Rolling Review: Windows Server 2008 Makes Upgrade Sense For Some

Sep 26, 2008 (08:09 PM EDT)

Read the Original Article at

Is it worth it to upgrade to Windows 2008 Server now? After nearly a year of kicking the tires on this release, our short and anti-climactic answer is, "It depends."

For basic terminal services or server consolidation needs, Server 2008 is worth upgrading to immediately. All other improvements, including network access control, are nice value-adds, but are no reason, in and of themselves, to make a fast leap to Server 2008.

Unlike any server operating system that Microsoft has released to date, Windows 2008 Server comes chock-full of new enterprise features that go well beyond the file, print, directory, and core network services of old. In the previous editions of our Longhorn Rolling Reviews, we profiled some of these new capabilities: TS 2008, Windows PowerShell, Network Access Protection Server Core, and Hyper-V.

InformationWeek Reports

Terminal Services is not new to the Windows Server line, but TS 2008 is unrecognizable compared with previous editions. New features -- such as the ability to run individual applications via a seamless TS window, instead of having to launch an ugly TS session in order to execute an application -- make TS 2008 much more Citrix-like than before. In addition, you can now launch an application or a full desktop directly from the Internet via a TS 2008 Gateway server. Getting TS Gateway to work in the lab was somewhat cumbersome, but once we configured it properly on the back end, and after we deployed the new Remote Desktop Protocol client to our Vista machines, we saw impressive and steady performance as we scaled up to 50 simultaneous connections on a single box. And TS 2008 now provides a Web-based portal that allows corporate or third-party users to access internal applications remotely and without need for a VPN client.

Longhorn and Vista modifications make more efficient use of network resources.
The Web Application Portal feature is the major difference between TS and Citrix. With TS 2008, you either present an application on the Web portal or you don't. The Citrix-supplied Web portal provides management and security capabilities that allow you to control which applications are available based on login credentials. Also, to serve applications to contractors or third parties, you'll need to buy an External Connector license (which lists for $7,999) for Terminal Server.

TS 2008 is a great solution for small to midsize enterprises with relatively small TS needs, yet it's still versatile enough to service midsize organizations. However, larger sites that have more complex load-balancing and performance needs should continue to make the incremental investments in Citrix.

Longhorn Vs. The Competition
Product Price Comments
>> List price to provide Network Access Protection for 100 clients
Microsoft NAP $4,793 Server 2008 Standard needed to run NAP with 100 client access licenses
Cisco NAC Appliance Server for 100 users $3,683 Cisco sells through partners; pricing obtained from PC Connection
>> List price to virtualize four instances of Windows Server 2008 with 100 CALs
Server 2008 Enterprise with Hyper-V $6,993 100 CALs included; Enterprise edition allows a max. of 4 instances
VMware ESXi Hypervisor only $0 Free, but Gold/Platinum support costs $495 or $595 for the license
ESX running Microsoft server with100 CALs $15,996 Each Windows Server running in a VMWare instance must be licensed
>> List price for enterprise VM management
VMware Virtual Infrastructure Enterprise $5,750 Add $1,208 for Gold-level support, $1,438 for Platinum
Enterprise Server 08 with Hyper-V, VM Manager 08 $8,297 Note: VMware commands a premium because of its edge in enterprise management features.
VMware ESX/Virtual Infrastructure with Windows Server licensing and CALs $21,746 As a result, this pricing data is not an apples-to-apples comparison

As a new feature addition to the Windows Server line, NAP gives IT shops an out-of-the-box mechanism for validating and health-checking systems before they're allowed access to the network. Using DHCP, VPN, 802.1X, and IPsec as the primary points of enforcement, NAP does a pretty good job, for a first-generation feature, at preventing vulnerable systems from accessing the corporate LAN.

We had mixed success with the first generation of NAP in the lab. Our biggest complaint is that the NAP client only exists for XP Service Pack 3 and Vista, and the client is not nearly as robust and configurable as the Cisco Network Access Control client. NAP enforcement is somewhat difficult to configure, and there's no captive portal functionality for guest access--yet. Finally, there's no mechanism for automatically distributing antivirus or anti-spyware software during the remediation process.

One could argue that software distribution is not NAP's job, but as part of an auto-remediation process, it would be nice to have the ability to distribute critical software through the NAP client.

There's plenty to like about NAP, though, starting with the fact that it's included with your Server 2008 license. So if you're lukewarm about buying a third-party NAC, you now have another option. But if you're buying Server 2008 just for network access control, you'll find that you can buy Cisco's NAC, which is a much more mature product, for less.

We were impressed with how quickly the NAP client responded to a user who violated policy by turning off the firewall. In the lab, the client's firewall was immediately turned back on after the policy violation was introduced.

We're also encouraged to see third parties developing additional functionality for NAP. Avenda Systems already has an evaluation release of a Linux NAP Agent and a Windows System Health Validator for Linux. As a result, a fully functional method for health-checking Linux clients with your Microsoft Network Policy Server is on the horizon.

NAP is a value-add for IT shops that will be moving to Server 2008 anyway but are lukewarm on the value of network access control. All of the core functionality needed for a fairly robust implementation is present out of the box, so you can test the NAC and NAP waters with little risk.

Impact Assessment: Windows Server 2008

(click image for larger view)

There's little doubt that Hyper-V is the coolest new feature addition to the Windows Server 2008 product line. And while ESX Server and XenServer are still some distance away, we have no doubt that Hyper-V's release will bring server virtualization to masses of IT shops that have been skeptical of its value to date.

We loved how easy it was to implement Hyper-V in the lab--it was really easy. Hyper-V installs as just another server role in Server 2008, and assuming you meet all of the requirements to run Hyper-V--the most important of which is the need for true 64-bit hardware--you can start building VMs within 5 minutes.

In the lab, we could quickly allocate the storage, memory, and processing resources for eight virtual instances of Server 2008 and Server 2003, using both 32- and 64-bit versions. We banged away at the lab environment for weeks without a hiccup.

The first-generation release of Hyper-V appears to be stable, but it lacks the enterprise management and disaster-recovery features that VMware has had for years. VMware has the edge whether you're talking about rapid provisioning and enterprise management, or zero downtime failover, or shared single LUN support.

To be fair, Hyper-V is catching up fast. Third parties and Microsoft internally are building up Hyper-V's disaster-recovery capabilities as we speak. And with the general release of System Center Virtual Machine Manager 2008 scheduled for November, Microsoft will address many of its high-availability, rapid provisioning, and interoperability shortcomings.

More widespread short-term adoption will depend on how well Virtual Machine Manager 2008 lives up to its claims when released in November.

Given that the first generation of Hyper-V was only released in late June, aggressive adoption of production workloads carries some risk for IT. Wait for more success stories to surface before putting Hyper-V into production. But IT shops that have Hyper-V on the long-term radar should start training on Hyper-V now.

PowerShell is Redmond's answer to the request by many power administrators for unified scripting and Unix shell-like management of Windows Servers.

What makes PowerShell worth learning is its ability to blend and support many scripting languages in a single shell, including WSH, VBS, ADSI, and ADO. The other thing we really loved about PowerShell was that you really don't need to have a development background in order to use it. Microsoft has supplied many prebuilt functions, called CommandLets and known as CmdLets, that let you perform a large number of system administration tasks out of the box. By stringing several simple commands together, you can perform powerful tasks such as querying a remote computer for all running services and processes, while simultaneously launching Excel to display that data. If you''re a hands-on administrator who's seriously considering making the jump to Windows Server 2008, learn PowerShell now, because it's a required component of Exchange 2007.

Server Core thins out the base operating system build for Server 2008 by eliminating Internet Explorer, 35 services, the .Net framework, and even the Windows shell itself. For all intents and purposes, a Server Core build is DOS with all the underlying binaries required to run the core server roles supported in this new installation scenario: namely, AD, ADLS, DHCP, DNS, IIS, Hyper-V, file/print services, and Windows Media Services.

In the lab, the full version of Server 2008 Enterprise required around 6 GB of disk space and dropped 105 services onto our lab server, with 46 in the running state. The Server Core build of Enterprise Server 2008 required 2 GB of disk space and dropped only 70 services onto the box, with 38 in the running state. We have to give credit to Microsoft for building what appears to be a truly thin operating system.