I am starting up a series of things I think people would be interested in getting ready for with Longhorn Server. The first is one that a number of people seem to like – Server Core My next ones are about Read Only Domain Controller & Bitlocker on server. That builds a nice scenario, me thinks. However, I should talk about that later.
Anyway, Server Core. A better way of looking at this is seeing the videos Andrew Mason & I did a while ago here is the channel9 one & here is the Port25 one. Also, there is a Server Core Blog written by Andrew http://blogs.technet.com/server_core/
Server Core is an installation option for Windows Server “Longhorn” – it allows you to install a server & some roles (Active Directory, Active Directory Lightweight Directory Services (AD LDS - formally ADAM), DNS, DHCP, File, & Virtualization). It also supports a bunch of system features -WINS, Clustering, etc. All this on a system with no local user interface aside from a command prompt. This stemmed from a couple of years ago looking at how we could have a minimal install option for server. There were four drivers for this:
1) Smaller attack surface On the list of things I am not very proud, we of we shipped a number of components on server in Windows 2000 we never needed to. The worst case is every server had IIS installed & turned on. Worse still super obscure features like internet printing was turned on – on every system. We hit a Buffer Overflow in IPP in August 2000 & every Windows 2000 Server had to be patched. This was Code Red. Oddly since then – in probably over 1000 customer meetings I have only found 2 customers who ever put this into production.This approach was emblematic of the dumb things we did in enabling windows for the internet – all I can say is it was 1999 & we were drinking the internet cool-aid. Irrational exuberance, etc. Today we’d never do something like this because we have scars of this & we changed the way we do things with the advent of the Security Development Lifecycle which we developed in Windows Server 2003. The correct response is to have nothing turned on & let the administrator turn on what they need. I was going to mention here that we called this the "Tommy" approach after the Who song, but i am sure someone will be offended.
2) No need for UI - There are many roles that never need you to look at UI on a specific server – in fact, in a data center, the administration is done remotely & really the workloads don’t have dependencies on ui things.
3) Sort out dependencies – when you have a system like Windows which you develop over many years you sometimes get muddled dependency mapping – being able to get the absolute list is a killer thing for us.
4) Smaller Footprint – less stuff, means less resources needed. We don’t say system requirements until much later in a project – we still have some debug stuff around in various places & this is the time for performance teams to make the huge steps they usually do, so it’s not really a good idea to make promises until we know what we’re really going to be able to do.
The thing this really allows us to do – both in the standard install & server core is to just put on a system what is needed for a specific role. Nothing else is in on the system. For completeness, there is a servicing cache where some binaries sit if a role not installed may be updated prior to installation, but that is not in an executable format. This thing exists so that needed updates are present before installation of another components & generally is there as a security mitigation.
The biggest downside for this release about Server Core is the .net framework does not run on it. We are working out how to do this work in the next release & believe me, we really want it. We’re also working with app vendors & things like Anti-virus vendors to get some coverage. Not finalized yet, but we’re working on it. If you are an App vendor, check out the SDK - we have Server core things int here now.
I expect (& recommend) most people run their production systems on Server Core – it makes sense. I also want to make sure I get Andrew Cushman (Microsoft’s Director of Security Outreach) enough to make sure Server Core is specifically talked about in future security bulletins. We’ll leave that at that for the moment…
p.s. Now I dissed Internet Printing, all the internet printing crazies will come out & tell me I am wrong.
p.p.s. Aussie Aussie Aussie Oi Oi Oi – I wrote this while watching Australias great batting performance in the Cricket World Cup Final. Sri Lanka have a big job ahead of them.