In May, almost a year after the first beta release, Microsoft released Longhorn Server Beta 2. Like previous Windows Server versions, Longhorn Server enhances fundamental areas, includes added security functions, and improves reliability and performance. A modular design makes it easier to install, configure, and upgrade. Although it's still too early to talk about concrete performance expectations for these areas, it's evident that Longhorn Server Beta 2 improves on its predecessors. Here's what you need to know about this new beta version.
Improving the Fundamentals
Longhorn Server is designed to be modular, which leads to a new OS function called Server Core and a more elegant servicing story. In Beta 2, Server Core provides install choices (called roles) that let you configure a minimal server install with no GUI and support for only certain services (e.g., DHCP, DNS). Server Core is lightweight—taking up less than 500MB of disk space—and you can install it in a demilitarized zone (DMZ) thanks to its reduced attack surface. Server Core provides for an extremely secure domain controller (DC) because it combines read-only domain controller (RODC) and Bit-Locker Drive Encryption technology. Microsoft claims that if it had released Server Core with Windows Server 2003, the typical Windows 2003 machine would require 50 percent fewer patches.
Although Microsoft reduced Windows 2003's surface attack area by reducing the number of services that run by default on that OS, Longhorn Server has additional improvements. The Longhorn Server development team re-evaluated all services and modified them to run with minimal security privileges. And the services are more segmented and run in isolation. This means that if one service segment is compromised, it can't compromise another service.
Added Security Measures
Longhorn Server includes a new feature called BitLocker Drive Encryption, which provides two valuable services. First, you can use this feature to encrypt the entire Windows volume—protecting both user and data files—to prevent an intruder from accessing information if the server or hard disk is stolen. (You can also use the Encrypting File System—EFS—to protect data on other drives.)
Second, BitLocker's Secure Startup service ensures that the server is protected during the boot process by comparing a checksum of all the files needed to boot with the values that were stored when the system last ran. If the checksum values are different, the system knows that it's been compromised and automatically goes into a recovery process. To provide optimal security, Longhorn Server will use a Trusted Platform Module (TPM 1.2), or a BIOS that can store BitLocker keys and other data on a USB dongle in tandem with a password.
Longhorn Server will also let corporations control—through Group Policy—which USB-based devices users can plug into a Windows client running Windows XP Service Pack 2 (SP2) or later or Windows Vista. Thus companies will be able to control whether employees can store information on large storage devices—such as Apple Computer iPods and USB dongles.
Microsoft has completely rearchitected Longhorn Server's networking stack. Now, the IPv4 and IPv6 networking schemes are both supported and integrated with IPsec. The network UI is more user friendly, and the new firewall—called Windows Firewall with Advanced Security—lets you manage IPsec and firewall functionality from a single interface. The firewall now supports both inbound and outbound filtering.
Expect IIS 7.0 to Be Easier to Service and More Efficient
Microsoft IIS has always been a capable application server—in Longhorn Server it's even better. Like Longhorn Server, IIS 7.0 will be componentized, so administrators will be able to roll out only those IIS features they need and then download and install patches only for the IIS features they're using. This modularity also means that IIS will have a much-reduced attack area. Also like Longhorn Server, IIS 7.0 has a crisp, clean, simpler administrative console that lets administrators delegate IIS tasks on a per-feature basis. I suspect many midlevel administrators will use this console environment.
Server Manager Is the Cockpit
Compared with previous Windows Server releases, installing and configuring Longhorn Server is easier. You trigger the setup process by entering the product key in the Setup program, and then you use a tool called Initial Configuration Tasks to configure information such as the administrator password, network settings, and domain. Then you use Server Manager.
Microsoft Senior Product Manager Ward Ralston described Server Manager as "a cockpit, not a dashboard" during a Beta 2 briefing—it doesn't just present information to administrators, it lets them act on that information.
The Server Manager main window is divided into a few key areas, as Web Figure 1 shows. In the left pane is a tree view that lists the management options: Manage Roles, Troubleshooting, Configuration, and Storage and Backup. Under Manage Roles, you'll see nodes for only those server roles you've installed on the system. In the right Server Manager pane, you'll see individual panes for Server Summary (showing information and links to commonly needed UIs such as system Properties and Network Connections), Roles Summary, Features Summary, and more.
"You had to go to a lot of places to be successful before," Ralston said. "We removed all that complexity. All of the potential roles this server can hold understand the constraints and dependencies on other roles and what it means to be healthy and bubble that information up to the administrator. That information is all presented in Server Manager. We think lots of administrators will simply live in this application." You can view, start, and stop services or drill down through the tree view to access the Event Viewer, Task Scheduler, Device Manager, and other administrative applications.