More, better, faster, cheaper…These are the adjectives one expects to see manufacturers use in the descriptions of new products, including operating systems. Microsoft is no exception – or are they? “Windows Server 2003 is the fastest, most reliable, most secure Windows Server operating system ever offered by Microsoft,” trumpets the company in one of its introductory pieces. This would indicate the firm’s focus on reliability and security. Taking a closer look should show us what Microsoft means.
Before reviewing what’s in the new OS, it’s important to remember what this release is and what it is not. This release is a replacement for the Windows 2000 Server family, which includes the Server, Advanced Server, and Datacenter Server.
However, because of its close cousin, Windows XP, Windows Server 2003 is not entirely new to us. Codenamed Whistler, the new OS was intended to replace the entire Windows 2000 family of workstations and servers. While the workstation systems, in the guises of Windows XP Home and Professional, were released in 2001, the server versions were delayed, in large part due to Microsoft’s Trustworthy Computing Initiative (TCI), in which all development was stopped while Microsoft’s software engineers looked for security issues in their respective products.
Many of the new features in the 2003 server operating systems are already familiar to us from XP. The time gap between the releases of the workstation and server systems has been used to incorporate the robustness needed for Microsoft to be able to make its “most reliable, most secure” boast.
There are six editions of Windows Server 2003, including Web, Standard, Enterprise, and Datacenter editions for the x86 CPU, and 64-bit Enterprise and Datacenter editions for the Itanium CPU. Windows Server 2003 is the first server operating system to include the .Net Framework as an integrated part of the system. Both versions 1.0 and 1.1 are included in the x86 editions; the 64-bit .Net is not yet ready, however, and as a result is not included in the 64-bit editions at this time.
The Core of the System
The core technologies of the Windows Server 2003 family form the basis of the improved performance, reliability, and security it delivers. The Common Language Runtime (CLR) verifies code before executing it to ensure that the coee runs error free (from the OS point of view – not necessarily the user’s!). The CLR also monitors memory allocations to clean up memory leakage problems and checks security permissions to ensure that code only performs suitable functions. Thus, the CLR reduces the number of bugs and security holes opened up by programming errors and improves system reliability and performance.
Internet Information Services (IIS) 6.0 is much more security conscious than its predecessor. The default IIS 6.0 installation is configured in a “locked down” state, requiring that administrators open up desired features. In fact, a default installation of Windows Server 2003 doesn’t install IIS at all (except for the Web Edition).
In earlier OS versions, IIS was installed by default and had to be removed if it was not needed, such as on a database server. The default install of IIS 6.0 will only serve up static pages and has to be configured to allow dynamic content. Timeouts are also set to aggressive defaults. Authorization and authentication – the “who are you?” and “what can you do?” mechanisms – are upgraded with the inclusion of .Net Passport support in the Windows Server 2003 authorization framework, enabling the use of these services in the core IIS web server.
IIS 6.0 itself now runs as a low-privileged network services account to help contain security vulnerabilities. Performance has not been forgotten either, with the tuning of many of the underlying service implementations and the addition of support for hardware-based cryptographic service accelerator cards to take the SSL cryptography load off the CPU.
Configuration information for IIS 6.0 is stored in a plain-text XML metabase, as opposed to the proprietary binary file used for IIS 4.0 and 5.0. This metabase can be opened in notepad to make configuration changes such as adding new virtual directories or a new web site (which could be copied from an existing site’s configuration). When the changes are saved to disk, the changes are detected, scanned for errors, and applied to the metabase. IIS does not need to be restarted for the changes to take effect.
Additionally, the old metabase file is marked with a version number and automatically saved in a history folder for use in case a rollback or restore is required. All changes made take effect without the need for any restarts. Additionally, there are two new Admin Base Object (ABO) methods that enable export or import of configuration nodes from server to server. A server independent method for backup and restore of the metabase is also available.
Enhanced Management Services
There are also many improvements to the management services found in Windows Server 2003. New automated systems include the Microsoft Software Update Service to automatically download patches and updates and make them available for installation. There’s a new Group Policy Management Console to simplify Active Directory and Group Policy management. There are also new and improved storage management tools for the management of disks, volumes, and Storage Area Networks (SANs). The Windows Management Instrumentation introduced in Windows 2000 has been extended and now also includes an IIS 6.0 WMI provider. Thus, most administration tasks can now be performed from a command console.
Improved Clustering services enable the high degree of reliability required for e-commerce and critical business applications where failover service is needed. Windows Server 2003 supports clusters of up to eight nodes and supports Network Load Balancing. The family also includes improved support for symmetric multiprocessing (SMP), supporting up to thirty-two processors in a system.
Terminal Services has been upgraded to include the functionality found in the Windows XP Remote Desktop. This feature is the sleeping tiger in Windows Server 2003 — in my humble opinion, the full potential of Terminal Services has yet to be recognized by most Windows Server IT pros.
Windows Server 2003 includes Enterprise UDDI services. UDDI – the Universal Description, Discovery ,and Integration of Web Services — provides a means for companies and applications to quickly, easily, and dynamically find and use Web services over an Intranet, Extranet, or the Internet.
Windows Media Services, the new version of the digital media streaming services package, is included in Windows Server 2003 as well. This is a part of the Windows Media technologies product line that includes the new Media Player, Encoder, audio and video codecs, and the Software Development Kit (SDK).
The Windows Server 2003 family incorporates the notion of Server Roles. There’s a set of configuration wizards that enable the quick and easy configuration of a server to fulfill the roles. The defined roles include File and Print Server, Web Server and Web application services, Mail Server, Terminal Server, Remote Access and Virtual Private Network (VPN) Server, Streaming Media Server, Domain Controller, and lastly, Directory Services, which includes Domain Names System (DNS) service, Dynamic Host Configuration Protocol (DHCP) Server, and Windows Internet Naming Service (WINS) Server. Each of the wizards is accessed via the Configure Your Server Wizard, a link to which is provided in the Administrator Tools menu of the Start Menu. Links to comprehensive Help information are available in the wizards.
Configuration of a server in this manner is quick and simple. Security is also assured when the server is configured from a fresh install of Windows Server 2003. When upgrading from Windows 2000, however, settings from the earlier version may be inherited. Some services, for example, that were configured to start automatically in Windows 2000 are not started by default in Windows 2003. To ensure that an upgraded system’s services are configured for optimal security, the services’ settings can be compared to the table available in “Default settings for services” in the Windows Server 2003 Help system.
A lot of care and consideration went into the creation of the Windows Server 2003 family of operating systems, with particular attention paid to robustness, reliability, and security. In a world where the demands of businesses require 24/7 uptime, zero data loss possibility, and strong defenses against the hostile environment of the Internet, it takes extra time even for such a software giant as Microsoft to rise to the occasion.
While we have been enjoying the usability features of Windows XP on our desktops and patiently waiting for the same features to appear in our servers, Microsoft has been building a system that meets those needs. As time goes by, new holes will surely be uncovered and new bugs will surface, but in the meantime, we have an operating system that takes a big step forward in protecting our access, data, and applications.
This feature originally appeared on Enterprise IT Planet.