Feb 03 2009

Deploying and Maintaining Server Core

Businesses that want to increase the stability and security of their information systems and extend the useful life of older hardware should take a good, hard look at Server Core, an installation option of Windows Server 2008. In the past, if you chose to do a full of installation of Windows, you got the binary code for all of the product's features, even if you didn’t need all. For example, if you installed Windows Server 2003, the binaries for Routing and Remote Access Services (RRAS) were installed even if you had no plans to use RRAS. More binaries means more attack surface, thus a less secure system; it also means more patches to apply, therefore more maintenance.

Windows Server 2008, however, provides you with two installation options to choose from: Full or Server Core. The Server Core installation is basically a stripped-down version of Windows that runs only certain "core" functions, such as Active Directory, DNS, DHCP, File/Print, Hyper-V, IIS and a few others. And because Server Core supports only a subset of features available in the full-installation option, anything not needed has been stripped away, including many operating system components and services, the Windows Explorer desktop shell, MMC consoles, and most GUI tools. Figure 1 compares the architecture of Server Core (within the dashed area) with the architecture of a full installation:

Figure 1: Architectural comparison of Full and Server Core installation options.

Because of this paring-down of Windows binaries, Server Core offers some definite benefits over the full installation option. One benefit is that an operating system with fewer binaries requires fewer patches (and less maintenance ). Server Core also has only about 40 services running by default, compared with about 50 services on a full installation, and this smaller service footprint translates into fewer possible vectors for malicious attack.

Server Core also has a much smaller disk footprint, requiring only 1.6 gigabytes, compared with 7.6GB for a full installation; and the default memory footprint for Server Core is only 180 megabytes, compared with about 310MB for a full installation. This means you might be able to run Server Core on old computers with disk space and RAM that would not support a full installation, thereby extending the life of your older hardware.

One of the most common uses for Server Core is for infrastructure servers, such as domain controllers, DNS servers and DHCP servers. Andrew Mason, principle program manager lead for Windows Server Core at Microsoft says he's seen a "wide range of customers" deploying Server Core "with the most common roles being Hyper-V and servers with both Active Directory and DNS installed." By supporting the Hyper-V role, Server Core also provides an ideal platform for consolidating multiple servers onto a single server through virtualization, while keeping virtual machines securely isolated from one another. Another place where Server Core can be used is in branch offices where there is typically less physical security and fewer (or no) IT staff to maintain servers.

When you first log on to Server Core, you might be in for a shock. As Figure 2 shows, all you get is a command prompt — there's no desktop, taskbar, or Start menu:

Figure 2: Server Core command prompt.

Apart from Notepad, Registry Editor and a couple of Control Panel utilities (all of which must be launched from the command prompt) there are few other GUI tools available on Server Core. When you're logged on locally to a Server Core box, this means that, to manage your Server Core installation, you're limited to using Windows command-line tools, batch scripts, and scripts written in VBScript that use Windows Management Instrumentation (WMI). Fortunately, remote management of Server Core is a lot easier because you can use the same MMC consoles you would use to administer a full installation of Windows Server 2008, either by enabling the Remote Server Administration Tools (RSAT) feature on a full installation or by installing RSAT on Windows Vista with Service Pack 1. Other options for remotely managing a Server Core installation include using Terminal Services to access the remote desktop, using Windows Remote Management (WinRM) to execute remote commands, and using Group Policy to apply policy settings to a Server Core installation. So while managing a Server Core installation locally can be a bit challenging for administrators who aren't comfortable working from the command line, once Server Core is set up and configured, you can manage it remotely almost identically to the way you manage a full installation of Windows Server 2008.

That’s almost identically. The full installation of Windows Server 2008 supports the .NET Framework, which means you can use the full power of Windows PowerShell to manage full installations either locally or remotely. The .NET Framework can't be installed on Server Core however, so not only are you restricted from running managed code on Server Core (which makes Server Core unsuitable as an application hosting platform), you also can't install PowerShell on Server Core or run most PowerShell commands remotely against a Server Core installation. In fact, about the only PowerShell command you can use to remotely manage a Server Core installation is the Get-WMIObject command, which lets you manage Server Core using WMI the same way you might using VBScript.

Fortunately, this is going to change with the next version of the platform (Windows Server 2008 Release 2, which is available in beta as a free download from Microsoft). "Perhaps the most significant enhancement to Server Core in Windows Server 2008 R2 will be the addition of a subset of the .NET Framework, which will allow PowerShell to run locally on Server Core and will also add support for ASP.NET to IIS running on Server Core" says Microsoft’s Mason. So not only will you be able to manage many more aspects of Server Core using PowerShell, you'll also be able to use Server Core as a Web application server for running your ASP.NET applications.

Be sure to check out Server Core today to see if your business can benefit from deploying it. For a comprehensive guide on how to deploy, manage and maintain Server Core, check out my book, Windows Server 2008 Server Core Administrator's Pocket Consultant, from Microsoft Press. And for the latest news on what's coming in Server Core R2, see Andrew Mason's Server Core blog on Microsoft TechNet.

Mitch Tulloch is a Microsoft Most Valuable Professional (MVP) and lead author of the Windows Vista Resource Kit from Microsoft Press. You can contact him through his Web site: http://www.mtit.com.