Why Upgrade to Windows Server 2008?
Windows Server 2008 is a next-generation server operating system that helps IT maximise control over its infrastructure, while providing unprecedented availability and management that leads to a significantly more secure, reliable, and robust server environment. Windows Server 2008 builds on the success and strengths of the award-winning Windows Server 2003 operating system, as well as on the innovations delivered in Service Pack 1 for Windows Server 2003 and Windows Server 2003 R2. However, Windows Server 2008 is far more than a refinement of preceding operating systems. Windows Server 2008 delivers exciting, valuable new functionality and powerful improvements to the core operating system to help organisations of all sizes to increase control and manageability, provide high availability, and have more flexibility for their changing business needs.
See also:
Introducing New Windows Server 2008 Features
Windows Server 2008 provides an incredible number of new features, focusing on Virtualisation, Management, Security, Web Platform and Reliability to name a few. Click on any of the titles below to read more about these new features and how they can help your organisation.
 Virtualisation with Hyper-V
- Provides powerful virtualisation and network management technology that enables businesses to take advantage of virtualisation's benefits without buying third-party software
- Reduces IT costs, centralises network management, increases network security and reliability, and provides scalability to help control hardware budgets
-
Provides unprecedented ability to leverage host hardware, allowing virtualisation of very demanding workloads:
- Up to four processor cores per virtual machine (VM)
- Up to 32 GB of RAM per VM
- Utilises a 64-bit hypervisor-based architecture that supports hardware-assisted virtualisation
- Supports 32-bit and 64-bit VMs running side by side
- Supports Windows Server 2008, Windows Server 2003 R2 SP2, Windows Vista SP1, Windows XP SP3, and SUSE Linux Enterprise Server 10 as operating systems on VMs. Compatible with a wide variety of other guest operating systems
- Takes advantage of a new hardware-sharing architecture VMBus for VM to host interaction of disk, networking, input/output, and video hardware
- Utilises a microkernelised architecture, providing a more secure platform for virtualisation
- Makes high-performance synthetic devices available to VMs running supported guest operating systems without limitations created by emulation
- New storage features, such as pass-through disk access, which allow VMs more access to data, and external programs and services more access to data stored on VMs
- Flexible, role-based security allows delegation of VMs
- Enables high-availability scenarios where Hyper-V hosts or VMs running on Hyper-V hosts can be clustered
- New management tools and performance counters make the virtualised environment easier to manage and monitor
- Allows for backup of VMs while they are running
- Addresses these key Virtualisation scenarios:
- Consolidation
- Automation of test and development environments
- Business continuity and disaster recovery
- Dynamic Datacenter
Enhanced Web Support with Internet Information Services (IIS) 7.0
- Provides a modular design and installation, resulting in enhanced security and reduced attack surface
- Allows flexible extensibility model for powerful customisation
- Improves administration with the new IIS Manager graphical tool, and new appcmd.exe command-line tool
- Provides comprehensive diagnostic and troubleshooting tools that allow easy visibility and tracking of requests running on the Web server
- Allows delegated administration of Web sites
- The same web.config files are used by IIS 7.0 and the ASP.NET application framework, providing one configuration store for all Web platform configuration settings
- Utilises a distributed configuration, which allows administrators to specify IIS configuration settings in files that are stored with the code and content
- Enables XCopy deployment of Web sites
- Provides programmatic access to configuration stores through WMI provide or Microsoft.Web.Administration
- Enables application and health management for Windows Communication Foundation (WCF) services
- FastCGI support enables organisations to host PHP applications on IIS 7.0
Introducing Windows Server 2008 Server Core
-
Allows administrators to install a minimal installation of Windows Server with specific functionality and without any unneeded features; available roles are:
- Hyper-V
- IIS 7.0
- Dynamic Host Configuration Protocol (DHCP) server
- Domain Name System (DNS) server
- File server
- Active Directory Domain Service (AD DS)
- Active Directory Lightweight Directory Services (AD LDS)
- Windows Media Services
- Print Server
- Reduces software maintenance
- Decreases the attack surface of the server
- Reduces management
- Requires less disk space
More efficient management with the new Server Manager
- Built on the Service Modeling Language (SML) platform, which is used to model complex IT services and systems in software, including structure, constraints, configuration, and best practices
- Simplifies and centralises server management through a single MMC console, allowing administrators to view and manage all of the tools that affect server productivity
- Enables easy addition or removal of server roles, such as Active Directory Domain Services or File Server, and features, such as Windows BitLocker drive encryption
- Allows multiple roles and features to be added in a single Server Manager session—role and role service dependencies are tracked, so required components are dynamically removed or added
- Provides Server Manager wizards to streamline common server management tasks
- Provides an Initial Configuration Tasks window that opens automatically after the operating system installation process is complete; this moves interactive elements of setup to post installation, eliminating the need for the administrator to interact with the installation of the operating system
- Provides robust remote administration over firewall-friendly ports
Increased Identity Security and Administration with Read Only Domain Controllers (RODC)
- Hosts a read-only replica of the database in Active Directory Domain Services (AD DS) for a given domain
- Designed to be installed in locations where physical security for the domain controller cannot be guaranteed, such as branch offices
- Allows local authentication for users in remote and branch office locations
- Provides local and Active Directory Integrated DNS and Global Catalog (GC) services
- Utilises unidirectional replication to save bandwidth (hub sites don’t have to pull changes from the RODC)
- Prevents domain user account data from being compromised if the RODC physical security is compromised
- Provides configurable credential caching on the RODC
- Allows administrative permissions to be delegated to local users to manage the RODC without granting that user any additional permissions on the domain
Greater network security for all servers and clients with Network Access Protection (NAP)
- Provides a set of client and server side components and services that prevents non-compliant computers from accessing and compromising an organisation’s network
- Allows administrators to create health policies for clients, such as firewall-enabled virus software being installed and updated
- Validates clients meet compliance policies upon connection to the network and continuously while clients remain connected
- Enforces policies through DHCP, VPN, IPSec, 802.1x (clients evaluated on connection or use of services)
- Restricts or denies client network access for non-compliant computers
- Performs automatic remediation for noncompliant client computers
- Helps ensure the network and systems aren't compromised by unpatched or infected noncompliant computers
Robust Cryptography Next Generation (CNG) features
- Allows customers to use their own cryptographic algorithms or implementations of standard cryptographic algorithms
- Performs basic cryptographic operations, such as creating hashes and encrypting and decrypting data, as well as creation, storage, and retrieval of cryptographic keys
- Supports the current set of CryptoAPI 1.0 algorithms
- Provides support for elliptic curve cryptography (ECC) algorithms
- Allows the use of custom cryptography algorithms in cryptography-related applications
Making deployment easier with Windows Deployment Services (WDS)
- Replaces Remote Installation Services (RIS) from previous versions
- Provides a simplified, secure means of rapidly deploying Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or to install Windows components from CD or DVD media.
- Uses a new image format (WIM) and deployment service (WDS) that simplifies image management, resulting in a faster, more reliable deployment for both clients and servers.
Enhance your management and control with Group Policy Preferences
- Allows organisations to deploy managed settings that users may change, allowing organisations to create configurations that are more compatible with their IT environment and that are specifically tailored to the organisation and how its people use their computers
- Improves IT productivity by providing more than 20 new extensions
- Reduces the need for logon scripts
- Limits configuration errors through precision targeting and easy-to-use interfaces
- Minimising image maintenance by deploying generic images and using Group Policy Preferences to update them
- Reducing overall image count by deploying generic images and using targeted Group Policy Preference settings for groups of users and computers
Enhancements to Existing Features
Windows Server 2008 also provides a host of enhancements to existing features introduced in previous versions of Windows Server. These will advance and extend many of the features you may use today.
Active Directory Domain Services (AD DS) enhancements:
- Provides an AD DS Installation Wizard that streamlines and simplifies AD DS installation and configuration
- Includes a new Find command in Active Directory Sites and Services snap-in that makes locating domain controllers across the enterprise easier
- Makes available new auditing options that allow administrators to track Directory Service changes, including modification, creation, restoration, and movement of objects, as well as previous and new attribute values
- Incorporates Restartable Active Directory, allowing administrators to stop and restart Active Directory domain services without restarting the domain controller, to perform offline AD DS operations more quickly
- Allows Group Policy settings to be viewed with the command-line tool Auditpol.exe
Active Directory Lightweight Directory Services (AD LDS) enhancements:
- Replaces functionality that was provided by Active Directory Application Mode (ADAM)
- Provides a robust, scalable directory service for directory-enabled applications, for which integration with Active Directory is either not desirable or not necessary
- Use the same code base as Active Directory Domain Services
-
Provides the following directory service features:
- Multimaster replication
- Support for the Active Directory Service Interfaces (ADSI) application programming interface (API)
- Application directory partitions
- LDAP over Secure Sockets Layer (SSL)
Active Directory Rights Management Services (AD RMS) enhancements:
- Provides services to enable creating information-protection solutions that work with any AD RMS-enabled application to provide persistent usage policies for sensitive information
- Allows administration through a Microsoft Management Console (MMC)
- Integrates with Active Directory Federation Services (AD FS)
- Supports self-enrollment of AD RMS servers
- Provides delegation of responsibility by means of new AD RMS administrative roles
- Allows creation of rights-protected files and templates, and licensing of rights-protected information to trusted entities
Active Directory Federation Services enhancements:
- AD FS allows organisations to set up trust relationships between federation partners
- The AD FS role only needs to be configured on one of the partners
- Allows administrators to designate trusted accounts that can then gain access to resources on partner networks to which they’ve been granted permissions
- Supports single signon by allowing partners to log on once, using their local domain account
- Eliminates the need to have separate accounts for users in each domain, making access more secure and reducing the workload of IT staff
- Integrates with AD RMS; RMS permissions can be accessed and enforced over federated trusts
DNS Server enhancements:
- Provides name resolution for both IPV4 and IPv6 TCP/IP-based networks
- Enables background zone loading of zone data from AD DS during DNS service restarts, which allows the DNS server to respond to requests for other zone data more quickly
- Supports read-only Domain Controllers (RODCs)
- DNS Server is available as a Server Core role
- Allows GlobalNames zones for static, global records with single-label names, a service that was traditionally be supplied by WINS; DNS will eventually phase out WINS
- Provides DNS clients with changes that facilitate the location of close domain controllers
Failover Clustering enhancements:
- New setup wizards eliminate potential setup and configuration errors
- Uses IPv6, which is fully integrated into failover clusters for node or heartbeat communication
- Uses Domain Name System (DNS) without legacy NetBIOS dependencies, eliminating the need for WINS and NetBIOS name-resolution broadcasts
- Allows associations between a network name resource and multiple associated IP addresses, so that the network name will be available if any of the IP addresses are available.
- Utilises the more reliable Transmission Control Protocol (TCP) rather than the less reliable User Datagram Protocol (UDP) for cluster "heartbeats"
-
Enhanced security in failover clusters include:
- A new security model—Cluster Service now runs in the context of the LocalSystem built-in account.
- Auditing—Administrators can use auditing to capture information about who accessed a cluster and when it was accessed.
- Encryption—Windows Server 2008 allows administrators to set inter-node communication to be encrypted.
- Allows multi-site clusters, meaning that cluster nodes no longer need to be on the same IP subnet or configured with complicated VLANs
Network Load Balancing enhancements:
- Supports IPv6, in addition to other protocols, for all communication
- Supports NDIS 6.0 while retaining backward compatibility with earlier NDIS versions
- Provides WMI enhancements for IPv6 and multiple dedicated IP address support
- Improves denial of service attack and timer starvation protection; NLB can detect and notify applications when an attack is underway, or when a node is under excessive load
- Supports for multiple dedicated IP addresses per node, allowing multiple applications to be hosted on the same NLB cluster in scenarios where separate applications require their own dedicated IP address
Windows Server Backup enhancements:
- Incorporates a new, faster backup technology
- Simplifies restoration
- Simplifies operating system recovery
- Improves scheduling
- Supports DVD media
Windows Reliability and Performance Monitor enhancements:
- Combines the functionality of several previous stand-alone tools, including Performance Logs and Alerts, Server Performance Advisor, and the System Monitor into the Windows Reliability and Performance Monitor MMC snap-in
- Allows the use of Data Collector Sets to group data collectors into reusable elements for use with different performance monitoring scenarios
- Provides wizards and templates to save time performing common performance monitoring tasks
- Provides the Resource View, which presents real-time graphical overview of CPU, disk, network, and memory usage
- Calculates a System Stability Index that reflects whether unexpected problems reduced the reliability of the system, and provides details to help troubleshoot the root cause of the problem in the Reliability Monitor
- Provides unified property configuration for all data collection, including scheduling, and the ability to save collector sets as templates
- Improves reporting by allowing administrators to easily duplicate reports and assess how changes to a server have affected performance or review the report's recommendations
TCP/IP Stack enhancements:
- Window Auto-Tuning and Compound TCP make better use of available network bandwidth
- Provides better connectivity in high-loss environments, making connections more consistent and reliable
- Neighbor Unreachability Detection for IPv4, which provides better detection and recovery when network nodes become unavailable
- Changes in Dead Gateway Detection, which allow computers to determine if a previously dead gateway has come back online, which can result in faster throughput
- Changes to PMTU Black Hole Router Detection, which can help prevent connections from terminating
- Network Diagnostics Framework support provides an extensible architecture that helps users recover from and troubleshoot problems with network connections
- Windows Filtering Platform is a new architecture that provides APIs, so the Independent Software Vendors (ISVs) can filter at several layers in the TPC/IP protocol stack and throughout the operating system, allowing them to create firewalls, antivirus software, diagnostic software, and other types of applications and services
- Explicit Congestion Notification that can address issues on congested routers, and provide better, more overall throughput
Windows Firewall with Advanced Security enhancements:
- Supports filtering for both incoming and outgoing traffic, which helps to prevent an infected computer from compromising the network
Integrates firewall and IPSec management in a single new MMC Console, preventing overlapping policies, and allowing for local and remote firewall configuration (remote configuration is not possible in the current Windows Firewall without a remote desktop connection)
Provides many new ways to configure firewall exceptions, however, exceptions can be configured for:
Source and destination
All or multiple ports
Specific types of interfaces
ICMP and ICMPv6 (ping) traffic by Type and Code
Restricting firewall rules to either users, groups, or computers
Services
Presentation Virtualisation with TS RemoteApp features:
- Provides access to the remote application that launches and runs in its own resizable window on the client computer’s desktop
- Reduces administrative effort by only having one central application on the server to maintain, instead of having to maintain individual installations on multiple desktops throughout the organisation
- Improves the user experience, providing smoother integration of the remote application with the client computer desktop
- Allows any program that can run in a Terminal Services session or in a Remote Desktop session to also run as a Remote Program
Terminal Services enhancements:
- Provides Remote Desktop Connection 6.0 or later
-
Provides Remote Desktop Connection display improvements, including:
- Custom display resolutions, and 16:9 displays
- Monitor spanning
- Desktop experience
- Desktop composition
- Font smoothing
- Display data prioritisation for input devices
- Redirection for Windows Portable Devices, specifically media players based on the Media Transfer Protocol (MTP), and digital cameras based on the Picture Transfer Protocol (PTP)
- Redirection of Windows Embedded for Point of Service devices, such as full function point-of-sale workstations, network bootable “thin client” point-of-sale terminals, customer-facing information kiosks, and self-checkout systems
- Provides Single Sign-On (SSO) for Terminal Services sessions
- Distributes sessions in a TS Farm with the TS Session Broker
- Enables TS Easy Print to reliably print from a TS RemoteApp or full desktop session to a local or network printer installed on the client computer
-
Incorporates Licensing Improvements
- Terminal Services Per-Device client access license permits one device (used by any user) to conduct Windows sessions on any of an organisation's servers
- Terminal Services Per-User client access license permits one user (using any device) to conduct Windows sessions on any of an organisation's servers
Terminal Services Gateway (TS Gateway) enhancements:
- Enables remote users to connect securely to terminal servers and remote workstations across firewalls and network address translators (NATs)
- Provides a more secure model, allowing users to access only selected servers and workstations instead of the entire corporate network through a VPN
- Leverages the security and availability of the HTTPS protocol to deliver Terminal Services with no client configuration
- Provides a comprehensive security configuration model that enables administrators to control access to specific resources on the network
- Transmits all RDP traffic that typically would have been sent over port 3389 to port 443, using HTTPS
Terminal Services Web Access enhancements:
- Enables administrators to make Terminal Services RemoteApp programs available to users from a Web browser, without requiring the user to install any software
- Enables users to access Remote Programs or entire desktops from a Web site over the Internet or from an intranet
- Includes a customisable Web Part, which can be incorporated into a customised Web page or a Microsoft Windows SharePoint Services site
- Provides customisation for the list of available programs through Group Policy integration
Terminal Services Licensing enhancements:
- Provides centralised administration for TS CALs and the corresponding tokens
- Enables license accountability, tracking, and reporting for both Per-Device and Per-User licensing mode
- Simplifies support for various communication channels and purchase programs
- Minimises the impact on network and servers
Terminal Services and Windows System Resource Manager provides the following enhancements:
- Allows control of how CPU and memory resources are allocated to applications, services, and processes on the computer
- Improves system performance
- Reduces the chance that applications, services, or processes will take CPU or memory resources away from one another
- Creates a more consistent and predictable experience for users of applications and services
Public Key Infrastructure (PKI) enhancements:
- Provides PKIView tool for managing and monitoring the validity or accessibility of authority information access (AIA) locations, and certificate revocation list (CRL) distribution points (CDP) in the enterprise
- Enhances Certificate Web enrollment
- Provides Network Device Enrollment Service (NDES) through Microsoft Simple Certificate Protocol (MSCEP), which allows network devices such as switches and routers to authenticate
-
Provides for distribution through Group Policy of all of the following types of certificates:
- Trusted root CA certificates
- Enterprise trust certificates
- Intermediate CA certificates
- Trusted publisher certificates
- Untrusted certificates
- Trusted people (peer trust certificates)
- Provides Online Certificate Status Protocol (OCSP) support as an option for certificate validation and revocation
- Allows Certificate management using Group Policy
Windows Media Services enhancements:
- The built-in WMS Cache/Proxy plug-in can be used to configure a Windows Media server either as a cache/proxy server or as a reverse proxy server to other WMS servers
- Advanced Fast Start allows Windows Media Player to begin playing content as soon as its buffer receives a minimum amount of data - reducing wait times for streams
- Play While Archiving allows archiving of broadcast content so it can be rebroadcast or used for on-demand requests.
- Improved fast-forward and rewind functionality for video content helps stabilise network bandwidth availability.
- Broadcast publishing points can be configured to start content streams after a power failure so that viewers experience less disruption when viewing streaming content.
- Absolute Playlist Time wallclock automates broadcast schedules by assigning real-world clock values in Coordinated Universal Time (UTC) to attributes in server-side playlists.
- Offers support for pulling content from alternate encoders or other content sources if the primary encoder fails or is stopped.
To learn more about the features, enhancements and updates, please visit the Windows Server 2008 Technology Overview Portal.
|
|
Please fill in all fields...