Headless servers are definitely one of the coolest new features in Windows Server 2003, and they can make data center management much more efficient. Windows 2000 already offers a great solution for remote administration in Terminal Services, but Windows Server 2003 goes one step further by always including Terminal Services, in at least remote administration mode, in every install of Windows Server 2003. However, remote administration isn't the complete solution for headless servers.
After Windows is up and running, Terminal Services becomes the perfect remote administration interface. But what about before Windows is up and running, or if Windows crashes? Terminal Services isn't available then, and plenty of configuration and maintenance tasks need to be performed, including BIOS configuration, POST screen analysis, and so on. Several server manufacturer utilities run outside Windows and aren't accessible remotely through Terminal Services. A special combination of software and hardware is necessary for truly headless servers.
Headless HardwareMicrosoft's specification for headless server hardware is contained within the company's Server Appliance Kit (SAK) because the industry tends to refer to headless servers as server appliances . The name implies exactly what they are: Boxes that plug into your network and function without the usual computer trappings of a mouse, keyboard, or monitor. Microsoft's SAK even includes a utility named Saprep.exe , which allows server manufacturers to disable VGA, keyboard, and mouse devices so they can't be used even if they're attached to the computer. Windows Server 2003 includes a special null VGA driver that's installed by Saprep.exe . The null driver enables the operating system to generate video images normally and simply discards the image data instead of feeding it to a display adapter card. Servers also have to support specific hardware features for headless operation. Specifically , the hardware needs to allow administrators to perform the following tasks without the benefit of local input or display devices:
Most of these features are implemented through special out of bandwidth management (OOB) techniques, such as connecting special remote control devices to the server's serial port. The server's hardware and firmware must be capable of directing screen output to the serial port, where the remote control device can make it available to administrators running specialized client software. Microsoft includes such serial port support in its boot code, startup menu, STOP screen displays, and a special text-mode management console, all of which are a part of Windows Emergency Management Services (EMS), which is described in the next section. By default, Windows expects serial ports to be set to 9,600 baud, 1 stop bit, no parity, and 8 data bits and to use hardware flow control. Essentially, Windows implements a VT100+ compatible terminal output, which is the standard for remote management on most Unix systems, providing a good deal of management client compatibility between Windows and Unix. Server firmware must permit text screens to be redirected to the serial port, as well, so that BIOS screens, POST screens, and other preoperating system screens can be viewed remotely.
Server manufacturers are also welcome to implement specific remote-control hardware directly within the server. For example, some manufacturers are installing hardware that appears as a serial port to Windows and the server's firmware but is externally exposed as an Ethernet connection. This enables the server to be assigned an IP address for OOB management and connected to a dedicated management network. Administrators can then connect directly to the remote management system from their workstations. This technique has been used in the past in proprietary solutions such as Hewlett-Packard's (formerly Compaq) Remote InSight add-in adapters and its companion software drivers, but it is now universally supported by Windows, provided the correct hardware is installed in the computer. Microsoft defines a number of other specifications for the OOB hardware:
We have some other recommendations for headless servers that aren't specifically required by Microsoft. For example, you should purchase only servers that implement a PXE-compliant network adapter and include BIOS settings that enable the computer to boot from the network. This feature makes the server compatible with Windows's Remote Installation Services (RIS), enabling you to install an operating system on the server without having a mouse, keyboard, or monitor attached. Also look for Uninterruptible Power Supplies (UPSs) that communicate via serial port, instead of USB, because USB communications require Windows to be running, making the UPS unmanageable in an emergency when Windows won't start. Headless SoftwareWe've already touched on EMS, the bits of Windows software that make headless servers possible. EMS is used mainly for OOB management; normal, or in- band management, is performed using tools such as the MMC and Terminal Services' remote administration mode. EMS kicks in during several system states:
Note that EMS doesn't provide any redirection when Windows completely crashes; if Windows goes, so does EMS. In that case, all you can do is reset the server. Some server manufacturers include the capability to reset servers through their OOB connections, particularly manufacturers who implement those connections as network interfaces. Specialized management software enables you to send a remote restart signal to the OOB hardware, which can then physically reset the computer, allowing it to restart Windows. Again, this is similar to the functionality provided by proprietary remote administration solutions such as HP's Remote InSight boards . EMS isn't a single piece of software; rather, it's a service built into many Windows components :
EMS also includes two new components designed specifically for emergency management: The Special Administration Console (SAC) and !Special Administration Console (!SAC). SAC is the primary command-line environment for EMS and is available very early in the Windows Server 2003 boot process. You can use SAC to manage the server when Windows is running normally, during startup, during safe mode, and during the graphical portion of Windows Setup. SAC is always available after the Windows Server 2003 kernel is loaded and running. SAC is not a full-fledged Windows command line; it provides limited functionality, which includes
The oddly named !SAC also accepts commands through the server's OOB hardware and is completely separate from SAC and the Windows command line. !SAC is available only after EMS determines that the server has failed or if SAC fails to load or function properly. !SAC enables you to redirect STOP message text and restart the computer if SAC is unavailable. Essentially, !SAC is a last-ditch attempt by Windows to provide remote access to your server so you can get it running again. Remember that EMS isn't the be-all and end-all of remote management. Your server's firmware must provide OOB redirection for you to
SAC isn't available until Windows's kernel is loaded, and EMS itself doesn't start working until Ntloader executes. On 64-bit systems, the server's firmware must also redirect the boot menu because that menu is constructed by the server's firmware, and not by the Windows startup software. |