/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsOne of the biggest criticisms of Windows, especially its
server versions, has been that it installs a number of unnecessary components
even when they are not required. The problem with this is that firstly
administrators may be unaware that these components exist on their systems and
secondly that managing them becomes a chore. Each unnecessary component leads to
a larger surface area for attacks onto the server. Windows 2003 tried to make
this better by giving administrators the option not to install services like IIS
by default.
|
Longhorn Server, the next major version of the Windows
Server family, takes installation and configuration to a different level.
Longhorn Server can be installed in what is known as the 'core' mode. This
mode installs only the extremely core and absolutely required components for the
system to start and boot up. There are no additional services or components
installed at all.
Once the installation is complete, you are prompted for the
type of role that the server is going to perform. There are many different roles
to choose from. For example, Domain Controller, Web Server, Mail Server, Gateway
server, database server and so on. Each option can have other sub-options as
well. For instance, the Domain Controller role can have sub-roles like
Organizational Domain Controller, Branch Office Domain Controller, Additional
Domain Controller and so on.
/pcq/media/post_attachments/a867a38fd374a5042581880b0c1b351ee690e77c4d7065c83a3be7b607069ea8.jpg) |
| The first screen you get after starting Longhorn is the core configuration manager and a blank Start Menu |
Based on the choices you make here, Longhorn then proceeds
to prompt for additional information about your server role—very similar to
the questions asked when installing ADS on a Windows 2000/2003 Server. However,
the questions are not only for ADS, but also for other roles such as Web server.
When installing a Web server, you are asked what is the purpose of the
server—for external (Internet) use, for internal (Intranet) use, for mail
serving or for other purposes. Say you are installing the server as a Web server
for use by MS Exchange. Select the 'Serving Mail' choice in this. This will
then result in a different configuration (in terms of settings, security,
performance and locked down aspects) than if you had chosen, say 'Internet
Server'.
Once these choices are complete, the actual installation of
the required components begins. The files are copied and installed. Then
depending upon the answers given in the previous step, a number of processes
take place.
First, the system is completely locked down. By this we
mean that even the services that are to be allowed are not at this point of time
and everything is in a super-secure state. Only once the lockdown is complete
and the system is fully secure, do the required services open up. This is the
opposite of what used to happen in Windows earlier.
In earlier versions, everything used to be open and it was
your responsibility to make sure whatever not needed is locked down. However,
from now on, by default everything remains in a super-secure 'locked down'
state and only at your request are things opened up. This means that, as an
administrator, you never have to worry about components you do not know about,
causing a security or performance issue. You can, of course, add more roles to a
single server as you want. However, remember that more the components in your
server, the larger area for attack it exposes. All in all, the server core and
role-based model allows greater control over a server
environment and makes the system more secure and manageable.
Vinod Unny,
Enterprise
InfoTech