Windows Server 2008: Faster, more manageable and secure, but still missing the virtual link

Microsoft's long-awaited Windows Server 2008 delivers advancements in speed, security and management, but its virtualization and network-access control features come up short.

In our testing of Windows Server 2008 gold code – the product officially launches on Wednesday – we found that Microsoft has made a number of improvements to its flagship server operating system.

For example, new server administrative role schemes boost security, the Server Manager program improves manageability, Internet Information Server (IIS) Web management functionality is revamped, Active Directory is easier to control, and Windows Terminal Services has been redesigned. Windows Server 2008 is also significantly faster than Windows Server 2003, especially when client machines are running Vista.

Unfortunately, a highly anticipated feature of Windows Server 2008, the Hyper-V server virtualization tool, is missing. Microsoft includes a beta version of Hyper-V with Windows Server 2008 editions, but it will not release final code until the third quarter of this year.

Also missing is compatibility between non-Windows (and older Windows) clients and Microsoft's Network Access Protection (NAP) scheme, Microsoft's version of NAC.

Click to see: Net results

The Microsoft NAP scheme uses client-side 'health certificates' to either give or deny clients access to the network An 'unhealthy' client is vectored to remediation servers for necessary antivirus updates or security patches (compare NAC products.).

We tested the NAP scheme as implemented in Windows Server 2008 and found that it works as long as the client is running Windows XP or Vista. (See sidebar.) But it won't let clients running any other brand of operating system have access to its protected resources, thus hampering the potential success of the NAP scheme, because all client types must be vetted for NAC to work effectively.

Rethinking server roles

Microsoft wants administrators of Windows Server 2008 editions (it will ship in the usual flavors of Standard, Enterprise, Data Center and Itanium-specific code) to think of the server as playing certain roles. Server roles are aggregated objects that suit commonly thought-of services, such as print services, file sharing, DNS, DHCP, Active Directory Domain Controller and IIS-based Web services. Microsoft has defined 18 roles in all.

There's even a minimalist installation called Windows Server Core that can run various server roles (such as DNS, DHCP, Active Directory components) but not applications (like SQL Server or IIS dynamic pages). It's otherwise a scripted host system for headless operations. There's no GUI front end to a Windows Server Core box, but it is managed by a command line interface (CLI), scripts, remotely via System Manager or other management applications that support Windows Management Instrumentation (WMI), or by Remote Terminal Services. It's also a potential resource-slimmed substrate for Hyper-V and virtualization architectures.