Unlike the transition from Windows 2000 Server to Windows Server 2003, which was a fairly minor "point"-style update, Windows Server 2008 is a radical revision to the core code base that makes up the Windows Server product. Windows Server 2008 shares quite a bit of fundamental code with Windows Vista, which was a product derived directly from the techniques of the secure development model (SDM)—sea change in programming methodologies at Microsoft that puts secure code at the forefront of all activity. Thus, a lot of new features and enhancements you will see in the product are a result of a more secure code base and an increased focus on system integrity and reliability.
The most radical changes to Windows Server 2008 include Server Core and the new Internet Information Services 7.0.
Server Core
Server Core is a minimal installation option for Windows Server 2008 that contains only a subset of executable files and server roles. Management is done through the command line or through an unattended configuration file. According to Microsoft:
Server Core is designed for use in organizations that either have many servers, some of which need only to perform dedicated tasks but with outstanding stability, or in environments where high security requirements require a minimal attack surface on the server.
Accordingly, there are limited roles that Core servers can perform. They are:
• Dynamic Host Configuration Protocol (DHCP) server
• Domain Name System (DNS) server
• File server, including the file replication service, the Distributed File System (DFS), Distributed File System Replication (DFSR), the network filesystem, and single instance storage (SIS)
• Print services
• Domain controller, including a read-only domain controller
• Active Directory Lightweight Directory Services (AD LDS) server
• Windows Server Virtualization
• IIS, although only with a portion of its normal abilities—namely only static HTML hosting, and no dynamic web application support
• Windows Media Services (WMS)
Additionally, Server Core machines can participate in Microsoft clusters, use network load balancing, host Unix applications, encrypt their drives with Bitlocker, be remotely managed using Windows PowerShell on a client machine, and be monitored through Simple Network Management Protocol, or SNMP.
Most administrators will find placing Server Core machines in branch offices to perform domain controller functions is an excellent use of slightly older hardware that might otherwise be discarded. The smaller footprint of Server Core allows the OS to do more with fewer system resources, and the reduced attack surface and stability make it an excellent choice for an appliance-like machine. Plus, with a branch office, you can combine Server Core with the ability to deploy a read-only domain controller and encrypt everything with BitLocker, giving you a great, lightweight, and secure solution.
IIS Improvements
The venerable Microsoft web server has undergone quite a bit of revision in Windows Server 2008. IIS 7 is, for the first time, fully extensible and fully componentized—you only install what you want, so the service is lighter, more responsive, and less vulnerable to attack. The administrative interface for IIS has also been completely redesigned. Key improvements include:
Newly rearchitected componentized structure
For the first time in IIS history, administrators exercise complete control over exactly what pieces of IIS are installed and running at any given time. You can run the exact services you require—no more, no less. This is of course more secure, not to mention easier to manage and better performing.
Flexible extensibility model
IIS 7 allows developers to access a brand-new set of APIs that can interact with the IIS core directly, making module development and customization much easier than it ever has been. Developers can even hook into the configuration, scripting, event logging, and administration areas of IIS, which opens a lot of doors for enterprising administrators and third-party software vendors to extend IIS' capabilities sooner rather than later.
Simplified configuration and application deployment
Configuration can be accomplished entirely through XML files. Central IIS configuration can be spread across multiple files, allowing many sites and applications hosted by the same server to have independent but still easily managed configurations. One of Microsoft's favorite demos of IIS 7 is setting up a web farm with identically configured machines; as new members of the farm are brought online, the administrator simply uses XCOPY and moves existing configuration files over to the new server, and in a matter of seconds, the IIS setup on the new machine is identical to that on the existing machines. This is perhaps the most meaningful, and most welcome, change in IIS 7.
Delegated management
Much like Active Directory allows administrators to assign permissions to perform certain administrative functions to other users, IIS administrators can delegate control of some functions to other people, like site owners.
Efficient administration
IIS Manager has been completely redesigned and is joined by a new command-line administration utility, appcmd.exe.
*.* Source of Information : O'Reilly Windows Server 2008: The Definitive Guide
No comments:
Post a Comment