 |
 |
| MS Windows Server 2008 Training |
Home |
|
|
MS Windows Server 2008 |
New Features |
|
|
|
Based upon our experience with
Microsoft Windows Server 2008 and feedback from our client base, it would appear
that the new release of the Microsoft Windows server family will be rolled out slowly at
most Fortune 1000 companies, with the majority of the migrations scheduled to be
performed in 2009.
Editions of Windows Server 2008
Microsoft has stated that Windows Server 2008 will be available in five primary
editions.
| Windows Server
2008 Edition |
Description |
| Standard * |
Provides built-in and enhanced
web and virtualization capabilities. Tools are provided for improved
server(s) control and streamlining configuration and management tasks.
Security features have been improved. |
| Enterprise * |
Provides an enterprise-class
platform for deployment of applications. Clustering and the capability to
dynamically add processors has been added. The consolidation of identity
management serves to improve security. Virtualization provides the
capability to infrastructure costs. |
| Datacenter * |
Provides for large-scale
virtualization on small and large servers; it scales from 2 to 64
processors. Clustering and dynamic hardware partitioning capabilities are
provided. Infrastructure costs can be streamlined by consolidating
applications with unlimited virtualization licensing rights. |
| Web Server |
Designed as a single-purpose
web server for the deployment of web pages, web sites, web applications, and
web services. It is integrated with IIS 7.0, ASP.NET, and the Microsoft .NET
Framework. |
| Windows Server 2008
for Itanium-Based Systems |
Designed and optimized for
large databases, line of business, and custom applications. It provides both
high availability and scalability for up to 64 processors. |
| Windows HPC Server
2008 |
Designed for HPC –
high-performance computing and built on the Windows Server 2008, 64-bit
technology. It has the capability to scale to thousands of processing cores
and includes management consoles for monitoring and maintaining system
health and stability. It provides for job scheduling interoperability and
integration between Windows and Linux based HPC platforms. Batch and SOA:
service oriented application workloads are supported. |
Improved
and New Featureset
Two of the most highly touted new capabilities are
the RODC - read-only domain controller and server roles. The RODC hosts a read-only copy of the Active
Directory database and the administrator can determine which accounts will be
replicated to the DC, and replication is unidirectional. In conjunction with the
new BitLocker technology, RODC will allow deployment of DCs at smaller sites.
Microsoft has developed the Server Core to provide a lean server operating
system that would allow specific server functions to run without all the
overhead of the GUI. Installation of roles such as DHCP: Dynamic Host Configuration
Protocol, DNS, file services and print server will be done completely
from the command line. Significant enhancements and new features have been made
to the Core server roles in Windows 2008 Server. In addition Windows Server 2008
consolidates a number of previously separated administrative consoles. In Server
Manager, there is a central wizard-driven interface for installing and
uninstalling server components along with a number of management functions.
Other improvements to the Windows 2008 featureset
include improved clustering support, better Terminal Services and enhanced Group
Policy.
| Feature |
Explanation |
| Active Directory
Domain Services Auditing |
Tracking changes to
Active Directory objects and attributes. |
| Fine-Grained
Password Policies |
A granular password
policy to be applied to specific sets of users that supercede the
policy set in the domain level Group Policy. FGPP is defined as an attribute
in the AD and not implemented through Group Policy. |
| Restartable Active
Directory Domain Services |
Active Directory
can be turned off, tasks can be performed offline, and then Active Directory
can be turned back on without a reboot. |
| Snapshot Viewer |
A deleted object
can be viewed in multiple disk snapshots and then the determination can be
made as to which one to restore. |
| Active Directory
Certificate Services |
New features have
been added from Windows Server 2003. |
| Active Directory
Lightweight Domain Services |
The new version of
the Active Directory Application Mode product. |
| Active Directory
Rights Management Service |
Windows Rights
management product gets new features such as delegation of administration, a
new MMC interface, and integration with Active Directory Federated Services. |
| File Services |
This is the new
backup program; it does not support tape devices. Tape drivers are still
available and can be used by third-party tape devices, including Microsoft's
Data Protection Manager. |
| Network Policy and
Access Services |
Includes network
services such as VPN, RADIUS and dial up servers as well as routers and
802.11 wireless access. |
| Streaming Media
Services |
This role can be
used to deploy streaming digital media content and manage Windows Media
servers. |
| Application Server |
Provides an
environment that allows applications to run. Features include IIS, .NET
Framework v 3.0 and 2.0, ASP.NET, COM+, Message Queuing and WFC: Windows
Communication Foundation. |
Firewall
The built-in firewall in Windows 2008 Server has been improved
significantly. The standard approach in widespread use is to create a
perimeter around a network with firewalls and IPS systems. However, if
penetration occurs to the outer perimeter, then access is obtained to the
internal network. This means that the operating system authentication would be
the remaining authentication security preventing access to data.
| Feature |
Explanation |
| Bi directional filtering |
Bi-directional: outbound and
inbound traffic are filtered. |
| GUI interface |
An MMC snap-in is used to
configure the firewall. |
| IPsec integration |
The firewall rules and IPsec
encryption configurations are integrated into a single interface. |
| Rules configuration |
Firewall rules can be created
for Windows Active Directory service accounts and groups, source/destination
IP addresses, protocol numbers, source and destination TCP/UDP ports, ICMP,
IPv6 traffic and interfaces on the Windows Server. |
Initial claims are that the Windows Advanced
firewall provides protection comparable to many host-based firewalls. SYS-ED
staff is researching and monitoring the veracity of that statement.