Windows 7 / Networking

New Microsoft Windows 2008 Server Features

Microsoft Windows Server 2008 is the latest release of Microsoft's server operating systems. It is important to understand Windows Server 2008 and also how to install the operating system. There are many new and upgraded features in Windows Server 2008. In this section, we will show you the different versions of Microsoft Windows Server 2008 and some of the new features of Windows Server 2008.

Hyper-V Hyper-V allows an organization to create and manage virtualized server environments. This is a new feature of Windows Server 2008 64-bit edition. We discuss Hyper-V in detail in the section "Understanding Virtualization," later in this tutorial.

AD Rights Management Services (AD RMS) Active Directory Rights Management Service (AD RMS) is included with Windows Server 2008. AD RMS gives network users or administrators the ability to determine the access level (open, read, modify, and so forth) they would like to assign to other users in an organization. By using Microsoft Office 2003 Professional or Microsoft Office 2007, users can secure email messages, internal websites, and documents.
The advantage to AD RMS is that any user can secure confidential or critical company information. To use AD RMS, an AD RMS client is required. The AD RMS client is included with Windows Vista and Windows 7 by default.

Server Manager Windows Server 2008 has included a new single-source utility for installing, configuring, and managing roles on a server. Server Manager displays server status and system information, and also identifies problems with server roles.
Server Manager has replaced several features that had been included with Windows Server 2003. These replaced features include Manage Your Server, Configure Your Server, and Add or Remove Windows Components.
An issue that you face when deploying servers is the need to run the Security Configuration Wizard. Server Manager, by default, allows you to deploy servers without running the Security Configuration Wizard because Server Manager server roles are configured with Microsoft-recommended security settings.

Network Access Protection (NAP) Windows Server 2008 has a new security feature called Network Access Protection (NAP). You can use NAP to define network access, based on client requirements. The advantage of using NAP is that you can define this access at the granular level. NAP also gives you the ability to allow network access based on compliancy with corporate governance policies. Here's a list of some of the new features associated with NAP:
  • Network layer protection
  • DHCP enforcement
  • VPN enforcement
  • IPSec enforcement
  • 802.1X enforcement
  • Flexible host isolation
Read-Only Domain Controllers (RODC) Windows Server 2008 introduced a new type of secure domain controller called a read-only domain controller (RODC). A read-only domain controller is a noneditable copy of Active Directory. This allows an organization to place a domain controller in an area or off-site location that does not have much physical security.
All domain controllers are equal. They all have the same version of Active Directory. This is also true with a read-only domain controller. Replication between domain controllers is bidirectional (replication happens both ways) except for the use of read-only domain controllers. Replication traffic between domain controllers and RODCs is unidirectional. Other domain controllers have the ability to talk to the RODC but the RODC does not have the ability to talk to other domain controllers.
An advantage to using an RODC in a nonsecure location is that an organization can give a normal user the right to administer and maintain the RODC. This user would not require domain administrator rights. They would be allowed to have the administrator role for the one RODC only. This concept is known as Administrator role separation.

Server Core Installation Another feature new to Microsoft servers is the Server Core installation, which allows you to install Windows Server 2008 with minimal options. Server Core is a low-maintenance version of Windows Server 2008 and has limited functionality.
Windows Server 2008 Server Core has no graphical user interface (GUI) utilities. All commands have to be issued through the use of a command prompt. If you have been in the industry long enough, think of UNIX or Cisco. You must know the command-line utilities to maintain the server. This is a great security feature.
Think of a normal server. If you want to add or modify a user, you go to Active Directory Users and Computers (domain based) or Computer Management for workstations or nondomain servers. Once in the application, you can do what's needed. The problem with this is that it is easy to do. If any user gets into your server room, it may be easy for them to do damage to your network. In a Server Core environment, just as we stated, there are no GUI snap-ins. If they don't know the command-line utilities, they can't make changes.
Server Core is an installation option that allows you to set up only limited server roles: DNS, DHCP, File Server, Active Directory, Media Services, and Hyper-V. For many organizations, this is going to be the way you set up Hyper-V, discussed in the ''Understanding Virtualization'' section of this tutorial. This gives you extra security for your Hyper-V environment. By installing Server Core, you automatically create the following limitations:
  • There is no Windows shell and limited GUI functionality (the Server Core interface is a command prompt).
  • There is no managed code support in Server Core (all code must be native Windows API code).
  • Microsoft Installer Package (MSI) support is limited to unattend mode only.

There are multiple editions of Windows Server 2008. Each edition has its specific uses. Table-1, taken from Microsoft's website at www.microsoft.com/windowsserver2008/en/us/ r2-compare-roles.aspx, it shows the new and upgraded features included with Windows Server 2008 R2 (R2 is the latest release of Windows Server 2008) and which edition of Microsoft Windows Server 2008 R2 is required to use the new or upgraded features.

Table-1 Server Editions Comparison
Server RoleEnterpriseDatacenterStandardItaniumWeb
Active Directory Certificate Servicesxxx
Active Directory Domain Servicesxxx
Active Directory Federation Servicesxx
Active Directory Lightweight Directory Servicesxxx
Active Directory Rights Management Servicesxxx
Application Serverxxxx
DHP Serverxxx
DNS Serverxxxx
Fax Serverxxx
File Servicesxxx2
Hyper-Vxxx
Network Policy and Access Servicesxxx3
Print and Document Servicesxxx
Remote Desktop Servicesxxx4
Web Services (IIS)xxxxx
Windows Deployment Servicesxxx
Windows Server Update Services (WSUS)xxx

1 Limited to creating Certificate Authorities - no other ADCS features (NDES, Online Responder Service). See ADCS role documentation on TechNet for more information.
2 Limited to one standalone DFS root.
3 Limited to 250 RRAS connections, 50 IAS connections, and 2 IAS Server Groups.
4 Limited to 250 Remote Desktop Services connections.

In the next section, we look at the requirements that are needed to install Windows Server 2008.

[Previous] [Contents] [Next]