What's New with Windows Server 2008

Updated: August 20, 2012

Windows Server 2008 was released on Feb. 27 after several years of development and hype. Here are the major new features that should get IT managers excited.

Server Core is a minimal-installation option that eliminates unnecessary Windows files on a server . The GUI is gone, for example; in its place is a command-line interface. The server can also be managed through an unattended configuration file.

According to Microsoft Corp ., "Server Core is designed for companies that have many servers, some of which need only to perform dedicated tasks but with outstanding stability, or in environments where high security requirements require a minimal attack surface on the server." The roles that a core server can fulfill include:

• DHCP (Dynamic Host Configuration Protocol) server
• DNS (Domain Name System) server
• File server
• Print services
• Domain controller, including a read-only domain controller
• AD LDS (Active Directory Lightweight Directory Service) server
• Windows-server virtualization
• IIS (Internet Information Services), although only with a portion of its capabilities
• Windows Media Services

Server Core presents an opportunity to keep older hardware in service, since the smaller OS footprint can do more with less system resources. Server Core machines are likely to turn up in branch offices, where they can be read-only domain controllers. Coupled with BitLocker Drive Encryption , such core servers make a very secure solution.

IIS 7.0 received a major makeover with Windows Server 2008. For the first time, administrators have complete control over what IIS components are installed. The ability to use only what is needed translates into faster performance and increased security. FastCGI support means that PHP and other runtime languages operate faster than ever before.

A new set of APIs (application programming interfaces) in IIS 7.0 gives developers direct access to the IIS core, enabling great customization and extension possibilities. Configuration can also be accomplished entirely through XML files, making the cloning of IIS servers across multiple machines as simple as XCOPY (extended copy). Additionally, IIS administrators can now delegate permission to perform specified operations to other users, such as site owners. Lastly, IIS Manager has been streamlined and is joined by a new command-line administration utility, AppCmd.exe.

Networking improvements include dual-IP layer architecture for simultaneous support of IPv4 and IPv6 , better IPsec (IP security) integration, and auto-tuning of the TCP window size to accommodate packets of up to 6MB on a 10GB Ethernet network. Network scaling has been improved by scaling NIC (network interface cards) among multiple CPUs instead of just one physical processor, as in previous versions. Multiprocessor servers will best take advantage of this feature.

Security enhancements figure prominently in Windows Server 2008. New features protect against changes to OS files during boot up. BitLocker stores its keys either on a TPM (Trusted Platform Module) chip or a USB flash drive that users insert at boot up. BitLocker even protects against boot files modified by malware . For the first time, administrators can selectively block new devices from being installed to control the use of USB drives. Windows Firewall has also been improved with advanced security features.

RODC (read-only domain controllers) are additional security features in the new Windows server. They are ideal for branch offices where servers are not as well protected as they are in datacenters. RODCs hold a read-only copy of AD (Active Directory), which enables faster logons and authentication for use of other network resources. Better still, a hacker cannot change the directory and propagate the changes up the network ladder because the directory is read-only. The RODC can also cache the credentials of branch-office users, make only one contact to an upstream writable-domain controller and directly service users' logon requests.

NAP (Network Access Protection) is a new policy that requires devices to meet specified standards before they are allowed access to the network. For example, a machine must have the latest version of Windows Vista and all security patches installed. If a machine does not meet the requirements, it can be "quarantined" in a part of the network where it can only communicate with special services that can update or repair it. The machine can also be denied access entirely.

Three Windows TS (Terminal Services) enhancements are noteworthy. RemoteApp, similar to Citrix Systems Inc.'s discontinued MetaFrame, supports the ability to integrate applications running on a TS-enabled server directly into the local Windows desktop. Terminal Services Gateway allows users to access TS-hosted applications from a Web portal anywhere on the Internet via a HTTPS-secured channel. The gateway can navigate firewalls and NAT (network access translation), allowing companies to dispense with VPN (virtual private network) gateways to TS machines. Finally, Terminal Services Web Access works with the RemoteApp feature to let users select an application from a list and run it as part of their local desktops — while retaining the ability to select other applications from the TS Web Access site .

Hyper-V server virtualization makes its debut in Windows Server 2008. Using servers equipped with Intel VT or AMD-V technology, Hyper-V enables the dynamic addition of physical or virtual resources to a server. Users can add memory, disks and other devices without bringing down a server. Clients can also host 64-bit guest sessions, and migrate virtualized guests from one physical host to another with no downtime. Hyper-V can be implemented on a Server Core installation, allowing users to take advantage of that platform's economy and stability.

"Voting" server clusters offer a new way to configure server clusters. In the old model, if the quorum disk failed, the entire cluster comes down. In this new model, each node of a cluster gets a "vote," so if the quorum disk is lost the cluster still continues.

Restartable AD DS (Active Directory Domain Services) will save downtime on the rare occasions when an AD installation becomes corrupt and needs to be restored. In previous versions of Windows Server, you had to bring the server down and reboot in a special mode to restore AD; all of the server's services were offline during that process. In Windows Server 2008, just turn off AD DS and restore AD. The rest of the server's features remain online.

NTFS (NT file system) enhancements give the file system an active role in maintaining a server's integrity. Transactional NTFS, new in Windows Server 2008, lets developers define transactions for server-level operations. For example, a user can set up a transaction that copies files to a directory, creates a registry entry and registers a DLL (dynamic-link library). Because these tasks are handled as a single transaction, they must all complete or the entire operation is rolled back. This prevents orphaned registry entries and the problems they can cause. NTFS is now self-healing, too. Users do not have to bring down the server to run Chkdsk.exe to fix corrupted files. If the NTFS monitor cannot fix a problem, it notifies users and lists possible solutions.

Server Manager is a one-stop shop that replaces three older server- and security-management tools. It integrates a variety of MMC (Microsoft Management Console) 3.0 snap-ins, giving users a clear picture of the roles and features installed on any given machine.

WDS (Windows Deployment Services) has replaced RIS (Remote Installation Services) for providing client and server installations over the network. Using a new graphical interface, users can create many different images on a WDS (wireless distribution system) machine which can then be streamed out via unicast or multicast to clients on the network.

Windows Server 2008 adds new features and streamlines older ones from previous versions. As a server operating system, it represents the best that Microsoft has yet to offer.