Windows Server 2008 functionality

Windows PowerShell Componentization with a purpose More specifically, componentization enables some of Windows Server 2008's most exciting new functionality, such as its image-based deployment facilities, roles-based management, and Server Core. Server Manager The MMC-based Server Manager provides a user interface for managing each installed role and feature on the system, including Active Directory Domain Services, Application Server, DHCP Server, DNS Server, File Services, Terminal Services, Web Server, and many others. It also includes numerous valuable troubleshooting tools like Event Viewer, Services, and Reliability and Performance utilities, configuration tools like Task Scheduler, Windows Firewall, WMI Control, and Device Manager, and the new Windows Server Backup. Server Core Server Core is designed to reduce the attack surface of the server to be as small as possible. As such, a Server Core install is also more limited than that of a standard Windows Server 2008 installation. It supports just nine roles, including AD, AD LDS, DHCP, DNS, File, Print, Virtualization (Hyper-V), Web Server, and WMS, compared to 18 roles in the full server BitLocker Full-Drive Encryption

BitLocker is a full-drive encryption solution that first debuted in Windows Vista as a way to protect data stored on easily lost and stolen executive notebook computers. It requires TPM 1.2based hardware to store encryption keys and can be configured via Group Policy. On the server, BitLocker is particularly valuable for machines stored in branch offices, because those servers are often less well physically protected than the machines back in the home office. If a thief walks off with a BitLocker-protected server, they won't be able to access any of the data stored on the system's hard drives. BitLocker also works really well with some of the other technologies discussed here to create a truly secure and useful branch office solution
Read-Only Domain Controller Read-Only Domain Controller (RODC) is new functionality that allows administrators to optionally configure the AD database as read-only, where only locally cached user passwords are stored on the machine and AD replication is unidirectional, rather than bidirectional. So why would you want to do this? Today, many organizations are installing servers in branch offices and other remote locations, and these servers often connect back to the home office using slow or unreliable WAN links. That makes AD replication--and even authentication--an arduous and lengthy process. With RODC, the server is typically set up and configured in the home office, shipped to the

Hareesh Kumar

Page 1

remote location, and then switched on. From then on, only the user names and passwords of users who hit the server locally--and not the administrator account--are cached locally on the server. Like BitLocker, RODC is an excellent solution for physically insecure remote servers. Indeed, if you combine RODC with other new Windows Server 2008 technologies like BitLocker and Server Core, you can configure the most secure remote server possible. That way, even hackers who gain physical control of the server can't take over your network. And removing the stolen RODC from your AD is as simple as checking a switch: Only those users who logged on to that machine will need to change their passwords. You won't have to institute an organization-wide emergency, because most users' accounts will not have been cached on that machine. Internet Information Services 7 The new Web server in Windows Server 2008 is driven by a major new update to Internet Information Services (IIS). Like the server itself, IIS 7 is completely componentized so that only those components needed for the desired configuration are installed and, thus, need to be serviced. It sports a drastically improved management console, supports xcopy Web application deployment and delegated administration, and is backed by a new .NET-based configuration store, which replaces the previous, monolithic, configuration store Terminal Services

Terminal Services (TS) sees some major changes in Windows Server 2008. The new TS RemoteApp functionality allows admins to remotely deploy individual applications to desktops, instead of entire PC environments, which can be confusing to users. These applications download and run on user desktops and, aside from the initial logon dialog box, function and look almost exactly as they would were they installed locally. This functionality requires the new Remote Desktop client, which shipped in Windows Vista and can be downloaded for Windows XP with SP2 and above. TS Gateway lets you tunnel TS sessions over HTTPS outside the corporate firewall, so that users can access their remote applications on the road without having to configure a VPN client. This is particularly useful because VPN connections are often blocked at wireless access points, whereas HTTPS rarely is.
Network Access Protection Microsoft first planned to ship simple and easily configurable network quarantining functionality in Windows Server 2003, but it's here at last with Network Access Protection (NAP). This feature allows you to setup security policies for your network: When a client system connects, NAP examines the device to make sure it meets the requirements of your security policies. Those that do are allowed online. Those that do not--typically machines that only connect infrequently to the network, such as those used by travelling employees--are pushed aside into a quarantined part of the network, where they can be updated. How these updates happen depends on the configuration of your environment, but once that's complete, the system is given full access again and allowed back on the network. NAP includes remediation failback to Windows Update or Microsoft Update if the local Windows Server Hareesh Kumar Page 2

Update Services server is unavailable, and compatibility with Cisco's Network Admission Control (NAC) quarantining technologies Hyper-V

One of the most important and future-looking technologies in Windows Server 2008 isn't even available in the initial shipping version of the product. Instead, Microsoft is shipping a beta version of its Hyper-V virtualization platform with Windows Server 2008 and will update it automatically when the technology is finalized sometime after mid-2008. Hyper-V is a hypervisor-based virtualization platform that brings various performance advantages when compared to application-level virtualization platforms like Virtual Server. Compared to market leader VMWare, Microsoft's offering is immature and unproven, but its inclusion in Windows Server 2008 is sure to garner Microsoft some attention and market share. And there are advantages to this bundling: From a management perspective, Hyper-V is installed and managed as a role under Windows 2008, just like DHCP, file and print services, and other standard roles. That means it's easy to configure, manage, and service. Hyper-V ships only with x64-based versions of the product and relies on hardware virtualization features that are only available in the latest AMD and Intel chipsets. It supports both 32-bit and 64-bit guest operating systems, up to 32 GB of RAM in each guest OS, and up to 4 CPU cores for each guest OS. Hyper-V is compatible with virtual machines created for Microsoft's earlier virtualization products, like Virtual PC and Virtual Server.

Edition comparison
Configuration Parameter Maximum RAM Web Edition Standard Edition Enterprise Edition 64GB (32-bit) 2TB (x64) Datacenter Edition 64GB (32-bit) 2TB (x64)

4GB (324GB (32-bit) bit) 32GB (x64) 32GB (x64)

Optimal: 2 GB RAM (Full installation) or 1 GB RAM (Server Core installation) or more Multiprocessor Support Disk space for setup 4P 4P 8P 64P

Minimum: 10 GB Recommended: 40 GB or greater Note: Servers with more than 16 GB of RAM will require more disk space for paging, hibernation, and dump files None 1 4 Unlimited

Virtualized Guest Instances included with OS

Hareesh Kumar

Page 3