Common Engineering Criteria Overview

Data protection and disaster recovery infrastructure

Creating a backup solution for enterprise server applications requires complex coordination. The Volume Shadow Copy Service (VSS) is a framework that creates point-in-time copies of data. It facilitates communication between applications, storage systems (for example, storage arrays or local hard disk drives), and storage management applications (including backup applications).

Most independent software vendors (ISVs) that work with Microsoft support the VSS framework. Products that are compliant with VSS lower the cost of developing reliable backup solutions for customers when they deploy their server applications.

Remote Desktop Services support

Remote Desktop Services (RDS), formerly Terminal Services, is a server role that was introduced in Windows Server 2008 R2. RDS enables users to access Windows-based programs that are installed on a Remote Desktop Session host server. Users can also access a full desktop that is running the Windows operating system. Remote Desktop Services is widely used to remotely access and manage servers, run hosted applications, and provide access to remote desktops. Remote Desktop Services also lets IT pros efficiently deploy and maintain software in an enterprise environment.

Windows PowerShell scripting

Automating all management operations for servers within an organization increases the quality and reliability of the operations and lowers the total cost of ownership. Windows PowerShell scripting is the Microsoft standard for automation. Windows PowerShell enables IT pros to automate operations such as deployment, configuration, life cycle management, data management, security management, and diagnostics. Microsoft server products provide high-level, task-oriented Windows PowerShell cmdlets and optional namespace providers.

Clear and consistent management user experience

A consistent management user experience has the same look and behavior for similar management operations, and it reduces the need for IT pros to learn to perform similar operations in different user interfaces. This helps to increase productivity and reduces the learning curve for new management tools. All Microsoft server products are required to provide a management user interface that clearly and consistently exposes management tasks.

Group Policy management

Group Policy provides an infrastructure for centralized configuration management of the operating system and applications that run on it. Group Policy is used as the primary solution for local policy implementation and one-to-many policy distributions in an Active Directory environment. IT pros who use Active Directory can use Group Policy settings to configure and manage policies for operating system components and Microsoft server products.

Deployment agility

Agile deployment of servers and applications provides low-cost, high-quality IT operations, with minimal downtime and maximum safety. Agile deployment through virtualization can support deployment scenarios such as moving a server, imaging a server, or deploying a virtual appliance. With deployment agility, organizations can experience a reduction in costs, risks, and difficulties when they deploy new versions of Microsoft server products.

Virtualization support

Virtualization is quickly becoming the default and preferred deployment environment for server products. Microsoft server products are designed to work seamlessly, function fully, run reliably, and provide good performance when running in a virtual environment. The virtualization technology that we use is Hyper-V, which is a role in Windows Server 2008 and Windows Server 2008 R2 and is available as a stand-alone product.

Install and run on physical servers that are booted from a VHD

Organizations can incur significant expenses maintaining and operating duplicate sets of tools for multiple image types. Microsoft server products provide a single toolset and process to create, manage, deploy, back up, and service images for physical and virtual environments. Merging the processes that relate to managing physical servers and virtual machines enables organizations to build dynamic environments while rationalizing investments over a broad set of resources.

VHD is the image format that deploys and runs virtual images. With Windows Server 2008 R2, it is possible to boot a physical server from a Windows operating system image on a VHD, with no hypervisor or virtualization requirements. IT pros can deploy VHD-based Windows operating system images to physical and virtual environments.

Health and performance management packs

Data centers need a central view of the health and performance of their services and server components that is timely, reliable, uncluttered, and actionable. Incident management and health and performance monitoring should be seamless. All Microsoft server products include System Center Operations Manager 2007 to help organizations manage system health and performance from a central location.

Internet Protocol version 6 support

IPv6 solves numerous connectivity issues and issues that are associated with IPv4 address depletion. All Microsoft server products are required to support both IPv6 and IPv4. In addition, all server products are required to be configurable to run in dual-stack (IPv4 and IPv6) or IPv6-only modes.

Active Directory support

Active Directory in Windows Server 2008 R2 provides an infrastructure that is scalable, manageable, and secure for user and resource management. Active Directory also supports directory-enabled applications and application-specific data. Where applicable, Microsoft server products are required to support Active Directory as their identity and service discovery system.

Support for a Server Core installation

The Server Core installation option of the Windows Server 2008 and Windows Server 2008 R2 operating systems is designed specifically for running fixed-function server roles or applications. Servicing costs can be greatly reduced because a Server Core installation provides a limited subset of functionality and eliminates the need to manage and service a large portion of the Windows operating system. Administrators can manage the Server Core installation with the graphical user interface and tools—in the same way that they manage a full installation of Windows Server 2008 or Windows Server 2008 R2.

Best Practices Analyzer

Best practices are guidelines that are defined by experience and learning over time. These guidelines are considered an optimized and preferred configuration for a server under normal circumstances. Although best practice violations are not necessarily problematic, they indicate server configurations that can result in poor performance, decreased reliability, unexpected conflicts, increased security risks, or other potential problems.

Best Practices Analyzer (BPA) is a server management framework that is available in Windows Server 2008 R2. BPAs help IT pros reduce best practice violations by scanning one or more roles and then reporting the violations. Administrators can perform tasks in BPA by using the Server Manager GUI or Windows PowerShell cmdlets. All Microsoft server products are required to have a Best Practices Analyzer.

Active Directory enterprise namespace design

Organizations can have complex Active Directory deployments that include disjointed namespaces or multiple domain trees. All Microsoft server products are required to support namespace design requirements of IT pros, which include tasks such as:

Microsoft Update serviceability

All Microsoft server products are serviceable through the Microsoft Update Web site, and updates are provided in standardized packages. To facilitate a consistent mechanism for applying software updates, all general distribution releases (including security updates and service packs) are available through Microsoft Update. This enables IT pros to easily keep their IT environments current. All Microsoft server products are required to support Microsoft Update.

Smarter setup

By the time customers install our server products, several updates may have been issued. Frequently, customers are not aware of all the updates, and this increases security risks. To reduce or completely remove this "window of vulnerability," the Microsoft Update opt-in is provided with the installation of all Microsoft server products. Microsoft Update evaluates the updates that are applicable and offers them through the appropriate UI (according to the user’s preferences).

High availability

When Microsoft technologies are critical to an organization, system downtimes represent lost revenue and lost opportunities. Microsoft server products provide public documentation that outlines strategies about how to configure the applications to achieve high availability.

“Certified for Windows Server 2008 R2” logo

The "Certified for Windows Server 2008 R2" logo indicates that the application or hardware has been independently tested to meet the highest bar for stability, security, reliability, availability, Windows operating system fundamentals, and platform compatibility. Where applicable, Microsoft server products are certified with the logo.

Customer deployment before product release

Where applicable, server products are first implemented into production within the Microsoft IT department. Although functional testing and scenario testing can uncover issues with a product during development, some issues with product quality and functionality might not be discovered. To get valuable feedback, Microsoft also provides prerelease versions of server products to selected customers. Deploying these releases to organizations with a variety of production environments provides early and actionable feedback to server teams about the product quality, implementation, functionality, and business value.

Secure by design

All Microsoft server products are required to follow the internal Security Development Lifecycle (SDL) process and participate in a final security review before shipping. SDL is a process for developing software that helps ensure it meets the highest security and privacy standards. The result is server products that are secure by design and in deployment.

Privacy protection

All Microsoft server products are required to comply with the internal policies that Microsoft sets for enhancing privacy protection in software, services, and products. These policies are designed to help organizations manage the privacy of their information.

Telemetry-based business intelligence

Microsoft server product teams need to collect unbiased, high-quality, quantitative data about our customer’s computing environments and usage patterns. This data helps the teams prioritize feature work, design choices, and test planning. We can improve performance, functionality, and stability from release to release, based on a thorough understanding of real-world customer usage.

Telemetry technologies such as Software Quality Metrics (SQM) give our customers a way to passively inform Microsoft about the many variables and usage patterns in their computing environments. We can use this information to continually improve our server product offerings to better suit our customers.

64-bit support

To enable businesses to take advantage of the improved price and performance of 64-bit version software, all Microsoft server products are required to support one or both of the following:

With this support built into Microsoft server products, our customers have the flexibility to upgrade from 32-bit to 64-bit hardware as desired. Or they can utilize 64-bit operating systems and applications on 64-bit hardware that they already own. Businesses can then take advantage of the larger address space and improved performance in the 64-bit editions of the operating systems. The result is improved productivity and greater value for their IT investment.

Hot-add/replace memory or CPUs

All Enterprise editions of Microsoft server products that utilize memory or CPUs are required to function properly when memory or CPUs are added or replaced when the physical system is running.

Function with more than 64 logical processors

Although 64-bit editions of the Windows Server operating system support a maximum of 64 processors today, due to multicore processing, servers with multicore physical processors can contain more than 64 logical processors. Microsoft server products are required to function without problems on physical systems with greater than today’s limit of 64 processors.

Standardized installer

Before we implemented the Common Engineering Criteria program, Microsoft server products used more than 20 different installation technologies. To provide consistent product installation and update services support, all Microsoft server products use a standardized installer, Windows Installer. Microsoft server products can detect missing dependencies, and can then offer to download Microsoft components or to identify where the components can be obtained.

Rights management

Information loss is costly for organizations. Active Directory Rights Management Services (AD RMS) is an information protection technology that helps safeguard digital information from unauthorized use. AD RMS provides persistent information protection and policy enforcement that stays with the content, no matter where the content goes or how it gets there.

All Microsoft server products that store or transmit document formats for the 2003 Microsoft Office System, the 2007 Microsoft Office system, and Microsoft Office 2010 support AD RMS to protect digital assets. All Microsoft server products that handle or display content that is protected by AD RMS are required to enforce the usage rights on that content.

Web Services adoption

Microsoft has invested significantly in Windows Communication Foundation (WCF) and Windows Web Services API (WWSAPI) to implement Web services and to achieve interoperability with non-Microsoft Web services.

WCF is the primary communication technology that is provided in the .NET Framework. To facilitate interoperability, Microsoft server products build on the WCF if they are implemented on the .NET Framework. If the server product is implemented in native code (C or C++), it builds on WWSAPI. This homogeneous service layer across Microsoft server products provides interoperability, security, performance, and reliability.

Workflow

A workflow engine is software that manages and executes modeled computer processes to help coordinate concurrent and asynchronous work. Windows Workflow Foundation provides a standardized workflow engine for all Microsoft server products and customers. This unified framework across Microsoft server products helps administrators author and maintain applications, share a common vocabulary, and reuse assets across Microsoft server products.

Globalization

Microsoft server products are required to provide the same functionality everywhere, to be interoperable across diverse regional scenarios, and to be available in native languages. To meet these expectations, all Microsoft server products integrate globalization processes into their product development life cycles to ensure geographical and cultural independence. This creates products that can be localized independently of modifications to the source code.

Localization

To provide software in many native languages, Microsoft server products allow localization, and they correctly display text that is exposed to users in any target language. Microsoft server products do not assume that the client and the server software will be presented in the same language. This is beneficial for deployments in multinational organizations. Microsoft server products are required to support the Multilingual User Interface Pack (MUI), which enables additional language localization even after a server product ships.