Skip to content
March 8, 2007 / Steve Rosa

TechNet Evening Session 20070307 – Windows Server Codename “Longhorn”

As posted earlier, yesterday 7 March 2007, Arlindo Alves, Microsoft IT Pro Evangelist for BeLux, hosted a session on Longhorn.

I was in the room and thought it would be interesting to share with you the highlights of the session.

Though we were shown a lot of new features, we did not see all of them, due to the short length of the session (2 hours).

In summary, Longhorn will offer

  • more control: through enhanced task automation (PowerShell) and role-based installation and management
  • increased protection: with the help of OS hardening and policy-based management (NAP)
  • greater flexibility: thanks to integrated server virtualization (Hypervisor), anywhere application access, extensible Web solutions or improved deployment

Let’s now go more in-depth for some new cool stuff.

Installation

The installed process has been greatly improved. In short, the installation of a Longhorn machine goes like this:

  1. Insert the DVD and start the installation. Select the country and the language, enter the product key (can be done at a later stage), select the partition and boom…
  2. After the reboot, the Initial Configuration Wizard shows up to help you set the admin password, the server name and domain, configure Windows Update etc…
  3. Last, the Server Management console shows up to select additional server roles of features.

Server Management

The out-of-the-box experience (OOBE) is here maximized.

The server management console allows to add roles with their required dependencies. Also, when a new role is added, all the MMC snap-ins needed to manage the role are installed and accessible through the Server Management tool.

It also seems that the backup tools have been improved as well.

Windows PowerShell

Nothing really new in this area.

More on Powershell can be read on Microsoft Website.

It is worth mentionning that the Powershell ecosystem is growing with more and more partners, like Quest, PowerGadgets or PrimalScript.

IIS 7

Guess what… it is a full redesign with

  • modular architecture (40 different modules, to date)
  • comprehensive extensible APIs (public APIs)
  • deeper integration with ASP.net
  • unified configuration model, with XML config files
  • administrative tool based on MMC 3.0
  • powerful diagnostic capabilities
  • delegated administration (granular level is possible)
  • scripting language (appcmd)

A few extra words on the configuration. There is no metabase anymore!! IIS and ASP.net properties can be defined in the same file. XCOPY is then the key command when copying or replicating sites across prod, non prod, development environments.

The IIS configuration can also be stored centrally in the DFS-R or on the client cache side.

More info on IIS7 can be read here.

Server Hardening

Defense in Depth service model with layers.

The size of the layers are being reduced while the services are being segmented. For example, RPC does not need access to the registry, but requires access to the network 135.

Also, the number of layers is greater than before and the number of drivers in the kernel is reduced.

The integrity of the boot process is also verified. Validation occurs on HAL, boot files etc…

Furthermore, the integrity off all Windows binaries is being validated through hashing, to make sure that they have not been tampered with.

Still on the protection side, Longhorn offers the ability to block the installation of new devices. It is granular enough to allow exceptions, based on hardware ID. Enterprises can then let the users install USB sticks, on the condition that they are from a specif vendor or model. This can all be controlled at computer level with Group Policy Objects.

The intagrated firewall is also improved with inbound/outbound rules and domain isolation with IPsec.

More info on OS hardening can be read here.

Server Core

This is a minimal installation option for Longhorn with low footprint on the server.

The option will be available on Standard, Enterprise and Datacenter editions in both 32 or 64 bits versions.

It will let the server boot in a headless (no keyboard, no screen) scenario. 

The UI is rather simplistic, as you only have a command prompt available. The management can be done through local or remote commands, via remote MMC or RDP client.

In fact, no CLR .net components are included. Immediate drawback of this is the lack of Powershell. Microsoft does not intend to release Powershell on Windows Core before Longhorn R2, due to the complexity do dissociate the CLR components the right way. For the moment, it is a all or nothing scenario.

There is a major benefit in the parching area. Microsoft thinks that the number of patches to apply on Windiws Core should be reduced by 60%.

By RTM time, Windows Server Core should be able to run the following roles: DNS, DHCP, File, Print, AD, Virtualization (as parent partition), Media Server and more to come.

Important to note: there is no Server Core upgrade path. When you want to switch from 2003 to Server Core, from Longhorn “standard” to Server Core, from Server Core to “standard”, it will always mean a full re-installation of the server.

It is needless to say that good scripting knowledge will be required to operate Windows Server Core servers:

  • to change admin password (net user)
  • to activate the OS (slmgr.vbs)
  • to configure static IP address (netsh)
  • to join the domain (netdom)

During the demo, a “blank” Windows Server Core had a footprint of 178 MB in the memory with 27 processes, while a “standard” Longhorn was at 462 MB with 45 processes.

Network Access Protection (NAP)

The Windows client computer (Vista or XP) will have a certificate of health, which will be presented to the Network Policy Server. The latter will validate the health of the client.

If the health is OK, the client is granted access to the corporate network.

If not, the client will be connected to the remediation network, where SMS, WSUS or FTP servers will help the client to reach the required level of conformity.

Good to know, the NAP is not only active at boot time but also during the session.

Failover Clustering

New name: Windows Server Failover Clustering.

  • complexity is reduced
  • no need anymore for domain account; the service can run on each cluster member in the LocalSystem context
  • stability: no quorum model, so no SPOF anymore
  • cluster validation before the installation: network, server version and storage are checked before the installation
  • enhanced management capabilities through MMC 3.0 support
  • majority quorum model
  • for geographically dispersed cluster, the witness can be put on a file share in a 3rd site for instance
  • no more single-subnet limitation
  • configureable heartbeat timeouts

Branch Offices Deployment

  • read-only domain controller
    • unidirectional replication
    • no secrets caching (can be changed thourh GPO)
    • not member of Enterprise Domain Controllers or Domain Domain Controllers groups
    • the local admin of the server is not administrator of the domain
    • requirements
      • 2003 forest functional mode
      • PDC role must be on a Longhorn server (should no longer be the case with RTM)
      • having multiple Longhorn DCs per domain is recommended
  • BitLocker for encryption: requires TPM 1.2 or UDB flash drive

Restartable Active Directory

Active Directory Directory Services can be stopped for maintenance purposes, without bringing the full server offline.

Very useful for restore the AD, defrag the DB etc… while keeping the other services available to the users.

This is to me, based on past experiences, a very cool feature.

Windows Server Virtualisation

Hypervisor is a layer between the operating system and the hardware. Note that the hardware must be based on Intel VT or AMDV.

The host must be running on 64 bits and allows parent partitions (VHD) running both 32 or 64 bits. 

Live migration of a running virtual machine to another physical system will be possible.

New Terminal Services capabilities

  • single sign-on for managed clients
  • TS gateway will allow remote access to internal server resources (RDP over RPC over HTTPS). SSL encryption end-to-end. Granular access control at the perimeter (who can connect to which computers)
  • Remote Programs: seamless window integration (à la Citrix) based on MSI or RDP packages. It will also be possible to use Flip3D within an TS session (even though I don’t see the advantage of it, considering the impact on the bandwidth)

Miscellaneous

  • Active Directory has been renamed to Active Directory Domain Services.
  • There will be the command “oclist” to list, install and un-install roles and features on Longhorn servers.
  • The final name is not yet known.
  • Initial planning is: RTM should reach the market in H2 2007.
  • A new feature should come in the area of load balancing.

Steve.

About these ads

5 Comments

Leave a Comment
  1. Arlindo Alves / Mar 8 2007 4:52 pm

    Good wrap up.

    I hope you enjoyed the session :)

    Did we talk to each other? Still cannot put a face onto your blog :)

  2. steverosa / Mar 9 2007 10:07 am

    Arlindo,

    To satisfy your curiosity, I’ve put a picture of my ugly face in the About page:

    http://steverosa.wordpress.com/about/

    Cheers

  3. Techstarts / Mar 11 2007 1:16 pm

    This is really superb overview, I’ve sum up Failover clusters little bit and in simple language.

    However over all longhorn brief is very very informative.

    Thanks

    http://techstarts.wordpress.com

Trackbacks

  1. [MSFT-BE] Arlindo's Blog - IT Pro Evangelist : TechNet Evening: "Technical Overview of Longhorn Server"
  2. [MSFT-BE] Arlindo's Blog - IT Pro Evangelist : Windows Server 2008 blogposts from the Belgian IT Pro community

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: