Late last week, I had a chat with Samm DiStasio, group product manager for the Windows Server division. DiStasio had some interesting news about both Windows Server 2003 Service Pack 1 (SP1) and Windows 2003 Release 2 (code-named R2), the interim Windows Server release that will ship between Windows 2003 and Longhorn Server. Sadly, in the case of R2, the news isn't good: R2 is losing yet another crucial feature, leading me to wonder whether this release is becoming irrelevant. But first thing's first.
Windows 2003 SP1
The oft-delayed Windows 2003 SP1 will appear in release candidate (RC) form by the end of 2004, DiStasio said, along with a software development kit (SDK) for Windows 2003 High Performance Computing (HPC) Edition. Windows 2003 SP1 will include several important upgrades to the core OS, including the eagerly anticipated Security Configuration Wizard (SCW), which builds on the roles-based administration tools infrastructure in Windows 2003.
Here's how the SCW works. Servers typically take on roles, such as Web server, email server, file and print server, or some combination of these roles. You can use the SCW to configure your servers based on these roles and to ensure that no unnecessary services are running or ports are open. If the wizard finds any unnecessary services running or unnecessary ports open, it will shut them down.
You also can use the wizard to examine existing installations. SCW will try to identify the server configuration (e.g., "this server appears to be a Web server"). If the wizard is correct, you can tell the server to perform the aforementioned services and ports configurations. Otherwise, the wizard helps you correct the situation by using the aforementioned port and services configuration capabilities.
The SCW is also extensible, so future Microsoft and third-party server products can add themselves into the roles scheme. In the future, you should be able to configure a server as, for example, a "SQL Server database server." We'll have to wait and see how that functionality pans out.
In addition to the SCW, SP1 will deliver the expected collection of security and bug fixes. Microsoft also says that simply installing SP1 will improve OS performance. And SP1 will usher in a host of new Windows Server versions, including two new x64-based versions that offer 64-bit memory addressing.
Windows 2003 R2 Planned as the interim Windows Server release between Windows 2003 and Longhorn Server, R2 has been defanged quite a bit since I first learned about this product in January. To date, Microsoft has removed the following two key features:
- Windows 2003 Terminal Services "Bear Paw." This Terminal Services release will let users run single remote applications in dedicated windows, rather than requiring a separate windowed environment that includes one or more client applications. The effect is seamless: Remote applications appear and work just like local applications. Unfortunately, Microsoft has pushed back Bear Claw to Longhorn Server--it won't appear in R2.
- Network Access Protection (NAP). Although Windows 2003 offers basic VPN-based network quarantine features, Microsoft won't have a full-featured, easy-to-implement way for administrators to quarantine mobile computers that don't meet the enterprise's security standards until the company ships NAP. Originally scheduled for R2, NAP is now delayed until Longhorn Server so that Microsoft can rebuild the product to interoperate with Cisco System's switch-based security and health assurance technology, called Network Admissions Control (NAC). That delay is fine for customers looking to mix and match technologies, but not so great for the majority of customers, who are waiting for quarantine functionality.
With these changes, I'm a little concerned that R2 is losing its focus. Without Bear Paw and NAP, R2 amounts to little more than a version of Windows 2003 that's bundled with SP1. Currently, Microsoft is offering few product specifics. The company notes that R2 will deliver "simplified branch server management, streamlined access management across security boundaries, and efficient storage management." I do know that it will include an updated version of Windows Rights Management Services (RMS) and the "TrustBridge" federated identity management technologies.
Now that it's picking up some of the most important features from R2, Longhorn Server is shaping up to be a major Windows Server release and, according to Microsoft, is on track for a 2007 release. The company told me that it will ship the first Longhorn Server beta in the second half of 2005. Longhorn Server will include a new version of Microsoft IIS, the Indigo Web services platform, the Microsoft .NET-based Microsoft Scripting Host (MSH--code-named Monad) command-line environment, new management tools, IP version 6 (IPv6) support, and other features.
Looking over the changes to the server road map, the big news is the NAP removal from R2. Microsoft says that it has valid reasons for delaying this product, but I think that most customers would benefit from Microsoft's NAP solution now, while only some customers will need NAP/NAC integration. It seems to me that Microsoft is using this integration to delay a much-needed technology that's taking longer to develop than it originally planned. Certainly, anyone attempting to implement VPN Quarantine in Windows 2003 is going to have a tough road ahead. Are any decent solutions for this problem available today?