Last week I attended the Windows 2008 Partner Preparation course. I learned of quite a few new and useful features included in Server 2008. I wanted to outline a choice few here:
--> Byte Level DFS(r) - Well this is a very cool feature to be included in the Standard and Enhanced versions of Server 2008. Your SYSVOL share now utilizes byte-level DFS-R. Also, you can create Read-Only members of a DFSR topology. They have also extended the previous recommendation that the DFS namespace not contain more 5,000 folders. In my opinion DFS is one of the most underutilized technologies included in Windows Server Operating Systems since 2000. I think this is due, in part, to its shortcomings. Windows Server 2008 is going to take a stab at making this wonderful technology more useful (and functional) for everyone.
--> Manipulation of AD databases can be done INSIDE the OS, without having to boot into Directory Services Restore Mode. That's not to say they are getting rid of DSRM but it wont be necessary in order to perform certain functions. The service name has also been changed and is now called "Domain Controller Service". There are several caveats here such as the fact that, of course, no one will be able to authenticate to the DC while the AD related services are stopped. This wont be a problem in organizations that employ a secondary domain controller. I am very interested in how this will effect the Swing Migration technique.
--> Server Core - This is essentially a stripped down version of the Server operating system for use on systems that you either want reduced attack surface or want to run on lesser hardware. You'd better get used to the command line here because that's all this puppy has; no explorer shell nothing, nada. Once you have your IP information (netsh), Time Zone, Activation, Computer Name, Domain Membership (netdom) and, Server Roles configured, you can manage it from another computer simply by using the MMC Snap-in that manages that respective service or as they refer to it now, role.
--> The Read-Only Domain Controller - This is a new operation mode for Active Directory. This is meant for remote office configurations where a DC resides in a physically insecure environment or where a DC may need to sit in a less secure network segment for LDAP lookups (for RADIUS etc). The RODC contains a copy of the AD database that is not writable; it redirects all write attempts to the main DC. This RODC also does not cache credentials providing greater security. In order to implement this only one DC that contains the PDC Emulator role needs to be at Server 2008, the rest can be 2003.
--> Network Access Protection - This is essentially a replacement for IAS, which was essentially Microsoft's RADIUS. This allows an administrator to specify a Policy Server that will define what the requirements are for a PC to be able to "talk" on the trusted network. This could be an up-to-date set of Windows Updates, Anti-Virus or Firewall Software. This system works with Certificates of Health that are presented to the NAP server and accepted or rejected depending on the client. Upon rejection, the client can be redirected to a set of remediation servers that will subsequently get the computer where it needs to be in terms of its compliance with the parameters set on the policy server.
--> No Native support for TAPE - "And the crowd goes wild" For many years I have been a believer in the "Tape is a four letter word" adage and I couldn't be more happy that Microsoft has taken a step towards getting people off of that old technology. This also means there is no more NTBackup; at least not as most of us know it. On a scheduled backup, the destination media is ALWAYS formatted before a backup is made. Now when the instructor said this we all thought he was crazy, but apparently this is true.
--> "Hot Patching" - We will notice that Security Patches require less frequent restarts under the 2008 platform. This is true for most non-kernel patches.
--> Terminal Services - Oh where to begin? The new TS features are some of the coolest changes that have been made. Terminal Services under 2008 now fully supports RDP 6.0 as opposed to 2003's 5.2. One of the most notable, and debatably the most useful new features is called TSRemoteApps. Essentially what this does is allow a user to run a program from their desktop seamlessly but be running it on the Terminal Server. This is something Citrix has been doing for years. Another thing Citrix has been doing for years that will be available is Terminal Services Web Access. This allows you to browse to a site and run an application from the terminal server from a program link on a web site. They go so far as to include a Sharepoint Webpart to accomplish this so that you could neatly integrate this with your Sharepoint deployment. Then there is Terminal Services Gateway; this allows you to securely implement Terminal Services over HTTPS. By wrapping your TS session in SSL it provides end to end encryption instead of the default two channel encryption. This also serves to provide greater compatibility for roaming users as seldom does anyone block port 443. Ok, now any TS admins dream, Terminal Services Easy Print. This is a technology that will install the client's print drivers into the Terminal Server without having to do this manually; I know this will save me lots of headache.
--> PowerShell - Blah Blah Blah, new command-line and scripting interface.
--> Self-Healing NTFS - As it stands now if the OS detects corruption in the file system the volume is marked "dirty" and a chkdsk on the concurrent reboot is necessary to clear this. Under 2008 this can be done inside the OS while it is running. This happens fairly autonomously and is transparent to the user except for some notable event logging.
--> Hyper-V - This can be thought of as the ability to partition a single physical server into multiple computational partitions. This is an additional "Layer" if you will, that sits between your HAL (no, not 9000) and the O/S (with another layer called the VMBus) illustrated here. What this does is provide better "separation" between the physical machine and the virtual machine while being able to more efficiently utilize the physical hardware under the virtual OS. Windows Server 2008 essentially integrates Virtual Server into the OS natively.
--> Windows System Resource Manager - This allows you to prioritize tasks on a server based on executable name. This takes it a step further than raising a processes priority or setting a processes affinity to a particular CPU.
Now I know I am not doing all of these features justice as there is simply a lot more to say but hopefully this gives you a good idea of some of the features coming down the pipe. Thanks for reading!
Technically,
-JC-
Posts
No comments:
Post a Comment