Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL



Microsoft Windows Server 2008 and Vista are the successors to Windows Server 2003 and Windows XP. Windows Server 2008 and Vista arise out of the Longhorn project, and formerly Windows Server 2008 is Longhorn Server and Vista is the Longhorn client. Both products share a lot of common code in their engines, so in a sense both are joined at the hip. Although this book focuses on how Windows Server 2008 is different from Windows Server 2003 and how you can get the most out of that difference, we can't ignore this intimate connection between server and its intended client—and I won't. This isn't the first time that Microsoft has co-developed a client and a server; the Whistler project delivered Windows Server 2003 and XP as server and client, respectively. So perhaps this is Microsoft's pattern going forward.

Microsoft has learned a lot about servers and networking over time and has incorporated what it learned into each new version. Your first view of Windows Server 2008 may be the Server Manager application shown in Figure I.1. The Server Manager was a feature of Windows Server 2003, and so its look and feel might seem familiar to you. A close examination of this application reveals that it contains a number of new features: the incorporation of a Microsoft Management Console (MMC) tree into the left-hand pane, and a number of new sections such as the Roles Summary. Roles are a much more refined feature in Windows Server 2008 than it has been before, and while they have long been a central part of other operating systems such as Unix, they haven't been fully developed in Windows.

At first glance the Server Manager doesn't look all that different from the version that appeared in Windows Server 2003. And indeed, the Server Manager is derived from an application called Manage My Server that appeared in an earlier version of Microsoft Small Business Server. The progression doesn't appear all that different, although the underlying capabilities have been greatly expanded and enhanced. Thus most people will feel right at home with Windows Server 2008 once they spend some time with Vista, but there is a lot that's new and different in Windows Server 2008 that's under the hood.

To improve security Windows Server 2008 rewrote the TCP/IP stack completely (with IPv6 now a native service), a new server core, new web and terminal services, and Active Directory roles. To aid in hardening the operating system, Microsoft has added new features called identities, strengthened the function of certificates, and added a completely new scripting and command environment called PowerShell that exposes the operating system along with .NET objects to programmatic control.

It's not that these new features aren't powerful and useful—many of them are. Some features are future facing, such as the incorporation of IPv6, while other features such as Digital Rights Management (which is more of a concern in Vista) are nothing more than the swan song of the technology of yesteryear. So much of Windows Server 2008 is squirreled away into simple-looking dialog boxes that it can be hard to appreciate the power and complexity that the server offers. Much of this book explores these hidden features and attempts to separate the ones that you might want to use from the ones that are best left untouched.

Figure I.1. The Server Manager application may be the first window you see in a fully installed copy of Windows Server 2008.

That's one of the primary goals of this book: to save you time. You don't need to learn about things that you already know, and you want to learn about the features in Windows Server 2008 that are new and different. With a shorter read than you'll find in many other competing titles, we hope that you'll be up and running these new technologies quickly and efficiently.

Shipping Editions

Ever since Windows 2000 Server replaced Windows NT Server, Microsoft has been slicing and dicing their server products into custom versions that different market segments would adopt. Windows 2000 split first into a "standard edition" and an "enterprise edition." A little later a version for the small-medium business (SMB) market called Microsoft Small Business Server emerged, and that product eventually split into one that contained SQL Server and one that did not.

Therefore, you shouldn't be surprised to learn that the Windows Server 2008 family of server network operating system (NOS) products contains all of the same versions of Windows Server that appeared in Windows Server 2003.

There's support for three different processor families:

  • Intel x86 32-bit architecture

  • Intel x64 architecture

  • The Itanium version called IA-64

From the least feature filled and cheapest version of Windows Server 2008 the following versions of this NOS are offered for sale:

  • Web Edition, which comes in x86 and x64 versions

  • Standard Edition, which comes in x86 and x64 versions

  • Enterprise Edition, available in x86, x64, and IA-64 versions

  • Datacenter Edition, available in x86, x64, and IA-64 versions

You likely will run across a "version" of Windows Server 2008 that is called "Server Core" but you will have trouble locating a product SKU (stock keeping unit) for it. That's because Server Core isn't a product, but a role that's available in the Standard, Enterprise, and Datacenter editions of Windows Server 2008. The Server Core role isn't available in either the Web or Datacenter editions. In Server Core the installation of Windows Server 2008 has stripped out the graphics shell of Internet Explorer. Server Core is strictly configured and managed through the command-line interface locally, or by connecting to the system over a network and modifying the Server Core through standard MMCs. Server Core significantly limits the number of distributed network services that are run from the server. You'll find the .NET Framework doesn't run on this type of server.

A list of services that you might want to run on Server Core includes domain controller or Active Directory services; Active Directory Lightweight Directory Services (ADLDS), DHCP, and DNS network addressing; and file and print services. Other services for which Server Core has a use are Terminal Services such as Easy Print, Remote Programs, and Gateway, as well as in a Windows Server virtualization setup. You'll find much more on this in Chapter 14, "Server Core."

Microsoft has had a habit of releasing its Windows Small Business Server versions about 90 days after the release of their main server version releases. So this list of editions isn't complete. There are four more editions of Windows Server 2008 you may see:

  • The Cougar project, which is expected to be a Windows Small Business Server system

  • The Centro project, a version for the SMB market that might include Exchange

  • Windows Home Server

  • Windows Storage Server

You'll find a much more complete description of the different editions of Windows Server 2008 in Chapter 2, where we'll describe the features that all these editions include and omit.

March of the Chapters

Let's step through the chapters in the book and say a bit about what's in each chapter that might interest you (with my apologies to penguins). There are 14 chapters in this book. Although the material might make more sense to you if you read all of these chapters sequentially, it isn't necessary to read the chapters sequentially. Since all the chapters are cross-referenced and each chapter is a stand-alone topic or a couple of related topics, you can start where you like and read this book one chapter at a time as your interests dictate.

Chapter 1, "Windows Server 2008 Architecture," is an important chapter on system architecture. Windows Server 2008 has a lot of new plumbing, and even if you know where the plumbing was in Windows Server 2003 you'll want to read or at least skim Chapter 1 because Microsoft has moved many of the pipes around. There are two major additions to Windows Server 2008 that are introduced in Chapter 1: multiprocessor support and processor virtualization. Multiprocessor support influences how servers can scale, while virtualization describes how to run processes in protected space. The related concept of the hypervisor and low-level access to I/O is also put into context. Microsoft has taken one of the best hacker techniques available, the hypervisor, and adopted it to make Windows Server 2008 more secure.

Even if you decide to bypass Chapter 1's rather technical presentation of server subsystems, you may want to examine some of the system topology as shown in figures as it will help you better understand how Windows Server 2008 was built, its relation to Windows Server 2003, and how the new network stack and security features were designed. You can always refer back to this chapter if needed as you read additional chapters.

Chapter 2, "Deploying Windows Server 2008," describes in more detail server editions, from the small ones to the big ones, and all of the versions in between. Vista ships as a single DVD distribution from which you select the version that you want to install. Windows Server 2008 versions ship on individual DVDs, each with different choices available. Chapter 2 describes these differences, as well as the pricing model that Microsoft uses. That pricing will influence many purchases, so we'll also look at how Microsoft handles licensing, upgrade, client licenses, and other related issues in this chapter. Since pricing and licensing issues tend to be volatile, our discussion centers on Microsoft's philosophy and how that should influence your choices. We also look at license compliance tools in Windows Server 2008 used for license management.

With Vista's release Microsoft introduced a new system deployment scheme. A new image-based installation using a single container file called Windows Imaging Format (WIM) uses a single-instance system to capture all versions of Vista into a single compressed file. Imaging is a widely used technology for system deployment. Symantec (formerly Norton) Ghost is an example of a utility that creates and restores system images. A new boot environment called Preboot Execution Environment (PXE) 2.0 is used to install these system images. We'll look at Microsoft's automated deployment environment, the Microsoft Business Desktop Deployment Solution Accelerator, to see how it relates to the deployment of the Windows Server 2008 operating system itself. Chapter 2 will be important to you if you are in an administrative role where you are tasked with installing and certifying Windows servers in your organization.

Chapter 3, "Network Services," describes the changes in network services in Windows Server 2008. We'll briefly describe the state of network service administration, as there are new methods for starting and stopping services programmatically. Microsoft continues to develop distributed network services under the .NET Framework, and Windows Server 2008 ships with the latest version of the framework, version 3.0.

Security is a major focus of networking in Windows Server 2008, and just as Vista got locked down into administrator mode for a number of operations, Windows Server 2008 is built to limit system access. The main focus of Chapter 3 is the new TCP/IP stack and how it influences your network architecture. We'll discuss the potential impact of IPv6, see how it affects a developing quality of service (QoS) server capability, and see how the new network stack influences the web services networking protocol (HTTP).

Chapter 4, "Active Directory," is the first of two chapters on Active Directory. In this chapter you'll learn how Windows Server 2008 implements its security model, how network objects are managed in Active Directory, and the purpose of roles. With roles you can quickly assign a set of properties to a server, to systems, to users, and to groups that greatly speed up your NOS setup and can be valuable in maintaining a stricter and more rational set of security settings. The Add Roles Wizard (see Figure I.2) lets you quickly create new roles in your organization.

Roles have a long history in other operating systems, so one of the purposes of this chapter is to compare how Microsoft has implemented roles compared to Unix and see what kinds of interoperability are possible in a heterogeneous network.

Figure I.2. The Add Roles Wizard lets you quickly create new roles, a feature that's been a major administration tool in Unix for years.

Active Directory got a major overhaul in Windows Server 2008, particularly in the area of identities and rights management services. In its role of managing policies and roles these services are now referred to as Active Directory Domain Services (AD DS). Other services such as Active Directory Federation Services (ADFS), Active Directory Lightweight Directory Services (ADLDS), (formerly Active Directory Application Mode), Active Directory Certificate Services (ADCS), and Active Directory Rights Management Services (ADRMS) have now been defined. The identity and certificate services are greatly enhanced, as will be described in more detail in Chapter 9. Windows Server 2008 now allows you to create trusted relationships with outside domains, and an Identity Integration Feature Pack is now part of the Active Directory Metadirectory Services. All of these services are essentially roles.

This chapter also covers the newly introduced read-only domain controller (RODC). RODCs allow you to deploy a configured domain server in a remote office. Perhaps you ship in the new server fully configured, or you install the software and required data from a DVD. In any event, the RODC is meant to be that: read-only. Since it cannot be altered, it does not participate in replication and subscription schemes, thus dramatically lowering the usage of network bandwidth over a WAN when throughput is limited. You'd use RODCs if the only connection is over a 56 kbps modem line, for example.

Chapter 5, "Policies and System Management," describes how to set and manage policies. The Windows Group Policy engine is refined in each version of the NOS. With Windows Server 2008 Microsoft has added some of the capabilities of several policy management tools that were add-ons for Windows Server 2003. There are many more policies in Windows Server 2008 that are available to you. Some of them affect logon properties across systems, domains, and applications—for example, single sign-on. Other policies can enforce security or control QoS issues.

Chapter 6, "File System Enhancements," describes how Windows Server 2008's file system has been improved. Microsoft continues to promise us a new object-oriented file system. The Cairo project that ran from 1991 through 1996, which is described at

was meant to deliver this grand concept. However, implementing a completely new distributed file system breaks many applications and systems, and so we've seen these improvements appear piecemeal. Cairo became part of the SQL Server—the Exchange, as well as the data store of the Active Directory; you'll also find elements of Cairo in Microsoft Internet Information Server (IIS), and in Windows Desktop Search.

What we didn't see was the Windows Future Storage (WinFS) object file system. That new file system was supposed to be part of Vista and by extension Windows Server 2008. However, it didn't make the cut into this version of the operating system. WinFS isn't dead—it's just on a slower development track. Pieces of WinFS are showing up in other technologies. The Entities feature in ADO.NET was part of the WinFS API. Some of the WinFS feature set shows up in the SQL Server database table editing tool called Orca (see, and it will be in the Katmai release (the SQL Server team loves to name projects after US national parks) of SQL Server, which is also at the core of the Microsoft System Center Operations Manager.

File system improvements continue to crawl along. Windows Server 2008 is no exception in this process of incremental file system upgrading. In Windows Server 2008, the major new features are volume encryption, a more fault-tolerant NTFS file system that monitors hardware status, and a new transactional feature. We know that Microsoft would eventually like to phase out the Registry as it is a major source of system errors and corruption, but Windows Server 2008 is not that operating system. This chapter also looks at the state of the Windows Registry, particularly changes in the Registry that support transactions, as well as changes that support the new features of Active Directory that were described in the previous two chapters.

Chapter 7, "Server Management," is the first of two chapters on administration and management. In this chapter we'll look at the graphical tools that are either upgraded or new in Windows Server 2008. We'll take a closer look at the Windows Server Management Console to see what functionality has been consolidated in that application. The Event Viewer, various utilities that access the provider information in the Windows Management Interface, and other related functions are also detailed here. One important topic in Windows of all types is service pack and patches, or what Microsoft calls "hot fixes." We'll look at Microsoft's Windows Update website as well as how to perform upgrades from local resources.

Chapter 8, "PowerShell," covers one of the more significant subjects in this book. PowerShell is Microsoft's new command shell environment and scripting language/tool (see Figure I.3). It borrows concepts from many languages, codifies several of Microsoft's scripting technologies into a unified set, and lets you command and control the many objects that are part of Windows, Office, and the distributed objects that are part of network services encompassed by the .NET Framework.

With PowerShell you can bring large parts of the Windows operating system, both local and remote, under programmatic control. If you ever wanted to tap the power that a C# (C sharp) programmer has under Windows, then PowerShell will make that possible—at least one line at a time. Under PowerShell you can run scripts in Visual Basic, VB Script, JavaScript, Perl, and other languages for which interpreters exist.

How powerful is PowerShell? Let's put it this way: the management of the latest version of Microsoft Exchange is built on PowerShell commands entirely, and the management GUI calls the PowerShell commands—albeit a smaller set of the commands than can be specified from the command line. Microsoft has hinted that future server applications will be built using PowerShell, and has stated that development of PowerShell will continue while the other scripting languages and tools that are part of current Windows technologies such as Windows Scripting Host won't be.

Figure I.3. The Zen of Power-Shell—simplicity belying great power.

Chapter 9, "Security," describes one of the main project goals of both Vista and Windows Server 2008: improving security. Whereas for Vista security was important, for Windows Server 2008 security is essential. Microsoft can rely on patches and third-party applications to fix any of Vista woes, but given the nature of server operating systems, patches and hot fixes won't help secure Windows domains if there is an underlying weakness that can be exploited. In this chapter we look at some of the new security features in Windows Server 2008.

We've already mentioned the rewrite of the TCP/IP stack in Windows Server 2008. Several other network services have been either rewritten or enhanced. Security improvements fall into five broad areas of technology:

  • Protocol enhancement with new authentication and cryptographic support

  • Improvement to Windows Firewall

  • Network share security enhancement

  • NAP and network security enforcement refinements

  • Server credentials and new authorization procedures

Was Microsoft successful in its security efforts? Only time will tell. However, applying these technologies will certainly make your servers more secure. As a general rule, crackers always go after the lowest hanging fruit that takes the least effort to compromise.

Chapter 10, "Clients, Interoperability, and Printing," speaks to Windows Servers' place in the world. In many corporations networks contain a mixture of servers and clients. Web servers often run Apache and people in the graphics department might run Macintoshes, so being able to inter-operate is a necessity these days. Windows Server 2008 offers new ways to manage mobile clients, new tools for Unix interoperability, a new network printing routine, as well as new methods for allowing client access to networking resources.

In this chapter we'll also look at how Windows Server 2008 interacts with older versions of the Windows server and client OS, and what you need to know about what is called "down-level" compatibility. Microsoft advertises Windows Server 2008 as working best with versions of Windows 2003, XP, and later, but the reality is that many people are still supporting versions of Windows 2000. So this is an important issue.

In Chapter 11, "Performance Enhancements," you will learn about some of the performance enhancements in Windows Server 2008. The ability to use multiple processors and have access to large amounts of memory has been a feature of Windows Server for a while now. Microsoft has improved the tools you use to monitor and tune performance, which is the main focus of this chapter. We'll look at the Windows System Resource Manager, and explore how you can use that tool in your work. This chapter also reviews the progress made in virtualization, load balancing, and clustering.

Chapter 12, "Terminal Server," describes the changes to Terminal Server—a rather significant improvement over the previous version of the product.

This version removes one of the most confusing aspects of the terminal session: the window within a window. In the new version, Terminal Server looks like any other Windows window ("seamless windows"). The difference between local applications and remote applications has been blurred to the point where training users about the subtleties of using Terminal Server is a thing of the past.

There are also some new capabilities for remote users connecting to a Terminal Server. The Terminal Server Gateway allows users to connect to the Terminal Server using a new version of RDP (6.0) over an SSL-encrypted session and through corporate firewalls. Terminal Services Web Access provides users with a browser interface in which they can launch server-based applications. The Session Broker, a new management console, and other improvements make this version of Terminal Server easier than previous versions to work with. Just to keep you on your toes, there is also now a new licensing scheme for Terminal Server.

From the implementation of a single sign-on, to monitor spanning and large monitor support, to new management tools, you'll find new features everywhere. Terminal Server will also look different—the new version supports themes and what is called the Desktop Experience Pack.

Chapter 13, "Internet Information Services," describes the new version of Internet Information Server 7.0 (now called Internet Information Services). IIS 7.0 is a brand-new version built as a framework application with a set of installable modules for different security authentication, management options, and application development tools. The architecture of IIS has changed significantly, isolating one website from another, creating an application pool for each website, and isolating worker processes to each application pool. The process model and pipeline have been significantly improved.

IIS 7.0 can be lean and mean, or can be custom-fit to your particular application. The new web server is extensible through custom modules and the use of .NET Framework tools.

The management applications for IIS 7.0 have been greatly improved. The new IIS 7.0 Manager allows you to manage all web services as well as ASP.NET from the same console. Event logging, tracing, and the new command APPCMD.EXE provide the functionality of IIS Manager from the command line.

Chapter 14, "Server Core," concludes this book by discussing the Server Core role. Server Core is Windows Server without windows. The lack of a GUI means that Server Core is smaller, faster, and much less prone to attack. Server Core is a new paradigm and will require you to use new methods to manage this type of Windows Server role. Microsoft has high hopes for this type of server configuration, and indeed this kind of installation has been possible in other operating systems for a while.

So you see we've set ourselves an ambitious agenda here. This book will cover a lot of ground in a small amount of space, rewarding your time spent reading it with a lot of high-valued information.

So without further ado, let's get started.

  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint