"Longhorn" Does More with Less

Review: Microsoft makes strides while decreasing the server's number of vulnerable areas.

While theres no shortage of new and expanded functionality in Microsofts "Longhorn" Server, the forthcoming follow-on to Windows 2003 Server also makes a virtue out of doing less.

In eWEEK Labs tests of Longhorn Server Beta 3, we noted the strides that Microsoft has made in building more helpful server management tools and in extending the products file and terminal services, but what most caught our attention were the new ways that companies may deploy Longhorn to expose less surface area to attack than was possible in the products previous incarnations.

In particular, were intrigued by Longhorns support for serving as a read-only domain controller that limits the exposure of sensitive directory data by accessing and caching credentials on an as-needed basis. That way, if a read-only domain controller located in a branch office were to be stolen, the only credentials at risk for exposure would be those of the branch offices users.

Were also rather interested in Longhorns new support for being deployed in a "Server Core" configuration, in which the product runs only with those binaries required to carry out a handful of core Windows roles.

Server Core, with an interface thats been whittled down to little more than a command line, will save system resources and obviate the need for many of the patches that the full version of Longhorn will inevitably require.

However, as we learned in our testing, theres plenty of more work to be done before Windows will wear its headlessness as comfortably as Linux or Solaris do.

Beta 3 is the first publicly accessible Longhorn Server test release. We recommend that sites running Windows Server head over to www.microsoft.com/windowsserver/longhorn, download the release and spend some evaluating this before it begins shipping toward the end of the year.

Separate versions of Longhorn Beta 3 are available for x86, x86-64 and Intel Itanium 2 processor platforms.

We tested the x86-64 version of Longhorn Server on a Dell PowerEdge 830 server with a dual-core Intel Pentium D processor and 2GB of RAM. We tested the x86 version of the product, in its full-install and Core flavors, on virtual machines running under VMware Workstation 6.

We tried to test with ESX Server, but couldnt get Longhorn Server to recognize our virtual hard drives in the initial installation phase. Our full Longhorn Server installation tipped the scales at 5.6GB, compared to a svelte 1.5GB for the Server Core variant.

Longhorn Server sports a beefed-up initial configuration tasks dialog that greeted us after installation. The first task that Longhorn asked us to address was that of renaming our administrator account and assigning that account an initial password.

Its always a good idea to avoid using the common defaults of "administrator" or "root" for your administrator or root accounts, and Longhorn server—in its full (non-Core) mode—is chock-full of this sort of advice, with pointers to help files liberally sprinkled throughout its new Server Manager tool.

Our Server Core installation offered no such handholding, but Microsoft has written a solid step-by-step guide for getting started with Sever Core—the URL is very long, but you can find it by searching for "server core step" on Google.

If youre not well-versed in the Windows command line, the key operation youll need to complete from the terminal of your core installation is "netsh advfirewall set allprofiles settings remotemanagement enable."

Longhorn Servers built-in firewall is switched on by default, so its necessary to explicitly clear the way for remote management of your server core system. Alternatively, we could join our Server Core system to our domain, and control its firewall configuration through group policy.

The biggest limitation we see in Longhorns Server Core flavor is the lack of the .Net Framework, which, according to Microsoft, depends on so many different parts of Windows that satisfying all of .Nets dependencies would mean a server core nearly as thick as the full install.

No .Net means no Windows Powershell, the absence of which seems crazy, considering the command-line focus of Server Core. Whats more, even though Longhorns new IIS (Internet Information Services) 7.0 Web server has grown more modular compared to previous versions, IIS 7.0 is not modular enough to do without .Net, so Web serving is for now beyond Server Cores reach, as well.


Check out eWEEK.coms for Microsoft and Windows news, views and analysis.