A few years ago Microsoft announced its Windows Server Roadmap to try and provide consistency and predictability for Windows customers to be able to plan their OS purchasing and adoption strategies.
Essentially the roadmap states that a new Windows operating system would appear approximately every four years, with an interim release appearing in a cycle every two years.
Windows Server 2003 R2 (WS2003 is the first milestone in this strategy and has taken the core operating system beyond Windows Server 2003 service pack one, which was a quantum leap in itself.
In two years time, if everything goes to plan, we will see a major operating system refresh in Longhorn – and similarly a Longhorn “R2.” should be available 2 years later.
The beauty of WS03 R2’s is that the core OS has not been changed in WS03 R2 beyond what’s present in Windows 2003 service pack one (SP1), e.g. Kernel, networking stack, Active Directory, drivers.
This mean existing Windows Server 2003 customers with SP1 can take advantage of the new functionality very quickly.
The major arenas that WS03 R2 focuses on improving are in the areas of Branch Office Infrastructure solutions, Identity Management, Storage Management, Web Application Platform and Virtualisation.
In a branch office scenario, companies typically have either dedicated branch servers, or remote servers designed to service a specific branch or set of branches.
The challenges associated with this set-up tend to be centred on tools for remote management, disaster recovery and the slowness of systems due to lack of bandwidth and/or lack of resource in the branch offices. WS03 R2 has addressed several of these challenges by introducing the following new technologies:
Reduced Bandwidth Usage
One problem with the current file replication system used to keep servers up to date with each other, and used within the Distributed File System (DFS), is that whenever a file is changed, the entire contents of that file are replicated to all other domain controllers or DFS servers.
The problem with this is that if you have a 50MB file, and change one sentence, then the entire 50MB will get replicated.
WS03 R2 now incorporates Remote Differential Compression (RDC) in its file replication engine to address the above problem.
RDC is quite a clever mechanism in that it detects the actual changes within the file and will only replicate those changes, rather than the entire 50MB as in the above example.
This technology is now implemented in all areas of the WS03 R2 file and folder replication mechanism, which includes DFS. It is also completely schedulable to take advantage of low bandwidth times, such as when the majority of employees are not at work.
Utilising the WS03 R2 centralised data stores facility, critical branch office information is automatically replicated to specific central locations within the business.
Like many recent replication technologies from Microsoft, this facility also has the added configurable option that it can detect how heavy the current bandwidth consumption is, and replicate the information when bandwidth usage is low.
Should a branch office server become unusable then a failover can be set to obtain data from one of these central locations or any other server which has a backup of the office data and applications.
In addition, it is now possible to have what is called a branch office server acts as a service cache. Then, if this server fails, clients will automatically failover to a designated server, which may be remote or within the branch itself. When the services are restored, clients will then failback to the preferred server.
From a remote management perspective, there are several new tools that help administrators and help desk staff to effectively manage and support the branch office.
An interesting example of this is the new Print Management Console. What makes this utility compelling to use is that it can actually remotely scan your enterprise for network printers.
Once located, support personnel can then view and manage as many of these remote printers as they have authority to access.
As the number of different applications and computer platforms have grown within an organisation, so has the need for identity management.
Consider the scenario where a user requires passwords for the following environments:
- Mainframe access
- Various web-sites and web-based applications
- Unix/Linux access
- Application specific logon such as Microsoft SQL Server
As a result, many users suffer from user-id and password fatigue.
Even today, when the lack of strong IT security has had so much publicity in non-IT press newspapers and magazines, we still see users writing their passwords on post-it notes left under their keyboards, in their desks or stored in some convenient location easily accessible by colleagues and potential hackers.
Active Directory Federation Services (ADFS) and Unix Identity Management are a step towards easing this burden on users by providing a single sign-on service in many of these areas.
Active Directory Federation Services
In order to achieve web-based single sign on, ADFS requires systems to support the Web Services Federation (WSF) specification. WSF defines a standard model and set of messages for brokering trust, identity and authentication information across different trust realms.
A trust realm could even be outside your own organisation. For example, perhaps you would like some of your customers to be able to access limited areas of your own systems to provide order tracking or invoice payment information.
ADFS would be one method of providing both the authentication and security using your customer’s own sign-on information.
Unix Identity Management
WS03 R2 now includes two tools for providing a single sign-on (SSO) environment for Unix systems.
The Server for NIS (Network Information Service) helps to import NIS information into Active Directory.
Once this information has been imported, the password synchronisation tool will then synchronise and maintain passwords for each user account, using both environments.
With the explosion in data,and the change in laws requiring companies to maintain data for longer and longer periods, storage management has become an industry in itself. The issues with storage management include:
- Preventing users from overloading storage facilities.
- Managing an accessing large data stores.
- Providing enough data storage space for the business.
- Quickly locating and retrieving the correct information when there are terabytes of information to sift through.
- Quickly backing up and restoring gigabytes and terabytes of data.
File Server Resource Manager
WS03 R2 now has a new suite of tools called the File Server Resource Manager (FSRM), which complements the original NTFS disk quotas in several ways.
FSRM currently hosts two tools; Storage Resource Manager, which allows you to set quotas on folders or volumes, and Scheduled Storage Tasks, which is used to produce a variety of reports such as disk storage by user.
A comparison on the difference between Storage Resource Manager and NTFS Disk Quotas is shown in the table below.
Storage Manager for SANs
Storage Manager for SANs (SMfS) enables storage administrators to manage Fibre Channel and iSCSI based storage area networks (SANs).
In addition, should access to a SAN fail, and the servers support Microsoft Multipath I/O (MPIO), Storage Manager for SANs can provide server access path failover by enabling multiple ports on the server for LUN I/O traffic.
Web Application Platform
There will come a time when web-based file and print services will supersede network file and print services. As a result, each generation of Windows products have continued to build on the advances made by previous versions.
WS03 R2 introduces Windows Sharepoint Services, an integrated set of web-based services designed to help communication in projects.
Windows Sharepoint Services has a comprehensive range of applications that provide users, within and beyond the firewall, facilities such as event calendaring, shared contacts, discussion areas and document libraries.
From a developer’s perspective, WS03 R2 comes with ASP.NET 2.0. ASP.NET 2.0 now comes with several libraries that will help programmers implement several enhancements in the areas of security, web-navigation, source compilation and self-healing applications.
In a surprise move, Microsoft has announced with the release of WS03 R2 (Enterprise Edition only), that companies will be licensed to run up to four virtual versions of WS03 R2 EE using one WS03 R2 Enterprise Edition licence.
As hardware platforms have become faster and more robust, many organisations have tried to cutback on the number of servers within their organisations by using applications such as Microsoft Virtual Server 2005 software.
Using virtual servers it is possible to have two domain controllers, one print server and one file server all hosted on one physical server.
Organisations have used virtual server software for testing of service packs and potential applications without having to find a separate physical server.
In addition, many companies with training rooms, but without the budget for extra hardware, have used virtual servers as part of the classroom environments.
Active Directory without Active Directory
One significant new feature of WS03 R2 which deserves a section all of its own is Active Directory Application Mode (ADAM).
ADAM is interesting because it can supply active directory services to systems that may not be part of a domain.
For example, you may have a number of Windows servers in a Unix or Novell environment requiring active directory.
Alternatively, your company policy may dictate that workgroups are required instead of the normal domain structure but a key application may require active directory services; for example Microsoft Internet and Acceleration Server (ISA).
Some Things About ADAM
- ADAM is run on a Windows 2003 standalone server or Windows XP client.
- ADAM can be used in both a domain and workgroup environments and
- When ADAM is used in both environments, you can also use it to synchronise passwords between an active directory domain controller and the ADAM server.
- Any existing Active Directory schema can be migrated to ADAM
- Group policies are not supported in ADAM
Windows 2003 R2 has made some very important advancements in the network operating system environment. In order to install new features in Microsoft Windows Server 2003 R2 (Cd-ROM 2), you will need to have a system running Windows 2003 with Service Pack 1 (Cd-ROM 1) .
You can test drive a 180 day evaluation version by clicking here to go to the Microsoft site.
If after reading this you would like to find out more about Windows 2003 R2 - our next report will dive deep into the Branch Office and Storage Management functionality.
Ben Chai is author of Migrating from Windows NT to Windows 2000 and has worked on several Active Directory projects in the financial sector.