This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Windows Server 2008 is the latest version of Microsoft's server operating system. Since the inception of Windows, a graphical user interface (GUI) for Microsoft's own operating system (MS-DOS) in 1983 (Wikipedia, 2010), the product line has changed from a GUI product to a modern operating system over 2 families of design, each with its own codebase and default file system
Windows NT family started with NT 3.1 in 1993. In 1996, Windows NT 4.0 was introduced. Windows NT 5.0 (Windows 2000) was successfully deployed in February 2000, both on the server and the workstation markets. Amongst Windows 2000's most significant new features was Active Directory (AD), a near complete replacement of the NT4.0 Windows Server domain model. Windows NT5.2 (Windows 2003) was launched in April 2003 and was a notable update to Windows 2000 server encompassing many new security features, a new 'manage your server' wizard and improved performance. Windows 2008 was released in February 2008, building upon the technological and security advances first introduced with Windows Vista and being significantly more modular than its predecessor Windows Server 2003. Windows Server 2008 ships with 64 bit technology only.
For this assignment, the most notable improvements and additional features of Windows Server 2008 when compared with Windows Server will be explored and discussed. These include-
Hyper-V is a next generation hypervisor based virtualisation platform integrated with the operating system that allows you to dynamically add physical and virtual resources. Essentially, hyper-V enables one physical server to be broken up into a range of virtual machines. The generically named Virtual Machine Manager (VMM) is what tricks the computer into thinking that it is actually many separate computers. This resolves the earlier problem of underused hardware and since there are no third party software products or drivers to install, compatibility is all but guaranteed. Along with efficient process management, you can add resources to the server without needing to interrupt user sessions during service modification. For commercial organisation, hyper -V allows for reduced deployment costs by enabling organisation to virtualisation migration (when moving towards adopting a 64-bit software through the 64-bit guest sessions) and then analysis of the exact number of physical machines required once they've completed their migration exercise. Virtualisation reduces machine duplication thereby saving on costs. Additionally it increases services availability and allows for clustering across multiple guests. This has positive implications for service planning, reorganisation and servicing whilst having no detrimental effects on production services. Computerworld note that companies are increasingly looking to virtualisation as a means of ensuring consolidation, energy efficiency and increased capacity combined with simpler management and deployment. Minasi, Layfield & Mueller (2008) maintain that hyper-V is one of the most significant changes in Server management.
NETWORK ACCESS PROTECTION (NAP)
NAP allows an organisation to enforce and configure policies on all computers accessing and compromising the organisations network. It provides a new level of control over other operating systems attempting to connect to the network in that it can ensure the latest updates are installed which improves security and reliability. Components are complex within this system and protection levels depend on the compatibility of NAP hardware and software agents/validations. If a client computer doesn't meet the required NAP, the computer can be placed in quarantine and denied access to the network.
READ ONLY DOMAIN CONTROLLER (RODC)
A RODC controller is useful for branch offices where there are issues relating to physical security. The administrator would be able to create and store user accounts locally in a specific branch office, preferably on e that had fewer users logging on to the domain, instead of storing the entire AD with thousands of user accounts. If this RDOC was then to become compromised, the only accounts affected would be the few users on the RODC and not the user in the AD.
WINDOWS SERVER BACKUP (WSB)
Prior to Windows Server 2008, disaster recovery solutions were largely inadequate. Windows Server 2008 provides a back-up tool called Windows Server Backup (WSB). This can do what is known as a "bare-metal" backup which, in the event of a hardware failure whereby the server is lost, enables you to get a completely different piece of server hardware and restore the windows Server backup to it. This ensures that the new server hardware behaves like your old server. There is also significant improvement in terms of time. The restore can be successfully completed in approximately one hour. The only downside with WSB is that you cannot backup to tapes and a network share or local hard drive is required for backup.
FINE -GRAINED PASSWORD POLICY
Windows Server 2008 provides organisations with the means to define different passwords and account lockout policies for different sets of users in a domain. Fine-grained password policies are used to specify multiple password policies within a single domain and to apply different restrictions for password and account lockout policies to different sets of users in a domain enabling the application of stricter settings to privileged accounts. Equally, special password policies can be applied to accounts whose passwords are synchronised with other data sources. This significantly improves security. Prior to Windows 2008 only one password and lockout policy existed meaning that if organisations wished to create different password and lockout policies for different users then they had to create a password filter or deploy multiple domains, both costly of which are options. Fine-grained password policies apply only to user objects and global security groups and only members of the Domain Admins group can set these. Additionally, fine-grained policies cannot be applied directly to Organisational Units (OU) but, by using a shadow group (a global security group logically mapped to an OU) this can be overcome. To store fine-grained policies, two new object classes known as Password Settings Container (PSC) and Password Settings (PS) were introduced into the AD DS. PSC is created by default under the system container in the domain. It stores Password Settings objects (PSO) for that domain. Minasi, Layfield & Mueller (2008) state that the introduction of fine-grained password policies "may just be the single coolest new thing in windows Server 2008's AD" (Chp 1).
ACTIVE DIRECTORY SNAPSHOTS (AD snapshots)
The Volume Shadow Copy Service (VSS) can create snapshots or shadow copies of the volumes that contain the Active Directory (AD) database and log files. AD snapshots enable you to view data on a domain controller without having to start the server in Directory Services Restore Mode. Windows Server 2008 allows administrators to create snapshots of the AD database for offline use. This is very helpful when attempting to undelete erroneously deleted AD objects. Care should be taken however, to protect AD snapshot. The use of encryption or other data security precautions should be exercised to help reduce the likelihood of unauthorised access to them. Snapshot allows you to take a complete backup of your AD. This is fast, efficient and lightweight. However, the downside is that you cannot restore. You can't move/copy data from the snapshot to the live database. You can however, run a program named dsamain on a domain controller and this lets you view whatever backup you wish as if it were a separate running AD. You could attempt to restore by retrieving data from prior to the erroneous AD object deletion. In this way rebuilding the erroneously deleted object is simplified. AD recycle bin also enables this restore but does so through a series of command line tools.
WINDOWS DEPLOYMENT SERVICE (WDS)
This is the updated and redesigned version of Remote Installation Services (RIS). WDS enables you to deploy windows operating systems over the network therefore eliminates the need to install each operating system from a CD/DVD.
SECURE SOCKET TUNNELLING PROTOCOL (SSTP)
SSTP is a new form of secure socket layer (SSL) based virtual private network (VPN) tunnel incorporating features allowing traffic to pass through firewalls that block point to point (PTP) traffic and L2TP/IP sec traffic. It provides a mechanism to encapsulate PPP traffic over the SSL channel of the HTTPS protocol. SSTP supports multiple authentication methods such as passwords, smart cards, certificate based and "one time password" authentication. It has also integrated NAP support for client health check by using the Network Policy Server (NPS) for authentication and authorisation.
Windows Powershell is an installable feature of Windows Server 2008 which attempts to give Windows the "automate ability" that, according to Minasi, Layfield & Mueller (2008) it lacks. It is designed for system administrators and its aim is to take boring repetitive tasks and automate them. Once powershell is installed via the add features wizard, you have access to a powerful command line scripting language. Powershell uses .NET and utilises "command-lets (cmdlets). These cmdlets can be used separately or in conjunction with each other to perform more powerful tasks. Powershell is an important administrative platform.
GROUP POLICY (GP)
This allows you to set up central rules regarding what users and computers can do and that configure parts of the computer's software, allowing you to cascade any changes expediently. A single change to the central rules will ensure propagation of that change to all of the machines in an enterprise. GP has been around since Windows 2000 but Windows 2008 has introduced significant changes including a built-in Group Policy Management Console. A new class of policies called Group Policy Preferences lets you build your own policies from scratch.
This is vital for the system administrator as it is the primary method for getting error messages from OS and many applications. It received an overhaul with the introduction of Windows Server 2008. The new interface includes the ability to execute a task based on a particular event, save custom fitters, get more detailed logging 0h-9b0g00bdb and forward events from one server to another. You could set up a server to collect log information for all Servers and workstations and combine this with event based task execution and have one central monitoring server that will email the system administrator for designated events. It also provides a much deeper look into the innards of Windows by adding new types of events that go above and beyond the standard application, security and System events. There is also a new applications and Service logs section and this shows the day to day activities that you don't necessarily want clogging up the main log area. The operational logs are divided into sub-folders based on the type of Service Event Viewer - such an improvement that customers might find another product to be redundant.
INTERNET INFORMATION SERVICES (IIS) 7.0
This is a web server component that is included with Windows Server 2008. Although not installed by default, by installing the Service, you can turn your computer into a powerful web server to host your modules to meet your specific needs. These modules are individual features that the server uses to process requests. It also has a new management interface which lets the administrator change the settings of each web site quickly and easily and you have the ability to share tasks with web site owners.
The server core installation is a new feature whereby the Windows Server 2008 can be installed by the administrator with minimalistic components. This installation is mainly designed for use in organisations that have many servers and some only need to perform dedicate tasks and where security has to be kept to a minimum. There are many advantages to using server core including reduced administration management, reduced software maintenance and improvement of security due to there being less files installed thereby reducing the threat of attacks to the network.