Sep 26, 2008 (08:09 PM EDT)
Rolling Review: Windows Server 2008 Makes Upgrade Sense For Some
Read the Original Article at InformationWeek
Is it worth it to upgrade to Windows 2008 Server now? After nearly a year of kicking the tires on this release, our short and anti-climactic answer is, "It depends."
For basic terminal services or server consolidation needs, Server 2008 is worth upgrading to immediately. All other improvements, including network access control, are nice value-adds, but are no reason, in and of themselves, to make a fast leap to Server 2008.
Unlike any server operating system that Microsoft has released to date, Windows 2008 Server comes chock-full of new enterprise features that go well beyond the file, print, directory, and core network services of old. In the previous editions of our Longhorn Rolling Reviews, we profiled some of these new capabilities: TS 2008, Windows PowerShell, Network Access Protection Server Core, and Hyper-V.
TERMINAL SERVICES 2008
TS 2008 is a great solution for small to midsize enterprises with relatively small TS needs, yet it's still versatile enough to service midsize organizations. However, larger sites that have more complex load-balancing and performance needs should continue to make the incremental investments in Citrix.
NETWORK ACCESS PROTECTION
As a new feature addition to the Windows Server line, NAP gives IT shops an out-of-the-box mechanism for validating and health-checking systems before they're allowed access to the network. Using DHCP, VPN, 802.1X, and IPsec as the primary points of enforcement, NAP does a pretty good job, for a first-generation feature, at preventing vulnerable systems from accessing the corporate LAN.
We had mixed success with the first generation of NAP in the lab. Our biggest complaint is that the NAP client only exists for XP Service Pack 3 and Vista, and the client is not nearly as robust and configurable as the Cisco Network Access Control client. NAP enforcement is somewhat difficult to configure, and there's no captive portal functionality for guest access--yet. Finally, there's no mechanism for automatically distributing antivirus or anti-spyware software during the remediation process.
One could argue that software distribution is not NAP's job, but as part of an auto-remediation process, it would be nice to have the ability to distribute critical software through the NAP client.
There's plenty to like about NAP, though, starting with the fact that it's included with your Server 2008 license. So if you're lukewarm about buying a third-party NAC, you now have another option. But if you're buying Server 2008 just for network access control, you'll find that you can buy Cisco's NAC, which is a much more mature product, for less.
We were impressed with how quickly the NAP client responded to a user who violated policy by turning off the firewall. In the lab, the client's firewall was immediately turned back on after the policy violation was introduced.
We're also encouraged to see third parties developing additional functionality for NAP. Avenda Systems already has an evaluation release of a Linux NAP Agent and a Windows System Health Validator for Linux. As a result, a fully functional method for health-checking Linux clients with your Microsoft Network Policy Server is on the horizon.
NAP is a value-add for IT shops that will be moving to Server 2008 anyway but are lukewarm on the value of network access control. All of the core functionality needed for a fairly robust implementation is present out of the box, so you can test the NAC and NAP waters with little risk.
(click image for larger view)
There's little doubt that Hyper-V is the coolest new feature addition to the Windows Server 2008 product line. And while ESX Server and XenServer are still some distance away, we have no doubt that Hyper-V's release will bring server virtualization to masses of IT shops that have been skeptical of its value to date.
We loved how easy it was to implement Hyper-V in the lab--it was really easy. Hyper-V installs as just another server role in Server 2008, and assuming you meet all of the requirements to run Hyper-V--the most important of which is the need for true 64-bit hardware--you can start building VMs within 5 minutes.
In the lab, we could quickly allocate the storage, memory, and processing resources for eight virtual instances of Server 2008 and Server 2003, using both 32- and 64-bit versions. We banged away at the lab environment for weeks without a hiccup.
The first-generation release of Hyper-V appears to be stable, but it lacks the enterprise management and disaster-recovery features that VMware has had for years. VMware has the edge whether you're talking about rapid provisioning and enterprise management, or zero downtime failover, or shared single LUN support.
To be fair, Hyper-V is catching up fast. Third parties and Microsoft internally are building up Hyper-V's disaster-recovery capabilities as we speak. And with the general release of System Center Virtual Machine Manager 2008 scheduled for November, Microsoft will address many of its high-availability, rapid provisioning, and interoperability shortcomings.
More widespread short-term adoption will depend on how well Virtual Machine Manager 2008 lives up to its claims when released in November.
Given that the first generation of Hyper-V was only released in late June, aggressive adoption of production workloads carries some risk for IT. Wait for more success stories to surface before putting Hyper-V into production. But IT shops that have Hyper-V on the long-term radar should start training on Hyper-V now.
What makes PowerShell worth learning is its ability to blend and support many scripting languages in a single shell, including WSH, VBS, ADSI, and ADO. The other thing we really loved about PowerShell was that you really don't need to have a development background in order to use it. Microsoft has supplied many prebuilt functions, called CommandLets and known as CmdLets, that let you perform a large number of system administration tasks out of the box. By stringing several simple commands together, you can perform powerful tasks such as querying a remote computer for all running services and processes, while simultaneously launching Excel to display that data. If you''re a hands-on administrator who's seriously considering making the jump to Windows Server 2008, learn PowerShell now, because it's a required component of Exchange 2007.
In the lab, the full version of Server 2008 Enterprise required around 6 GB of disk space and dropped 105 services onto our lab server, with 46 in the running state. The Server Core build of Enterprise Server 2008 required 2 GB of disk space and dropped only 70 services onto the box, with 38 in the running state. We have to give credit to Microsoft for building what appears to be a truly thin operating system.