Microsoft is on its way to release a new Server OS 'Windows Server 2008
codename Longhorn' sometime early next year. We will pick up one of the
following features of the server every month and talk about it in more detail
through a Hands-On approach. The aim is to equip you with a complete guide till
the time the server gets released. So now fasten your seat belts to explore some
new features offered by Beta 3.
|
Windows Power Shell
If you are someone from the *Nix background then you must be a lover of
command line. But while working on or while administrating a Windows Server you
never had a chance to power use the command prompt. Since the days of Windows
NT, Microsoft has been stating that they will make desktop environment more
graphical and easy. And finally with the advent of Beta 3, Microsoft has
realized the need of a powerful command line or shell which not only gives a
good set of administrative tools but also provides a good framework for Shell
scripting. Power Shell is not just an enhanced Shell for Windows but also a
scripting framework. To work on this you just need a basic knowledge of batch
scripting. Power Shell is now shipped with Windows Server 2008, but you can even
download and install it on Windows XP or Windows 2003 from
http://www.microsoft.com/technet/scriptcenter/topics/msh/download.mspx.
From this new server management interface get an overview of server, change system properties, and add or remove policies |
Server Core Install
Again, something very common and old for *Nix users, but a new functionality
for Windows Server users. The Server Core Install is a minimal install option
for Windows Server 2008 which gives you the liberty to install only the Role or
the component that you want to run on a particular server. So, let's say if you
want to build a DHCP server in your organization but don't want to install and
manage a full-blown Windows Server with GUI, and all the unnecessary
applications, then you can do a Core Installation of Windows Server 2008 and
install the DHCP role on top of it. This not only gives you better manageability
and resource conciseness but also provides more compact attack surface by
reducing unnecessary applications and services. The Core install will be
available with all the versions of upcoming Windows 2008 Server (i.e. Standard,
Enterprise, and Data Center) and will appear as an install option. While using
Server Core for the first time you get a feel of FVWM, a Window manager in
Linux. But of course the graphical capability is kept very less in Windows Core
install than in FVWM. This kind of a setup can also be very useful in cases
where you have to run multiple servers under a virtualized environment. This is
because such kind of an install will have smaller footprints and will require
minimal resources in your Virtualization setup.
Network Access Protection
A very innovative feature from Microsoft. NAP or Network Access Protection
is a framework, which provides a mechanism to the network admins to control and
check the health status of the machines connected to the network. And based on
the status of the client machine, the framework can either let the machine enter
the network or quarantine it to an isolated subnet for cure. NAP is essentially
an agent-based model and you require an SHA or System Health Agent to be
installed on all the client machines connected to the network. SHA is at present
available as an independent download or as an update pack for Windows XP and
ships with Windows Vista. Microsoft also plans to bundle the agent with Windows
XP SP3. NAP also checks for certain criteria such as whether the client machine
has the Firewall enabled, antivirus installed, enabled and updated, and so on.
NAP can even change the settings on the client machines and cure these by
enabling the components such as Firewall. At present NAP has been bundled with
Beta3.
Read Only Domain Controllers
This is essentially a way to tighten the security of branch offices. In
branch offices one must have local administrators managing local Domain
Controllers which are connected to the central ADS. But if you provide full
right to the local administrator on the Domain then he or someone who has
compromised the local DC can even get illegitimate access to the central ADS
which can be a major security risk. So to fight against such risks Microsoft has
bundled RODC in Windows Server 2008, providing a one-way synchronization of the
Global ADS with the DC. It also doesn't allow sensitive information to get
cached on the DC. And provides options for delegating Administrative privileges
to local users under the DC. This kind of a setup is very helpful for servers
kept in remote locations without any physical security.
Running 'Get-Command' in the new Power Shell window will list all the available commandlets |
Virtualization
This component is still not bundled with Windows Server 2008, but Microsoft
promises to ship it with its first RTM. With the popularity of other Hypervising
technologies, Microsoft also planned to jump into this bandwagon and is coming
out with its own Hypervisor. This will work parallel with the pre-existing
Micorosft's Virtual Servers and Virtual PC, but will be specifically for those
who want to get benefited from the hardware-level virtualization provided in new
generation processors and full virtualization. Microsoft also claims that it
will have interoperability with the Xen kernel of Novell's SuSE Enterprise
Server and Desktop versions of Linux, an outcome of Micorosft's and Novell's
partnership.
Terminal Services
With Windows Server 2008, terminal services have been completely revamped.
The first thing to notice is the remote desktop getting upgraded to version 6.0.
This version is available for Vista, XP SP2, and Windows 2003. Using remote
desktop 6 in conjugation with terminal services running on Server 2008 provides
you with 32-bit color and most of the animation including the aero theme of
Vista. It also supports wide aspect ration display and spanning the desktop over
multi monitors. With it you can even cut and paste between remote sessions and
local desktop.
A new feature called 'Terminal Service Easy Print' lets you easily select on
the printer (remote or local) you want to fire a print over terminal services.
Another feature is the 'Terminal Service Gateway,' which essentially provides
terminal services to your users over the Internet through HTTPS. The beauty of
it is that you don't even need a VPN setup to do so. Yet another feature offered
by terminal services is the 'Terminal Services RemoteApp.' It is essentially a
mechanism for streaming through terminal services instead of the full desktop.
Something very similar to Citrix's Presentation Server. Yes it is, but now it is
going to be bundled with your Windows Server and you don't need a third party
for such a kind of feature.