Microsoft Information Technology (Microsoft IT) understands
that unanticipated downtime can have a significant negative impact in its large,
complex environment. Loss of critical systems or services can reduce productivity,
sales, and confidence from staff, partners, and customers. To help create a highly
available infrastructure that provides minimal downtime, Microsoft IT decided to
deploy the Server Core installation option of the Windows Server® 2008
operating system.
The Server Core installation option, new in Windows Server 2008, is minimal:
It does not include a full graphical user interface (GUI) or various additional
functionality that is not required for supported server roles and features. For
example, it does not include Windows® Explorer and Windows Internet Explorer®. This
minimal nature enables easier installation and configuration management, and it
reduces the attack surface of the operating system. An administrator can manage
a Server Core installation of Windows Server 2008 locally from the command-line
interface, or remotely by using management tools, such as the Microsoft® Management
Console (MMC).
The Microsoft enterprise is large, complex, and constantly changing. The primary
mission of the Microsoft IT group is to manage a world-class utility that keeps
the business productive and to act as the first and best customer of Microsoft.
This mission involves testing all enterprise software in the early stages of beta
development by deploying it throughout the company in a full production capacity.
This testing has the benefit of providing the feedback that only a real-world corporate
environment can achieve, in addition to providing urgency for the development of
stable, reliable, and capable products. The following data gives an overview of
the environment in which this all occurs (numbers are approximate): - More than 90,000 users
- Approximately 11,000 production and pre-production servers
- More than 400,000 unique computers and networked devices
- More than 400 sites supported worldwide
- Global line-of-business (LOB) applications (for example, Siebel, Clarify,
MS Sales, and World-Wide Sales and Marketing Database)
- Global virtual Helpdesk
- More than 7.5 million remote connections per month
This document shares the experiences of Microsoft IT in the deployment of the Server
Core installation option of Windows Server 2008 at Microsoft. The information
in this document should provide meaningful guidance to IT directors, solution architects,
and technical decision makers who want to deploy and manage a Server Core installation
in both small and large environments.
This document assumes that readers are familiar with Windows Server technologies,
Windows Server deployment and administration, and the Active Directory® directory
service.
Microsoft IT received the following benefits from deploying a Server Core installation
of Windows Server 2008.
With the Server Core installation option, Microsoft IT administrators can now install
a minimal Windows Server 2008 operating system environment. Because fewer features
and services are installed on a server running a Server Core installation, there
is less to manage. This ability allows for a more robust and dependable server configuration.
Because a Server Core installation does not include a GUI, Microsoft IT administrators
must initially configure the system by using the tools in the Windows Automated
Installation Kit (AIK), by using unattended installation answer files, or by using
command-line tools and scripts.
An administrator can also manage the Server Core installation remotely by using
the MMC snap-ins and tools from another computer running Windows Server 2008
by selecting the computer running the Server Core installation as a remote computer.
Servers running a Server Core installation support development of management tools
and agents, which can be divided into two categories: - Remote management tools. These
tools do not require any changes, as long as they use one of the protocols supported
in Server Core installations to communicate with the remote management workstation,
such as remote procedure call (RPC).
- Local management tools and agents.
These tools may require changes to work with Server Core installations because they
cannot have any shell or user interface dependencies, and they cannot use managed
code.
A Server Core installation includes only the minimal number of services and features
that need to run on the server. This reduces the attack surface that is exposed
to security threats and reduces the chance of configuration errors.
Having a reduced number of services also means that the operating system needs a
minimum number of software updates to keep the server up to date. Approximately
60 percent of the server updates that were recommended for Windows 2000 Server
are for functionality that is not part of a Server Core installation. Microsoft
IT can therefore provide for a higher degree of availability and reduce server downtime
to remain security compliant.
Because of the reduced installation footprint in a Server Core installation, only
the minimum number of files is necessary for the specific server roles.
In addition, the Server Core installation option delivers more control and flexibility
by enabling Microsoft IT to deploy servers with only the features needed at each
location. With fewer services and features installed and running, the servers are
less vulnerable to attack. The streamlined server installation also requires less
maintenance.
Maximized Hardware Utilization
Windows Server 2008 includes Hyper-V™ virtualization technology, which will
help Microsoft IT reduce the cost of installing multiple operating systems. Hyper-V
running on a Server Core installation provides a stable virtualization platform
that enables Microsoft IT to host multiple operating systems on a single server.
This server virtualization technology enables Microsoft IT to maximize hardware
utilization by providing the following advantages: - Helps Microsoft IT reduce the total amount of required hardware and
reduce server management costs
- Enables Microsoft IT to create a flexible test environment to test
various deployment and management scenarios
- Improves server availability by eliminating the need for additional
physical computers
- Enables Microsoft IT to increase or reduce server resources in response
to changes in demand
A Server Core installation supports Microsoft IT’s vision of a standardized environment
by improving the total cost of ownership (TCO) in addition to improving the delivery
of services to the group's customer base. This reduction in cost is due to a Server
Core installation's reduced software update requirement and its ability to provide
for easier installation and easier configuration management.
Microsoft IT took advantage of the improved failover clustering feature in Windows
Server 2008—available in a Server Core installation—to help build redundancy
and fault tolerance for services that require it. The improvements to failover clusters
(formerly known as server clusters or Microsoft Cluster Server) in Windows Server 2008
simplify cluster creation and management; they make possible the use of clustering
to enable greater availability without an arduous amount of additional investment
or expertise.
Microsoft IT decided to deploy a Server Core installation when it needed to dedicate
a server solely to the roles and features that a Server Core installation supports.
For example, Microsoft IT deployed a Server Core installation when it required a
dedicated server to provide one or more of the following: - Active Directory Domain Services (AD DS)
- Active Directory Lightweight Directory Services (AD LDS)
- Dynamic Host Configuration Protocol (DHCP) Server service
- Domain Name System (DNS) Server service
- File services
- Print services
- Windows Media® Services
- Internet Information Services (IIS)
- Hyper-V (Windows Server virtualization)
Some of these scenarios involved moving services that were running on existing computers
running Windows Server 2003 onto computers running a Server Core installation
of Windows Server 2008. Some of these scenarios required new hardware. Microsoft
anticipated this work as part of the Windows Server 2008 deployment schedule.
The administrators who were responsible for one of the roles or services within
Microsoft IT decided whether to deploy a Server Core installation of Windows Server 2008
or a full installation of Windows Server 2008. However, they regularly consulted
various platform teams within Microsoft IT for advice. Individuals who represented
the various teams within Microsoft IT eventually agreed to these decisions.
These teams developed shared goals to make sure that the product was tested correctly
prior to release. This effort involved using deployment methods that met the expectations
of the Microsoft IT group and the eventual customer. These methods enabled Microsoft
IT to gain a wealth of experience prior to moving the rest of the environment to
Windows Server 2008 when the time was right.
Microsoft IT decided not to perform an in-place upgrade from Windows Server 2003.
More specifically, the team required a clean installation for the cases in which
it moved a service or role from a computer running Windows Server 2003 to a
Server Core installation of Windows Server 2008.
Because Windows Server 2008 was still in the beta phase, Microsoft IT built
staged images of the Server Core installation by using the Windows AIK, and then
created unattend.xml files that automated most of the installation. Microsoft IT
administrators performed some of the installation tasks, including selecting the
installation option (Server Core or full) and selecting the target disk partition.
After the automated installation finished, the Microsoft IT administrator completed
the installation and configured the required services.
The Microsoft IT administrator responsible for the initial configuration of the
Server Core installation was also responsible for naming the computer, joining the
domain, and conducting the network configuration tasks. After the Microsoft IT administrator
completed these tasks, the automated installation process loaded the base platform
software, such as the startup configuration information, debug options, OEM hardware
support drivers and agents, antivirus software, and management agents.
Remote Management
Windows Server 2008 provides many enhancements that offer improved remote management
for the Microsoft IT administrators that manage servers from remote locations. However,
because the Server Core installation in the Microsoft IT environment was partially
automated, fully provisioning the server still required administrator intervention.
In this case, the Microsoft IT administrator had to configure the base image for
the Server Core installation so that it was remotely manageable before the server
running the Server Core installation was fully functional. This involved the following
tasks: - Configuring Windows Firewall to allow remote management
- Using a remote management tool to manage the computer running the
Server Core installation
By default, Windows Firewall is on after the initial Server Core installation is
completed and inbound connections are blocked. This default setting prevents anyone
from remotely accessing the computer running the Server Core installation before
it is fully configured.
To configure the firewall to allow remote access to the computer running the Server
Core installation, the Microsoft IT administrator ran the following command from
the command prompt:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
Although this command allows full remote access, Microsoft IT administrators configured
the firewall to allow only certain MMC snap-ins to remotely manage the computer
running the Server Core installation. To allow specific MMC snap-ins to remotely
connect to the server running the Server Core installation, the Microsoft IT administrators
configured the firewall to allow the related rule group. To use the Windows Firewall
MMC snap-in from a computer running Windows Vista® or Windows Server 2008
to remotely manage the firewall on a server running a Server Core installation,
the Microsoft IT administrators first enabled remote management of the firewall
by running the following command on the computer running a Server Core installation:
netsh advfirewall set currentprofile settings remotemanagement enable
The following table displays the MMC snap-in and the related rule group.
Table 1. MMC Snap-ins for Remote Management |
MMC Snap-in name |
Rule group name | |
Event Viewer |
Remote Event Log Management | |
Services |
Remote Service Management | |
Shared Folders |
File and Printer Sharing | |
Task Scheduler |
Remote Scheduled Tasks Management | |
Reliability and Performance
|
Performance Logs and Alerts; File and Printer Sharing | |
Disk Management |
Remote Volume Management | |
Windows Firewall with Advanced Security |
Windows Firewall Remote Management |
Using a Remote Management Tool
After Microsoft IT administrators configured the firewall on the computer running
a Server Core installation to allow remote access, they used the following remote
management tools to connect and provision the computer: - Windows PowerShell™ command-line
interface. Although Windows PowerShell depends on the Microsoft .NET Framework
and therefore does not run on a Server Core installation, the Microsoft IT administrators
can use the Windows PowerShell command-line interface from another Windows-based
computer to remotely run Windows Management Instrumentation (WMI) commands against
the computer running a Server Core installation. This helps Microsoft IT to automate
common management tasks and perform other system administration tasks.
- Windows Remote Management.
Windows Remote Management provides an efficient, low-bandwidth method to easily
manage servers in remote locations. Windows Remote Management is the Microsoft implementation
of the WS-Management protocol, a standard Web-enabled protocol that enables hardware
and operating systems to interoperate. Microsoft IT administrators can use Windows
Remote Management scripting objects, the Windows Remote Management command-line
tool, or the Windows Remote Shell command-line tool to obtain information from remote
computers.
- Terminal Services. Microsoft
IT administrators can use a Terminal Services Remote Desktop connection from a remote
computer to manage and administer the computer running the Server Core installation.
- MMC snap-in. Microsoft IT
administrators can use an MMC snap-in to manage a computer running the Server Core
installation. By using an MMC snap-in, the administrators can manage the computer
in the same way that they would manage any computer running Windows.
After the automated installation process finished, the physical computer running
the Server Core installation was assigned to the Microsoft IT administrator who
was responsible for the hosted service to provision the specific service.
To configure the computer running the Server Core installation, the Microsoft IT
administrator used the following commands to view and install the various roles
and features: - OCList. The
OCList command lists the server roles and optional features that are available
for use with Ocsetup.exe. It also lists the server roles and optional features that
are currently installed.
- OCSetup. The
OCSetup command replaces Sysocmgr.exe, which is included in the Windows XP
and Windows Server 2003 operating systems. All server roles in the Server Core
installation can be installed via OCsetup.exe, with the exception of the Active
Directory Domain Controller role, which is installed via dcpromo with an unattend
file.
To configure the computer running the Server Core installation to host the specific
server role, the Microsoft IT administrator used the following the command and syntax
either locally or remotely (where serverrole-name
is the name of the role):
start /w ocsetup serverrole-name
The following table displays the command used to start each role.
Table 2. Roles and Commands |
Role name |
Command | |
AD DS |
dcpromo /unattend:<unattendfile.xml>
| |
AD LDS |
start /w ocsetup DirectoryServices-ADAM-ServerCore
| |
DHCP Server |
start /w ocsetup DHCPServerCore
The administrator can configure the DHCP scope at the command prompt by using netsh,
or by remotely using the DHCP snap-in. | |
DNS Server |
start /w ocsetup DNS-Server-Core-Role
The administrator configures the DNS zone at the command prompt by typing dnscmd
or by remotely using the DNS MMC snap-in. | |
File services |
The file services role is installed by default when an administrator creates a non-administrative share. | |
Print services: |
start /w ocsetup Printing-ServerCore-Role
| |
Windows Media Services |
start /w ocsetup MediaServer | |
Web server |
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel | |
Hyper-V |
Not Applicable |
After the Microsoft IT administrator completed the Server Core installation and
configured the server, he or she installed one or more of the optional features: - Failover clustering
- Network Load Balancing
- Subsystem for UNIX-based applications
- Multipath I/O
- Removable Storage
- Print services
- Windows BitLocker™ Drive Encryption
- Windows Server Backup
- Simple Network Management Protocol (SNMP)
- Windows Internet Name Service (WINS)
- Telnet client
Installing a specific feature required the following syntax (where
feature-name is the name of the feature:
start /w ocsetup feature-name
The following table displays the command that the administrator used to install
each feature.
Table 3. Features and Commands |
Feature name |
Command | |
Failover clustering |
start /w ocsetup FailoverCluster-Core | |
Network Load Balancing |
start /w ocsetup NetworkLoadBalancingHeadlessServer | |
Subsystem for UNIX-based applications |
start /w ocsetup SUACore | |
Multipath I/O |
start /w ocsetup MultipathIo | |
Removable Storage |
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore | |
Print services: |
start /w ocsetup Printing-ServerCore-Role
| |
BitLocker Drive Encryption |
start /w ocsetup BitLocker
Installing the remote administration tool for BitLocker requires typing the following
at a command prompt:
start /w ocsetup BitLocker-RemoteAdminTool | |
Windows Server Backup |
start /w ocsetup WindowsServerBackup | |
SNMP |
start /w ocsetup SNMP-SC | |
WINS |
start /w ocsetup WINS-SC | |
Telnet client |
start /w ocsetup TelnetClient |
Microsoft IT uses Microsoft Systems Management Server (SMS) 2003 and Microsoft
System Center Configuration Manager 2007 for assessing, identifying, planning,
and deploying updates to the Server Core installation. Microsoft IT also uses SMS
and Configuration Manager as enterprise management tools for configuration and change
management of Windows operating systems.
SMS and Configuration Manager use the Inventory Tool for Microsoft Updates (ITMU)
to determine the update compliance of all managed computers. The ITMU tool provides
integration with updates that Windows Update and Microsoft Update offer. As part
of the regular maintenance program, SMS and Configuration Manager use scheduled
maintenance windows to deploy any required software updates to the computers running
the Server Core installation. If the computer running the Server Core installation
is not in compliance, the required software updates are automatically installed
during the next scheduled maintenance window. Microsoft IT needs this automated
process because security is extremely important in the Microsoft IT environment.
For computers running a Server Core installation that are not managed by SMS or
Configuration Manager, Microsoft IT manually configures them to use Automatic Updates.
In the Microsoft IT environment, the administrator configures Automatic Updates
by running commands at the command prompt on the computer running the Server Core
installation (as shown in the following table). The administrator can perform this
configuration locally or remotely.
Table 4. Commands for Configuring Automatic Updates |
Action |
Command | |
To verify the Automatic Update setting |
cscript scregedit.wsf /AU /v | |
To turn on Automatic Updates |
cscript scregedit.wsf /AU 4 | |
To disable automatic updates |
cscript scregedit.wsf /AU 1 | |
To view various command-line methods to manage the system |
cscript scregedit.wsf /CLI |
By using Windows Server 2008, Microsoft IT can more readily support an effective
disaster-mitigation strategy that will help improve application availability. Because
the cluster failover operation is automated, the availability of business-critical
systems no longer depends on human intervention.
Hyper-V server virtualization technology is available as a role in a Server Core
installation. This role can provide higher uptime, less maintenance, and the ability
to host more virtual machines for each virtual server. An organization can attain
the higher uptime and lower maintenance levels because of the fewer security updates
and software updates that might apply to a Server Core installation. Microsoft IT
also takes advantage of the micro-kernelized hypervisor architecture in Hyper-V
to tightly control the resources that are available to each virtual machine. For
example, virtual machines are isolated in a way that gives them very limited exposure
to other virtual machines and greater security from external attacks.
Server virtualization provides increased security for all server platforms. Features
that Hyper-V uses to enhance security include the following: - Enabling virtual machines to take advantage of hardware-level security
features, such as Data Execute Prevention (DEP), to help prevent execution of the
most prevalent viruses and worms. These features are available in newer server hardware.
- Providing strong role-based security to help prevent exposure of security-enhanced
virtual machines through shared servers.
- Integrating network security features that enable automatic network
address translation (NAT), firewall, and Network Access Protection (quarantine).
- Reducing the attack surface through a streamlined, lightweight architecture.
All of Microsoft IT’s Hyper-V production and pre-production hosts are scheduled
to run on a Server Core installation. This is because the more secure and available
the virtualization host or parent partition is, the more stable and secure the virtual
machines are. Also, because a Server Core installation uses fewer resources than
other operating systems, more resources can be allocated to each virtual machine
that is running on the host server running the Server Core installation.
Windows Server Backup is a key feature of Windows Server 2008 that provides
high availability of services. Windows Server Backup provides a backup and recovery
solution for the server on which it is installed. It improves on the backup features
included in earlier versions of the Windows operating system.
Key improvements in Windows Server Backup include the following: - Volume Shadow Copy Service and block-level backup technology help
efficiently back up and recover the operating system, files and folders, and volumes.
- After the first full backup is created, Windows Server Backup automatically
runs incremental backups, saving only the data that has changed since the last backup
occurred. Administrators no longer have to manually schedule full and incremental
backups.
- An administrator can restore individual files or entire folders by
choosing a backup and then selecting items to restore from that backup. Previously,
an administrator had to manually restore from multiple backups if the item was stored
on an incremental backup. Now, the administrator can simply choose the backup date
for the items that he or she wants to restore.
- Windows Server Backup works with the new Windows Recovery tools to
simplify recovery of the operating system. Users can recover to the same server,
or, if the hardware fails, they can recover to a new server that has no operating
system.
- Users can manually back up volumes directly to DVD. Windows Server
Backup also retains support for backing up manually to shared folders and hard disks.
Scheduled backups are stored on hard disks.
- Windows Server Backup now includes a wizard to guide the IT staff
through the process of creating daily backups. System volumes are automatically
included in all scheduled backups.
Because a Server Core installation uses less disk space and uses less overhead than
a full installation of Windows Server 2008, the backup process is typically
faster for both a full backup and a system state backup. With the smaller footprint
in a Server Core installation, the restoration process is also typically faster
and allows for higher uptime and overall lower TCO.
Based on the lessons that it learned from the deployment of a Server Core installation
of Windows Server 2008, Microsoft IT developed the following best practices: - Install only the required services on the computer running the Server
Core installation. This helps to reduce the attack surface and keeps patching requirements
to a minimum.
- Make sure that the deployment plan provides enough time and resources
to perform a clean Server Core installation. This is because an administrator cannot
upgrade to a Server Core installation or revert to a Server Core installation from
a full installation of Windows Server 2008.
- Become familiar with the command-line tools that are used in a Server
Core installation before deployment. This will help smooth the transition to the
new Server Core installation option of Windows Server 2008.
- Make sure that any existing management tools and third-party applications
in the environment work with the Server Core installation. This includes third-party
backup programs and antivirus software.
Conclusion
The Server Core installation option of Windows Server 2008 enables Microsoft
IT to have more control over its server and network infrastructure. A Server Core
installation also helps increase security by providing a reduced attack surface
and helps reduce overall costs because of reduced deployment and maintenance requirements.
For More Information
For more information about Microsoft products or services, call the Microsoft Sales
Information Center at (800) 426-9400. In Canada, call the Microsoft Canada information
Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact
your local Microsoft subsidiary. To access information via the World Wide Web, go
to: http://www.microsoft.com http://www.microsoft.com/technet/itshowcase
© 2008 Microsoft Corporation. All rights reserved.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES,
EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, BitLocker, Internet
Explorer, Windows, Windows Media, Windows PowerShell, Windows Server, and Windows
Vista are either registered trademarks or trademarks of Microsoft Corporation in
the United States and/or other countries. The names of actual companies and products
mentioned herein may be the trademarks of their respective owners.
|