Have you heard of this thing? Longhorn Server Core that is? Do you know what it is? Do you care? Yes mom, I know you don’t know and you don’t care, you can skip this posting… 🙂
Longhorn Server Core is a new version of Windows Server that looks something like the following image when you log on:
This is, of course not what most people are used to seeing and it very likely is going to confuse the hell out of many point and click admins.
For some of us, well a lot of us, this is an extremely exciting development, it represents Microsoft truly trying to embrace security and efficiency in their operating system. The Shell stuff is stripped out as well as just about anything else that isn’t critical to basic operations. This means you can’t use Media Player to play MP3s or use I.E. to web surf… but you know what, you shouldn’t be doing that stuff on servers anyway. Servers are for real work, not screwing around.
Recently though,yesterday in fact, Susan Bradley of SBS fame mentioned on the ActiveDir Org list that at the MVP Summit another MVP said, and I quote:
“I saw this server core product while I was up there… what were they thinking! No one will use that! I told them they were crazy to even built that.”
That scares me and makes me question the sheer number of people we have as MVPs at the moment but that is a whole other story. I will just assume that this MVP was an XBOX MVP or Flight Simulator MVP or an SBS MVP and doesn’t see the sheer beauty and intelligence behind Server Core.
Microsoft kind of looked around at all of the vulnerabilities they had to patch and realized that if they stripped servers down to the core components, something like 80%+ of the patches weren’t needed. I am sort of making that percentage up based on something I heard a couple of years ago when they first announced this but I think it is pretty darn close. So that makes you wonder, how many other things does that protect you again? My answer… a veritable shitload… especially if you combine this lockdown of the number of bins on the box with all of the great security advanced made in the Vista/Longhorn source tree. Sure some of the stuff is a pain in the ass and sure it is going to break a lot of programs but man it will be nice to feel relatively safe most of the time. Not living in constant fear of what is coming the second Tuesday of the month. Right now, if you religiously patch your servers, you are generally pretty lucky to have an uptime that exceeds a month. It isn’t that Windows Servers can’t do it, I used to do mad uptimes back in the 90’s on NT4 when the security environment wasn’t nearly so harsh, it is just that you have patches coming from the left right and center every month and nearly all of the good ones require a reboot. So Server Core should help with this considerably.
Server Core is also a lot less .FAT than full blown Windows. It is Windows after Weight Watchers with a prom coming up and working to fit into that size 2 slinky dress… This is wonderful for virtualization. I shouldn’t need to list the reasoning behind that, exercise left to the class.
Now you have to keep in mind, with this stripped down version of Windows, not everything is going to run the same or possibly even at all on it. Right off, anything requiring IE is going to find a challenge here. Anything needing the .NET framework at least initially will be SOL. I have even seen bitching in various forums about apps that try to use the builtin ZIP functionality of Windows not working on Server Core… That would be because ZIP functionality isn’t core to the Windows OS… So before you think, I will run everything on this, you will need to be testing.
So joe, you ask with a coy look and a teasing flip of the hair… Who is going to use this thing?
Obviously I don’t agree with anonymous MVP guy and think it will be used but I also don’t think that everyone is going to go nuts and install it. I think eventually its use will be extremely high but it will take a bit to get there. I expect the initial deployers will be along these lines:
- Larger orgs with people who really dig into stuff and tend to understand how it works.
- Companies who are deploying crazy ass numbers of WAN sites (even if the overall company is small – company with 3000 people across 2000 branches).
- Admins who have multiplatform experience, i.e. Windows isn’t the only thing they ever professional worked on. \
- People seriously concerned about security exposure on their servers.
- People wanting to play with new cool stuff.
- Admins who want to keep certain servers safe from bad/clueless admins.
That last, #6, isn’t one I originally came up with when I posted this list to activedir.org earlier, but I fully concur with it. Thanks to Steve Evans for seeing I missed it and piped up with it.
Now who definitely won’t use Server Core? Right off, Admins who know nothing but the GUI and don’t have the ability to learn anything but the GUI. These people, IMO, need to be thinking that they may have a limited existence, certainly in larger orgs. I was also initially thinking SBS (Small Business Server) was straight out as well. But as I think about it more and more, I like Server Core in an SBS environment… My feelings are generally pretty well documented about how I am not a fan of extra services (read security exposure) on Domain Controllers. I mean, I don’t even like AV engines that have auto update capabilities or external interfaces to manage the software. Then you take an SBS server which is basically a Domain Controller with just about every other possible piece of Server Software that can possibly be installed without the box simply cutting its own throat. If you have a patch or something, say a critical DNS patch, that requires a reboot, in general, your whole domain, your file and print, your web server, your DB Apps, your mailboxes, your internet access, you name it, it all goes down because it is all on the same machine. Most people find that unacceptable. I know I do, if a domain goes down completely in a reboot I wonder what my chances are of it coming back up as well as the chances of me getting to some island before getting called back to fix it. It reminds me of the Disaster Recovery Plan I once heard from a guy who ran AD for a very large company… “We depend on the geographically distributed nature of our data centers and if that fails us we hope to be able to restore from a backup (but don’t test them). Plan B is a bag of cheese puffs and a one way ticket to Aruba.”
Err so where was I… Oh yeah, I segwayed from SBS with a 25 user count to a company approaching 200k users… how *do* I do that? So SBS… I think this would be a great place to run Server Core… You have some cool virtualization coming shortly after Longhorn called the Hypervisor or code name Viridian. Visualize your one physical SBS box running multiple virtuals, like for instance two virtual domain controllers, two virtual file servers, two virtual Exchange Servers, two virtual SQL Servers. Stuff clustered as necessary (AD obviously doesn’t need it) and voila you now have a single physical server in use for SBS but set up so that rebooting a single server for patching or issues you don’t lose the whole darn environment. You will still need to occasionally lose the whole thing but I would expect it to be far less often since it would only have to be if the “Host” or physical box needed it. There could be one control guest server on the machine which was full whiz bang GUI and it would be configured to easily manage all of the various virtual guests on the machine. The SBS team could do some amazing things with this I think.
Ok this is enough for me, I am about ready to fall out of my chair and sleep on the floor.
joe
I absolutely *love* the Server Core installation method for Windows Server Codename “Longhorn”. I already have implemented my first Domain Controller using netdom, netsh and dnscmd. It’s awesome!
I agree that server core is great thing and will be (I think at least is should be) appriciated by all ENterprise admins with plenty of sites and servers out there. RODC and Server core is beautifull pair for example.
One additional comment as I see it – creating Server Core is also great excerise for Server team as they have to analyze al these dependencies and make things actually working without all these additional, not always necessery components. I think that this will result in good things and changes in Server Core and other components as well and hopefully will result in removing all these dependencies in the future.
In other words, Microsoft has now caught up with Unix?
I can only imagine how much better life would be to have an SBS-product built around the Server Core. We have dozens of clients on SBS platforms, and as you mentioned – patching these things is a real pain. Specifically, even when everything goes right you’re still tearing down an environment completely with a reboot. But beyond patching, pushing services up into the hypervisor (exchange, SQL server, DC, etc.) would make growing off of SBS a much less frustrating proposition.
As you get closer to the SBS 75 user limit, breaking SBS out into separate components is another risk area for clients that could be avoided. Using a SBS ServerCore+hypervisor model, when it comes time to break stuff out, you just bring a new box online, bring up the server core on it, and move the virtual environment over to the new box. While that might not sound much different than using VS2005R2 today in a large environment, it isn’t a luxury you have in an SBS environment. And with that, SBS today is really tied together using wizards and some SBS-exclusive bits. And as anyone who’s every poked around on an SBS-test box will tell you – you can really screw up a box if you’re digging around or not using the wizards. I think that an SBS-platform built around the server-core would give the developers an opportunity to reduce some of the complexity of tying together the disparate components of SBS. So if you’re virtualizing stuff like Exchange, or even WSUS, you don’t have to worry about how the bits will play together. For that matter, just being able to put OWA, IIS, and WSS on something in a DMZ without having to jump through hoops (think odd port forwarding, or migrating off SBS completely) would be great.
and Exchange admins….Exchange 2007 will not run on LH server core…
Another good article Joe, I think your blog is going to provide great Longhorn info as you test. You know I’ll be reading.
I think some of the point and clickers will try to learn but generally in places where I’ve been there will be a small number of admins that run all the sever cores and all the #6’s will just continue to surf the net.
Going OT a bit but you don’t even like auto updating A/V signatures on an exchange server.
Fred always cracks me up…
Anyone who thinks SBS should be looking at this virtualization and multiple guest server approach, contact your SBS contacts within MSFT and let them know. Feel free to point them at this blog, feel free to give them my email address. I will be happy to opine to them. ;o)