Microsoft is making the rounds to preview and promote its forthcoming Windows Server 2008 and Internet Information Server 7, the Web server that ships as a part of the operating system. A lot has changed in computing since the last major release of Microsoft’s operating system.
Server software, however, is more change-resistant, since IT shops don’t want their servers radically changing with each upgrade. That could result in vital, mission critical applications breaking. On some levels, Windows 2008 has not changed radically, but on a different level, it has, said one analyst.
“Servers just get incrementally better each time, and I do think that is the case with Windows Server 2008,” said Directions on Microsoft analyst Mike Cherry. “That’s the good thing about Server 2008. But I do think in general when you add the pieces together, a little change here, a little change there, Windows Server is pretty compelling as a product.”
Microsoft placed emphasis on Web serving and hosting with Server 2008 and IIS 7, soliciting feedback from customers on their “pain points,” as Michael van Dijken, lead marketing manager for Microsoft’s hosting business put it. Among the feedback was making Server truly headless, so no keyboard, mouse, monitor or UI were needed to boot. This reduced the overhead needed just to boot.
More important was making IIS modular, so only the needed parts were installed. With IIS 6, you installed the whole server, even if you didn’t need portions of its functionality. “IIS 7 lets customers reduce the features of the server to just what they need, so they can reduce both their footprint and the exposed surface of the operating system to attack,” said van Dijken.
But people may end up needing the whole thing anyway, said Cherry. “There’s an aspect of security Microsoft has adopted that I like, that if it’s not installed and running, its not vulnerable. But I noticed IIS is used by a lot of other programs. Sure, it’s modular, but as you run more apps that need the different modules, don’t you get to the point when you are running a huge server anyway?” he said.
Security has been improved in several ways. First, there is more comprehensive logging of errors, so if there is a problem it says in which application group and which user there was a problem. Second, Microsoft added the ability to delegate administration to site admins.
One physical machine can host hundreds or thousands of servers. Windows Server 2003 could handle around 500 to 1,000 on one machine, said van Dijken, while Server 2008 can handle 2,000 to 4,000. That means a lot of sites to be administered, likely by more than one person. The delegation ability lets that power be pushed out to others, while at the same time restricting their privileges so they don’t have access to something they should not.
Another big change is the addition of a native PHP module, not just for IIS 7 but for IIS 6 as well. The module was developed by Zend, the creator of the PHP language, so it’s safe to assume it will be fully compatible with the language.
“In the hosted space, there are a lot of PHP apps with a lot of value,” said van Dijken. “Many Linux users told us they didn’t go with IIS because they felt they had no choice in IIS. This gives them the opportunity to run PHP natively to reduce complexity in their environment and not have to go to a heterogeneous solution to get PHP support they want.”