Product Reviews

The arrival of Windows Server 2003 heralds the end of an era. It brings to a close all the work that has been running since the first version of Windows NT 3.1 went beta on 5 July 1992, with Server 2003 being the equivalent of Windows NT 5.2.

Although Server 2003 is a new release of the core server operating system - bringing about a new era of capability - when looked at in the correct historical perspective it's the end of the first main server-side OS cycle from Microsoft. What comes next, after Server 2003, can't just do more of the same. It can't come up with better answers to the current problems. The bottom line is that Server 2003 answers all of the current mainstream server OS questions, and the time is fast approaching for some radical changes to be made to the thinking, to the questions asked and to the answers delivered.

With the historical view, Microsoft has delivered all it promised in the days of NT 3.1. Back then, we were looking forward to a new age of 32-bit desktop and server computing, large memory spaces, and an overall explosion in the price/performance ratios that still makes the head spin.

With Windows 2000 Server (W2K) and Active Directory, Microsoft finally divorced itself on the server side from the security authentication engine of NT LAN Manager, which dated back to the early days of 16-bit OS/2 in the mid-1980s. With Windows 2000 Professional, it clearly indicated that the desktop, both professional and home/gaming, would be moving to the NT/Windows 2000 core and this finally came to pass with the XP desktop releases of XP Professional and XP Home.

Windows Server 2003 is the equivalent second release after Windows 2000 on the server side. It's more than a huge set of service packs, as there are fundamental new things in Server 2003 that aren't present in the W2K family. But much of what's new in Server 2003 is improvements or fixes to limitations found in W2K.

This immediately sets the stage for Server 2003. If you're currently on W2K and have no problems with it, it's going to be hard to justify the upgrade to Server 2003. However, if you're pushing the boundaries on W2K, many of the new features in Server 2003 will be of significant interest.

Active Directory

The core authentication and security engine of W2K and now Server 2003 is known as Active Directory (AD). Many of the issues that arose during the late beta testing and early deployments of W2K AD showed that the development team hadn't thought about some complex and awkward scenarios. For example, it wasn't possible to rename the DNS name or NetBIOS name of an organisation in W2K AD. This might seem like a major hassle, and in today's timescale it is. But back in the era when companies were tending to do their first AD deployment, it wasn't a big issue - they hadn't had AD installed long enough for a company or domain rename to come about. With Server 2003, this has been nailed once and for all. These design decisions are now reversible, which is of considerable importance to companies that are mid-merger or mid-rename, for example.

Another first-release gotcha in W2K AD was the fact that you couldn't delete any schema changes from the AD Schema. So if you added a new property and then decided not to use it, you couldn't remove it from the AD design. With Server 2003's AD, this isn't the case - you can now deactivate attributes and class definitions in the AD Schema. Attributes and classes may be redefined if an error was made in the original definition. I would still caution the ability of even highly trusted system administrators to fiddle with the Schema, but at least damage can be undone now.

Some companies were forward-looking and deployed AD-enabled applications. In other words, they specifically used AD as a repository for information for some of their line-of-business applications. This had a significant number of pros and cons, the worst being that you had to be careful about where you replicated the information to around your organisation, and try and prevent traffic storms arising. With the new AD Application Mode (AM) of working, you can partition off such application information within AD and therefore have much better control. AD/AM will probably ship as an add-on after Server 2003 ships.

Managing group policies - and indeed general management - was a pain in W2K AD. Many system administrators found their right mouse button was worn out before their left, such was the reliance on right-click context menus. There have been nowhere near enough improvements in this area, but those made are well worth having. The ability to store queries and to reuse them might not sound much, but it does allow system administrators to save standard queries for commonly used objects or searches in their AD designs. The forthcoming Group Policy Editor will also help to unravel what's going on in the AD design and implementation.

A boon for those system administrators who have to manage a wide area network is the removal of the need for Global Catalogue (GC) servers on remote sites. With W2K, you can only be authenticated for login by a GC server, which meant having one on each site to protect you from inter-site network failures. But putting GCs on remote networks meant that all the AD GC traffic had to go down that wire, even if it was for stuff that was never really used. With Server 2003, security credentials can be cached by a Server 2003 in a remote office, therefore alleviating the need for a remote GC.

Another big win is the ability to pre-load an AD Controller with AD information from a central source, and to do so via tape, CD-R or some other backup. In other words, if you want to bring up an AD server on a remote site on the WAN, you can install Server 2003 and then load its AD information from a backup sent to you from the central IT organisation. It saves the need to replicate the potentially large AD information over what might be a slow link. Again, this is a clear example of how Microsoft has learned from the real-world deployment of AD in Windows 2000 AD.

Clustering

In Windows 2000 Advanced Server, you were limited to a four-way cluster arrangement. With Server 2003 Enterprise Edition, the maximum limit has been raised to eight-way clustering and, with the Datacenter Edition, this is just the minimum. Not only that, it has been made considerably easier to manage, implement and deploy, with no reboots required. The preferred way of working is N+I, where you have N active nodes and I spare nodes, rather than for a fully active cluster. This is still true for the forthcoming Windows Exchange Server 2003 Titanium Edition, which has the same limitations for cluster failover as the existing Exchange Server 2000 and will require a complete re-architecture to overcome.

Clustering is now properly integrated into the AD environment, including the publishing of a virtual computer object that allows for AD-aware applications to talk to the virtual object and therefore to the cluster.

Finally, you don't need to have a shared filespace area available for the cluster to communicate through. There's a new quorum resource called Majority Node Set, which allows server clusters to be built without using a shared disk as the quorum device. As a result of this new quorum mechanism, additional cluster topologies can be built; for example, server clusters with no shared disks. Majority Node Set also makes it easier to build and configure multisite, geographically dispersed clusters, which will be of interest to those running on large WAN network topologies.

Many more companies are looking at clustering these days, because it's simple to implement and is such an easy way to provide a stronger guarantee of uptime. This is especially true of an operation that has to run almost continually, with the in-house IT team on-site

ADVERTISEMENT

for up to ten hours per day. It's also particularly pertinent, considering the availability of today's lower-priced SANs (Storage Area Networks).

The Network Load Balancing (NLB) facility has been improved too, to allow for virtual clusters. These let you configure different port rules for different cluster IP addresses, where each cluster IP address corresponds to a website or application being hosted on the NLB cluster. It's also used to filter out traffic sent to a specific website or application on a specific host in the cluster, and finally, to choose which host in a cluster should be used to service traffic sent to a specific website or application being hosted on the cluster.

File system

In the file system area, there has been a number of improvements. If you have XP clients, you'll certainly want to enable Volume Shadow Copy. This takes over a fixed percentage of your hard disk space and uses it to seamlessly create backup versions of files as they are used. There is a time schedule applied to this, so you could have it run every hour or three times a day during the working week, for example. If you suddenly need to go back to a previous version of the file, just choose the appropriate Previous Versions facility in the Windows Explorer on your XP client and it will automatically show you all the previous versions that have been stored away.

Given that accidental deletion, or modification followed by file save, is an extremely common reason for people losing data or having to retype sections of documents, this is a major step forward for ease of use, because it puts the recovery facility right onto the desktop of the user concerned. They no longer have to pester the IT department to recover a file from backup.

Other changes are aimed at higher-end customers. For example, in Windows 2000 each SAN hardware vendor had to provide their own proprietary set of APIs for managing their hardware, which made uniform management and control difficult. With Virtual Disk Service in Server 2003, Microsoft has written an interface layer that allows for a uniform way of working with these SAN systems and therefore has enabled the writing of a built-in Volume Shadow Copy Service.

Since Shadow Copy is now part of the OS function, a raft of applications can take advantage of it in a uniform way, including future versions of Exchange. With a Shadow Copy, you can split a mirror into two parts and back up one part while the other still runs. At the end of the backup process, the two halves are automatically re-synchronised and joined back together.

For 64-bit computers, there are no Master Boot Record files on the hard disk to indicate the disk partitioning. Instead, they've moved to a GPT (GUID Partition Table) arrangement that benefits from redundant primary and backup partition tables for better partition integrity.

The Distributed File System has been improved to allow more intelligent routing of file requests, based on the site topology defined in AD. And the File Replication Service allows you to dump unnecessary replication traffic and to compress the traffic on the wire, therefore improving throughput. There are new file system filter APIs too for anti-virus applications to use, and a faster defragmentation tool.

Networking and Terminal Services

In Server 2003, Microsoft releases its production-quality IPv6 protocol suite. IPv6 has been a long time coming and arguably is only of importance to the largest networks and internetworks, but now it's possible to use standard Windows servers to operate in that IPv6 space. There are IPv6-enabled tools in the system to let you work with it out of the box, including Microsoft Internet Explorer, Telnet client, FTP client, Microsoft IIS 6, file and print sharing. It also provides support for IPv6/IPv4 co-existence technologies such as 6to4 and Intra-site Automatic Tunnel Addressing Protocol (ISATAP).

Terminal Server users will appreciate the significant improvements that have been made in the RDP 5.1 protocol and client. No longer are you limited to 256 colours. If you have the bandwidth, you can run all the way to a Truecolour 16.7 million colour space, which means even photo-realistic work can be done via a Terminal Server session. Plus, the maximum resolution is up to 1,600 x 1,200 pixels.

The protocol is richer as well - with RDP5.1, you can access many of the local resources within the remote session. So with the right client, it's possible to get to the local file system, or smart cards, audio output, serial ports, printers including network printers, as well as the clipboard. This means you can open a local file, work on it remotely and then print it to a locally connected printer - a major improvement over the 'here and there' limitations of previous Terminal Server implementations.

IIS & .NET Framework

Here's not the best place to discuss in depth the new features and facilities of IIS 6. Suffice it to say, IIS has been completely rearchitected to be much more scalable, reliable and easier to use, configure and deploy. Again, Microsoft has definitely taken lessons from the past heritage of IIS 3, early ASP and so forth.

Server 2003 is the first Microsoft OS platform to ship with the .NET Framework already built in. From a system administrator's point of view, this is somewhat of a headache, because it's a large, complex and new area for them to understand. Fortunately, it won't impact on them unless they need to dive into the configuration and management, at which point there's a requirement for a large and deep set of skills to be learned.

All together now

So what is Server 2003 like overall, and is it a worthwhile upgrade? Much of the answer to that question will depend upon where you're coming from, what problems need to be addressed and what your expectations are.

There are a number of clearly definable groups where Server 2003 will come like a breath of fresh air. Those engaged in ASP .NET programming, Visual Studio application building and so on will greatly benefit from having Server 2003 instead of Windows 2000, and this is mostly related to the work on the frameworks and on IIS 6.

If you have a large contingency of Terminal Server users, you'll look at Server 2003 and see much there to benefit your environment and user base. Similarly, if you're thinking about deploying a SAN, the storage improvements will definitely be worth looking at, in order to decide whether you'll move to Server 2003 as part of your SAN roll-out, or whether the capabilities can be waited for in a later deployment.

If you're a large corporate and the issues of domain naming, renaming, company merging and all the management issues of AD are an issue to you, you'll want to move. Similarly, if you have a geographically spread WAN, the Server 2003 improvements will come as a godsend to your system administrators who are tasked with keeping your WAN network running on a day-to-day basis.

For many companies, especially small to medium-sized enterprises and those that will have to pay for an upgrade from W2K to Server 2003, it's hard to see too many things that are truly compelling to upgrade. For them, W2K will continue to do a strong job and they won't miss out on many benefits by overlooking the Server 2003 platform. If they're using Exchange Server 2000 and wish to move to Exchange Server 2003, for example, to get real benefits from its client-side cacheing and the vastly improved Outlook Web Access, they can do so while staying firmly in the W2K space.

Overall, the three years Microsoft has spent from the release of W2K to the arrival of Server 2003 haven't been wasted. Everywhere you look, there has been an almost endless list of improvements, tweaks and fixes, which make it a somewhat nicer world in which to work compared with W2K. If you're already on W2K, you're probably on a rolling licence programme, in which case you can choose to deploy at your own pace.

However, the bell is clearly tolling. For standard line-of-business file, print, authentication and so forth, it will be hard to justify a move from Server 2003 to something else in the future. The fact that Server 2003 is such a rounded and polished performer in this space means that its successor is going to have to grapple with the real issues of document management, knowledge management, team working and so on in a way that no OS has yet attempted.