Skip navigation

R2 Moves Windows Server 2003 Forward

R2's new features might compel you to upgrade before next year's Windows Vista release

As you read this, Windows Server 2003 Release 2 (R2) will be about to hit the streets, if it hasn't already. Windows 2003 R2 isn't Microsoft's typical major release of an OS; it's actually more of an optional release for Windows 2003 users. R2 contains no changes to the core of the OS beyond what Windows 2003 Service Pack 1 (SP1) delivered, no updated device support, and no modifications to existing components. But R2 does offer significant new features, some of which were originally slated for Longhorn and a few that have already been released as downloads for Windows 2003. I'll guide you through the most impressive of the R2 features and explain how they could benefit your Windows environment.

Extra Features, Extra Cost
Because R2's new features are optional and the underlying OS is identical to Windows 2003, future Windows 2003 service packs will apply to both Windows 2003 and R2. Additionally, any certification exercises you've performed on your Windows 2003 environment—for example, application compatibility—apply equally to Windows 2003 R2.

What sets R2 apart from a normal outofband feature release, such as Active Directory Application Mode (ADAM), is that R2 is an upgrade; you must pay for it unless you're a Software Assurance (SA) or Microsoft Enterprise Agreement customer. If you don't need any of R2's new components, you won't benefit from upgrading a Windows 2003 server to R2. You should upgrade only servers that need to run one or more of the new R2 capabilities.

Upgrade Mechanics
If you upgrade from Windows 2003 SP1 to Windows 2003 R2, you need to insert only the second R2 CD-ROM, which, when executed, performs these tasks:

  • Updates Add/Remove Windows Components to include the new R2 features
  • Updates the WINS Manage Your Server and Configure Your Server wizards with new (Windows SharePoint Services) and updated (file and printer) server roles
  • Updates Microsoft Management Console (MMC) from version 2.0 to 2.1/3.0 (Microsoft uses these MMC version numbers interchangeably)
  • Creates a shortcut on the desktop to a document that describes the new R2 features

The most significant new features in R2 comprise four distinct areas: remote server and print management, Active Directory Federation Services (ADFS) and Windows SharePoint Services, application platform, and operational infrastructure. I'll spend more time describing brand-new features, such as the new replication service and ADFS, and less time on features that were previously available via download, such as Windows SharePoint Services and ADAM.

Remote Server and Print Management
R2 includes a new DFS-specific replication service, known as Distributed File System Replication (DFSR). DFSR addresses many of the problems with NT File Replication System (NTFRS), which wasn't designed to handle very large files or a large number of files. DFSR uses a new compression algorithm called Remote Differential Compression (RDC), which detects changes within a file and replicates only the changed portions. If I changed one value in a 20MB Microsoft Access database, when using NTFRS the entire 20MB would be replicated, whereas with DFSR only the few changed bytes would be replicated.

The most important aspect of DFSR, though, is that it solves the problem of NTFRS failing in some situations, such as update sequence number (USN) journal wraps or losses that would cause NTFRS replication to stop and require a long process to reenable replication. DFSR is a true self-healing replication engine: Even when the NTFS journal wraps or replication partners haven't communicated in a long time, the DFSR engine can check differences between the replication partners and bring them up-to-date and in sync with each other.

Because DFSR is a new service, all servers-that are targets for DFS links and will use the new-style replication must be running Windows 2003 R2 and have DFSR installed. You need to make a small change to the Active Directory (AD) schema to enable support of new DFSR-required objects. To make the schema change, you run the R2 Adprep utility (adprep.exe), which is found in the \cmpnents\r2\adprep folder of your R2 media. Note that this change is compatible with Windows 2000 domain controllers (DCs) that have Windows 2000 SP2 installed (or SP1 with Quick Fix Engineering—QFE— 265089 installed).

Previously, when a link target went offline, the link failed over to an alternate link target (e.g., another copy of the file share ferent server). In R2, when the target returns online, clients fail back to it instead of staying on the potentially less-efficient failover link target, thereby reducing response time and minimizing traffic over slower, WAN links.

A new management console simplifies replication of DFS target data by merging the existing MMC DFS Management snapin with the Replication Management snap-in. A new Print Management Console (PMC) lets you manage all remote or local and remote printers from a centralized console. PMC eases installation of new printers by enabling full management, monitoring, and configuration of all Windows 2003 and Windows 2000 print servers. PMC also lets you define actions according to certain scenarios. For example, to deal with a print server that becomes unavailable, you could configure PMC to execute a script or send an email message notifying administrators of the outage.

For each visible print server, PMC shows the installed print drivers, configured forms, ports in use and printers using them, and which printers the server is handling. You can use PMC to access Web-based management options for printers that use them and, when used in tandem with Group Policy, to automatically push out printer connections according to organizational unit (OU) or domain location.

ADFS and Windows SharePoint Services
R2's new ADFS lets you extend internal Webbased applications to external users (e.g., customers, partners, suppliers)—for example, by letting an organization's partners use the same Web single sign-on (SSO) that's used within the organization's domain. Currently ADFS works only for Web-based applications. ADFS is different from other identity management products such as Microsoft Identity Integration Server 2003 Enterprise Edition (MIIS). ADFS effectively extends the visibility of objects in a directory service to other organizations, thereby giving access to external services and using only one account. MIIS synchronizes and replicates objects and their changes between multiple object repositories. In MIIS one principal (i.e., user) has multiple accounts, which MIIS keeps in sync; a single account password gives the illusion that only one account exists for a particular principal. For a more detailed explanation of how ADFS works, see the Web-exclusive sidebar "ADFS Architecture," http://www, InstantDoc ID 48252.

The latest version of Windows SharePoint Services, SP2, provides full support for Windows .NET Framework 2.0, which eliminates the requirement of having .NET Framework 1.1 installed to use Windows SharePoint Services. However, Windows SharePoint Services SP2 doesn't currently leverage new .NET Framework 2.0 features, such as the new Web-part framework. But components you write to run with Windows SharePoint Services can now use full .NET Framework 2.0 functionality.

Another Windows SharePoint Services improvement is its enhanced extranet support. Windows SharePoint Services now dynamically uses the correct URLs depending on whether the client is on an internal or external network. This new feature lets you use different URLs for a Windows SharePoint Services site's external and internal users. And, as are many of the R2 components, Windows SharePoint Services is 64-bit compatible; that is, Microsoft has tested it on 64-bit systems, although it actually runs on the Windows 32-bit emulator layer.

Application Platform
As I mentioned, R2 includes .NET Framework 2.0, which is required for other parts of R2 and is installed automatically when you select the required R2 components. Also now included in R2 is ADAM, which applications and services typically use to store information that isn't used globally and doesn't warrant modifying the schema of the AD forest. ADAM complements AD: AD functions as the identity store, whereas ADAM acts as the application store.

R2 also contains a new version of MMC (2.1/3.0). This new MMC version makes it much easier to create snap-ins for MMC via the MMC managed-code framework and by using standard WinForms controls, which you can develop by using the Visual Studio (VS) designer. MMC now also has better isolation between snap-ins, which prevents one snap-in from hanging, causingthe other MMC snap-ins to stop functioning.

Improvements to the MMC UI include a new action pane. Snap-ins written to take advantage of MMC 2.1 or later can contain specific options. Older snap-ins can now display the in-focus object's specific contextmenu actions, which makes them more obvious to users, who no longer need rightclick options. R2 also provides a new, easiertouse Add or Remove Snap-ins dialog box, which Figure 1 shows and which makes adding snap-ins a far more intuitive procedure and greatly simplifies the process of creating your console view. The Edit Extensions button now provides a simple view of extensions that will be included in extensible snap-ins by default and lets you include or exclude specific extensions.

Application developers will appreciate Common Log File System (CLFS), which makes its debut in R2. You can think of CLFS as a mechanism for providing a robust logging environment to both kernel-and user-mode applications via the supplied loadable driver. CLFS is designed explicitly for situations that require any type of logged data to be written and read sequentially, for example, in data replication or transactional processing. CLFS is highly configurable; it allows linear and circular logging and single or multistream data input and gives the user process full control over when log file data is flushed to disk.

Operational Infrastructure
If your organization runs UNIX systems, you'll benefit from the new Identity Management for UNIX feature in R2. Identity Management for UNIX consists of two components: Server for Network Information Service (NIS) and Password Synchronization. Server for NIS lets you specify a DC from an AD environment as the master NIS server for the UNIX environment. Additional DCs in the domain can have Server for NIS installed, which lets them act as NIS subordinates (or slaves). Because the R2 AD schema is fully Request for Comments (RFC) 2307 compliant, UNIX and Linux clients can directly access AD by using LDAP.

As its name suggests, the Password Synchronization component allows synchronization of passwords between individual local accounts on a Windows computer or synchronization of passwords on an entire AD domain to individual UNIX hosts or all computers in an NIS domain. This synchronization allows a common set of accounts to be used between platforms and can be unior bidirectional in nature. If you understand MIIS's password-synchronization requirements, the Identity Management for UNIX Password Synchronization requirements will seem familiar. For Password Synchronization to function, password-synchronization services must be installed on all DCs in the domain to enable the DCs to intercept password-change requests, so that the DCs can send them to their UNIX counterparts.

Microsoft Server for NFS, which enables file sharing to UNIX clients, and Microsoft Client for NFS, which lets Windows access files on other NFS servers, have also undergone a comprehensive update in R2. These components now deliver a more reliable and usable solution, partly because of their brandnew administrative UI. Additionally, all the UNIX components now have 64-bit support.

Another part of the UNIX "bundle" is Subsystem for UNIX-based Applications (SUA). SUA effectively allows UNIX applications to be recompiled under Windows environments, so that the UNIX applications can use both UNIX and regular Win32 APIs.

Another new R2 feature, Hardware Management, includes Intelligent Platform Management Interface (IPMI) support via a driver and provider that let Windows interact with IPMI instrumentation on the motherboard to gather information (e.g., CPU temperature). This interaction with the motherboard lets the System event log's contents be replicated and displayed in the Windows event log, so that the monitoring and alerting infrastructure that the OS uses for Windows events can also be used for hardware-level events. This information is also made available through standard Windows Management Instrumentation (WMI), so that any WMI-enabled tool can read and set these hardware-related values.

R2 also provides a Web Services for Management (WS-Management) implementation, which enables WMI management via HTTP and Simple Object Access Protocol (SOAP). WS-Management also lets an administrator manage servers when an OS isn't running; for example, it allows BIOSlevel access of a machine or in a post-crash situation. R2 must be installed only on the server that's performing the WSManagement吠nitiated conversation. This capability is useful for distributed environments because it lets an administrator remotely investigate and fix remote servers.

Also included in R2 is Simple SAN, a component that's meant to make implementing a SAN much easier for small-to-midsized businesses (SMBs). Simple SAN is designed to help an administrator configure and manage a basic SAN environment via a single UI—Storage Manager for SANs—which uses Microsoft Virtual Disk Service (VDS) to autodiscover disk arrays and servers on the SAN. iSCSI and Microsoft Multipath I/O (MPIO) support is included in VDS 1.1, which is part of R2. The snap-in that's provided in Storage Manager for SANs facilitates creating and assigning LUNs and managing connections between LUNs and servers.

Several of the most impressive new R2 features are related to storage management. First, Quota Management lets you control sizes of folders and volumes according to total actual disk usage instead of breaking them down by user-or group-specific quotas. You simply set a total size the folder can grow to, based on the physical space used on the disk, which allows more compressed data to be saved. For example, you could have a quota of 500MB and save 700MB of compressed, logical data. Contrast the new R2 quotas with the per-user and per-volumeè?ªased quotas used in Windows 2000 and later that were based on the logical, not physical, space used.

You can configure actions to take when a quota is reached, such as sending an email message to administrators, the user whose data exceeded the quota, or a predefined group; writing an informational message to an event log; executing a command or script; running a storage report (more about this shortly); or any combination of these actions. Quotas can be hard or soft limits. A hard limit stops new data from being created; a soft quota allows more data to be written and is typically used as a trigger to send notification about reaching the quota. R2 includes templates for common quota scenarios that you can use, copy, or modify. Be aware that quota management is real-time; therefore, an in-process I/O request can fail when the quota is breached.

R2 provides a comprehensive storage-reporting component that lets you generate reports as needed and schedule reports according to particular volumes, folders, or shares. You can also configure reports to be emailed in any of a number of formats, including Dynamic HTML (DHTML), which allows dynamic sorting and even graphing capabilities; regular HTML; XML; comma-separated value (CSV), and text.

R2 also provides a useful file-screening component, a real-time feature that monitors folders or volumes that you've specified and screens for certain types of files (e.g., audio, video, .exe). The file-screening component supplies many standard file-group types as templates, called storage management policies. You can modify these policies or define new file groups as needed. Similar to hard and soft quotas in Quota Management, you can screen for files in active or passive mode. Active mode actually stops file creation; passive mode performs the actions you've specified while allowing file creation. As in Quota Management, you can set actions for the system to take when a user tries to copy a particular file type. For example, a user who tries to copy or write an invalid file type gets an Access is denied message, and the system writes more specific information about the action to the event log, as Figure 2 shows. You can fully customize the event-log text. Templates are supplied to help you define common screening configurations.

A Full Plate of Features
As you've seen, R2 packs many notable new features and enhancements to old ones. Some of these features, such as the new DFS replication engine, ADFS, and Quota Management, are significant enough to warrant an OS upgrade if you're not already running Windows 2003. Whether these features are worth the upgrade cost depends on the extent to which they could benefit your organization's IT and business processes and end users. But whether or not you're ready to take advantage of it, R2 is unquestionably a leap of progress for the Windows Server OSs.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.