Windows Server 2008

Security :
From a security perspective Windows Server 2008 includes Network Access Protection (NAP). The NAP engine ensures that workstation computers that connect to your network meet minimum computer defined requirements set forth in the security policy your administrator creates.

For example, a virtual employee visits corporate HQ for the first time in four weeks with his laptop. When he hooks up to the network, he is required to update security and critical windows patches before connecting to the network. Until all this work is done, the laptop via NAP can be quarantined or denied access completely until the computer meets the minimum health requirements. ha ha ha!!!

In a perfect world, all domain controllers would be in a single server room with unlimited bandwidth and power with constant surveillance. We do not live in this world and in many corporations there are quite a few satellite or branch offices throughout the country or world. In Window Server 2008, you can configure Read-Only Domain Controllers (RODC).

An RODC is a domain controller that you could install at a remote location and its sole purpose is to host a read-only copy of your Active Directory (AD) database. This method gives you peace of mind in not having to worry about the physical security of a domain controller hundreds or thousands of miles away. The RODC holds a minimal set of information and all changes made must come from a domain controller with full control that replicates to the RODC.

For example, a major car dealership could have all of their domain controllers in corporate headquarters and put an RODC in every dealership location throughout the country instead of the current common practice of a full-control domain controller. I am really excited about this feature in Windows Server 2008.

Terminal Services :
Microsoft is moving in on Citrix territory even more as they now introduce the following components: Terminal Server Gateway, RemoteApp, and Terminal Services Web Access. Terminal Server Gateway allows remote user’s access to Terminal Servers through your perimeter firewall. RemoteApp allows you to publish applications on a Terminal Server as opposed to an entire desktop. Finally, Terminal Server Web access provides you with a portal to access application and/or desktops.

IIS 7.0 :
Over the years, Internet Information Services (IIS), Microsoft’s flagship web server product, has taken a lot of flack for being hacked and compromised.Microsoft and the IIS team did something above and beyond what was expected by completely redesigning and overhauling IIS’s core functionality and design.

What’s New
The IIS team has taken the core functionality of IIS and broken it down into modules. You can take any one of these modules and break them down further by plugging or unplugging them as well as extending them or simply ripping the code out and not using them at all.
In other words, you can turn on or turn off any module in IIS whenever you want. For example, if you do not use basic authentication in your web sites, you can simply remove the code quickly and simply. Furthermore, if your application does not take advantage of common gateway interfaces (CGI), simply remove that specific component.
Now when you deploy a brand new web server, you can choose what components you want and only run those components. This allows you to secure IIS further and gives you a huge performance boost enabling IIS to run much faster than it ever has before.
Another area is ASP.NET integration. Currently, ASP.NET sits on top of IIS and compliments it very well. In IIS 7, IIS and ASP.NET are completely integrated with one another. Included in this integration is the entire .NET framework, ADO.NET and the next version of the web services platform called Indigo.

Ease of Use
We now have one configuration point for all of our components as opposed to managing two or more. This greatly eases the IT administrator’s life.

Windows Management Instrumentation (WMI) is also being widely used in IIS 7, making it easy to manage IIS 7 via WMI. Simply put, it allows you to manage IIS from a set of scripts that you create. There is a lot of automation that can be done with IIS 7.0 via WMI. Your IT administrators will welcome the enhancements.

Prior to IIS 7.0, there was no way to delegate rights to developers. You had to be an administrator on the machine or you had to make the developer a local administrator to perform routine IIS tasks.This is not the best way to maximize security. Ideally, you want to be able to have developers do their job without having to elevate their privileges.This is taken care of in IIS 7. You do not need to be a machine administrator to perform basics tasks. You have the ability to make specific people website operators on a machine and give them the appropriate tasks to do their job without elevating their privileges.
All of these tasks are now handled by the new IIS 7 web admin tool that replaces the existing MMC snap-in. This tool takes care of all of your administrators needs and is where they will manage their IIS 7 web servers.

The last feature I am going to talk about is the web.config file. This is where all information that is input in the web admin tool is stored. You could edit this file manually, if your IT administrator did not want to use the web admin tool. They could put this web.config file on a file server to be accessed by multiple servers in a cluster.One change to the web.config file will change every web server in your infrastructure that is pointed to it. This is very powerful.
IIS 7 meets a lot of needs: modular components, easy administration, security, delegation, and speed.


Post a Comment

Note: Only a member of this blog may post a comment.