In-Depth

Windows Server 2008: So Far, So Good

Enhanced administration, security, IIS updates and virtualization promise to make moving to Microsoft's new server OS worthwhile.

While most readers have yet to put Windows Server 2008 fully through its paces, those who have say they like what they see so far. New features and updates such as the integrated Hyper-V virtualization, revamped Internet Information Services (IIS) 7.0, and bolstered security and administration tools make Windows Server 2008 a fairly attractive upgrade, even to those who were happy with Windows Server 2003.

"It's a very good upgrade from Server 2003," says John Sullivan, director of information technology at Major League Soccer & Soccer United

Marketing in New York. "Server 2003 was a great product and it still is. But this definitely has its benefits."

On the Plus Side
Sullivan says one of the biggest reasons he's considering upgrading his current 2003 setup is for the new Hyper-V virtualization features within Windows Server 2008. He has already been testing Windows Server 2008 release candidate 1 (RC1) for a few weeks, but has yet to fully test out the Hyper-V features.

"I have a bunch of [Microsoft] Virtual Server 2005 machines running in here, with probably 20 physical servers and another 20 running on the virtual side," Sullivan says. "As 2008 starts to creep its way in here, Hyper-V is something I'm going to totally take advantage of."

Sullivan also says IIS 7.0's new admin features, secure installation and configuration options, and its ability to delegate tasks are all key improvements.

"IIS 7.0 has been revamped from an admin standpoint, so the management console is definitely more user-friendly," he says. "All the tasks are built right into the main page, whereas in 6.0, you had to dig for them or script for them."

The new version is also more "componentized," so that during installation, you can designate the type of Web server you need. For example, you may need to serve Web applications or simple HTML pages. Server 2008 will install only the components required for that purpose.

"It eliminates any security risks since it doesn't install extra components," Sullivan says. "At the same time, the fact that you don't have those components in there means you're increasing the overall performance of the Web server."

In fact, Sullivan tested a standard install of IIS 6.0 against a standard install of IIS 7.0 and was able to see a clear benefit. "There was definitely a performance improvement there," he says.

The new version of IIS also saves Sullivan time, because it lets him assign roles via policies so that non-admin users can update Web information.

"Right now in IIS 6.0, my creative department creates information for our Web site and submits it. At that point, someone in the IT group uploads it to the site," Sullivan says. "With IIS 7.0, I can delegate access. It lets me provide the creative department with direct access to the folders they need to upload stuff, without allowing them to get into any other Web server components that I don't want them touching."

Bolstered Security
Beyond the enhanced security options in IIS, Windows Server 2008 boasts several new features aimed at shoring up security in Windows environments. For example, Windows Server 2008 now has more granular password policies, support for Network Access Protection (NAP) and Read-Only Domain Controllers (RODCs) that let you securely distribute an Active Directory database to remote sites.

"The password policy is something that I'm very happy they finally changed, because in the past, you had one password policy for your entire domain," Sullivan says.

The improved granularity beefs up password security. "Now, with the new password policy, you can break that down, create policies and then apply them to different objects or groups inside of AD," he says. "You can force your domain admins to have a 14-character password, while a temp can have just a simple six- or eight-character password."

There is one caveat. He cautions that the new policies will only work if all domain controllers (DCs) are on Windows Server 2008: "You have to get rid of the 2003 domain controllers before you can actually provide this functionality. It's got to be a complete 2008 model."

A big change for Sullivan is Windows Server 2008's new support for NAP, which lets him ensure that Windows Server 2008 gives a health check to every client seeking access to the network. The health check ensures each client is up-to-date in terms of firewall, anti-virus and anti-spyware configurations.

"You just set up a policy, and if the clients don't meet your security requirements, you quarantine them," he says. "At that point, IT can manually update the client or have it redirected to a separate server, where it can automatically download the requisite software updates and come into compliance. Only when they're set can they can continue to log into the network."

RODCs are another security plus.

"We have a couple of remote sites here, and we have them log in over the WAN. Once a month or so, someone complains that it takes them 10 minutes to log in, due to Internet traffic or whatever," Sullivan explains.

Windows Server 2008's new RODCs will eliminate that problem because they'll let Sullivan securely deploy a DC at the remote site so his remote users can log into the network locally.

"It eliminates those performance issues-plus you don't have to worry about security because it's read-only," he explains. "So even if someone comes in and steals that server, they can't do much with it."

Administrative Ease
Administration is much easier in Windows Server 2008 than in previous versions. This became apparent to Sullivan during installation.

"The actual installation of Server 2008 was ridiculously easy," he says. "I've tried it on multiple boxes, and from the time you pop the DVD in until the time you're logging into the system, it takes just 20 minutes."

After that, however, users need to install the server roles. Still, it's a time-savings over 2003, he notes, which could take an hour or more for the initial install.

Other readers say the biggest administrative change is the new Server Manager.

"I really like it because everything is right there for you," says David Parks, an independent analyst in Beaverton, Ore. "Before, things were separate, so Computers and Users was in one snap-in, Sites and Services was in another and Device Manager was in another. Now, you can do all that within Server Manager. It's much easier."

Another plus is the integrated PowerShell, which Sullivan says eases Web server configuration: "If you do an IIS role-based installation through Server Manager, you can capture all that information in PowerShell."

Figure 1

Worth a Try
Overall, readers like what they see in Windows Server 2008.

"I like all the new features and I haven't seen any stability issues at all yet," Parks says. "It hasn't crashed, locked up or been really slow. It's been fine."

Parks advises new users to take it slow with Windows Server 2008, but definitely try it out: "Don't be afraid to start playing with it."

More Information

Although Windows Server 2008 offers greatly increased functionality in some areas, it falls short in others. Here are some features users would like to see in future versions:

  • New FTP: The FTP service in Windows Server 2008 is exactly the same as it was in the 2003 version.

    "When you launch it and install it as a role, they trick you in the beginning because it's located inside the new IIS 7.0 manager," says John Sullivan, director of IT at Major League Soccer & Soccer United Marketing in New York. "When you click on it, it launches IIS 6.0 manager. So you're back to the same old thing."

    He would have preferred a new interface and management tool: "I'd like to see some kind of FTP wizard to let you create and manage your isolated FTP sites, folders and users on the fly. That's a big disappointment in 2008."

  • Hardware Compatibility: David Parks, an independent analyst in Beaverton, Ore., says he couldn't use his motherboard CD to do the Windows Server 2008 install.

    "That concerns me because there has to be a lot of people with systems that have motherboard CDs they need in order to install drivers and so on," he says. "I think there are some compatibility issues with older hardware."

  • Better Backup: Although the backup utility that comes with Windows Server 2008 is simple and straightforward, it isn't exactly feature-rich, Parks notes.

    "It shows you a log of the backups, which is nice, and it's not confusing or complicated," he says. "When you go through the wizard, there aren't too many steps to choose from. It asks you what you want to back up, and there's a page for choosing the type of storage for the backup, and there you just have two options: local drives or a remote shared folder."

    When Parks left it at local drives, the utility only discovered his CD drive, not his DVD drive. "They need another text box where you can type in a path to get it where you want it."

    -J.C.

  • About the Author

    Joanne Cummings is principal writer and editor for Cummings Ltd., a freelance editorial firm based in North Andover, Mass.

    Featured

    comments powered by Disqus

    Subscribe on YouTube