IT221 - E-2 Fall 2011
Instructor: Stephen Todd
Question 1 - Why does Windows Server 2008 come in different versions? What is the significance of each version?
Most editions of Windows Server 2008 are available in x86-64 and IA-32 versions. Windows Server 2008 for Itanium-based Systems supports IA-64 processors. Microsoft has optimized the IA-64 version for high-workload scenarios like database servers and Line of Business (LOB) applications. As such it is not optimized for use as a file server or media server. Microsoft has announced that Windows Server 2008 is the last 32-bit Windows server operating system. Windows Server 2008 is available in the editions listed below, similar to Windows Server 2003.
• Windows Server 2008 Standard (IA-32 and x86-64)
Windows Server 2008 Standard is one of Microsoft's entry level server offerings (alongside Windows Web Server 2008) and is one of the least expensive of the various editions available. Both 32-bit and 64-bit versions are available, and in terms of hardware Standard Edition supports up to 4GB of RAM and 4 processors.
Windows Server 2008 is primarily targeted and small and mid-sized businesses (SMBs) and is ideal for providing domain, web, DNS, remote access, print, file and application services. Support for clustering, however, is notably absent from this edition.
An upgrade path to Windows Server 2008 Standard is available from Windows 2000 Server and Windows Server 2003 Standard Edition. • Windows Server 2008 Enterprise (IA-32 and x86-64)
Windows Server 2008 Enterprise Edition provides greater functionality and scalability than the Standard Edition. As with Standard Edition both 32-bit and 64-bit versions are available. Enhancements include support for as many as 8 processors and up to 64GB of RAM on 32-bit systems and 2TB of RAM on 64-bit systems.
Additional features of the Enterprise edition include support for clusters of up to 8 nodes and Active Directory Federated Services (AD FS).
Windows Server 2000, Windows 2000 Advanced Server, Windows Server 2003 Standard Edition and Windows Server 2003 Enterprise Edition may all be upgraded to Windows Server 2008 Enterprise Edition. • Windows Server 2008 Datacenter (IA-32 and x86-64)
The Datacenter edition represents the top end of the Windows Server 2008 product range and is targeted at mission critical enterprises requiring stability and high uptime levels. Windows Server 2008 Datacenter edition is tied closely to the underlying hardware through the implementation of custom Hardware Abstraction Layers (HAL). As such, it is currently only possible to obtain Datacenter edition as part of a hardware purchase.
As with other versions, the Datacenter edition is available in 32-bit and 64-bit versions and supports 64GB of RAM on 32-bit systems and up to 2TB of RAM on 64-bit systems. In addition, this edition supports a minimum of 8 processors up to a maximum of 64.
Upgrade paths to Windows Server 2008 Datacenter Edition are available from the Datacenter editions of Windows 2000 and 2003.
• Windows HPC Server 2008 (Codenamed "Socrates") (replacing Windows Compute Cluster Server 2003) Windows HPC Server 2008 R2, the Microsoft third-generation HPC solution, provides a comprehensive and cost-effective solution for harnessing the power of high-performance computing. Out-of-the-box, world-class performance, and scalability enable organizations of all sizes to rapidly deploy solutions ranging from personal HPC workstations to large clusters spanning thousands of nodes. Customers can lower both their operating and capital costs. Windows HPC Server 2008 R2 integrates easily with existing IT infrastructure to enable end users to access HPC resources using familiar Windows-based technologies. With a tightly integrated set of dedicated cluster and parallel development tools, anchored around Visual Studio 2010, developers can build robust and scalable HPC applications easily and quickly. Windows HPC Server 2008 R2 is complemented by a rich ecosystem of SI, ISV, and OEM partners to ensure that customers have access to the applications of their choice and the resources required to successfully run them. • Windows Web Server 2008 (IA-32 and x86-64)
Windows Web Server 2008 is essentially a version of Windows Server 2008 designed primarily for the purpose of providing web services. It includes Internet Information Services (IIS) 7.0 along with associated services such as Simple Mail Transfer Protocol (SMTP) and Telnet. It is available in 32-bit and 64-bit versions and supports up to 4 processors. RAM is limited to 4GB and 32GB on 32-bit and 64-bit systems respectively.
Windows Web Server 2008 lacks many of the features present in other editions such as clustering, BitLocker drive encryption, multipath I/O, Windows Internet Naming Service (WINS), Removable Storage Management and SAN Management • Windows Storage Server 2008 (Codenamed "Magni") (IA-32 and x86-64) Minimal information found.
• Windows Small Business Server 2008 (Codenamed "Cougar") (x86-64) for small businesses Minimal information found.
• Windows Server 2008 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-Based Systems delivers an enterprise-class platform for deploying business-critical applications. Scale database, line-of-business, and custom applications to meet growing business needs. Windows Server 2008 R2, SQL Server 2008 R2 and the current 2010 line-up of our Developer Tools, plus associated .NET frameworks, will be the last iterations in each product line to support the Intel Itanium processor and associated OEM server platforms. • Windows Server 2008 Foundation (Codenamed "Lima")
Windows Server 2008 R2 Foundation is a cost-effective, entry-level technology foundation targeted at small business owners and IT generalists supporting small businesses. Foundation is an inexpensive, easy-to-deploy, proven, and reliable technology that provides organizations with the foundation to run the most prevalent business applications as well as share information and resources.
Server Core is available in the Web, Standard, Enterprise and Datacenter editions. It is not available in the Itanium edition. Server Core is simply an alternate installation option supported by some of the editions, and not a separate edition by itself. Each architecture has a separate installation DVD. The 32-bit version of Windows Server 2008 Standard Edition is available to verified students for free through Microsoft's DreamSpark program.
Question 2 - What are the new features or enhancements made to Windows Server 2008? How is Windows Server 2008 different from Windows Server 2003?
Core OS improvements
• Fully multi-componentized operating system.
• Improved hot patching, a feature that allows non-kernel patches to occur without the need for a reboot. • Support for being booted from Extensible Firmware Interface (EFI)-compliant firmware on x86-64 systems. • Dynamic Hardware Partitioning
o Support for the hot-addition or replacement of processors and memory, on capable hardware.
Active Directory improvements
• Read-only domain controllers (RODCs) in Active Directory, intended for use in branch office or other scenarios where a domain controller may reside in a low physical security environment. The RODC holds a non-writeable copy of Active Directory, and redirects all write attempts to a Full Domain Controller. It replicates all accounts except sensitive ones.[clarification needed] In RODC mode, credentials are not cached by default. Moreover, only the replication partner of the RODC needs to run Windows Server 2008.[clarification needed] Also, local administrators can log on to the machine to perform maintenance tasks without requiring administrative rights on the domain. • Restartable Active Directory allows ADDS to be stopped and restarted from the Management Console or the command-line without rebooting the domain controller. This reduces downtime for offline operations and reduces overall DC servicing requirements with Server Core. ADDS is implemented as a Domain Controller Service in Windows Server 2008.
Policy related improvements
• All of the Group Policy improvements from Windows Vista are included. Group Policy Management Console (GPMC) is built-in. The Group Policy objects are indexed for search and can be commented on. • Policy-based networking with Network Access Protection, improved branch management and enhanced end user collaboration. Policies can be created to ensure greater Quality of Service for certain applications or services that require prioritization of network bandwidth between client and server. • Granular password settings within a single domain - ability to implement different password policies for administrative accounts on a "group" and "user" basis, instead of a single set of password settings to the whole domain.
Disk management and file storage improvements
• The ability to resize hard disk partitions without stopping the server, even the system partition. This applies only to simple and spanned volumes, not to striped volumes. • Shadow Copy based block-level backup which supports optical media, network shares and Windows Recovery Environment. • DFS enhancements - SYSVOL on DFS-R, Read-only Folder Replication Member. There is also support for domain-based DFS namespaces that exceed the previous size recommendation of 5,000 folders with targets in a namespace. • Several improvements to Failover Clustering (High-availability clusters). • Internet Storage Naming Server (iSNS) enables central registration, deregistration and queries for iSCSI hard drives.
Protocol and cryptography improvements
• Support for 128- and 256-bit AES encryption for the Kerberos authentication protocol. • New cryptography (CNG) API which supports elliptic curve cryptography and improved certificate management. • Secure Socket Tunneling Protocol, a new Microsoft proprietary VPN protocol. • AuthIP, a Microsoft proprietary extension of the IKE cryptographic protocol used in IPsec VPN networks. • Server Message Block 2.0 protocol in the new TCP/IP stack provides a number of communication enhancements, including greater performance when connecting to file shares over high-latency links and better security through the use of mutual authentication and message signing.
• Windows Deployment Services replacing Automated Deployment Services and Remote Installation Services. Windows Deployment Services (WDS) support an enhanced multicast feature when deploying operating system images. • Internet Information Services 7 - Increased security, Robocopy deployment, improved diagnostic tools, delegated administration. • Windows Internal Database, a variant of SQL Server Express 2005, which serves as a common storage back-end for several other components such as Windows System Resource Manager, Windows SharePoint Services and Windows Server Update Services. It is not intended to be used by third-party applications. • An optional "Desktop Experience" component provides the same Windows Aero user interface as Windows Vista, both for local users, as well as remote users connecting through Remote Desktop.
Question 3 - Why is 64-bit architecture an advantage?
Advantages of 64-bit hardware and software
A 32-bit system architecture can directly address only a 4-GB address space. A 64-bit system architecture that is running a 64-bit edition of Windows Server can support up to 1,024 GB of both physical and addressable memory.
The 64-bit editions of Windows Server can address 16 terabytes of virtual memory by using a flat addressing model. Virtual memory is divided equally between virtual address space for applications and the operating system. Even 32-bit applications can benefit from increased virtual memory address space when they are running in a 64-bit environment. For example, although a 32-bit application is still restricted to 4 GB of virtual memory, it no longer has to share that memory space with the operating system. As a result, it receives an effective increase in available virtual memory.
Poor performance in 32-bit systems is often not the result of a lack of available memory, but the unavailability of large enough blocks of continuous memory. In a typical Windows SharePoint Services 3.0 deployment, Windows, Internet Information Services (IIS), common language runtime (CLR), ASP.NET, SharePoint Products and Technologies, SSPs, and MDACs can all claim a portion of a server’s available virtual memory and can leave a 32-bit address space quite fragmented. When the CLR or SharePoint services request new memory blocks, it can be difficult to find a 64-MB segment in the crowded 32-bit address space. A 64-bit system offers practically unlimited address space for user mode processes.
Better parallel processing
A server that is using 32-bit architecture is limited to 32 CPUs. Improvements in parallel processing and bus architectures enable 64-bit environments to support as many as 64 processors and provide almost linear scalability with each additional processor. Faster bus architecture
A 64-bit architecture provides more and wider general-purpose registers, which contribute to greater overall application speed. When there are more registers, there is less need to write persistent data to memory and then have to read it back just a few instructions later. Function calls are also faster in a 64-bit environment because as many as four arguments at a time can be passed in registers to a function. More secure
The 64-bit editions of Windows Server offer the following enhanced security features:
Buffer overflow protection
A buffer overflow occurs when a data buffer is congested with more data than it is designed to handle. In 64-bit editions of Windows Server, the first parameters of a procedure call are passed in registers. As a result, it is less likely that the buffer will overflow, because the correct values have to be set up in registers and the variables and addresses have to be aligned on the stack.
Data execution protection
The 64-bit processors made by AMD and Intel include hardware support for data execution prevention (DEP). Windows Server uses DEP to prevent malicious code from being able to execute, even when a buffer overrun occurs. Even without a processor that supports DEP, Windows Server can detect code that is running in memory locations where it should not be.
Microsoft Patch Guard technology prevents non-Microsoft programs from patching the Windows kernel. This technology prevents kernel mode drivers from extending or replacing kernel services, including system service dispatch tables, the interrupt descriptor table (IDT), and the global descriptor table (GDT). Third-party software is also prevented from allocating kernel stacks or patching any part of the kernel.
In a 64-bit environment, not only can database servers gain nearly unlimited virtual memory address space, but they also gain support for more physical memory. It is possible for a 64-bit server that is running 64-bit editions of Windows Server and SQL Server to get very large working data sets entirely into RAM, thereby improving performance and scalability. In addition, the number of application servers that are required to support a given user base can be substantially reduced because a 64-bit environment does not require worker processes to cycle as often. This reduced cycling results in fewer lost connections, improved I/O handling, and a better user experience. Lower total cost of ownership
All the benefits of 64-bit operation that are listed in the previous sections enable you to do more with less. A 64-bit environment allows you to manage more data, serve more users, and run more applications while using less hardware. By reducing hardware, you are also able to reduce license, operations, and infrastructure costs. It takes up less floor space in your data center and costs less to maintain. Finally, because a Windows SharePoint Services 3.0 farm that uses 64-bit hardware and software provides more room for growth, you can spend less over time on equipment because the life cycle of your equipment is likely to be longer.
Question 4 - Explain the new features of Windows Server 2008, such as Server Core, Virtualization, and PowerShell. What is the role of these features and how will they improve efficiency in administering Windows?
Windows Server 2008 includes a variation of installation called Server Core. Server Core is a significantly scaled-back installation where no Windows Explorer shell is installed. All configuration and maintenance is done entirely through command line interface windows, or by connecting to the machine remotely using Microsoft Management Console. However, Notepad and some control panel applets, such as Regional Settings, are available.
Server Core does not include the .NET Framework, Internet Explorer, Windows PowerShell or many other features not related to core server features. A Server Core machine can be configured for several basic roles: Domain controller/Active Directory Domain Services, ADLDS (ADAM), DNS Server, DHCP Server, file server, print server, Windows Media Server, IIS 7 Web server and Hyper-V virtual server. Server Core can also be used to create a cluster with high availability using failover clustering or network load balancing.
Andrew Mason, a program manager on the Windows Server team, noted that a primary motivation for producing a Server Core variant of Windows Server 2008 was to reduce the attack surface of the operating system, and that about 70% of the security vulnerabilities in Microsoft Windows from the prior five years would not have affected Server Core.
Hyper-V is hypervisor-based virtualization software, forming a core part of Microsoft's virtualization strategy. It virtualizes servers on an operating system's kernel layer. It can be thought of as partitioning a single physical server into multiple small computational partitions. Hyper-V includes the ability to act as a Xen virtualization hypervisor host allowing Xen-enabled guest operating systems to run virtualized. A beta version of Hyper-V shipped with certain x86-64 editions of Windows Server 2008, prior to Microsoft's release of the final version of Hyper-V on 26 June 2008 as a free download. Also, a standalone version of Hyper-V exists; this version only supports the x86-64 architecture. While the IA-32 editions of Windows Server 2008 cannot run or install Hyper-V, they can run the MMC snap-in for managing Hyper-V.
Server Manager is a new roles-based management tool for Windows Server 2008. It is a combination of Manage Your Server and Security Configuration Wizard from Windows Server 2003. Server Manager is an improvement of the Configure my server dialog that launches by default on Windows Server 2003 machines. However, rather than serve only as a starting point to configuring new roles, Server Manager gathers together all of the operations users would want to conduct on the server, such as, getting a remote deployment method set up, adding more server roles etc., and provides a consolidated, portal-like view about the status of each role.
Windows PowerShell is Microsoft's task automation framework, consisting of a command-line shell and associated scripting language built on top of, and integrated with the .NET Framework. PowerShell provides full access to COM and WMI, enabling administrators to perform administrative tasks on both local and remote Windows systems.
Question 5 - What is a Read Only Domain Controller (RODC) and what are its advantages? What are the security and administrative issues addressed by a RODC? A read-only domain controller (RODC) is a new type of domain controller in the Windows Server 2008 operating system. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed. An RODC hosts read-only partitions of the Active Directory Domain Services (AD DS) database. Before the release of Windows Server 2008, if users had to authenticate with a domain controller over a wide area network (WAN), there was no real alternative. In many cases, this was not an efficient solution. Branch offices often cannot provide the adequate physical security that is required for a writable domain controller. Furthermore, branch offices often have poor network bandwidth when they are connected to a hub site. This can increase the amount of time that is required to log on. It can also hamper access to network resources. Beginning with Windows Server 2008, an organization can deploy an RODC to address these problems. As a result, users in this situation can receive the following benefits: • Improved security
• Faster logon times
• More efficient access to resources on the network
Inadequate physical security is the most common reason to consider deploying an RODC. An RODC provides a way to deploy a domain controller more securely in locations that require fast and reliable authentication services but cannot ensure physical security for a writable domain controller. However, your organization may also choose to deploy an RODC for special administrative requirements. For example, a line-of-business (LOB) application may run successfully only if it is installed on a domain controller. Or, the domain controller might be the only server in the branch office, and it may have to host server applications. In such cases, the LOB application owner must often log on to the domain controller interactively or use Terminal Services to configure and manage the application. This situation creates a security risk that may be unacceptable on a writable domain controller. An RODC provides a more secure mechanism for deploying a domain controller in this scenario. You can grant a non-administrative domain user the right to log on to an RODC while minimizing the security risk to the Active Directory forest. You might also deploy an RODC in other scenarios where local storage of all domain user passwords is a primary threat, for example, in an extranet or application-facing role. References – Works Cited
"AD DS: Read-Only Domain Controllers." Microsoft TechNet: Resources for IT Professionals. Web. 07 Dec. 2011.
"Windows Server 2008." Wikipedia, the Free Encyclopedia. Web. 12 Dec. 2011.
Ward10/08/2007, Keith. "Top 10 Overlooked Windows Server 2008 Features, Part 2 -- Redmond Developer News." Powering the Windows Software Revolution -- Redmond Developer News. Web. 03 Jan. 2012
"Windows Server 2008 Editions and System Requirements - Techotopia." Main Page - Techotopia. Web. 05 Jan. 2012. "Microsoft Windows Server 2008 R2 Editions." Web. 03 Jan. 2012.
"Windows PowerShell." Wikipedia, the Free Encyclopedia. Web. 01 Jan. 2012.