With Latest Server, Microsoft Rides The 64-Bit Range
The OS formerly known as Longhorn is ready to run. Should you jump on or get the hell out of its way? We've launched a new type of Rolling Review
January 19, 2008
Let's face facts: The Windows Server 2008 Los Angeles launch gala will be a requiem for 32-bit computing. Microsoft's claim that more than half of server downloads are now of the 64-bit variety confirms that IT is looking to wring full advantage of the 64-bit-capable processors pervasively deployed in enterprise data centers. But is smashing through the 4-Gbyte RAM barrier all we have to look forward to, or will additions and improvements--including Network Access Protection, high availability, virtualization, Server Core, PowerShell, SMB 2.0, IIS7, a completely rewritten IP stack, and an updated version of Terminal Services--live up to their billing?
To find out, we're launching a new breed of Rolling Review, bringing Windows Server 2008 into our Boston Real-World Partner Labs and analyzing the most intriguing new features, one by one. Where competition exists, we'll invite other vendors for bake-offs. When a capability is unique, we'll put it through its paces and tell you what we find.
Microsoft is surely hoping Windows 2008 avoids the, shall we say, lack of enterprise enthusiasm that met Vista. Of course, there's good reason IT held off on Vista, but given the number of new features in Windows Server 2008, does it make sense to do a limited deployment sooner rather than later?
Many shops will sit tight no matter what Redmond does. Ask any CIO for rules to live by, and the No. 1 response might well be, "Thou shalt not deploy before SP1." Still, Microsoft seems more focused on bringing enterprise customers into the development and testing process this time around. Since the Beta 2 release of Longhorn, 30 Microsoft Technology Adoption Program partners have been running Windows Server 2008 in production across 779 role-based servers. Bill Laing, general manager of the Windows Server development team, emphasized that Longhorn development has been highly customer focused compared with previous rollouts. Microsoft is clearly betting on its Technology Adoption Program to jump-start that early-adopter base and generate buzz around Windows Server 2008. And as usual, there's no more aggressive--or earlier--adopter than the company's internal IT organization. Jim DuBois, general manager of Microsoft's infrastructure and security team, says the company's Web site has been running entirely on Win2k8/IIS7 since Beta 3. That's 84 servers running the sixth-most-visited Web site in the world, with an average of 15,000 hits per second.While we're sure this "dog fooding" policy, as DuBois describes it, has shaken out a few bugs, most CIOs can't grab a Windows Server developer by the ear when something goes wrong. The rest of us will download, test, and dissect Windows Server 2008 over at least a 12- to 24-month period. To get you started, here's a preview of what we'll cover in this Rolling Review.
(click image for larger view)
HYPER-V
On Feb. 19, 2003, Microsoft started its foray into virtualization by acquiring a privately held company called Connectix. Even then, customers were asking for a virtual machine that would allow for server OS upgrades while simultaneously maintaining support for legacy applications. But while VM technology was, theoretically, a great answer to a difficult problem, early success was rare. "We had to optimize code to the nth degree just to get it to work," says Jeff Woolsey of the Microsoft virtualization team. "Today, with 64-bit operating systems and virtualization-optimized processors like the Intel VT and AMD-V, a new level of performance and scalability has arrived."
Still, enterprises have always been leery of host-based virtualization, which requires all guest VMs to run inside a master operating system. If the master OS is lost or corrupted, you're toast. While Microsoft was late to the game, it realized that hypervisors, which negate the need for VMs to run inside a core operating system, were the future.
The result is Microsoft Hyper-V Server, formerly code-named Viridian. A preview of Hyper-V is available now for download with Windows Server 2008 RC1, and Microsoft says a beta version will ship with Windows Server 2008, with a general release target of 180 days after Win2k8 hits the shelves.
VMware and Xen have a big head start, and most will wait to see how well-built Microsoft's hypervisor is before switching. As for cost, while the Datacenter edition of Windows Server 2008 allows enterprises to deploy unlimited VMs on a physical server for $2,999 per processor, VMware's Infrastructure Standard allows IT to do the same for $2,995 and includes support for two processors. However, if you're tempted by the extras that come with VMware Infrastructure Enterprise, your cost will exceed that of a dual-processor Hyper-V server license, and you might consider Microsoft Windows Enterprise Server with Hyper-V, at $3,999. For that you'll get the OS license, 25 client access licenses, and four virtual instances per license. Microsoft says it's realized a physical server consolidation ratio of 8-to-1 in production data centers, so potential hardware, power, licensing, and space savings are considerable. In fact, an analysis conducted by Microsoft IT showed that power used in a full test lab server rack went from 525 amps to 8 amps, and rack space was consolidated from 32U to 2U. These stats speak to the advantages of virtualization, regardless of vendor choice. Typical results? Maybe not, but we'll take even half those savings.GET TO THE CORE
Microsoft's development team is touting a new installation option for Windows Server 2008, called "Server Core." Andrew Mason, principal program manager in the Windows Server team, says the genesis of Server Core is the role-based fashion in which customers deploy Windows Server. It's been years, Mason says, since he's heard a customer say, "This is my Windows server." Instead, machines might be DNS servers, say, or domain controllers. As a result, Server Core was designed to be a modular, role-based system that addresses the need for a reduced attack surface and footprint.
So what does Server Core look like? Fans of MS-DOS rejoice, because for the first time in a long time, when you boot a Microsoft server OS, your screen will look something like this: C:>
Server Core is a nongraphical, completely command-line-driven version of Windows Server 2008. What this means: To start, a server installation footprint of 1 Gbyte versus 6 Gbytes and elimination of many client-based apps, such as IE, that have created security threats. Because of the reduced attack surface, Microsoft says the number of server updates should be cut by around 40%.
For those more comfortable in a GUI environment, a Server Core box can be managed via MMC snap-ins running on remote servers. In addition, a limited number of graphical tools can be run on a Server Core build, including Task Manager, Notepad, and Regedit. If you have grand virtualization plans, you should be able to pack plenty of Server Core VMs onto your favorite VMware or Xen machine, and Hyper-V later this year. Roles that can be run on a Server Core build are limited to core Microsoft networking services.
THE POWER'S IN THE SHELLServer Core isn't the only "Linux-like" new feature. Server and database admins and developers will also gain a powerful new scripting environment, called Windows PowerShell, or Microsoft Command Shell.We saw an anonymous Unix blog post saying, "I didn't think the day would ever come that I would be saying this, but it seems like Microsoft actually invented a decent shell." Sentiments like these from Unix gurus stem from the fact that this is an object-based, .Net Framework-oriented shell. This differs from standard Unix shell environments that are text and command driven, with the result usually being comparatively less code to execute the same task.
With PowerShell, IT should be able to create and store powerful scripts that can be executed locally or remotely, in a variety of languages. Using what Microsoft terms "Command-lets," IT can accomplish many administrative tasks with less programmatic difficulty. For example, you can query a server for a list of all inactive services with one line of code. The same task in VBScript would take at least six lines--a lot more if you're as proficient at VBScript as we are.
The data returned can be easily manipulated, formatted, and fed to the console, a file, or a different utility. For server admins, PowerShell's ADSI and WMI support will open up Active Directory and Windows in a way only third-party, graphical-based utilities could do previously. Wassim Fayed of the PowerShell team demonstrated performing complex queries against an Active Directory; results were automatically exported to a spreadsheet by exposing the Office Shell through COM. PowerShell won't turn a point-and-click type into a scripting guru overnight, but it should help us accomplish tasks more quickly and efficiently.
TERMINAL SERVICES
No. 4 on our hit list of interesting new features is the improved Windows 2008 Terminal Services, which is now downright Citrix-like. For example, with TS RemoteApp and TS Web Access, individual applications now can be exposed to users via a desktop shortcut or Web page. As a result, it's no longer necessary to launch an entire Terminal Services environment to access and run internal corporate applications. With TS Gateway, a user outside the corporate boundary can execute an RDP session on any personal computer via HTTPS. And because the TS Gateway is really an SSL VPN that runs over port 443, not the RDP port of 3389, many firewalls will pass this traffic without problems.
The ability to centrally control access to network resources and apps at the TS Gateway level will be another strong sell. While TS Gateway still needs to be thoroughly tested in our labs, in some shops it could negate the need for enterprise VPN appliances to provide secure, remote access to corporate resources. Microsoft states up front that Windows 2008 Terminal Services isn't positioned for enterprise-scale deployments; it still lacks maturity when compared with Citrix for large-scale load-balancing, compression, and management of client connections. We hope to put Windows Server 2008 TS in a head-to-head comparison with Citrix later this year.
NAP TIMENetwork Access Protection provides for client patching and antivirus compliance. NAP is not meant to replace a firewall, and it's not a software distribution tool, but it is positioned as a pervasive enforcement point for clients attempting to connect to a network.
To ensure that non-domain-joined and remote clients are scanned for compliance, Microsoft is focusing on enforcing security policies at the DHCP, VPN, 802.1X, IPsec, and TS Gateway levels. DHCP will likely be the enforcement point of choice, given that most clients will need to consult a DHCP server before accessing network resources. Clients that fail a defined policy check for the presence of certain Windows updates, for example, or up-to-date antivirus client software, can be automatically placed into a quarantine area where patches and updates may be downloaded and installed. The NAP policy server can then revalidate.
We recommend a phased implementation, where a reporting-only period is followed by a delayed enforcement phase, where clients are given time to update before being quarantined. Or you can go for immediate enforcement, even for clients not under direct control. There is one rather large caveat: You must be using a client that can be natively checked by a NAP Server, and as of now that list has only Vista, Win2k8, XP with the upcoming release of SP3, and certain Windows Mobile devices. Windows 2000 will reach end of support soon, so don't count on it to ever get native NAP support.
Microsoft is working on integration with Cisco Systems' Network Access Control. But can NAP compete with a more mature offering like Cisco's NAC from the get-go? We'll put that to the test. Microsoft has said it will release a set of APIs that will allow patch management, antivirus, security, and terminal services vendors to develop software using NAP as a base.NAP is a role of Windows Server 2008 and doesn't require an additional license, but we'll have to depend on third parties for NAP components to provide enforcement for Linux and the Mac OS.
Finally, Microsoft appears to have made solid advancements in clustering and high availability. Windows Server 2003 provided high availability in two ways: through server failover clustering and network load balancing. The quorum model has been improved in failover clustering to eliminate the single point of failure that was present in the past when the quorum disk was lost. Using a voting methodology in what Microsoft calls the "majority quorum model," clustered servers and shared storage each get a vote in determining the availability of the clustered resource. As a result, a two-node cluster with shared storage can now survive the loss of a quorum because the shared storage now also gets a vote. Cluster configuration is easier thanks to an improved management UI with wizard-based setup options.
IT can also now disperse clustered resources geographically because Microsoft has eliminated the single subnet requirement for cluster setup. Configurable heartbeats account for network latency when configuring clusters over a WAN. Network load-balancing enhancements include improved DoS protection, additional health monitoring, and the ability to use a Server Core build as part of a network load-balancing cluster.
LET THE TESTING BEGIN
Even Microsoft detractors have to agree that Windows Server 2008 represents a significant advancement of the platform when compared with the Windows 2000 to Windows 2003 upgrade path. In addition, the shared code base of Vista and Windows Server 2008 should provide tangible benefits to those running Vista Pro in the enterprise in the way of NAP, faster IP networking, event log forwarding, and better client management.
But will Windows Server 2008's security, client management, virtualization, terminal services, and high-availability advances top best-of-breed third-party systems? Should small and midsize enterprises become early adopters to gain the wide range of role-based services that Windows Server 2008 provides? While we wait for the final version of Windows Server 2008, we'll prep our labs to put these new features to the test.0
You May Also Like