Steers Or Hogs? Here's how Vista and Server 2008 stack up in resource usage
Server Operating Systems |
Min. CPU/RAM |
Recommended CPU/RAM |
Max. RAM for 32-bit/64-bit |
Minimum Disk |
Windows Server 2008 Standard |
1 GHz/512 Mbytes |
2 GHz/2 Gbytes |
4 Gbytes/32Gbytes |
10 Gbytes |
Windows Server 2008 Enterprise |
1 GHz/512 Mbytes |
2 GHz/2 Gbytes |
64 Gbytes/2 Tbytes |
10 Gbytes |
Windows Server 2008 Datacenter |
1 GHz/512 Mbytes |
2 GHz/2 Gbytes |
64 Gbytes/2 Tbytes |
10 Gbytes |
Windows Server 2008 for Itanium-based systems |
Intel Itanium 2/512 Mbytes |
Itanium 2/2 Gbytes |
Not applicable/2 Tbytes |
10 Gbytes |
Windows Vista Home Basic |
800 MHz/512 Mbytes |
1 GHz/512 Mbytes |
4 Gbytes/8 Gbytes |
20-Gbyte hard drive w/15 Gbytes free |
Windows Vista Home Premium |
800 MHz/512 Mbytes |
1 GHz/1 Gbyte |
4 Gbytes/16 Gbytes |
40-Gbyte hard drive w/15 Gbytes free |
Windows Vista Business |
800 MHz/512 Mbytes |
1 GHz/1 Gbyte |
4 Gbytes/128 Gbytes |
40-Gbyte hard drive w/15 Gbytes free |
Windows Vista Ultimate |
800 MHz/512 Mbytes |
1 GHz/1 Gbyte |
4 Gbytes/128 Gbytes |
40-Gbyte hard drive w/15 Gbytes free |
|
NAP TIME
Network Access Protection provides for client patching and antivirus compliance. NAP is not meant to replace a firewall, and it's not a software distribution tool, but it is positioned as a pervasive enforcement point for clients attempting to connect to a network.
To ensure that non-domain-joined and remote clients are scanned for compliance, Microsoft is focusing on enforcing security policies at the DHCP, VPN, 802.1X, IPsec, and TS Gateway levels. DHCP will likely be the enforcement point of choice, given that most clients will need to consult a DHCP server before accessing network resources. Clients that fail a defined policy check for the presence of certain Windows updates, for example, or up-to-date antivirus client software, can be automatically placed into a quarantine area where patches and updates may be downloaded and installed. The NAP policy server can then revalidate.
We recommend a phased implementation, where a reporting-only period is followed by a delayed enforcement phase, where clients are given time to update before being quarantined. Or you can go for immediate enforcement, even for clients not under direct control. There is one rather large caveat: You must be using a client that can be natively checked by a NAP Server, and as of now that list has only Vista, Win2k8, XP with the upcoming release of SP3, and certain Windows Mobile devices. Windows 2000 will reach end of support soon, so don't count on it to ever get native NAP support.
Microsoft is working on integration with Cisco Systems' Network Access Control. But can NAP compete with a more mature offering like Cisco's NAC from the get-go? We'll put that to the test. Microsoft has said it will release a set of APIs that will allow patch management, antivirus, security, and terminal services vendors to develop software using NAP as a base.