By Michael Cherry [email] [bio]
- Illustration: Server Core UI
- Illustration: Inconsistent Command-Line Syntax
A new Server Core installation of the next version of Windows Server, code-named Longhorn, will install a minimal set of components for network infrastructure functions, such as file service. The Server Core mode will reduce server maintenance and improve security for these server roles, but the lack of a Web server role and the requirement to manage the server by remote management consoles or a command line and VBScript may negate some advantages.
Sever Core Roles
Servers running a Server Core installation can play one or more server roles:
- Distributed Host Configuration Protocol (DHCP) server, which automatically configures networking parameters
- Domain Name Service (DNS) server, which translates Internet domain names to Internet addresses
- File server
- Print server
- Active Directory domain services, or Active Directory Lightweight Directory Services (formerly called application mode, or ADAM), which hosts an instance of the Windows computer and user database
- Windows Media server, which hosts streaming audio and video
- Parent (host) server for virtualization, which runs multiple emulated computers (called child or guest virtual machines) to simplify management and support consolidation.
A Server Core installation works in an identical manner to one running the full OS in the same designated role. For example, a DHCP server running on a Server Core installation of Longhorn Enterprise Edition has the same DHCP features as a server running the full installation of Longhorn Enterprise Edition.
Additional features can be installed for the Server Core roles, although some features may require additional hardware. For example, on a file server, an organization could install the Subsystem for UNIX-based applications to get Network File System (NFS) support. Other services that can run on a Server Core installation include Failover Clustering, Windows Network Load Balancing, Windows Server Backup, Multipath I/O, removable storage management, and BitLocker Drive Encryption. Server Core also supports the new Longhorn read-only domain controller role. An organization could, for example, use Server Core read-only domain controllers with BitLocker Drive Encryption at branch offices, particularly for remote offices that have poor physical security.
Benefits of Server Core
The main advantages of using Server Core are reduced software maintenance and a reduced attack surface.
Reduced software maintenance. Unlike Windows Server 2003, which defines a set of roles but installs all OS files regardless of which roles are selected, Server Core installs only the files required to have an infrastructure server, such as a DHCP server. By not installing unneeded files, the server will require less software maintenance. For example, organizations will not have to install as many updates because most updates will affect files that are not a part of the subset of files on Server Core.
Reduced attack surface. Because fewer components are running on the server, fewer components are exposed to attack over the network, making Server Core servers less vulnerable to viruses, data theft, or other compromises.
Server Core's advantages are particularly valuable for hosting virtual machines. Organizations increasingly use virtualization to consolidate production applications and services in multiple "guest" or "child" virtual machines on a single physical "host" or "parent" server. This simplifies management, but it also increases the impact of host downtime or attacks. Eliminating unneeded files in the host OS both reduces the need for host downtime to apply patches and reduces the chance of successful attacks on the host.
Management Primitive, Web Missing
Although Server Core seems to promise a lower management burden, in reality, it may offer only a different management burden.
First, Server Core only supports a clean installation onto a server; an existing server cannot be upgraded to a Server Core installation of any version of Windows Server Longhorn.
Moreover, because Server Core has no graphical user interface (UI), any OS configuration must be done by one of the following methods:
- An unattended answer file used during setup
- A Windows command line or command-line script
- A Windows Scripting Host script
- A Microsoft Management Console snap-in that supports remote management.
Although a Server Core installation supports Remote Desktop, Microsoft's graphical remote terminal service, in the case of the Server Core the "desktop" is nothing more than a command prompt. (For an illustration, see "Server Core UI".)
Most Microsoft management agents, such as Windows Update, Operations Manager, and Systems Management Server, will run on Server Core, but many of these agents lack documentation on how to configure them without a graphical UI.
Servers in some Server Core roles, such as DHCP and DNS, will require few configuration changes once installed. Others might require more administrator interaction, depending upon the role and the frequency of changes or updates.
Microsoft's new scripting system, Windows PowerShell, depends on the .NET Framework. A Server Core installation cannot run the .NET Framework, and therefore cannot run PowerShell for management. PowerShell can run on a separate computer and manage the Server Core installation through the server's exposed Windows Management Instrumentation interfaces. However, there is little documentation for administrators who want to write such scripts. Most administrators will probably rely on the older command-line utilities, although those are neither intuitive nor consistent. (For an example of two necessary configuration commands, see the sidebar "Inconsistent Command-Line Syntax".)
Server Core can be seen as a response to Linux-based servers. Some organizations are deploying Linux-based servers for similar infrastructure roles, typically because running these services on Linux allows an organization to repurpose older, less powerful hardware and to install only the parts of a Linux distribution needed for the server's role. However, Microsoft's response does not address what may be the largest use on Linux infrastructure: Web servers running the Apache Web server. Because Server Core does not install the .NET Framework, Server Core cannot run ASP.NET, a popular component for dynamic Web pages. But in principle, it could run Internet Information Services for Web Sites with static content or that are programmed with the Internet Server Application Programming Interface (ISAPI) or Common Gateway Interface (CGI). Instead, Microsoft will continue to offer the Web Server edition of Windows Longhorn Server.
Developer Issues
Server Core is not a complete application platform—a developer will have to ensure that the services and components her application relies on are included in the Server Core installation. Server Core does support the execution of applications such as management tools and agents, which can be divided into two categories:
Remote management tools. Typically, developers will not have to modify these tools to run on Server Core, provided the tools use one of the protocols supported in Server Core to communicate with the remote management workstation, such as remote procedure calls.
Local management tools and agents. If these tools have any shell or UI dependencies, or use managed code, then they will have to be rewritten to work with Server Core. As noted, Microsoft's own management agents can run on Server Core, but they lack documentation for configuration on systems without a graphical UI.
The Windows Server Longhorn SDK includes a list of APIs that are supported on Server Core. Developers need to verify that all APIs called by code to run on Server Core are available, and they will also have to test each application to ensure they can install in a quiet (no UI) mode.
Resources
For an overview of Windows Server Longhorn, see "Next Windows Server Takes Shape".
Microsoft's Windows Server Longhorn Web site is at www.microsoft.com/windowsserver/longhorn/default.mspx.
 |