REDMOND, WASHINGTON, DECEMBER 3, 2007 (STAR) By Aurea Calica — Microsoft is releasing on Feb. 27 next year Windows Server 2008, a next-generation operating system expected to earn a high level of patronage from customers, mainly information technology professionals, as it was designed exactly to respond to their desires and needs.

Being customer-focused, Microsoft boasts that the new system — with features ranging from Network Access Protection to Powershell to Internet Information Service — is guaranteed to be easy to use and manage, reliable and with increased security and protection, not only for data infrastructure but for Web services as well.

Windows Server 2008 provides, for instance, the Network Access Protection (NAP) platform to see to it that all computers trying to connect to a network meet administrator-defined requirements for system health. IT administrators can have the control and flexibility in laying out security policy in accessing an organization’s resources.

The book “Introducing Windows Server 2008” says the system is ideal for building identity and access management — or the controls as to who may access an organization’s information resources, how someone’s identity can be verified, simplifying access using single sign-on and others.

In its Technology Adoption Program for Product Validation, where Microsoft supports customers in early production deployment with beta software, the NAP is one the favorite capabilities of Windows Server 2008 because of these new features, according to Bill Laing, general manager of Microsoft’s Windows Server Division.

Laing cites other remarkable features of the new system based on customer feedback: the Read-Only Domain Controller (RODC) and Restartable Active Directory for Directory Services.

The RODC is a new type of domain controller that hosts a read-only replica of the Active Directory database. “If you combine RODCs with the BitLocker Drive Encryption feature first introduced in Windows Vista, you no longer have to worry about thieves (or silly employees) walking off with one of your domain controllers and all your goodies,” says the book authored by Mitch Tulloch with the Microsoft Windows Server team.

The Restartable Active Directory Domain Services let the administrator stop AD services on domain controllers so that updates can be applied or offline de-fragmentation of the database can be performed, and this can be done without rebooting the machine.

“This is a big improvement that not only reduces downtime but makes your domain controllers easier to manage, which is a big plus when they are located at a remote site,” the book says.

The other features are the new Server Core Installation Option that has a significantly smaller attack surface because all non-essential components and functionalities have been removed, thus yielding better performance; and the Terminal Services Gateway/Remote Programs that let remote users securely punch through perimeter firewall and access terminal servers running on a corpnet.

Minimum set of components

The book says Server Core is a minimal installation option for Windows Server 2008. Why install what you don’t need? “When you choose this option during set-up (or when using unattended set-up), Windows Server 2008 installs a minimum set of components on your machine that will allow you to run certain but not all server roles,” the book adds.

According to Andrew Mason, principal program manager of Microsoft, this reduces the attack and servicing surface area. Servers optimized by role are easier to manage. Customers are then assured of increased reliability and security. As the book says, “The more you’ve got in a box, the more difficult it is to secure and the more complex it is to maintain.”

Microsoft product manager for Windows Server-Terminal Services Alex Balcanquall explains that for the branch or mobile user, Terminal Services simplify access and secure delivery of applications and data. They improve the remote user experience and reduce training requirements.

Terminal Services, according to the book, provide accessibility and scaling and eliminate virtual private network technologies. It says giving remote users full access to an internal network from over the Internet is not often the best solution. Terminal Services RemoteApp, for example, enables remoting of individual application windows instead of the whole desktop so that an application that is actually running on a Terminal Server looks and feels to the user as if it were running on his own desktop.

Terminal Services Web Access, on the other hand, makes application deployment a snap — “the user visits a website, clicks on a link or icon, and launches an application on Terminal Server located somewhere in a galaxy far, far away.”

The Windows Deployment Server, on the other hand, has one repository for all images and will ease deployment headaches. The book states that Windows Server 2008 includes huge improvements in deploying Windows servers with its new Windows Deployment Services role, an updated and redesigned version of the Remote Installation Services feature found in Windows Server 2003 and Windows 2000 Server.

According to the book, Windows Deployment Services enable enterprises to rapidly deploy Windows operating systems using network-based installation, a process that does not require one to be physically present at each target computer or to install directly from physical media.

Addressing customers’ needs

Microsoft’s group program manager of the Windows Server Division Alex Hinrichs says they dropped the “I think it would be really cool if” attitude in developing the new system and instead addressed the customers’ needs and desires for their homes and businesses.

Microsoft’s senior leaders — Laing, Bob Muglia, Iain McDonald — worked on every role consistent with the vision to make things simple — install only what the system needs, make it secure, reliable, manageable and fast. The quality of the roles is determined by real-world deployments.

Hinrichs, along with other Microsoft officials who spoke in a technical workshop in their headquarters here for journalists and information technology professionals, were one in saying that customers’ requests were their No. 1 driver and that many features were driven by their inputs.

Laing points out more than 30 customers were involved in the production of Windows Server 2008 and hundreds of scenarios were considered in coming up with its features.

“Customer input was crucial to the design and features of Windows Server 2008. We meet with customers regularly and get their feedback,” he says.

Laing believes that Microsoft succeeded in improving current systems to give what the customers are looking for — security and policy enforcement, Web and application platforms, presentation virtualization, remote infrastructure, server management, and high availability.

Windows Server 2008 supports 18 optional roles (Active Directory, file, print, Web, virtualization, etc.), includes 36 optional features (multipath I/O, desktop experience, clustering, backup and others), and supports a non-GUI (graphical user interface) option for eight roles, Laing says.

Aside from the NAP, Server Core Installation Option and Read-Only Domain Controller, new technologies are introduced with the Windows Server 2008 — Microsoft Windows Powershell, Internet Information Services 7.0, Server Manager, and Windows Server Virtualization. Enhanced technologies include Terminal Services, Windows Firewall, Failover Clustering, Dynamic Partitioning, and Auto-Tuning Networking.

Powerful Powershell

Dmitry Sotnikov, new product research manager of Quest Software, a Microsoft partner, demonstrated how “exciting” Windows Powershell would be for IT professionals.

With the use of commands, Sotnikov showed how it had become fast and easy for administrators to recover the data that they need.

Powershell, according to the book, is a powerful tool for automating administrative tasks in Window Server 2008 such as managing services, processes and storage.

“It is a command line shell and scripting language that includes more than 130 command-line tools called cmdlets, has consistent syntax and naming conventions, and uses simplified navigation for managing data such as the registry and certificate store,” it explains.

Powershell also has an intuitive scripting language specifically designed for IT administration, according to Microsoft’s resource materials, and can be used to manage aspects of certain server roles such as IIS 7.0, Terminal Services and Active Directory Domain Services.

Lovable IIS

Microsoft’s customers only have wonderful feedback about IIS 7.0. DiscountASP says, “Using the new APIs (application programming interfaces), we’ve streamlined our provisioning system, reducing the code base by about 50 percent.” Applied Innovations adds: “With the better memory management and modular design, I believe we’ll see performance, reliability, and security on the Windows hosting platform continue to improve.”

For MaximumASP, internal operations will definitely take advantage of IIS 7.0’s ability to look into what’s going on inside the worker processes.

“… We are now able to reduce sites overhead, giving us more resources for additional users and a faster ROI… Working with the new AppCmd.exe allowed us to be the first hosting provider to offer Windows 2008 Server with full control center integration,” Jon Thompson, server operations manager of CrystalTech, attests.

Susan Chory, IIS business manager of Microsoft, says IIS 7.0 is packed with new features offering limitless possibilities.

In her presentation with Ryan Dunn, architect evangelist of Developer and Platform Evangelism, it was amusing to see how failed requests in the Web could be swiftly traced and addressed by the administrator with the IIS 7.0.

Chory notes that an area of enhancement in IIS 7.0 over previous versions is that it can be managed with ease. For instance, it can detail errors and automatic failure tracing that enables rapid diagnostic and troubleshooting, thus decreasing downtime.

Chory says IIS 7.0 installs only what the infrastructure requires and there are 40-plus set-up components to choose from. This eliminates unnecessary risk and also minimizes the attack surface by removing unused features. It also conserves processing resources and runs low memory worker processes.

With IIS 7.0, IT professionals can also create custom Web server modules. “cPanel’s Windows development team feels that Microsoft IIS 7.0 offers a robust, high-performance Web server with increased security that the industry will quickly adopt, ” J. Nick Koston, CEO of cPanel, says.

For his part, Chris Morrow, lead developer of MaximumASP, says, “Working closely with Microsoft, we have been able to learn, and influence the best Web server the Microsoft hosting providers have ever seen.”

According to the book introducing Windows Server 2008, an administrator can view detailed errors in the Web browser and there are plenty of new error codes that provide prescriptive guidance in various situations.

IIS log files also record more status codes that can help an administrator troubleshoot various problems. For example, when a client’s request is denied with a 404 error, the list of sub-codes is now supported. Another diagnostic feature is the ability to define failure triggers by error code or time taken, which is configurable per application or per URL. The resulting failed request-tracing log contains a chronicle of events for the failed request, and this can help one identify bottlenecks on a server, the book says.

IIS 7.0, the book adds, also provides a more secure, extensible platform for efficiently managing and reliably hosting Web applications and services. It also allows remote management and can be managed through Powershell.

Other features

Microsoft also detailed in its book the server manager that simplifies and centralizes server management through a single administrative console, allowing IT professionals to view and operate all the tools related to server productivity in one location.

This includes the easy addition or removal of server roles and associated system tracking. The new server manager command line interface in Beta 3 also provides a means for scripting server configuration tasks across the server infrastructure.

Virtualization, on the other hand, allows IT administrators to consolidate multiple server roles as separate virtual machines running on a single physical machine.

This approach reduces “server sprawl” and maximizes the utilization of current hardware, and each role can run in its own isolated virtual environment for greater security and easier management.

“The process of migrating server roles from separate physical boxes onto virtual machines is known as server consolidation and this is probably the number one driver behind the growing popularity of virtualization in enterprise environments. After all, budgets are limited nowadays,” the book says.

It adds that being able to ensure business continuity in the event of a disaster is another big driver toward virtualization. “Restoring a critical server role from tape back-up when one of your boxes starts emitting smoke can be a long and painful process” and may cost a lot in terms of extra money and licensing.

With virtualization, the book says guest operating systems, which run inside virtual machines, are generally independent of the hardware on which the host operating system runs and the IT professional can easily restore a backed-up virtual server to a system that has different hardware than the original that died.

Using virtual machines, one can also reduce both scheduled and unscheduled downtime by simplifying the restoration process to ensure the availability of essential services for a network.

Fail-over clustering, dynamic partitioning and auto-tuning networking features automatically manage system resources that include memory and traffic to ensure that customers have uninterrupted and faster access to the company network.

A cluster is defined in the book as a collection of nodes (servers) that work together in some fashion to ensure high availability for applications.

“Whatever applications are critical to the operation of your business, you need to use some form of clustering to make sure they never go down or become inaccessible to customers. Windows Server 2008 includes two enhancements in the area of high availability,” the book says.

Fail-over clusters have been significantly improved to make them simple to set up and configure, easier to manage, more secure and stable.

According to the book, improvements have been made in the way the cluster communicates with storage, which can increase performance for both storage area network and direct attached storage. Fail-over clusters also offer new configuration options that can eliminate the quorum resource from being a single point of failure.

“A single server is a single point of failure for your business, and when the server goes down so does your revenue,” the book says.

The Network Load Balancing (NLB) in Windows Server 2008 is a network driver that balances the load for networked client/server applications by distributing client connections across a set of servers.

The book says NLB is especially great for scaling out stateless applications running on Web servers when the number of clients is growing. “But you can also use it to ensure the availability of terminal servers, media servers and even virtual private network servers,” it adds.

Microsoft officials concede that while larger corporations’ feedback was given priority, the new system is guaranteed to work for homes, small and medium-sized businesses, corporations and enterprises.

For example, representatives of the Hillsboro School District in the United States say the new system helps in developing a home directory of students and storing their files until after they graduate and in using and managing computers in a learning institution.

Without an effective system, even the students’ learning may be affected as problems may take time to be addressed, especially in computer schools.

For larger businesses, revenue losses due to network vulnerabilities amount to billions of dollars, apart from the cost of digital leakage per year, market capitalization, and competitive advantage.

Microsoft officials say “leaked e-mails can be damaging in many ways as unintended forwarding of sensitive information can adversely impact the company’s image and/or credibility.”

Partners of Microsoft point out that aside from being ahead of the pack, a new system must be cost-effective and thus worth the customers’ investment.

Dan Wooley, director of Strategic Global Alliances CA, a Microsoft partner, explains that infrastructure operating systems must be “extensible, stable, flexible and also predictable.”

He says nobody will invest in infrastructure that will not have any more support over the years as new technologies are born.

Chief News Editor: Sol Jose Vanzi

All rights reserved