In-Depth

Server Core: Windows Without Windows

The new Server Core is a stripped-down, rock-solid version of Longhorn.

• By Don Jones
• 10/01/2006

Server Core reflects a changing view of servers. "Administrators are accustomed to thinking of servers by their role. That's my file server, that's a domain controller, that's an Exchange server," says Andrew Mason, a Microsoft program manager for Server Core. Some of those roles really don't use much of what is built into Windows.

Server Core also recognizes -- based on painful experience -- that fewer "moving parts" in an operating system equates to fewer vulnerabilities, stability issues and maintenance points. Reducing the amount of code can help reduce the amount of bugs. That's what Server Core is all about.

Server Core can only act as a file server, domain controller, DNS server or DHCP server. As such, it's far from being a full-fledged Windows operating system (although Microsoft is considering other roles for future versions). Besides these four core roles, Server Core also supports Cluster Server, Network Load Balancing, the Unix subsystem, the new Windows Backup in Longhorn, Multipath I/O, Removable Storage Management, BitLocker drive encryption and SNMP. Server Core also supports Remote Desktop administration, although you'll only get a command-line window when you connect.

That's about it. There's no Internet Explorer, no Outlook Express, Calculator or Windows Paint, no Wordpad, Windows Messenger or Media Player -- just the basics. Microsoft did add Windows Notepad to Server Core at the request of several sneak-preview customers, but even that's a stripped down version. You can't, for example, use the "Save As" function, because Server Core doesn't have dialog boxes for functions like Open and Save As.

There's also no Microsoft .NET Framework. This means you can't run any managed code on Server Core. Mason says his development team wants to add the .NET Framework to Server Core, but they first need the Framework team to modularize the code so they can add just the essentials. The Framework's absence in Server Core is significant. For example, you can't run Windows PowerShell, Microsoft's vaunted new management shell, on Server Core. That doesn't mean you're out of remote management options, however.

Server Core will come in Standard, Enterprise and Datacenter editions for i386 and x64 platforms. Most companies will probably opt for the Standard edition because most of the differences found in the Enterprise and Datacenter editions of Longhorn won't be present in Server Core. The Enterprise Server Core does, however, get you more processor and memory support, as well as clustering. Datacenter adds the whole Datacenter hardware program and 99.999 percent reliability -- although the current Datacenter isn't exactly flying off the shelves.

Get to the Core
Server Core comes up as an installation option when you install Longhorn Server. It's important to understand that going with Server Core requires a clean install (no upgrades from earlier versions or from the full version of Longhorn). There's also no "upgrade" path from Server Core. You can't, for example, make it into a full Windows server without performing another clean install.

The absence of a graphical interface is almost immediately apparent. Logging onto the server doesn't bring up the usual first-run "Finish setting up Windows" screen displayed by the full version of Longhorn. This also brings up your first quandary: How do you change the Administrator password? How do you join a domain? How do you activate the thing?

After all, without system notification, there are no "Activate Windows" balloon reminders (not that anyone will miss those). There's certainly no Start Menu from which to launch activation. The setup experience, in fact, is one of the primary challenges Mason and his team had to handle.

For all of Microsoft's boasting about the ease of remote Windows management, the Server Core team has dealt with a slightly different story. They've built custom utilities to cover for Windows' remote management shortcomings. The only file that comes with Server Core and no other edition of Windows is SCRegEdit.wsf, a VBScript the team cobbled together to set up Windows Update, configure a pagefile, set up the time zone and enable Remote Desktop. You would normally need a mouse and a GUI to complete those steps.

You can use existing tools like Netdom.exe to join the machine to a domain, rename it and so on. For automatic product activation, you can use Slmgr.vbs. That can even handle phone-based activation, although given the length of the activation code you have to type into the command line, you'll want to make sure automatic activation works if at all possible. You can even use Slmgr.vbs from another machine for true remote manageability.

Zen-like Simplicity
When you first log onto a Server Core console, you'll see two command-line windows. Why two? In case you close one, of course. The final version will probably display only one command-line at logon -- you can hit Ctrl | Alt | Delete and bring up the Task Manager to launch a new Cmd.exe process if you accidentally close one.

In fact, Figure 1 shows that the statement "Windows without windows" isn't exactly true. You'll see that it does have a bare minimum of Windows' GUI capabilities for simple dialogs like Task Manager and basic installation software. The mouse also works, in case you were wondering.

[Click on image for larger view.]

Figure 1.While Server Core is essentially Windows without windows, you do still have access to some Windows tools.

Want to make a domain controller? Just run Dcpromo.exe, as always. Because Dcpromo.exe can't display graphically, however, you'll need to provide an unattended installation text file. This is the same kind of file you would use to promote any DC in your environment. Server Core uses Longhorn's technique of actually installing and removing the real binary code when you add and remove roles. It's not just starting a few services. It's actually copying real bits into the system directory. This helps improve security. If you aren't running a feature, physically removing its code ensures that it can't be used against you.

Managing the Beast
Forget about logging onto a Server Core console and managing it from there. Sure, you can do it. There's no GUI on the server, though, and there's no point making the trip to the datacenter or even firing up the Remote Desktop console. You can do everything you need remotely. Just use the Microsoft Management Console snap-ins you always have for administering DHCP, DNS or Active Directory.

Use Explorer for file and folder management. Heck, use your VBScripts or Windows PowerShell, since Server Core supports both remote Windows Management Instrumentation and Active Directory Services Interface connections. The only difference is that you'll run these management tools on your system, not the server console.

You can use Group Policy to centralize configuration. Server Core reads and obeys Group Policy objects (GPOs) from the domain just fine. In fact, GPOs are the best way to configure Server Core features like the Windows Firewall and Automatic Updates client.

If your workstations will be running Windows Vista, you can use a cool new feature called WS-Management. Server Core includes a WS-Management "listener." Vista has the new WinRS -- that's the Windows Remote Shell client. Type a command and WinRS transmits it to the server, where the command executes. Any output is displayed on your workstation. Finally, a compelling reason to upgrade to the much-delayed Vista.

Right now, WinRS doesn't support interaction. Your commands must be all-inclusive so the command doesn't need additional information. That may improve later in the Longhorn development cycle as the product teams try to add more back-and-forth capabilities.

Less Is More
Cramming Windows into a single gigabyte or less (down from Longhorn's 5GB to 6GB footprint) requires leaving out plenty of elements. Drivers are a good starting place. Server Core doesn't do sound, so it doesn't need sound-card drivers. It doesn't print, so it doesn't need printer drivers. This is the type of missing stuff that, quite frankly, you'll never miss.

On the topic of drivers, though, how the heck do you install new hardware without the Control Panel or Add Hardware Wizard? Relax, Server Core supports plug 'n' play, but it does so silently. If you need to provide a custom driver, install it first with the Drvload utility. Point it at the driver's INF file and your driver will become part of Windows' built-in list and you can silently install the hardware.

That will work if the driver itself is digitally signed. Right now, there's no GUI to configure driver-signing policy. Server Core does have the Group Policy client, so you could use Group Policy to configure driver signing. Microsoft is considering adding a command-line utility to control driver signing options for Server Core.

Server Core isn't the stripped-down Yugo of the Windows world. It has what you need, and only what you need -- IPSec, Windows Firewall, Event Log, Performance Monitor counters, Licensing, Windows File Protection, outgoing HTTP support and then some. Nothing strictly necessary was tossed overboard. The default services list is miniscule, with about 40 entries.

If you use third-party software agents to help improve manageability, software deployment or other tasks, you should be in good shape. Most agent software doesn't display any kind of GUI, so they'll usually install fine. This is especially true if they're packaged in an .MSI file (Server Core includes the Windows Installer service). If they use .NET managed code, however, you're out of luck. Make sure you test any agents you plan to use in advance.

Systems Management Server and Microsoft Operations Manager, for example, seem to work fine. The anti-virus software used by Microsoft and many other enterprise-class anti-virus packages also work. Microsoft's "Designed for ..." logo program for Windows Longhorn Server will include a Server Core element, so third-party developers can identify code that's compatible with Server Core.

Ready for Your Core?
Perhaps more interesting than Server Core itself is what it promises for the future. With a stripped down version of Windows, Microsoft has to provide better remote, non-GUI management tools. These tools can make it easier to automate repetitive administration tasks.

Microsoft product teams will have to think in layers, imagining a minimum set of features that can run on Server Core with minimal dependencies. Then they can conjure a broader set of features for full versions of Windows. Manageability will become distinctly separate from server products.

Server Core is shaping up as the perfect infrastructure server. With a smaller disk and memory footprint, there are more system resources available for the server's workload. The reduced management and attack surface also make it more stable and reliable than other versions of Windows.

When Longhorn Server ships in 2007, Windows will have finally "caught up" to Novell NetWare 3.x. Server Core is a server that's just a server, not a full-fledged client as well. Get your hands on the public beta of Longhorn Server to check out Server Core. In the meantime, start getting used to that command-line prompt. It's your new best friend.