At Microsoft Corp.s Windows Server technical workshop earlier this month in Redmond, Wash., eWEEK Labs got an early look at at the forthcoming update plans for the Windows Server 2003 platform. We saw many exciting changes on the Windows Server 2003 road map. Some, such as Windows Server 2003 SP1 (Service Pack 1) and Windows Update Services, are long overdue, but we believe Microsoft is addressing customer concerns in these updates and is showing a commitment to improve.
The workshop focused on the soon-to-be-released Windows Server 2003 SP1 and performance expectations for the 64-bit version of Windows Server 2003. Microsoft officials also provided details (under a nondisclosure agreement) on the anticipated Windows Server 2003 update, code-named R2, with a beta release slated for the first half of this year.
The workshop also spotlighted two useful new applications for Windows Server 2003. The first, Windows Update Services, will provide a way to securely manage updates. The second, Data Protection Server, is a new disk-based data backup and recovery tool designed to provide fast data recovery.
Slated for release during the first half of this year, according to Microsoft officials, Windows Server 2003 SP1 will not only provide bug fixes and security enhancements, it will also deliver a performance boost. Release Candidate 2 code is available at www.microsoft.com/windowsserver2003/downloads/servicepacks
/SP1/default.mspx.
The most notable security enhancement in SP1 is the new SCW (Security Configuration Wizard), which uses Windows Server 2003s roles-based approach to handle server-side security lockdowns. The SCW detects what services and ports are necessary to fulfill the needs of server roles, and it disables unnecessary services and blocks unused ports. The SCW will also disable any unnecessary Internet Information Services Web extensions, making it easier to harden servers with assigned IIS roles. The SCW uses XML to create security templates, so security policy settings can be quickly exported to other servers. Servers configured with different roles can also be associated with separate security templates.
To counter server vulnerabilities after a clean operating system install, SP1 provides a PSSU (Post-Setup Security Updates) dialog box after the initial boot that prompts administrators to download updates and configure Automatic Updates settings. While the PSSU screen is up, SP1 enables the Windows Firewall and blocks all inbound network connections, protecting the server from attacks until update downloads are complete.
PSSU is enabled only on new installations, not on upgrades. In addition, Windows Firewall is not enabled by default, only during clean installations of SP1.
SP1 addresses RPC (remote procedure call) and DCOM (Distributed Component Object Model) vulnerabilities and helps create a base-line security threshold for servers running these services. RPC objects now operate with a tighter authentication scheme. New RPC registry keys also provide better access control to server applications. Using the registry keys, administrators can modify the behavior of RPC interfaces to eliminate remote anonymous access that can compromise the system. The DCOM authentication model has been enhanced to reduce the risk of network attacks against applications that are dependent on these services.
SP1 performance improvements include kernel-mode Secure Sockets Layer integration to provide enhanced performance when running SSL workloads. eWEEK Labs will review SP1 shortly after its gold-code release.
Microsoft will be releasing 64-bit versions of Windows Server 2003, which officials are calling x64 Windows, in the first half of this year.
Although migrating to the x64 architecture will require both software and hardware platform upgrades, IT managers can expect significant performance gains when upgrading applications to run on x64. They also will likely see more pep in their existing 32-bit applications because of the 64-bit kernels much larger address space.
Microsoft defines Windows Server 2003 R2 as a release update. This follows the companys schedule: A major operating system release comes out every four years, and release updates emerge every two years following the major releases.
Technical Analyst Francis Chu can be reached at francis_chu@ziffdavis.com.