Windows 2008, like Vista, includes the useful BitLocker utility, which I covered
in "What you need to know about Vista's User Account Control and BitLocker Drive
Encryption" (April 2007, InstantDoc ID 95153). BitLocker provides full volume
disk encryption for all disks attached to the server; this is a new feature:
In Vista, only the system disk was protected by default. BitLocker is even more
useful when used in tandem with other Windows 2008 technologies. For example,
businesses looking for the most secure and easily managed branch office servers
could install BitLocker alongside Server Core and RODC for the most secure configuration
possible. If the server is stolen, no data can be taken and hackers won't be
able to access the passwords for all domain users since only the passwords for
the locally cached users—and not the administrators—are stored
locally on the box.
On the Terminal Services front, a new mode called Terminal Services Gateway
tunnels remote sessions through HTTP Secure (HTTPS) so that you don't need to
configure a VPN, but can still access Terminal Services from wireless locations
that specifically block VPNs. Remote sessions connected in this fashion are
marked with the same "secure lock" graphic that users are familiar with from
IE 7.0. Terminal Services RemoteApp delivers individual applications, instead
of separate remote sessions, to users' desktops. After users log on, the effect
is seamless and almost identical to running the application locally.
What's Missing?
As I made reference to earlier, one of the most eagerly awaited Windows 2008
technologies—Windows Server Virtualization, code-named"Viridian"—is
missing in Windows 2008 Beta 3. Indeed, in the weeks before shipping Beta 3,
Microsoft warned that it would not be able to ship a public beta of Viridian
until the second half of 2007. The revolutionary technology was previously expected
in the first half of the year; however, Microsoft still claims that it will
be able to ship Windows Server Virtualization within 180 days of the release
of Windows 2008. The company plans to make this technology available separately
from Windows 2008, as a free update. Whenever it is released, Windows Server
Virtualization will be made available as a new server role in both Server Core
and the mainstream installations of Windows 2008. Sadly, even that version of
Virtualization will be scaled back from Microsoft's original promises: The company
recently announced that it will no longer include three critical features: live
migration support; the ability to hot-add storage, networking hardware, memory,
and processors; and support for up to 32 processor cores (the initial version
of Virtualization will support just 16 processor cores).
Another significant omission is that Windows 2008 Beta 3 doesn't support a
Web server or application server role in Server Core. The issue is the Microsoft
.NET Framework, which would be required in either scenario for either role.
Current versions of the .NET Framework include a variety of GUI-based libraries,
which wouldn't work properly in Server Core. Microsoft is investigating whether
to create a Server Core-friendly .NET Framework subset for a future release.
But I've been told that, post-Beta 3, the company will add a new Web Server
role to Server Core that includes all Microsoft IIS 7.0 functionality except
for ASP. NET, which does require .NET. This solution will give Microsoft an
effective answer to low-end Linux/Apache Web servers.
One potential problem with Windows 2008
is its dual nature. Although the roles-based
management approach means the system will
always configure settings correctly when you
use the GUI tools, it's still possible to go into
other tools, change settings, and end up configuring options incorrectly. Consider Windows
Firewall as a likely scenario: When you install
or configure a role such as Application Server,
the firewall is automatically configured so that
the role will function correctly. But you can still
go into the Windows Firewall GUI and manually override those settings. There's no "secure
for currently configured roles" fallback switch.
Recommendations
Microsoft says it is on track to deliver Windows 2008 by the end of 2007 and
Windows Server Virtualization by late 2007 or early 2008. Those dates might
be a bit optimistic if the number of unexpected Beta 3 delays is any indication,
but no matter. Windows 2008 is on the way, and it's time for businesses of all
sizes to begin evaluating this next-generation Windows Server version. Beta
3 is near-feature-complete and will be widely available by the time you read
this, so now is the time to begin your evaluation. Windows 2008's feature set
is so vast, as are the installation possibilities, that you'll want to take
the time to really understand how this release will affect your environment.
Register
