IT Jobs
Did you know? Techworld now offers an IT Jobs section with hundreds of jobs! Current job listings are now available for Software Developers, Web Developers, Application Engineers, Project Managers, Graduate opportunities and more. Apply for your new IT job today!
Windows Server 2003…secure at last?
By Tom Henderson, Network World US | Techworld
Published: 00:00 GMT, 23 April 03
We tested Windows Server 2003, which officially launches this week, and found that Microsoft's new server operating system delivers better performance, tighter security and easier management than its predecessor.
Windows 2003 also provides increased support for managing storage-area networks and makes it easier for customers to build Web services. This product had been named .Net Server, part of Microsoft's plan to brand all its server products under the .Net Web services umbrella.
The name has changed, but Windows 2003 still maintains a strong web services hooks. Services created within the .Net framework can take advantage of network, administration and management features built into Windows 2003.
We used Microsoft's VisualStudio.Net tool and plug-ins from third parties such as Eiffel's ENVision to build a simple Active Server pages web application that monitored growth in a series of subfolders. Via a Web page, we watched the subfolder grow, change colours and flash when growth reached a predefined "critical" stage.
The application easily could be distributed by policy to other servers, then communicate with a ‘console page’ if desired. Such applications were easily distributed and posted so they could be shared, used and, if desired, modified by others.
Microsoft has added User Description Discovery and Integration support to Active Directory. UDDI is a registry and discovery/proxy service for applications that helps the operating system locate resources on local and remote servers. We tested support for this web services feature, and it worked well.
Web performance boost
Microsoft says it has rewritten most of the Internet Information Server code that comes bundled with Windows 2003. Our tests showed that effort has produced dramatic results. We used Spirent Communications' WebAvalanche to test the total number of connections per second, maximum number of transactions per second, and maximum number of open connections per second on Windows Advanced Server 2000 and Windows 2003 Enterprise Edition. We ran them on three different levels of server - configured at the defaults without optimizing either platform.
The biggest performance gains came in TCP performance. In our maximum TCP connection test, which measures the capacity of the server to respond or TCP session requests, the numbers for Win 2003 came in almost 900 percent higher than those of Win 2000. In a more stringent transactional test, in which we tested static Web page transaction cycles - downloading 40 text pages per transaction with pauses - Win 2003 showed improvements in performance ranging from 161 percent to 287 percent depending on which hardware server we used to conduct the test.
In an Intel IOMeter test between Win 2000 and Win 2003 running on the same hardware, we saw a 31 percent increase in number of I/Os per second on Win 2003 - with no optimizations on either platform.
Moving on to management
Microsoft has added a wizard that controls the Microsoft Management Console (MMC) called Manage Your Server. This application serves as a gateway to various server subsystems, including DNS, Dynamic Host Configuration Protocol, print, mail, VPNs, and Web and terminal services.
It was possible to build this kind of tool from MMC component views in the past, but the Manage Your Server application is convenient by contrast. If you're unfamiliar with the various components required to make the Active Directory and other services connect cohesively, you will appreciate this centralization of services options.
While Windows NT's multimaster domain model was full of problems, it has largely stabilized, and runs on machines often purchased years ago. This means that users have moved more slowly to Active Directory and Win 2000 than Microsoft would have preferred.
With the addition of Microsoft Metadirectory Services (MMS), implementing a new Active Directory scheme and migrating existing directories to a Microsoft world has been simplified. Gone are rigid directory forests with impenetrable trust relationships between them, replaced by more easily managed and inter-related directory forests and trees.
MMS - which originates in part through metadirectory smarts that Microsoft picked up when it acquired VIA Software and its metadirectory product, ZoomIt - visually connects and synchronizes a number of directory services. This gives administrators a single point to change user profiles and set security parameters.
MMS supports Lotus Notes/Domino, NetWare eDirectory, iPlanet and flat-file directory databases. We had no problems when we tested MMS with Active Directory; an importation of Novell's eDirectory with a 500-user testing directory database; and SQL Server 2000 database.
Group policies, a feature Microsoft pushed with Win 2000 and Active Directory that has been difficult for many administrators to embrace, has an important change: the ability for administrators to view and understand cumulative effects of user policy controls. We found this new utility, called Group Resultant Set of Policy (GRSP), removed much of the mystery of policy application and should aid policy administration, especially accessibility and security. For example, giving a user membership to multiple groups often results in conflicting accessibility and usage policies. The GRSP utility delivers a composite view of policy interactions, so conflicts can be sorted out.
It also was easy to graphically modify Active Directory schemas, as well as import, export and alter records through any Active Directory-based servers in the lab network with the MMS tools.
The storage story
It's easier to manage a storage-area network (SAN) with Win 2003 than prior editions. One console can be used to visually inspect, partition, share and place access boundaries on SAN resources - especially disk volumes. Microsoft now offers Virtual Disk Services, a set of APIs that drives a revamped replication service called Volume Shadow Service (VSS).
In our tests, we easily connected Win2003 to a JBOD SAN. We tested the VSS, which when combined with Automated System Recovery, let us restore our primary server's media in several simulated crashes - caused by yanking live boot media.
Crash recovery for a 40GB server boot drive took 14 minutes from start to finish, which is as fast or faster than other bare-metal restoration third-party applications that we've used with Win 2000.
We also configured a boot-on-SAN to let the server boot from the JBOD array. This lets organizations place huge amounts of storage against high-density, 1U Win 2003 Servers.
Microsoft's Backup program also has been changed to let volumes with open files be backed up; they were skipped in prior editions, so users had to procure third-party back-up tools and applications to do the simple yet mandatory job of server backup.
Security
Microsoft's security enhancements for Win 2003 lie in removing basic privileges that existed in previous versions. For example, Microsoft has made it tougher to get root hacks by lowering the operating level of service applications. By changing many classes of services that are part of a typical start - including IIS - to user roles instead of root user roles, these applications cannot exploit a server by having native root privileges.
Many services that formerly were started automatically and by default, such as web and FTP services, now are defaulted to off, so they don't have to be turned off to be unavailable for surreptitious hacking.
Microsoft also bundles the Internet Authentication Server (IAS), which serves as a Remote Access Dial-In User Service server for proxy authentication into the operating system. IAS enables 802.1x authentication, which is popular in wireless network infrastructures. This version of the server operating system has much more to warm up to than 2000 Advanced Server, and lives gracefully in an ever-more heterogeneous network world.
.gif)
Add your commentComments