What s New in Windows Server 2003?

What's New in Windows Server 2003?

From a Microsoft marketing perspective, Windows Server 2003 could be said to be faster, more secure, more reliable, and easier to manage. And it is true that the Windows Server 2003 operating system has all these capabilities. However, this section notes specifically which changes are cosmetic changes compared to previous Windows operating systems and which changes truly improve the overall administrative and end-user experience due to improvements in the operating system.

Visual Changes in Windows Server 2003

The first thing you notice when Windows Server 2003 boots up is the new Windows XPlike graphical user interface (GUI). This is obviously a simple cosmetic change to standardize the current look and feel of the Windows operating systems. Just like with Windows XP, a user can switch the new Windows GUI to look like the classic mode, and because most administrators have worked with Windows NT and Windows 2000 for a long time, they tend to switch off the XP GUI and configure the system to look like the classic version. It makes no difference whether the new GUI or the classic GUI is enabled; all the features and functions of the Windows Server 2003 operating system are the same in either mode.

Customization and Programmability of the .NET Server Interface

One of the benefits of the new Windows Server 2003 operating system is the customization and programmability of the operating system interface. Because Windows Server 2003 enables organizations to change the interface that is viewed by users of the server systems, organizations have been able to customize the GUI to provide a simple administrative interface. As an example, many organizations that have operations that support personnel providing administrative assistance at night for system backup, maintenance, or extended-hours support might prefer to customize the desktop for the late-night specialists. Rather than teaching the operations personnel specialized Windows administrative tools, they can program a simple interface in XML with scripts tied to the buttons that clear print queues, restart system services, add or disable user accounts, or back up and restore data information, for example. Chapter 23, "Automating Tasks Using Windows Server 2003 Scripting," addresses tasks that can be automated using scripts for customized user configurations.

Changes That Simplify Tasks

Windows Server 2003 has added several new capabilities that simplify tasks. These capabilities could appear to be simply cosmetic changes; however, they actually provide significant benefits for administrative management. Some of the improvements include drag-and-drop capabilities in the administrative tools and built-in configuration and management wizards.

Drag-and-Drop Capabilities in Administrative Tools

Many of the new administrative tools with Windows Server 2003 provide drag-and-drop capabilities that allow administrators to simply select objects with a mouse and drag and drop them to a new location. In Windows 2000, an administrator had to select the objects, right-click the mouse, select Move, and choose the destination from a menu or graphical tree. Although this task might seem trivial, for any administrator reorganizing users between organizational units in the Windows 2000 Active Directory Users and Computers utility, the ability to drag and drop objects can greatly simplify the time and effort required to organize and manage the Active Directory.

Built-in Setup, Configuration, and Management Wizards

Another major addition to Windows Server 2003 that simplifies tasks is a series of configuration and management wizards that come built into the operating system. Instead of an administrator having to walk through menus of commands to manually create or modify networking roles, Windows Server 2003 provides wizards that enable the administrator to add, modify, and remove system configurations. No doubt these wizards are a significant benefit to operating system novices because the questions in the wizards are typically simple to answer. However, even Windows experts prefer the wizards over manual installation tasks because it is frequently easier and faster to answer a few questions and press the Return key than it is to fumble through a series of menus, property screens, and configuration tabs entering in the same information.

Improved Security

Significantly more than just cosmetic updates are the security enhancements added to Windows Server 2003. During the middle of the development of the Windows Server 2003 product, Microsoft launched its Trustworthy Computing Initiative, which stipulated that all products and solutions from Microsoft meet very stringent requirements for security. So, although Windows Server 2003 was slated to have several new security enhancements, Trustworthy Computing created an environment in which the Windows Server 2003 product would be the most secured Windows operating system shipped to date.

Part IV of this book is focused on security in various different core areas. Chapter 12 addresses server-level security, which, from a Windows Server 2003 perspective, addresses some of the new defaults where most services are disabled on installation and must be enabled for access. Although this change might seem trivial in Windows operating system development, it provides a relatively secured server directly from initial installation. In previous versions of the Windows operating system, going through all the unneeded features of Windows and disabling the functionality to lock down a server system could easily take an hour. The server defaults as well as the functional or operational differences are also noted in Chapter 12.

IPSec and Wireless Security Improvements

Transport-level security in the form of IPSec was included in Windows 2000, but organizations have been slow to adopt this type of security typically due to a lack of understanding how it works. Chapter 13, "Transport-Level Security," addresses best practices in the way IPSec is enabled in organizations that provide a high level of server-to-server, site-to-site, and remote usertoLAN secured communications. Also covered in Chapter 13 is the new secured wireless LAN (802.1X) technology that is built into Windows Server 2003. Windows Server 2003 includes dynamic key determination for improvements in wireless security over the more common Wired Equivalency Protocol (WEP) that is used with standard 802.11 wireless communications. By improving the encryption on wireless communications, an organization can increase its confidence that Windows Server 2003 can provide a truly secured networking environment.

Microsoft Passport Support

New to Windows Server 2003 is Microsoft Passport support for logon authentication. Microsoft Passports, first introduced in the Windows XP desktop operating system, allowed desktop users to create secured communications with Passport-enabled services. The initial Passport-enabled services included instant messaging, access to certain Web sites, and Passport-enabled e-commerce sites. With the inclusion of Microsoft Passport support on Windows Server 2003, a Passport-enabled client can now log on using secured credentials to a Windows Server 2003 network. Therefore, the same Passport that allows a user to access e-commerce sites, Web sites, and instant messaging allows the user to create a secured connection to the Windows Server 2003 environment. Microsoft Passport support in a Windows Server 2003 environment is covered in detail in Chapter 14, "Windows Server 2003 Passports."

Performance and Functionality Improvements

A network end user would likely never notice many new features added to Windows Server 2003, and in many cases a network administrator would not even be aware that the technologies were updated and improved. These technologies help the network operate more efficiently and effectively, so a user might experience faster network performance. However, even if the network was able to respond twice as fast, a process that used to take three seconds to complete and now takes less than two seconds to complete is not something a user would particularly notice. The key benefit typically comes in the area of overall network bandwidth demand improvements, or for very large organizations, the performance improvements require the organization to add additional servers, processors, and site connections to scale an enterprise with systems.

Global Catalog Caching on a Domain Controller

One of the significant back-end improvements to Windows Server 2003 is the server's capability to cache global catalog information on domain controllers. In a Windows 2000 environment, for users to access the global catalog to view mail accounts and distribution lists, an organization typically put a global catalog server out to every site within the organization. This distributed global catalog server function minimized the ongoing traffic of users querying the catalog over a WAN connection every time they wanted to send an email to someone else in the organization; however, it meant that directory replication occurred to global catalogs in the enterprise to keep the directory synchronized. With Windows Server 2003, an organization can place just a domain controller in a remote location, and the global catalog information is cached to the remote system. This provides the best of both worlds where the caching of the global catalog means that the directory information is readily available to remote users, but because it is just a cache of the information and not a fully replicated copy, synchronization and distribution of catalog information are done only when initially requested, and not each time a change is made to the directory.

Fine-Tuning on Global Catalog Synchronization

Another behind-the-scenes update to Windows Server 2003 is the fine-tuning done to the way global catalog full syncs are conducted. A global catalog full sync occurs when the entire global catalog is replicated from global catalog server to global catalog server. In organizations with very large global catalogs, this replication could duplicate several megabytes of information to every global catalog server in the network, which could have a significant impact on overall network performance.

In Windows 2000, global catalog full syncs were conducted any time attributes were added to partial attribute sets (PAS). In simplified terms, this meant that if an organization had a distribution list with 5,000 names on it and the administrator added just one more name to the list, all 5,001 names were replicated from global catalog to global catalog.

With Windows Server 2003, changes can be made to partial attribute sets with only the modified attribute replicated to global catalog servers throughout the organization. This allows administrators to add a 5,001st name to a distribution list with only that single name replicated across the WAN. Similar partial replication is conducted on several other Windows Server 2003 infrastructure objects and are highlighted in Chapter 7, "Active Directory Infrastructure."

Ability to Disable Compression on High-Speed Links

Another component that users almost never realize after a migration to Windows Server 2003, but of significance to server administrators, is the ability to disable compression on high-speed links between global catalog servers. In Windows 2000, before information was replicated between servers, the information was first compressed. This compression saved on server-to-server LAN or WAN traffic bandwidth, but Windows 2000 servers were affected by increased CPU utilization when the information had to be compressed and then uncompressed when data was replicated between servers.

With Windows Server 2003, an administrator can disable the compression process, thus allowing information to replicate server to server natively. Although this replication might take up LAN or WAN bandwidth, network administrators with very high speed 100 megabit or gigabit backbones with plenty of bandwidth might prefer to use underutilized LAN/WAN bandwidth than to take up CPU utilization during the middle of the day. This function, by itself, is rarely noticed by users, but combined with several other performance-improving functions in Windows Server 2003, an organization can use it to improve overall network performance in its enterprise.

The capability to tune and optimize compression links and other networking factors is covered in Chapter 7 on the Active Directory infrastructure as well as in Chapter 35 on performance tuning and optimization.

Increased Support for Standards

The release of Windows Server 2003 introduced several industry standards built into the Windows operating system. These changes continue a trend of the Windows operating system supporting industry standards rather than proprietary Microsoft standards. Some of the key standards built into Windows Server 2003 include IPv6, XML Web services, and IETF security standards.

Support for IPv6

Windows Server 2003 supports Internet Protocol version 6 (or IPv6), which is the future Internet standard for TCP/IP addressing. Most organizations support Internet Protocol version 4 (or IPv4). Due to the Internet numbering scheme running out of address space in its current implementation of addressing, Internet communications of the future need to support IPv6, which provides a more robust address space.

Additionally, IPv6 supports new standards in dynamic addressing and Internet Protocol Security (IPSec). Part of IPv6 is to have support for the current IPv4 standards so that dual addressing is possible. With Windows Server 2003 supporting IPv6, an organization can choose to implement a dual IPv6 and IPv4 standard to prepare for Internet communications support in the future. IPv6 is covered in more detail in Chapter 7.

Support for XML Web Services

Windows Server 2003 supports XML Web services, which is the XML development language and Web services provider environment that allows for dynamic Web services in a networking environment. Web services has become the focus of all the main network operating systems, allowing server systems to host Web-based applications. XML has become a standard application development language for organizations to create applications. XML is used as the programming language driving the front end for wireless telephones, voice-over IP telephones, appliance workstations and server systems, routers, and other network devices.

XML Web services combines the expanding support for the XML development language with the growing market demand and use of Web servers, thus creating XML Web services systems. Microsoft's support for XML Web services keeps it among the organizations leveraging the latest in Web server technology.

Support for IETF Security Standards

Windows Server 2003 now supports Internet Engineering Task Force (IETF) security standards. The IETF stipulates standards for communications, protocols, and security. In the past, Microsoft created its own standards for security and rarely supported protocols for Internet security. With an initiative to support IETF standards, Microsoft can address security from an enterprise organization basis.

Ability to Delete Active Directory Schema Objects

New to Windows Server 2003 is the ability for administrators to delete Active Directory schema objects. With the introduction of the Windows 2000 Active Directory, organizations could extend the schema and make changes to the directory. However, although the schema could be extended, there were no provisions to delete objects created in the schema.

With Windows Server 2003, a schema administrator now can choose and delete Active Directory schema objects. This deletion capability now enables an organization to make changes to the schema without fear of creating schema changes that cannot be deleted in the future.