Advertisment

Longhorn Server Core Roles

author-image
PCQ Bureau
New Update

One of the biggest criticisms of Windows, especially its

server versions, has been that it installs a number of unnecessary components

even when they are not required. The problem with this is that firstly

administrators may be unaware that these components exist on their systems and

secondly that managing them becomes a chore. Each unnecessary component leads to

a larger surface area for attacks onto the server. Windows 2003 tried to make

this better by giving administrators the option not to install services like IIS

by default.

Advertisment
Direct

Hit!
Applies

to:
System/server administrators
USP:

How Longhorn locks down all services and how to enable just what you need
Links:

http://msdn.microsoft.com/library/en-us/srvcore/srvcore/portal.asp?frame=true
Google keywords:

longhorn core

Longhorn Server, the next major version of the Windows

Server family, takes installation and configuration to a different level.

Longhorn Server can be installed in what is known as the 'core' mode. This

mode installs only the extremely core and absolutely required components for the

system to start and boot up. There are no additional services or components

installed at all.

Once the installation is complete, you are prompted for the

type of role that the server is going to perform. There are many different roles

to choose from. For example, Domain Controller, Web Server, Mail Server, Gateway

server, database server and so on. Each option can have other sub-options as

well. For instance, the Domain Controller role can have sub-roles like

Organizational Domain Controller, Branch Office Domain Controller, Additional

Domain Controller and so on.

Advertisment
The first screen you get after starting Longhorn is the core configuration manager and a blank Start Menu

Based on the choices you make here, Longhorn then proceeds

to prompt for additional information about your server role—very similar to

the questions asked when installing ADS on a Windows 2000/2003 Server. However,

the questions are not only for ADS, but also for other roles such as Web server.

When installing a Web server, you are asked what is the purpose of the

server—for external (Internet) use, for internal (Intranet) use, for mail

serving or for other purposes. Say you are installing the server as a Web server

for use by MS Exchange. Select the 'Serving Mail' choice in this. This will

then result in a different configuration (in terms of settings, security,

performance and locked down aspects) than if you had chosen, say 'Internet

Server'.

Once these choices are complete, the actual installation of

the required components begins. The files are copied and installed. Then

depending upon the answers given in the previous step, a number of processes

take place.

Advertisment

First, the system is completely locked down. By this we

mean that even the services that are to be allowed are not at this point of time

and everything is in a super-secure state. Only once the lockdown is complete

and the system is fully secure, do the required services open up. This is the

opposite of what used to happen in Windows earlier.

In earlier versions, everything used to be open and it was

your responsibility to make sure whatever not needed is locked down. However,

from now on, by default everything remains in a super-secure 'locked down'

state and only at your request are things opened up. This means that, as an



administrator, you never have to worry about components you do not know about,

causing a security or performance issue. You can, of course, add more roles to a

single server as you want. However, remember that more the components in your

server, the larger area for attack it exposes. All in all, the server core and

role-based model allows greater control over a server



environment and makes the system more secure and manageable.

Vinod Unny,



Enterprise




InfoTech

Advertisment