In May, almost a year after the first beta release, Microsoft released Longhorn Server Beta 2. Like previous Windows Server versions, Longhorn Server enhances fundamental areas, includes added security functions, and improves reliability and performance. A modular design makes it easier to install, configure, and upgrade. Although it's still too early to talk about concrete performance expectations for these areas, it's evident that Longhorn Server Beta 2 improves on its predecessors. Here's what you need to know about this new beta version.
Improving the Fundamentals
Longhorn Server is designed to be modular, which leads to a new OS function called Server Core and a more elegant servicing story. In Beta 2, Server Core provides install choices (called roles) that let you configure a minimal server install with no GUI and support for only certain services (e.g., DHCP, DNS). Server Core is lightweight—taking up less than 500MB of disk space—and you can install it in a demilitarized zone (DMZ) thanks to its reduced attack surface. Server Core provides for an extremely secure domain controller (DC) because it combines read-only domain controller (RODC) and Bit-Locker Drive Encryption technology. Microsoft claims that if it had released Server Core with Windows Server 2003, the typical Windows 2003 machine would require 50 percent fewer patches.
Although Microsoft reduced Windows 2003's surface attack area by reducing the number of services that run by default on that OS, Longhorn Server has additional improvements. The Longhorn Server development team re-evaluated all services and modified them to run with minimal security privileges. And the services are more segmented and run in isolation. This means that if one service segment is compromised, it can't compromise another service.
Added Security Measures
Longhorn Server includes a new feature called BitLocker Drive Encryption, which provides two valuable services. First, you can use this feature to encrypt the entire Windows volume—protecting both user and data files—to prevent an intruder from accessing information if the server or hard disk is stolen. (You can also use the Encrypting File System—EFS—to protect data on other drives.)
Second, BitLocker's Secure Startup service ensures that the server is protected during the boot process by comparing a checksum of all the files needed to boot with the values that were stored when the system last ran. If the checksum values are different, the system knows that it's been compromised and automatically goes into a recovery process. To provide optimal security, Longhorn Server will use a Trusted Platform Module (TPM 1.2), or a BIOS that can store BitLocker keys and other data on a USB dongle in tandem with a password.
Longhorn Server will also let corporations control—through Group Policy—which USB-based devices users can plug into a Windows client running Windows XP Service Pack 2 (SP2) or later or Windows Vista. Thus companies will be able to control whether employees can store information on large storage devices—such as Apple Computer iPods and USB dongles.
Microsoft has completely rearchitected Longhorn Server's networking stack. Now, the IPv4 and IPv6 networking schemes are both supported and integrated with IPsec. The network UI is more user friendly, and the new firewall—called Windows Firewall with Advanced Security—lets you manage IPsec and firewall functionality from a single interface. The firewall now supports both inbound and outbound filtering.
Expect IIS 7.0 to Be Easier to Service and More Efficient
Microsoft IIS has always been a capable application server—in Longhorn Server it's even better. Like Longhorn Server, IIS 7.0 will be componentized, so administrators will be able to roll out only those IIS features they need and then download and install patches only for the IIS features they're using. This modularity also means that IIS will have a much-reduced attack area. Also like Longhorn Server, IIS 7.0 has a crisp, clean, simpler administrative console that lets administrators delegate IIS tasks on a per-feature basis. I suspect many midlevel administrators will use this console environment.
Server Manager Is the Cockpit
Compared with previous Windows Server releases, installing and configuring Longhorn Server is easier. You trigger the setup process by entering the product key in the Setup program, and then you use a tool called Initial Configuration Tasks to configure information such as the administrator password, network settings, and domain. Then you use Server Manager.
Microsoft Senior Product Manager Ward Ralston described Server Manager as "a cockpit, not a dashboard" during a Beta 2 briefing—it doesn't just present information to administrators, it lets them act on that information.
The Server Manager main window is divided into a few key areas, as Web Figure 1 shows. In the left pane is a tree view that lists the management options: Manage Roles, Troubleshooting, Configuration, and Storage and Backup. Under Manage Roles, you'll see nodes for only those server roles you've installed on the system. In the right Server Manager pane, you'll see individual panes for Server Summary (showing information and links to commonly needed UIs such as system Properties and Network Connections), Roles Summary, Features Summary, and more.
"You had to go to a lot of places to be successful before," Ralston said. "We removed all that complexity. All of the potential roles this server can hold understand the constraints and dependencies on other roles and what it means to be healthy and bubble that information up to the administrator. That information is all presented in Server Manager. We think lots of administrators will simply live in this application." You can view, start, and stop services or drill down through the tree view to access the Event Viewer, Task Scheduler, Device Manager, and other administrative applications.
Terminal Services Overhaul
In Longhorn Server, Terminal Services has received a long-overdue refresh with two major new functional improvements. First, Terminal Services now includes a Terminal Services Gateway function that lets clients tunnel into a terminal server by using remote procedure call (RPC) over HTTP. Thus, clients with an Internet connection can download applications from any location without requiring a client install.
Second, Terminal Services includes a Remote Programs feature that lets organizations deploy individual applications—rather than complete environments—to remote clients. The application will integrate with the look and feel of the desktop—although some applications such as Vista's glass-like interface won't work the same—and users will be able to drag and drop between a remote application and a local system. Terminal Services Remote Programs will enable companies to grant users access to infrequently needed or legacy applications without having to manually touch the client machines. Remote applications are deployed by using standard Windows Installer (.msi) files.
The Great Unknowns
Microsoft told me, vaguely, that it's working to reduce the number of instances in which OS reboots are required. The statements weren't too convincing. I'm eager to see the fruits of this work and compare Longhorn Server's reboot requirements with those of Windows 2003 Release 2 (R2). However, thanks to Longhorn Server's new modular architecture, many Longhorn machines will probably require fewer reboots because administrators will need to install patches for only those features that are installed.
Microsoft hasn't decided which product editions, or SKUs, it will ship in the Longhorn Server timeframe. Microsoft Senior Product Manager Julius Sinkevicius told me that although the product could change somewhat, the company will deliver Standard and Enterprise editions, and probably a Datacenter Edition. Other market-specific Longhorn Server editions are still undecided at this time. Longhorn Server will use the new Vista UI in classic mode, which resembles Windows 2000, but with the new Vista UI, constructs such as sort columns will appear in all view modes instead of only the Details view.
Timing and Availability
Microsoft plans to ship multiple Longhorn Server Community Technology Preview (CTP) interim builds before the final release to manufacturing (RTM). Beta 2 is considered a semipublic release that Microsoft will distribute to about 500,000 people through Microsoft Developer Network (MSDN) and TechNet, road shows, and other events. At some point in 2006 or 2007, Microsoft will issue a Beta 3 version—a feature-complete Longhorn Server—to millions of users worldwide on a DVD and at the Microsoft Web download site. Microsoft still intends to ship the final version of Longhorn Server in 2007, but the exact date is unknown. At the time of this writing, Microsoft would say only that Longhorn Server will ship about 6 months after the business version of Vista is released. Vista is currently on target for a late October RTM date.
NAP for Network Quarantining
Longhorn Server will include the long-awaited Network Access Protection (NAP) feature, which adds true network quarantining to Windows Server. Several layers of NAP will be available, depending on your infrastructure.
In the simplest (and least secure) scenario, a business could enable NAP through DHCP to provide healthy remote clients with IP addresses and access to the local network, while denying out-of-date clients access until they download needed security updates. You can also implement NAP by using VPN (i.e., through Microsoft or a third party), 802.1x, or IPsec—the most secure but difficult method to implement. NAP will require XP SP2 or later or Vista on the client.
Recommendations
There's no doubt about it: Longhorn Server is going to be a major Windows Server release and one that all Windows administrators should examine closely as soon as possible. If you can get your hands on Beta 2, do so: Some of the new functionality is truly exciting, and of course Microsoft continues to make improvements to fundamental server capabilities. I can see reasons why companies would want to hold off on Vista migrations for as long as possible, but Longhorn Server is a different animal altogether. You're going to want to be ahead of the curve on this one.