Microsoft's slimmer and stronger server OS, bolstered by virtualization, networking, and security advances, is an upgrade that IT can't refuse, a 200-pound gorilla that eats commercial Linux
A standing complaint about Windows Server is its resource footprint. Those in IT just take as rote that it requires lots of memory, lots of CPU, and lots of disk to put any substantial services on the air with Windows Server 2003. I think it's safe to say that the typical x86 rack server's characteristics reflect the requirements of Windows Server. Microsoft's big OS has always been designed under the presumption that it will have a full physical server to itself.
In Windows Server 2008, Microsoft delivers a 64-bit server OS with a smaller minimum resource footprint than Windows Vista. It varies by edition; Windows Server 2008 Datacenter doesn't focus so much on shedding the pounds, but it, too, picks up the speed benefits from the slimmer Server Core, which was created to be a practically weightless virtualized guest OS. IT shops are likely to use Windows Server 2008 the same way they use Windows Server 2003 now, only now they can run lots of independent virtual Windows Servers that scale in features and footprint across a broad range of options.
[ Read InfoWorld's tips on making the most of Windows Server 2008's easy-to-miss new options ]
Windows Server 2008 remains a component of the Windows Server System, so Microsoft has not instituted a free lunch program. Functions like e-mail and collaboration, database, and robust edge services are add-ons that most deployments will require. But these can be placed at the host level, with virtualized guests distributing applications and services that utilize Windows Server components. In other words, one license of Exchange Server or SQL Server will stretch further than ever before.
How low it can go
I spent most of my time testing Windows Server 2008 Enterprise on an eight-core, two-socket AMD Barcelona reference server. When you align the features of the Barcelona architecture with Windows Server 2008's capabilities, you come away with the impression that AMD designed its CPU with Windows Server 2008 in mind. Having talked with Barcelona's architects, I'll bend nondisclosure just enough to say that to call Barcelona a Windows Server 2008 hardware architecture is not far-fetched.
Windows Server 2008 is built for virtualization. All SKUs up to Datacenter are tooled for what you might call "buffet" scalability. You can choose, with finer granularity than is possible under Windows Server 2003, the server features you want to run, where you want to run them, and what portion of total resources are dedicated to them. For example, Internet Information Services (IIS) 7.0 has split Web application services functionality into some 40 independently loadable plug-ins. It is similar in concept to Apache's modular approach, but IIS's approach is safer, more transparent, and much easier to manage. This is a nice fit for server roles, a feature introduced in Windows Server 2003 that provides simple on/off switches and wizards that bring up and shut down groups of services according to need. Windows Server 2008 continues Windows Server's tradition of server roles, but adds finer-grained, modular control over individual features. You can still do a blunderbuss deployment in which a Windows Server host or guest role is "all," but it is well worth IT managers' and administrators' time to learn to match server roles, and modular services within those roles, to user and application requirements. Do that, and you'll have servers that will make physical-to-virtual transitions and virtual machine relocation uncommonly easy.
One road you won't need to take to slenderize Windows Server 2008 is to run it as a 32-bit (x86) OS instead of 64-bit (x64). You've heard hype that the overhead of going to 64 bit, especially for virtual guests, is substantial enough to blow x64 off unless you know you need access to a 64-bit virtual address space (as if that knowledge were easy to come by). Dismiss this as noise. The 32-bit server OS is the HD DVD of IT, even for virtual guests. It's time to step into the future.
To put a fine point on the virtues of Windows Server 2008's trimmer physique, consider that I ran the x64 Windows Server 2008 Standard on an Apple MacBook Pro, running as a 64-bit virtual guest under VMware Fusion software virtualization for OS X. Of MacBook Pro's 2GB of RAM, I reserved 512MB for Windows Server 2008. I made just one allowance for Windows Server 2008: I installed it on an off-board 18GB FireWire-powered hard drive. To be honest, that was for me. I wanted a blinky light that showed me how hard Windows Server 2008 was hitting the drive.
Seen from one perspective, Microsoft wants to reach out to and play nice with Linux. Subsystem for Unix Applications (SUA) is bundled with Windows Server 2008 Standard, Enterprise, and Datacenter, and all Windows Server 2008 SKUs can compile and run many open source and commercial x86/x64 operating systems, OS X being a notable exception. Microsoft's decision, albeit one made under legal duress, to publish its proprietary APIs and protocols should make Linux developers and users of freeware Linux distributions ecstatic.
Seen another way, Microsoft has executed Windows Server 2008 in a way that makes commercial Linux far less appealing. In those places where Linux might be seen as a good fit for its performance and small footprint, any Windows Server 2008 SKU, including the painlessly priced Windows Server 2008 Web and the Windows Server Core license that rides along with all Windows Server 2008 SKUs, all but slams the door shut on Linux in a Windows shop; Linux is just an impossible sell in Windows shops. That's not because Microsoft has exerted some evil monopolistic power over the enterprise OS market, but because Microsoft made the IT-friendly technical, licensing, and packaging decisions that leave very few gaps, if any, left to fill.
Many children at your service
The Hyper-V hypervisor (currently beta, due Q3) and virtual machine management tools baked into Windows Server 2008 Standard will go a long way toward taking Microsoft server virtualization beyond a poor man's alternative to VMware. Windows Server 2008 casts off a cumbersome, high-overhead, heavyweight virtual machine manager model in favor of a wafer-thin, host-optimized hypervisor. This does not take away the substantial value that VMware, Virtual Iron, Citrix/XenSource, and other serious virtualization players add to large-scale enterprise operations that might have thousands of virtual instances running at once. But Microsoft's virtualization has three unique advantages: It costs nothing, its administration is integrated into Microsoft's other server management tools, and Windows Server 2008 is the only host OS it needs to support. In that last case, Windows shops derive a serious performance and scalability kick from the fact that Microsoft's virtualization is proprietary.
Relaxed licensing is a huge win for shops that deploy Windows Server 2008. Buy a big, fat, fast x64 server, and you can use one Windows Server license to host as many virtual guest instances as you like on that one server. Each physical server requires its own license, and Microsoft seat licenses still apply across the board, but I can see an eight-socket Opteron server easily pulling the workload of a half rack of very busy two-socket rack servers, or a full rack of similar servers with typical utilization.
Of course, Microsoft virtualization works on Intel Xeon as well, albeit with lower single-server consolidation capacity. (Lest anyone think I'm harping, I'll write about the enormous advantages that Opteron brings to Windows Server 2008 virtualization elsewhere.) Hyper-V leverages AMD and Intel hardware-accelerated virtualization to reduce the overhead of software virtualization to a minimum. I say "reduce" to cover edge cases, but for most uses, Hyper-V makes the overhead of trapping privileged instructions and swapping guest OS instance contexts in software disappear. Plus, Hyper-V is very flexible in its resource allocation, permitting guest instances the privilege of "owning" a peripheral. When you can afford this, the layers devoted to arbitrating access to a single device by multiple virtual guests are bypassed. I/O bandwidth for each virtual machine can approach native performance. This feature favors servers with lots of expansion slots. For existing servers, you can buy a PCI-Express bus extension chassis to create a bank of, say, LAN adapters to give each virtual instance its own card.
Devoting devices to guests takes away the I/O bottleneck, but it also aids availability through redundancy. A dead LAN card or host bus adapter, or a downed route, won't be felt by users or applications as long as you've done the network and peripheral redundancy you'd build into any enterprise plan. However, you may opt to skip some of that homework because all but catastrophic contingencies short of a whole server going up in smoke are adequately covered by Hyper-V. Continuity and load distribution architecture and management are addressed by Hyper-V's snapshot, guest instance migration, and direct access to virtual disk images for offline virtual machines.
A whole new level of manageability is enabled by what I consider to be an essential add-on to Windows Server 2008. Microsoft's System Center Virtual Machine Manager adds intelligent monitoring, provisioning, and placement of virtual machine images and workloads across your network. System Center Virtual Machine Manager is fantastic once you make the effort to wrap your mind around its concepts and the shortcomings in its user interface. I lived in System Center Virtual Machine Manager's Workgroup Edition during my testing, a $499 package that runs up to five physical servers, and I can't imagine being without it. The full System Center suite, which is scaled and licensed for enterprise use, includes Virtual Machine Manager.
Big services for small clients
Windows Server 2008 covers another flavor of virtualization in the form of Terminal Services. A mainstay of Windows Server, the big news in this release is its HTTPS tunnel, or Terminal Services Gateway. Edge security often blocks inbound access to the TCP ports needed by Terminal Services. The Terminal Services Gateway allows remote clients normally blocked by firewalls to access Terminal Services, without the hassle of VPN, but with full security and auditing.
Terminal Services Gateway will undoubtedly get played by competitors as an exploitable backdoor, but it's a much smarter way to control user access (internal as well as external) to network services. Terminal Services Gateway requires the application of Remote Access Policies (RAP) that define and enforce the characteristics of clients permitted access to Terminal Services, and remote services in general. A client that doesn't meet RAP's health tests and policies, such as a notebook that's plugged into your network by an internal hacker, can't get in through Terminal Services or any other means. Period.
Seriously? Absolutely. BitLocker local disk encryption can be defined as an enforced remote access policy. Users like encryption for privacy, but IT will love BitLocker. It uses a client system's Trusted Platform Module (TPM) to create a file access authentication path that users cannot bypass, even if they boot from a nonencrypted drive or overwrite the boot blocks on the local drive. If policies allow users to work with local copies of sensitive files, the TPM can ensure that files are unreadable away from the network, and they can't be copied to removable media.
More to the point, if you have a lapse in security that allows a user inside the firewall to suck in a database of customer information, when they get their client home they won't be able to read the files they've stolen. All access to Windows Server 2008 is revocable at the user, client computer, or group level. To absolutely, positively terminate employees' or contractors' network access, and access to locally stored files, the administrator need only create and distribute a new certificate. This is one of many simple ways to change the locks in Windows Server 2008.
This, too, will raise the hackles of those who don't like the idea of systems that users can't control, but they should know that BitLocker and RAP do not preclude the use of other operating systems, and they can be undone by someone with administrative privileges (another reason to extend these sparingly). Used properly, RAP, TPM, and BitLocker can obviate the necessity for client-side security agents and hardware such as USB crypto keys.
Windows Server 2008 enhances network security in other ways as well. Tunneling is implemented in several Windows network services, and can be extended to any application through socket sharing. Several applications, even applications that use different protocols, can listen on a single TCP socket. Traffic analysis routes packets to the appropriate application, and port sharing doesn't interfere with load balancing.
The potential for OS-level tunneling becomes evident when many guest OS instances are run on a single physical host. The Windows Server 2008 host acts as a gateway and load balancer. Tunneling may allow guests to share one TCP port such that one heavily monitored HTTPS socket might be the only direct access a virtual host has to the outside world. I haven't tested this to see if it's a feature in the current release, but I see this as tunneling's greatest potential use.
With or without tunneling, Terminal Services has grown from a convenience to a necessity. Remote Desktop Protocol version 6 and 6.1 are bundled with Vista, and count among the many new Windows Server 2008 features that roll out a red carpet for Vista clients. In the recent past, I have taken the position that IT shouldn't be forced into Vista. After working Vista with Windows Server 2008, especially Terminal Services, I have reversed my position. As you migrate from Windows Server 2003 to 2008, upgrade your clients as well.
Terminal Services is made simpler and more flexible through its ability to distribute what feel to users like stand-alone applications, but that actually run on the server. A double-click on an application on the Vista desktop will transparently launch a Terminal Services connection that doesn't take over the whole client. The install experience for these Terminal Server-hosted applications can be the same as ordinary apps, with applications delivered on physical media. Application virtualization that allows applications to run offline, directly on the client, will be delivered by the SoftGrid component of Microsoft's Desktop Optimization Pack (MDOP), a separate package that is currently in open beta. This, too, requires Vista, giving Microsoft's "better together" campaign some teeth.
An essential upgrade
Microsoft Windows Server 2008 is technically advanced, and the combination of new features in the new OS with features found in Windows Server 2003 have the potential to boggle the mind and overwhelm servers. But Windows Server 2008's management tools, both built in and provided by System Center, absorb the shock and noise that come with a more powerful engine. Windows Server 2008 outguns Windows Server 2003 in features and throughput, especially with Hyper-V kicked in, to an extent that makes an upgrade essential. This, too, is a reversal of my previously expressed opinions on the subject.
As is always the case with enterprise operating systems, I have to close with the caveat that I've only managed to write up about half of Windows Server 2008's new features, but I've invested a great deal of time in working the preview editions, as well as early access to the Release to Manufacturing cut of the server. There is plenty to see, and Microsoft's relaxed policies with regard to downloadable trials will empower you to write your own review. Your direct experience with Windows Server 2008, System Center, and other components in the Windows Server System is what counts. My experience has left me extremely impressed. Windows Server 2008 on large-scale, virtualized enterprise servers will make alternatives a very hard sell.
Overall Score (100%)
|Microsoft Windows Server 2008||10.0||9.0||9.0||8.0||7.0||7.0|
Windows 7 is suddenly telling users it isn't genuine -- and it has nothing to do with Windows being...
Windows users are reporting significant problems with four more October Black Tuesday patches
The larger design is very welcome, but there's much more to the iPhone 6 than a bigger screen
Sponsored by Rackspace
Sponsored by Nuage Networks
Sponsored by Fibre Channel Industry Association
Google's Android for Work promises serious security -- see how it stacks up against Apple's iOS and the...
Conspiracy theories tend to have one trait in common: They can't be proven. That goes for BadBIOS,...
At Mobile World Congress, Microsoft urges developers toward Windows universal apps that can be written...
Five years ago, Hadoop came roaring into the mainstream as the solutions to all big data problems. Now...