Windows Server 2008 is an important update to Microsoft's server OS. It continues efforts to harden the OS against attacks and to make the OS more manageable in branch offices. It also introduces a new network security technology (called Network Access Protection) that could protect organizations against compromised computers. However, Windows Server 2008 does not yet deliver Microsoft's new Hyper-V virtualization technology, which is a critical improvement for server consolidation that will come about six months after the OS release. Windows Server 2008 customers will also have to test the OS carefully for application and hardware compatibility, and upgrade some of Microsoft's own applications to run them on the new OS.

This report outlines improvements of Windows Server 2008 in the following areas:

• Server and security configuration and tools for managing server configurations
• The Active Directory user identity and computer configuration service, including its new "read-only" configuration for branch offices
• The new Network Access Protection (NAP) system for enforcing security policies on devices attaching to an organization's network
• Internet Information Services (IIS) management simplifications and scripting improvements for Web applications
• Terminal Services improvements to simplify remote access, provide a better user interface, and enhance scalability for centrally hosted Windows applications
• Rights Management Services improvements to simplify controlled sharing of sensitive data with customers and business partners.

The report also outlines Microsoft's plans to transition to 64-bit server OSs after Windows Server 2008, explains the major points where compatibility testing is required, and describes system requirements and licensing options of the product, including the new product activation technology. The report briefly summarizes the new Hyper-V virtualization technology, based on a public beta test version released in Dec. 2007.

Windows Server 2008 Takes Shape

Windows Server 2008, code-named Longhorn, is on schedule for release in early 2008. Customers will want to begin evaluating Windows Server 2008 now because its features will be interesting to a broader audience than the features in the last version (Windows Server 2003 R2), and might affect how customers deploy other servers and server applications that rely on the Windows Server infrastructure.

Why Begin Evaluations Now?

Unlike Windows Vista and other Microsoft products that have incorporated major changes or allowed feature additions during the release candidate phase of the development life cycle, Windows Server 2008 (with the exception of the Hyper-V feature) has been feature-complete for some time. Although large organizations typically need a long lead time to evaluate application and hardware issues created by a new client OS release, the time needed to evaluate a new server OS can be even longer: not only is application compatibility a potential problem, but the new and changed server features can also impact the organization's authentication and authorization, networking, and security infrastructure.

For example, some organizations will want to take advantage of Windows Server's new Server Core installation option, which provides a minimal server implementation for key infrastructure-related roles, such as Domain Name Service (DNS) or Dynamic Host Configuration Protocol (DHCP) servers. These organizations will want to consider whether the new server roles offer advantages when compared with how the services are currently provided. Likewise, deciding to use the new Terminal Services features to deploy applications for users can require organizations to examine of how the applications run in the terminal server environment and how applications must be licensed for Terminal Services.

Improvements Touch Many Server Roles

Windows Server 2008 delivers unique new capabilities for many different server roles. It also inherits some capabilities that were introduced in Windows Vista, with which Windows Server 2008 shares considerable code.

New Features for Servers

The new and improved features of Windows Server 2008 fall into four major areas: server fundamentals, security and identity management, application hosting, and networking.

Server fundamentals. With Windows Server 2008, administrators will be able to configure infrastructure servers such as Active Directory domain controllers and Web servers in a minimal Server Core configuration. Because Server Core installs only the minimum set of system files needed for the specific server functions, it should reduce security risks by limiting the attack surface, and require less patching. Microsoft has also improved the administrator user interface for managing servers, particularly for adding, configuring, and removing OS components to prepare a server for a particular role.

Security and identity management. The Active Directory user identity and computer configuration service now supports read-only domain controllers, which were designed to protect sensitive data in locations (such as branch offices) where an organization cannot guarantee physical security and where no local administrator is available. Microsoft has also improved its tools for public key infrastructure (PKI), an important service to support smart cards for user log-on and physical access.

Application hosting. Windows Server 2008 delivers Internet Information Services (IIS) 7.0, the latest version of the company's Web server and Web application hosting platform. IIS 7.0 provides simpler management and replication of server configurations, better support for popular Web scripting languages (particularly PHP), and technology to improve performance of the Windows Communication Foundation messaging API.

Presentation virtualization. The latest version of Terminal Services, which enables organizations to host Windows client applications centrally on servers, includes improvements for remote access and a better user interface for desktop PC clients.

Networking. A variety of network improvements, first introduced in Windows Vista and the Windows Server 2003 Scalable Networking pack, increases the performance and reliability of Windows Server 2008 network communications. Improvements include compound TCP, which monitors bandwidth delay, delay variations, and packet loss, in order to increase the amount of data sent at one time; TCP receive-window auto-tuning, which automatically optimizes the receive window (a memory buffer for incoming data); and TCP hardware offload, which offloads the processing of TCP packets, including packet segmentation and reassembly, to a specialized network adapter with a TCP offload engine (TOE).

Security. Windows Server 2008 delivers server-side components for Network Access Protection, which helps ensure that client computers on a private network meet administrator-defined requirements for system health, such as a requirement that the client has antivirus software with the latest signatures installed.

Improvements Shared with Windows Vista

Some Windows Server 2008 features were also part of Windows Vista. For example, support for file system transactions, which is being promoted as a new Windows Server 2008 feature, is also in Vista.

Windows Server 2008 also inherits networking performance and management improvements that were introduced in Windows Vista. Notably, it delivers better integrated support for Internet Protocol Version 6 (IPv6), which is an upgrade to the basic Internet protocols that is now required by some organizations (including all U.S. government agencies).

In addition, Windows Server 2008 will inherit two security features from Vista: User Account Control, which allows users to run a computer with the least privileges needed to perform any task; and BitLocker Drive Encryption, which can be used to encrypt all of the data on the computer and prevent booting of key OS components if they have been compromised. The usefulness of these features is not obvious because most server programs are run by administrators and servers are typically in a controlled-access location. However, these features could prove useful in branch offices where read-only domain controllers could be deployed.

In addition, the Vista Aero shell will be an optional component that can be installed as part of a Desktop Experience package.

Migration Considerations

Organizations evaluating Windows Server 2008 will also have to take two important future developments into account.

Virtualization due later. Server virtualization is so strategic to Microsoft that the company decided in 2004 to make virtualization an integral capability of the Windows OS, rather than letting it remain an add-on. Server virtualization enables multiple OSs to run concurrently on a single machine. Organizations use server virtualization for purposes such as server consolidation, creating isolated testing environments, and hosting legacy applications.

Although Microsoft hoped to have this project done in time to make it into Windows Server 2008, the virtualization team decided that the feature is too critical to be rushed and will not release it with Windows Server. Instead, the company says it will add virtualization support, which it has named Windows Server 2008 Hyper-V (formerly code-named Viridian), within 180 days of Windows Server 2008's release to manufacturing.

End of the line for 32-bit servers. Windows Server 2008 marks the last 32-bit server OS release for Microsoft. Consequently, organizations will need to both migrate to 64-bit hardware, and run a 64-bit version of Windows on that hardware.

Finally, Windows Server 2008 includes features such as User Account Control and a new device driver model that will affect application and hardware compatibility on some systems. In general, Windows Server 2008 is unlikely to create the same level of problems as Windows Vista because servers run less diverse hardware and applications. Nevertheless, organizations will have to test this release more carefully than they did Windows Server 2003, noting in particular that even recent Microsoft applications such as Exchange Server 2003 and SharePoint Portal Server 2003 are not compatible with the new OS.