Windows Server 2008 fundamentals

2008 server

Windows Server 2008 is the Microsoft Windows' server line of operating systems. Released to manufacturing on February 4, 2008 and officially released on February 27, 2008, Like Windows Vista, Windows Server 2008 is built on the Windows NT 6.0 kernel. And latest update version is Windows Server 2008 R2.

Features

• Server Core
• Active Directory roles
• Fail over Clustering
• Windows Power Shell
• Self-healing NTFS
• Hyper-V
• Windows System Resource Manager
• Server Manager
• Other features
• Core OS improvements
• Active Directory improvements
• Policy related improvements
• Disk management and file storage improvements
• Protocol and cryptography improvements
• Improvements due to client-side (Windows Vista) enhancements
• Miscellaneous improvements
  

Server Core:

Windows Server 2008 includes a variation of installation called Server Core . Server Core is a significantly scaled-back installation where no Windows Explorer shell is installed. All configuration and maintenance is done entirely through command line interface windows, or by connecting to the machine remotely using Microsoft Management Console. However, Notepad and some control panel applets, such as Regional Settings, are available.

Server Core does not include the .NET Framework, Internet Explorer, Windows PowerShell or many other features not related to core server features. A Server Core machine can be configured for several basic roles: Domain controller/Active Directory Domain Services, ADLDS (ADAM), DNS Server, DHCP Server, file server, print server, Windows Media Server, IIS 7 web serverand Hyper-V virtual server. Server Core can also be used to create a cluster with high availability using Failover Clustering orNetwork Load Balancing.

Andrew Mason, a program manager on the Windows Server team, noted that a primary motivation for producing a Server Core variant of Windows Server 2008 was to reduce the attack surface of the operating system, and that about 70% of the security vulnerabilities in Microsoft Windows from the prior five years would not have affected Server Core.

Active Directory roles:

Active Directory roles is expanded with identity, certificate, and rights management services. Active Directory, until Windows Server 2003, allowed network administrators to centrally manage connected computers, to set policies for groups of users, and to centrally deploy new applications to multiple computers. This role ofActive Directory is being renamed as Active Directory Domain Services (ADDS). A number of other additional services are being introduced, including Active Directory Federation Services (ADFS), Active Directory Lightweight Directory Services (AD LDS), (formerly Active Directory Application Mode, or ADAM), Active Directory Certificate Services (ADCS), and Active Directory Rights Management Services (ADRMS). Identity and certificate services allow administrators to manage user accounts and the digital certificates that allow them to access certain services and systems. Federation management services enable enterprises to share credentials with trusted partners and customers, allowing a consultant to use his company user name and password to log in on a client's network. Identity Integration Feature Pack is included asActive Directory Met directory Services. Each of these services represents a server role.

Failover Clustering:

Windows Server 2008 offers high-availability to services and applications through Failover Clustering. Most server features and roles can be kept running with little to no downtime.

Windows Power Shell:

Windows Server 2008 is the first Windows operating system to ship with Windows Power Shell, Microsoft's new extensible command line shell and task-based scripting technology. Power Shell is based on object-oriented programming and version 2.0 of the Microsoft .NET Framework and includes more than 120 system administration utilities, consistent syntax and naming conventions, and built-in capabilities to work with common management data such as the Windows Registry, certificate store, or Windows Management Instrumentation. PowerShell's scripting language was specifically designed for IT administration, and can be used in place of cmd.exe and Windows Script Host.

Self-healing NTFS:

In previous Windows versions, if the operating system detected corruption in the file system of an NTFSvolume, it marked the volume "dirty"; to correct errors on the volume, it had to be taken offline. With self-healing NTFS, an NTFS worker thread is spawned in the background which performs a localized fix-up of damaged data structures, with only the corrupted files/folders remaining unavailable without locking out the entire volume and needing the server to be taken down. Theoperating system now features S.M.A.R.T. detection techniques to help determine when a hard disk may fail. This feature was first presented within WindowsVista.

Hyper-V:

Hyper-V is a hypervisor-based virtualization system, forming a core part of Microsoft's virtualization strategy. It virtualizes servers on anoperating system 's kernel layer. It can be thought of as partitioning a single physical server into multiple small computational partitions. Hyper-V includes the ability to act as a Xen virtualization hypervisor host allowing Xen-enabled guest operating systems to run virtualized. A beta version of Hyper-V ships with certain x86-64 editions of Windows Server 2008. Microsoft released the final version of Hyper-V on 26 June 2008 as a free download. Also, a standalone version of Hyper-V exists. This version also only supports the x86-64 architecture. While the x86 editions of Windows Server 2008 cannot run the Hyper-V integrations, they can run the Manager Console and Hyper-V tools.

Windows System Resource Manager:

Windows System Resource Manager (WSRM) is being integrated into Windows Server 2008. It provides resource management and can be used to control the amount of resources a process or a user can use based on business priorities. Process Matching Criteria, which is defined by the name, type or owner of the process, enforces restrictions on the resource usage by a process that matches the criteria. CPU time, bandwidth that it can use, number of processors it can be run on, and allocated to a process can be restricted. Restrictions can be set to be imposed only on certain dates as well.

Server Manager:

Server Manager is a new roles-based management tool for Windows Server 2008. It is a combination ofManage Your Server and Security Configuration Wizard from Windows Server 2003. Server Manager is an improvement of the Configure my server dialog that launches by default on Windows Server 2003 machines. However, rather than serve only as a starting point to configuring new roles, Server Manager gathers together all of the operations users would want to conduct on the server, such as, getting a remote deployment method set up, adding more server roles etc and provides a consolidated, portal-like view about the status of each role.

Other features:

Other new or enhanced features include:

Core OS improvements:

• Fully multi-componentized operating system.
• Improved hot patching, a feature that allows non-kernel patches to occur without the need for a reboot.
• Support for being booted from Extensible Firmware Interface (EFI)-compliant firmware on x86-64 systems.
• Dynamic Hardware Partitioning
  • Support for the hot-addition of processors and memory, on capable hardware.
  • Support for the hot-replacement of processors and memory, on capable hardware.
• A new "Read-Only Domain Controller" operation mode in Active Directory, intended for use in branch office scenarios where a domain controller may reside in a low physical security environment. The RODC holds a non-writeable copy ofActive Directory , and redirects all write attempts to a Full Domain Controller. It replicates all accounts except sensitive ones. In RODC mode, credentials are not cached by default. Moreover, only the replication partner of the RODC needs to run Windows Server 2008. Also, local administrators can log on to the machine to perform maintenance tasks without requiring administrative rights on the domain.
• Restartable Active Directory allows ADDS to be stopped and restarted from the Management Console or the command-line without rebooting the domain controller. This reduces downtime for offline operations and reduces overall DC servicing requirements with Server Core. ADDS is implemented as a Domain Controller Service in Windows Server 2008.
• All of the Group Policy improvements from Windows Vista are included. Group Policy Management Console (GPMC) is built-in. The Group Policy objects are indexed for search and can be commented on.
• Policy-based networking with Network Access Protection, improved branch management and enhanced end user collaboration. Policies can be created to ensure greater Quality of Service for certain applications or services that require prioritization of network bandwidth between client and server.
• Granular password settings within a single domain - ability to implement different password policies for administrative accounts on a "group" and "user" basis, instead of a single set of password settings to the whole domain.
• The ability to resize hard disk partitions without stopping the server, even the system partition. This applies only to simple and spanned volumes, not to striped volumes.
• Shadow Copy based block-level backup which supports optical media, network shares and Windows Recovery Environment.
• DFS enhancements - SYSVOL on DFS-R, Read-only Folder Replication Member. There is also support for domain-based DFS namespaces that exceed the previous size recommendation of 5,000 folders with targets in a namespace.
• Several improvements to Failover Clustering (High-availability clusters).
• Internet Storage Naming Server (iSNS) enables central registration, deregistration and queries for iSCSI hard drives.
• Support for 128- and 256-bit AES encryption for the Kerberos authentication protocol.
• New cryptography (CNG) API which supports elliptic curve cryptography and improved certificate management.
• Secure Socket Tunneling Protocol, a new Microsoft proprietary VPN protocol.
• AuthIP, a Microsoft proprietary extension of the IKE cryptographic protocol used in IPsec VPN networks.
• Server Message Block 2.0 protocol in the new TCP/IP stack provides a number of communication enhancements, including greater performance when connecting to file shares over high-latency links and better security through the use of mutual authentication and message signing.
• Searching Windows Server 2008 servers from Windows Vista clients delegates the query to the server, which uses the Windows Search technology to search and transfer the results back to the client.
• In a networked environment with a print server running Windows Vista, clients can render print jobs locally before sending them to print servers to reduce the load on the server and increase its availability.
• Event forwarding aggregates and forwards logs of subscribed Windows Vista client computers back to a central console. Event forwarding can be enabled on the client subscribers from the central server directly from the event management console.
• Offline Files are cached locally so that they are available even if the server is not, with copies seamlessly updating when the client and server are reconnected.
• Windows Deployment Services replacing Automated Deployment Services and Remote Installation Services. Windows Deployment Services (WDS) support an enhanced multicast feature when deploying operating system images.
• Internet Information Services 7 - Increased security, XCOPY deployment, improved diagnostic tools, delegated administration.
• Windows Internal Database, a variant of SQL Server Express 2005, which serves as a common storage back-end for several other components such as Windows System Resource Manager, Windows SharePoint Services and Windows Server Update Services. It is not intended to be used by third-party applications.

Active Directory improvements:

• A new "Read-Only Domain Controller" operation mode in Active Directory, intended for use in branch office scenarios where a domain controller may reside in a low physical security environment. The RODC holds a non-writeable copy of Active Directory, and redirects all write attempts to a Full Domain Controller. It replicates all accounts except sensitive ones. In RODC mode, credentials are not cached by default. Moreover, only the replication partner of the RODC needs to run Windows Server 2008. Also, local administrators can log on to the machine to perform maintenance tasks without requiring administrative rights on the domain.
• Restartable Active Directory allows ADDS to be stopped and restarted from the Management Console or the command-line without rebooting the domain controller. This reduces downtime for offline operations and reduces overall DC servicing requirements with Server Core. ADDS is implemented as a Domain Controller Service in Windows Server 2008.

Policy related improvements:

• All of the Group Policy improvements from Windows Vista are included. Group Policy Management Console (GPMC) is built-in. The Group Policy objects are indexed for search and can be commented on.
• Policy-based networking with Network Access Protection, improved branch management and enhanced end user collaboration. Policies can be created to ensure greater Quality of Service for certain applications or services that require prioritization of network bandwidth between client and server.
• Granular password settings within a single domain - ability to implement different password policies for administrative accounts on a "group" and "user" basis, instead of a single set of password settings to the whole domain.
• The ability to resize hard disk partitions without stopping the server, even the system partition. This applies only to simple and spanned volumes, not to striped volumes.
• Shadow Copy based block-level backup which supports optical media, network shares and Windows Recovery Environment.
• DFS enhancements - SYSVOL on DFS-R, Read-only Folder Replication Member. There is also support for domain-based DFS namespaces that exceed the previous size recommendation of 5,000 folders with targets in a namespace.
• Several improvements to Failover Clustering (High-availability clusters).
• Internet Storage Naming Server (iSNS) enables central registration, deregistration and queries for iSCSI hard drives.

Disk management and file storage improvements:

• The ability to resize hard disk partitions without stopping the server, even the system partition. This applies only to simple and spanned volumes, not to striped volumes.
• Shadow Copy based block-level backup which supports optical media, network shares and Windows Recovery Environment.
• DFS enhancements - SYSVOL on DFS-R, Read-only Folder Replication Member. There is also support for domain-based DFS namespaces that exceed the previous size recommendation of 5,000 folders with targets in a namespace.
• Several improvements to Failover Clustering (High-availability clusters).

Internet Storage Naming Server (iSNS) enables central registration, deregistration and queries for iSCSI hard drives.

Protocol and cryptography improvements:

• Support for 128- and 256-bit AES encryption for the Kerberos authentication protocol.
• New cryptography (CNG) API which supports elliptic curve cryptography and improved certificate management.
• Secure Socket Tunneling Protocol, a new Microsoft proprietary VPN protocol.
• AuthIP, a Microsoft proprietary extension of the IKE cryptographic protocol used in IPsec VPN networks.

Server Message Block 2.0 protocol in the new TCP/IP stack provides a number of communication enhancements, including greater performance when connecting to file shares over high-latency links and better security through the use of mutual authentication and message signing.

Improvements due to client-side (Windows Vista) enhancements:

• Searching Windows Server 2008 servers from Windows Vista clients delegates the query to the server, which uses the Windows Search technology to search and transfer the results back to the client.
• In a networked environment with a print server running Windows Vista, clients can render print jobs locally before sending them to print servers to reduce the load on the server and increase its availability.
• Event forwarding aggregates and forwards logs of subscribed Windows Vista client computers back to a central console. Event forwarding can be enabled on the client subscribers from the central server directly from the event management console.
• Offline Files are cached locally so that they are available even if the server is not, with copies seamlessly updating when the client and server are reconnected.

Miscellaneous improvements:

• Windows Deployment Services replacing Automated Deployment Services and Remote Installation Services. Windows Deployment Services (WDS) support an enhanced multicast feature when deploying operating system images.
• Internet Information Services 7 - Increased security, XCOPY deployment, improved diagnostic tools, delegated administration.
• Windows Internal Database, a variant of SQL Server Express 2005, which serves as a common storage back-end for several other components such as Windows System Resource Manager, Windows SharePoint Services and Windows Server Update Services. It is not intended to be used by third-party applications.
• An optional "Desktop Experience" component provides the same Windows Aero user interface as Windows Vista, both for local users, as well as remote users connecting through Remote Desktop.