By Michael Cherry [bio]
Posted: Apr. 2, 2007

• Illustration: Windows Server 'Longhorn' Server Manager

The following is the full text of an article published by Directions on Microsoft, an independent research firm focused exclusively on Microsoft strategy & technology. More samples of our content, as well as a list of upcoming articles and reports are also available.

The next release of Windows Server, code-named Longhorn, is approaching its third public beta, and it appears to be on schedule to ship by the end of 2007. Customers will want to begin evaluating Longhorn now because its features will be interesting to a broader audience than the features in the last version, Windows Server 2003 R2, and might affect how customers deploy other servers and software that rely on the Windows Server infrastructure.

Why Begin Evaluations Now?

Unlike Windows Vista and other Microsoft products that have incorporated major changes or allowed feature additions during the release candidate phase of the development life cycle, the third beta of Longhorn will be feature-complete. While large organizations typically need a long lead time to evaluate application and hardware issues created by a new client OS release, the time needed to evaluate a new server OS can be even longer: not only is application compatibility an issue, but the new and changed server features can also impact the organization's authentication and authorization, networking, and security infrastructures.

For example, some organizations will want to take advantage of Longhorn's new Server Core installation option, which provides a minimal server implementation for four infrastructure-related roles, such as Domain Name Service (DNS) or Dynamic Host Configuration Protocol (DHCP) servers. These organizations will want to consider whether the new server roles offer advantages when compared to how the services are currently provided. Likewise, deciding to use the new Terminal Server features to deploy applications for users can require an examination of how the applications run in the Terminal Server environment, and how the applications must be licensed for Terminal Server.

Improved Features

The new and improved features of Windows Server Longhorn fall into four major areas: server fundamentals, security and identity management, application hosting, and networking.

Server Fundamentals

Server fundamentals are the underlying services required to install, configure, and maintain a server OS. Improved and new server fundamental features include the following:

Server Core. With Longhorn, users will be able to perform a minimum installation of Windows Server that provides full functionality for the following roles only: DHCP server, DNS server, file and print server, and Active Directory domain controller. Because Server Core installs only the minimum subset of system files needed for the specific server functions, it should reduce the security risk by limiting the attack surface, and require less patching. However, because there are insufficient components in Server Core to support graphical interfaces such as Windows Explorer or the Windows shell, it requires either command line or remote management using Microsoft Management Consoles or Remote Desktop Connection (to access the command prompt remotely). The command line does support execution of VBScript, but disappointingly does not support the much-touted new Windows PowerShell scripting engine. Nor does it support the execution of any managed code, as the .NET Framework is not included as a component of Server Core. (For more details on Server Core, see "Server Core May Impact Infrastructure".)

Initial Configuration Tasks (ICT). Rather than burden the initialization of setup with a series of dialog boxes and prompts that collect configuration information, a new ICT console, presented when setup completes, offers post-installation configuration of server settings such as setting the Administrator account name and password, joining the server to an existing domain, and enabling Automatic Updates and Windows Firewall. Not only does the console centralize the initial configuration of the server, but it also serves as a checklist of all the initial configuration tasks the administrator should perform, and will allow the administrator to add features and server roles.

Server Manager. A single management console, Server Manager, effectively replaces four formerly separate components: Security Configuration Wizard, Manage Your Server, Configure Your Server, and the Add and Remove Windows Components control panel for adding Windows components not installed by default. From Server Manager, which is an expanded Microsoft Management Console (MMC) that augments the Computer Management console, administrators can view and change server roles and features, start and stop services, manage local user accounts, determine server status, identify critical events, and troubleshoot configuration problems or failures. (For an illustration, see "Windows Server 'Longhorn' Server Manager".)

File system improvements. The need for administrators to run the disruptive and time-consuming check disk (chkdsk) program to repair the Windows NTFS file system should be significantly lessened, because the file system has been improved to self-heal or automatically repair any file system inconsistencies in the background rather than repairing them during the boot process. In addition, the Kernel Transaction Manager (KTM), which was actually introduced to the Windows kernel as an unheralded feature of Windows Vista, provides a transaction infrastructure that allows file and Registry operations on an NTFS file system volume to be performed as a transaction, which can preserve data integrity and handle error conditions reliably. Any application can use Transactional NTFS to preserve the integrity of data on disk in unexpected error conditions, isolate changes while the changes are pending, and help manage concurrent file-system requests. For example, for an application that needs to copy a set of files from a device to the computer and make a change to the Registry, the application developer can make the file copy and Registry change a transaction so that if a failure occurs before all the files have been successfully copied and the Registry successfully changed, any files already copied are restored to the original location.

Failover clustering. Improvements in Longhorn will simplify the setup and management of server clusters—groups of independent computers that work together to increase the availability of applications and services. Windows Cluster Services enables organizations to create clusters of servers (now referred to as failover clusters) that will automatically detect failure of a node in the cluster and switch to another cluster node to keep the applications running. New features make it easier for an administrator to check if a system's storage and network configuration is suitable for creating a failover cluster.

Security and Identity Management

Security and identity management for Longhorn is provided primarily by Active Directory and other related services that control users' access to resources. In addition to Network Access Protection (discussed in the Networking section below), improvements include the following:

Enterprise PKI (PKIView). A tool which was formerly part of the Server Resource Kit, PKIView allows administrators to check the status of the network's public key infrastructure (PKI) environment, which supports technologies such as smart cards for user login. Among other features, PKIView enables administrators to determine the health of all certificate authorities (CAs) and manage CA hierarchies. For example, administrators can use PKIView to check the validity or accessibility of certificate revocation list distribution points, which enable detection of expired and revoked certificates.

Read-only domain controller (RODC). Organizations can place a RODC in locations where physical security cannot be guaranteed—for example, in a branch office so that users in the branch office do not have to rely on low-bandwidth connections to connect to a remote domain controller in a more secure location. Because the RODC does not contain a writeable copy of the Active Directory and doesn't cache passwords, it is protected from corruption or compromise. The RODC extends the work to support branch offices initially provided in Windows Server 2003 R2.

Application Hosting

Longhorn has several improvements to services that support application hosting, such as Internet Information Service (IIS) 7.0 and Terminal Services. It will ship with the .NET Framework 3.0 application platform, which delivers ASP.NET, the Windows Communication Foundation (WCF) Web services messaging technology, and the Windows Presentation Foundation (WPF) graphics and user interface system.

IIS 7.0. Administrators will find the improvements to IIS 7.0 make application deployment, diagnostics, and troubleshooting easier, and integrate application and health management for WCF services. IIS 7.0 collects more diagnostic information to help troubleshoot problematic servers, which will also improve diagnostics for features that use IIS, including Windows SharePoint Services. Longhorn also introduces the Windows Activation Service (WAS), a service that supports pluggable activation of arbitrary protocol listeners, components that detect incoming messages and deliver them to message-activated applications. This will particularly benefit applications that process messages sent over the WCF Web services messaging system.

Terminal Services. Longhorn Server will include version 6.0 of the Remote Desktop Protocol (RDP), which is already available with Windows Vista and in Windows Server 2003 SP2. It will also be available for Windows XP SP2. But in Longhorn, Terminal Services delivers improvements other than protocol updates, such as the following:

• Remote Programs, which appear to be installed and running locally, and offer user interface features of local programs (e.g., allowing users to easily resize the program window), but which are actually running remotely under Terminal Services
• Web access, which allows users to select Terminal Services Remote Programs from a list on a Web site; when a program is selected a Terminal Services session is started that appears in a Web browser.

Networking

Most of the networking changes for Longhorn were introduced as part of Windows Vista, and include integrated support for Internet Protocol Version 6 (IPV6) as well as other improvements to networking throughput and reliability.

The main networking change exclusive to Longhorn is server-side components for Network Access Protection, which helps ensure that client computers on a private network meet administrator-defined requirements for system health, such as a requirement that the client has antivirus software with the latest signatures installed.

Network Access Protection's Network Policy Server (NPS), is a new Windows implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy, and replaces the Internet Authentication Service (IAS) in Windows Server 2003. NPS performs authentication and authorization of a network connection attempt and, based on configured system health policies, determines computer health compliance and how to limit a noncompliant computer's network access.

Virtualization Due Later

Server virtualization is so strategic to Microsoft that the company decided in 2004 to make virtualization an integral capability of the Windows OS rather than letting it remain an add-on. Furthermore, while Microsoft undoubtedly has learned a great deal from its Connectix acquisition, it decided not to use the Virtual Server architecture and code base it inherited from Connectix, but instead start over with a clean slate.

Although Microsoft hoped to have this project done in time to make it into Longhorn, the virtualization team has decided that the feature is too critical to be rushed and therefore it will not be released in Longhorn. Microsoft says it will add Windows Virtualization support (code-named Viridian) within 180 days of Longhorn's release to manufacturing.

Vista Features Come to Server

Some Windows Vista features will be highlighted for the first time when they're released in Longhorn. For example, the KTM manager, which is being promoted as a new Longhorn feature, is also in Vista.

In addition, Longhorn will inherit two security features from Vista: User Account Control, which allows users to run a computer with the least privileges needed to perform any task, and BitLocker Drive Encryption, which can be used to encrypt all of the data on the computer and prevent booting of key OS components if they have been compromised. The usefulness of these features is not obvious, given that most server programs are run by administrators and servers are typically in a controlled access location.

In addition, the Vista Aero shell will be an optional component installed as part of a Desktop Experience package.

Availability and Resources

For a complete description of the networking changes to Windows Vista and Longhorn, see "Windows Networking Reworked for Enterprises" on page 3 of the Sept. 2006 Update.

For background on virtualization and its impact on Windows Server, see "Changes to Server Virtualization Roadmap" on page 14 of the Jan. 2006 Update.

The Windows Server Longhorn home page is located at www.microsoft.com/windowsserver/longhorn/default.mspx.

A guide to the changes in Windows Server Longhorn is available at www.microsoft.com/windowsserver/longhorn/prodguide.mspx.