Windows Server is Microsoft’s most solid operating system and with Windows Server 2003, especially the R2 version, it became the most popular server OS in the world, with reason.
What Microsoft has done with Windows Server 2008 (WS08) is bring together a series of different releases that were tied to its server OS—add-ons, service pack features, separate downloads—and integrated them to the core Windows Vista code to produce a rock solid release of its flagship server OS. There are lots of reasons why this should be a release you should look into and consider integrating into your datacenter over the course of the next year.
Here are three key factors you should consider in your deliberation about replacing or at least integrating WS08 with your existing Windows Server 2003 systems.
Reason #1: Integrated and ‘Free’ Virtualization
2007 was the year of virtualization with dozens of vendors coming out with products tied to the virtualization wave in the datacenter. Some will be failures and others will thrive, but one thing is sure, each and every one of them will have a tough job of trying to dethrone the current virtualization king: VMware Corporation.
One contender that will definitely make waves this year is Microsoft’s Hyper-V. Hyper-V is the product name for Microsoft’s hypervisor—the core engine that is designed to expose all server hardware to virtualized operating systems—and will be integrated directly within the operating system.
Of course, Hyper-V is not going to be released at the same time as Windows Server 2008 because the development team needs to have final OS code to finalize the build of Hyper-V itself. The release version of Hyper-V should come within six months of the official release of WS08, but a first beta is available now.
In fact, in addition to being shipped with a series of different editions as well as 32-bit and 64-bit versions, WS08 has been released in two different flavors: with or without Hyper-V.
Those who do not want to deploy release code including the Hyper-V beta code will opt for Windows Server 2008 editions without Hyper-V and those who are willing to try out the beta along with the release code, will obtain Windows Server 2008 with Hyper-V. Note that the version with Hyper-V has no mention of the hypervisor in its name.
One of the greatest features of WS08 is Server Core, or a windowless version of Windows as odd as it sounds. Why did Microsoft release such a version of its server OS?
You could believe all the hype and think it is because it is more secure, it supports key server roles or it is in competition with other, non-Windows character-based OSes, but in reality, Server Core has been designed with one primary purpose in mind. If you want to run a hypervisor, you can’t do it on a ‘bloated’ operating system that is chock full of graphics and other unnecessary code.
No, when you run a hypervisor, especially one that will compete with VMware’s ESX Server, you need to be lean and mean. Hence Server Core which is the only way you should even consider running Hyper-V.
In addition, Hyper-V, while a powerful hypervisor on its own, will not have all of the features of its competitors. You won’t be able to move a machine from one host to another while it is running. Instead, you need to pause the machine, causing service interruptions, move it and then restart it.
But will that stop Hyper-V from making the biggest virtualization bang on the market. Absolutely not! Integrating a hypervisor into Windows and basically make it ‘free’ will popularize virtualization more than ever before. This can only be good for the entire virtualization industry. After all, 90 percent of servers out there are still taking up physical space.
Reason #2: A Single Complete IDA Solution
The second most important aspect of Windows Server is Active Directory (AD). Since its early beginnings in Windows 2000 Server, Microsoft has parlayed Active Directory as the most widely deployed network directory service in the world. With reason, too since AD is one of the very best technologies to come out of Redmond in the last decade.
This network operating system (NOS) directory can authenticate and authorize users, workstations, mobile systems, personal digital assistants, servers, applications and much more. It is simple to deploy and through its Group Policy capabilities, it can manage millions of objects at once. The problem with Active Directory to date is that while it maintains your authority within the boundaries of your firewalls, it does nothing for you in the outside world. No more.
With the release of Windows Server 2008, Microsoft has rebranded a series of different technologies as Active Directory components and now provides one of the very best identity and access (IDA) solutions in the world, all without turning the firewall into Swiss cheese!
Each technology covers a specific facet of an integrated security solution. In addition, each technology can be identified with a key word—a key word that outlines the purpose of the technology (see graphic). Together, these technologies help you design a complete security, data protection and identity management solution.
Active Directory Domain Services (AD DS), the new name for the former Active Directory technology, is focused on Identity. AD DS continues to be designed to provide a central repository for identity management within an organization. It provides authentication and authorization services in a network and supports object management through the use of Group Policy.
AD DS is the primary AD technology and should be deployed in every network that runs Windows Server 2008 operating systems.
Active Directory Lightweight Directory Services (AD LDS) is focused on Applications. AD LDS was formerly known as Active Directory Application Mode (ADAM) is designed to provide identity and configuration management support for directory-enabled applications on a per application basis.
AD LDS is designed to support applications without having to modify the database schema of your NOS directory running on AD DS. AD LDS is lightweight and portable and can also be used to provide authentication services in exposed networks such as Extranets.
Active Directory Certificate Services (AD CS) is focused on Trust. AD CS is designed to provide support for Public Key Infrastructures (PKI) and provides absolute identity for its users through the use of trusted Certificate Authorities (CA). It can be used to digitally sign software and system drivers, integrate with smart card authentication, and generally provide non-repudiation services to a community of users both internal and external.
When it is used to provide these services to external communities, it should be linked with an external, renowned CA that will prove to others you are who you say you are. In internal networks, AD CS can integrate with AD DS to automatically provision users and computers with certificates.
Active Directory Rights Management Services (AD RMS) is focused on Integrity. AD RMS is designed to provide absolute integrity for the data you generate, letting you precisely control who can do what with the documents your organization produces. As such it provides protection for intellectual property and can rely on AD CS to embed certificates within documents as well as AD DS to manage access rights to documentation.
Active Directory Federation Services (AD FS) is focused on Partnerships. AD FS provides a secure method to federate identities in external networks through the use of internal AD DS infrastructures without exposing these infrastructures to the outside world.
One of the key facets of AD FS is the ability to provide Single Sign On (SSO) for Web applications. AD FS supports partnerships because it allows different organizations to share access to Extranet applications while relying on their own internal AD DS structures to provide the actual authentication process. AD FS can rely on AD CS to create trusted servers and AD RMS to provide external protection for intellectual property.
Together, these roles form the identity management infrastructure Microsoft provides to organizations running Windows Server 2008 all through common TCP/IP ports such as 80 (Hypertext Transfer Protocol—HTTP) and 443 (Secure HTTP or HTTPS). This is the most powerful IDA on the market today.
Reason #3: Finally, Vista Backend Support
A third reason is support for Windows Vista. When it released Vista, Microsoft included a whole host of features which had no home—a new TCP/IP protocol, integrated Network Access Protection (NAP) client, hundreds of new policy settings and much more. Organizations looking to deploy Vista could not fully take advantage of these features because there was no corresponding back end server OS.
Now, with the release of Windows Server 2008 and especially Service Pack 1 for Vista, organizations can take a much more serious look at Vista and begin to see why this OS can really help organizations take better control of their desktop and mobile PC environments.
NAP alone is a major boon to any organization concerned about security an access control in their networks. Using Windows Server 2008 at the back end, organizations can now set up a complete access control solution that will quarantine and then update clients before they are linked to the network. Setting up these environments is not necessarily easy, but it is greatly facilitated by the new management interface in Windows Server 2008, Server Manager. Server Manager will automatically control the addition of complex roles such as NAP to ensure that all required dependencies are deployed at the same time.
In addition, Server Manager is extensible, meaning that when new features or services become available, they will integrate directly within the Server Manager interface facilitating their deployment.
Take a long hard look at Windows Server 2008. It is a very powerful OS that has nothing but major improvements over its predecessors. It provides the best integrated IDA on the market and it will revolutionize the virtualization industry by bringing server virtualization at your fingertips. Microsoft delivered and delivered big with this product.
There is something for everyone in this release—a windowless OS, integrated management tools, a perfect marriage with the Vista client and much more. Don’t pass up this opportunity to secure and protect your assets with this powerful OS.
Feel free to contact us at [email protected] for any comments or suggestions.