Moving to Server Core: How One Company Did It (And You Can, Too)
Don Jones shares the challenges that one of his clients faced moving to server core and how they worked around them.
I'm a big fan of the Microsoft Server Core installation option and firmly believe that the company is slowly progressing toward a future where a GUI-less server is the only "option" we'll have. Yep, right back to NetWare days! I know a lot of folks are hesitant about Server Core, and in some cases organizations' software requirements don't make Server Core practical -- yet.
I recently taught a class to the IT team at a large university, and I had a chance to speak with Brian, the organization's main Active Directory administrator. Turns out, the team recently moved all of its domain controllers (DCs) -- totaling about a dozen machines -- to Windows Server 2008 R2, selecting the Server Core option.
Brian said the decision was based in part on footprint: Server Core is definitely smaller than the full installation, and more than half of the organization's DCs are run in virtual machines, making the smaller footprint a big benefit. He said security was also a consideration: Server Core has a track record of markedly fewer security updates than the full version of Windows Server, due in part to the simple fact that Server Core has fewer services and other moving parts that might need a patch. Likewise, better performance -- due mainly to the trimmed-down set of running services -- was a goal.
There were concerns and objections to overcome, not the smallest of which was the lack of a GUI. That absence did result in a more complex build document for the servers, given some things have to be done via registry hack and other less-familiar techniques. However, Brian said, the process sort of forced the school's IT team to learn some new techniques -- and those techniques, mostly involving easier-to-automate command-line tools, are actually paying off in other areas of the infrastructure. The class I taught was all about Windows PowerShell, so it's safe to say that the team is on board with the ideas of "automation" and "command line" at this point!
The network is highly firewalled, meaning administrators often can't access the servers directly from their workstations. For the tasks for which they can, the same old GUI management consoles are still gainfully employed. Originally, the team planned to keep one full-GUI DC that allowed remote access for certain tasks (those that weren't permitted from administrators' workstations). In the end, however, the team decided to deploy a shared management workstation within the server subnet. Administrators can access the workstation remotely to run any tools they might need.
The team found the common myth debunked that Server Core can run only the software Microsoft ships with it. The organization's smart card driver software works fine. So does its McAfee anti-malware software, as well as the Microsoft Forefront anti-malware software to which it's transitioning.
More than a few months in, the organization has no regrets. If faced with the same decision again, knowing what they all know now, Brian says the team would absolutely go the Server Core route again. I predict that they'll find even more uses for Server Core in the future, as well.
Server Core is far from completely mature. What we have now is essentially "rev 2," and it's light-years beyond what we got in Server Core with the original Windows Server 2008 release. What we get in the next release of Windows Server will doubtless go even further toward the goal of consistent command-line manageability. Once Microsoft handles a few key hurdles, such as creating software installation standards that are Server Core-compatible, we'll probably see releases of SQL Server, Exchange Server and who knows what else, all Server Core-compatible.
Yes, Windows Server got its hooks into organizations by looking "just like my desktop" and being as easy to administer as opening a Word document. But we're moving past those days: Windows is a real part of IT, and Windows Server is a mission-critical platform.
A smart decision maker will get his team trained up now.
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is an Author Evangelist for video training company Pluralsight. He’s the President of PowerShell.org, and specializes in the Microsoft business technology platform. Follow Don on Twitter at @ConcentratedDon.