such as the ability to reduce 

attack surfaces by running minimal installations, and specific features like BitLocker and NAP. 

Numerous other little touches make Server 2008 more secure than its predecessors. An example is Address 

Space Load Randomization — a feature also present in Vista — which makes it more difficult for 

attackers to carry out buffer overflow attacks on a system by changing the location of various system 

services each time a system is run. Since many attacks rely on the ability to call particular services 

by jumping to particular locations, address space randomization can make these attacks much less likely 

to succeed.

It's clear that with Server 2008 Microsoft is treading the familiar path of adding features to the 

operating system that third parties have previously been providing as separate products. As far as the 

core server product is concerned, much is new. Just because some technologies have been available 

elsewhere doesn't mean they've actually been implemented. Having them as part of the operating system 

can be very convenient, indeed.

0 comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More