Windows Server 2008: Taking a Closer Look
Virtualization and configurability in Microsoft's new server OS present enterprise IT shops with both challenges and opportunities.
- By Peter Varhol
When you install and configure a server operating system, you hope you'll never have to do it again. It's inordinately complex and time-consuming. Each server is a unique creation, and each configuration meticulously adapted to a particular use.
Any installed drivers, applications and other software components reflect that specialized use. Even individual applications may have a unique set of patches. It's difficult, if not impossible, to identify each unique configuration and determine how to replicate it on a new OS.
So why should you bother with Windows Server 2008? You'll still have to replicate your server environment on each server as you replace your old OS. It should take less time, though, with Windows Server 2008. And when you're done, you'll have a more secure, more manageable and better performing box, both physically and virtually.
In reality, swapping out your Windows 2000 or Windows 2003 Servers for Windows Server 2008 is only going to be slightly less painful than in the past. The resulting value is real, but in many cases probably not a game-changer. You'll have to weigh the costs in both dollars and time against the benefits to your organization.
Don't be surprised if the cost/benefit analysis tells you to start planning for a migration today. In many cases, it will take a year or more to plan and execute, and the return on the initial investment may not come until years later-but you'll sleep better at night. The question is easier if you've reached the end-of-life on Windows NT 4. If so, it's high time to upgrade.
Product of Its Environment
To understand Windows Server 2008, you have to look at several overarching trends in the industry and the concerns of most server customers. Bill Laing, general manager of Microsoft's Windows Server division, calls Windows Server 2008 "the most customer-focused operating system release in our history."
First, Moore's Law has essentially taken a turn from continually increasing clock speeds and put in multiple execution units on the same processor unit. We still think of the unit as a single processor. Units are, in fact, multiple processors, each capable of executing individual processes or even threads. To achieve the performance improvements theoretically possible with this type of architecture, we need an OS capable of dispatching those processes to multiple cores.
Second, while you may debate the relative merits of 32-bit versus 64-bit address space and word size, at the very least, it appears we're in the early stages of a fundamental shift to 64-bit computing. For a long time, some argued that we wouldn't need the address space provided by 64-bits. That's no longer the case.
Third, reliable and high-performance virtualization presents a radically new usage model for server-based computing. IT shops are turning to virtualization as the solution to a host of different issues, including server consolidation, utilization, business continuity and flexibility.
[Click on image for larger view.]
| Figure 1. The Windows Server 2008 Virtualization Manger lets you easily keep track of Hyper-V based VMs and their status.
Fourth, as server farms grow to sizes unimaginable just a decade ago, we find ourselves suddenly concerned with power consumption. There's a green component to that, but it mostly centers on the cost of power. If we can reduce our carbon footprint while we lower our electricity bills, we can feel good while we're saving money.
Overshadowing all of these trends is security. Every IT shop spends a significant amount of its effort locking down, monitoring and cleansing servers-not to mention the lost productivity inherent in an environment that's too restrictive. No new server can replace current installations unless the potential for intrusion is significantly reduced.
This is the landscape in which Windows Server 2008 was designed and developed. Most of the major features respond to these trends. The rest deal with more specific customer requirements, especially those from large enterprises that seek to roll out more Windows servers.
Back to Basics
Perhaps the most significant innovation in Windows Server 2008 is Server Core and the concept of server roles. Server Core is based on the idea that less is better. Think of Server Core as the framework required for an OS to perform a variety of different tasks. The roles are those tasks. You can discretely add or leave off roles, depending on which set of tasks each individual server requires.
Server Core is the minimum configuration, sans specific roles. It provides essential server functionality and uses a command-line interface with no GUI shell. You can install and use Server Core alone, although you'll almost certainly want to include some of the available roles and features.
Windows Server 2008 supports 18 different roles. These include DHCP, file, print, AD, virtualization, Media Services, DNS and Internet Information Services (IIS). Server Core also has other options, including WINS, Failover Clustering, Subsystem for Unix-based applications, Backup, Multipath IO, Removable Storage Management, Bitlocker Drive Encryption, SNMP, Telnet Client and QoS (Quality of Service). You can add and configure these features if you need them to support a role or set of roles, or if a server needs them for operational reasons.
You might ask, "Why design an operating system in roles?" The better question is, "Why has it taken so long?" Servers play many different roles in the enterprise, yet you can't easily turn off one role to emphasize another. For most operating systems, you have a single edition OS that you configure and tune to access features that you need.
Roles don't provide traditional advantages for Windows Server 2008. Defining specific roles and turning off others may make the image size marginally smaller and performance marginally better, but there's no slam dunk in footprint and speed.
Security is naturally a big reason for Server Core. Microsoft Windows Server 2008 experts harp on the concept of a "smaller attack profile" and they're right. The more components you have installed, the more things may not be configured properly and therefore subject to attack. You can reduce vulnerability by reducing complexity.
Server Core is also about administrative workload. In practice, you should shut off the features you're not using. Not having to install those features at all would be even better. At a high level, that's what Server Core does. By not including a broad feature set applicable to all roles, it makes your job easier and protects you against the myriad settings that may be forgotten or not configured correctly.
RODC for Branch Offices
One configuration-the Read-Only Domain Controller (RODC)-targets branch offices and other remote sites. It's driven by a problem familiar to many. If you don't put a domain controller in each geographically separate area, logging on can take users in those facilities five or 10 minutes every morning. If the connection goes down, they can't log on at all.
So, you install a domain controller in the remote office. No big deal, it's just another PC. Now your entire domain database is stored on that PC, and that's information that you don't want stolen and used to access your network.
RODC performs exactly as its name says-you can't write to it. Except for account passwords, an RODC holds all the Active Directory objects and attributes that a writable domain controller holds. However, you can't make changes to the database stored on the RODC. You'll have to make changes on a writable domain controller and then replicate them back to the RODC.
"We have to keep servers in a locked room, with well-defined access restrictions and privileges," says Jim DuBois, general manager for Microsoft IT infrastructure and security. "Sometimes we have to build out that locked room, and at a significant cost. And we have to keep a trusted person on call that can get into that room at any time. With the RODC, we just put the server in the wiring closet, with no special access restrictions."
If you have small branch offices with duties that require employees to log into the corporate network, you can see that the RODC makes a lot of sense.
Virtual Star in the Making
One core configuration is the virtualization server. Microsoft has introduced a new virtualization product called Hyper-V, which is designed to complement Windows Server 2008. Hyper-V is a type 1 (bare metal), hypervisor-based virtualization solution based on the server OS. It requires a hardware assist in the form of either Intel VT or AMD-VT processors. It also needs hardware enabled Data Execution Prevention (DEP).
One immediate benefit of this technology is that you won't have to fill up your data center with Windows Server 2008 servers running the virtualization role. You do have to be looking at new or upgraded hardware no matter which enterprise virtualization alternative you select, so this OS combined with Hyper-V is certainly in the running.
[Click on image for larger view.]
Figure 2. The Windows Server 2008 Server Core provides a basic environment for configuring and administering the OS, regardless of the intended role.
The hypervisor is a relatively small piece of the virtualization puzzle. A comprehensive solution requires tools for management, performance analysis, diagnostics and reporting. Microsoft appears to have thought through the management of Windows Server 2008 in a Hyper-V environment. In particular, it has come up with a comprehensive security model for virtual environments. It has even gone so far as to describe a complete virtualization infrastructure that consists of Hyper-V plus SoftGrid application virtualization, Virtual PC and even Terminal Services.
The bad news is that it's not all here yet. Microsoft has committed to deliver server virtualization with the Hyper-V hypervisor within 180 days of the Windows Server 2008 release. It's currently available as a community preview. While that may seem like a long time to wait, remember that deployment in most enterprises-and those most likely to use virtualized servers-is at least months away. That's a mixed blessing, but the later arrival of Hyper-V is unlikely to deter IT managers from considering it a viable alternative.
What will deter IT managers, however, are poor or inadequate management tools. There are currently management tools available through Microsoft System Center. System Center will include a new virtual machine manager that provides centralized virtual machine deployment and management. It includes features that enable fast Physical to Virtual (P2V) and Virtual to Virtual (V2V) conversion, as well as comprehensive service-level enterprise monitoring using the Microsoft Operations Manager.
According to Jeff Woolsey, senior program manager for virtualization, Microsoft has been using Virtual Server in Microsoft IT for over 18 months, with more than 1,250 virtual machines. The group has achieved consolidation ratios of eight virtual servers to one physical server. The company also uses virtual servers extensively in development and test labs. This is pre-Hyper-V technology, of course, but it's representative of the company's internal commitment to virtualization.
Never Fast Enough
Any organization with one or more servers always experiences times when those servers just aren't running fast enough. It could be log-in, file download or application execution, but there always seems to be something holding up server performance.
Microsoft takes some incremental steps in improving performance in Windows Server 2008. It has introduced Server Message Block (SMB) 2.0 into both Windows Vista and Windows Server 2008. SMB 2.0 still transfers one block at a time, but is able to start the next transfer without waiting for a return from the first transfer. It operates more in parallel than sequentially. This will typically result in a throughput performance improvement that reaches orders of magnitude. SMB 2.0 also helps to reduce network traffic, which can improve performance of applications beyond the individual server.
There's also a new and optimized TCP/IP stack that will make better use of available network bandwidth for faster transfers. It does intelligent, automated tuning of the TCP receive-window size, which can further improve performance.
Microsoft is committed to moving forward with 64-bit computing. The Server Virtualization role uses either a 32-bit or 64-bit processor, but an increasing number of enterprise apps have large memory space requirements, something that only 64-bit can support. Hyper-V can use 64-bit systems in conjunction with the 64-bit version of Windows Server 2008 to provide large memory spaces for enterprise apps that increasingly require that kind of headroom.
Any improvements using 64-bit machines are at least partly due to the processors themselves, but 64-bit remains an important way to move data and instructions around in larger chunks. Of course, it also provides a larger address space that's increasingly necessary for enterprise apps today.
Tools Complete the Picture
The quality of the release is directly related to the quality of tools provided to nurse it through its daily chores. In this regard, Windows Server 2008 might just bring a smile to all the overworked admins out there. The smile starts with PowerShell, the widely reported replacement to the NT command script workhorse in use for over a decade.
Some may be disappointed that the foundation of PowerShell is .NET, because there are sys admins that still regard .NET as something that has no place on many servers. Nevertheless, Microsoft has made that argument moot, and PowerShell derives much of its capability from its ties to .NET.
Making use of the .NET object model, it provides an object pipeline that enables scripts to bind data and actions to an object and pass them within a script or between scripts. It's a new way of writing scripts, but one that should win over almost all of the script mavens on your staff eventually. Until it does, your old command-shell scripts will continue to work.
As you might imagine, setting up and managing server roles can also be a challenge. Microsoft has devised the Server Manager for that purpose. The Server Manager is an application that lets you perform those tasks needed for initial server setup and operation. It helps you add and remove server roles and features securely. It displays server status, exposes key management tasks and provides access to advanced features. Best of all, you can run tasks from the command line, allowing for easy automation through scripts.
Server Manager is built on the Service Modeling Language (SML) infrastructure and uses SML models to define roles and features. SML is an XML schema-based modeling language that provides a set of constructs for modeling IT services and systems. Proposed and supported by Microsoft, IBM Corp., Sun Microsystems Inc. and others, it captures information about the system, such as the structure of the system, objects, relationships, prerequisites and constraints. It provides a way to describe, model and automate systems. A model in SML is a set of interrelated XML documents that describe a system and actions on that system.
Move Forward, but Plan Carefully
This only scratches the surface of Windows Server 2008's new capabilities. If you haven't already started evaluating it, you should do so immediately. Unless you've already done an upgrade of your servers in the past year, the question is not if, but when.
In a classic case of eating its own dog food, Microsoft IT began Windows Server 2008 deployments when RC1 became available. As of November 2007, Redmond had deployed as many as 385 Windows Server 2008 servers and 11 clusters, and migrated its domain to the new OS model.
As you might expect, feedback from Microsoft IT is positive, though clearly biased. Yet, the fact that the group engages in early adoption while also under the gun to deliver high reliability speaks well of both their courage and the technology.
Microsoft has announced several SKUs for the new OS, but hints there will be more. There have been estimates of as many as 16 different configurations, so selecting the right mix of server SKUs won't be a simple task. The known SKUs include Windows Server 2008 Standard, Enterprise and Datacenter; Web Server; and Windows Server 2008 for Itanium servers. Of course, all except the last will be available in both 32-bit and 64-bit versions. The Standard, Enterprise and Datacenter editions will also be available as separate SKUs without the Hyper-V virtualization hypervisor.
Whichever SKU you choose, you also have all of those roles and features to consider. It begs more than just a "take one of these and two of those" approach. Because each SKU and role is different, planning means a lot more than buying and installing a bunch of servers. You have to consider the purpose of each server, which SKU to purchase, how you plan to provision it, how you'll execute the migration and how you'll back out of every phase if necessary.
Clearly there's something for everyone in Windows Server 2008. Right now, you may be spending more time than ever on server maintenance, or you may be looking into virtualization as a server-consolidation strategy. In those cases and others, Windows Server 2008 may well be your easiest path to implementing that strategy. Don't stay on an earlier server version if it simply postpones the inevitable.
Getting to where you see an ROI with one or two compelling features can be a long trip. It will probably involve new hardware, for one thing, at least to take advantage of virtualization and 64-bit performance. The sheer volume of effort in migrating existing servers and applications to new physical boxes, and in some cases virtual ones, can take months or even years in midsize or large organizations.
So don't adopt Windows Server 2008 just because it's new. It's got to solve your problems or give you something that you didn't have before if you're going to invest the effort in money and time. Chances are it will provide value that you're looking for as a part of your strategic plans. Just don't think you can get there by tomorrow.