I'd be curious too see some info on employing Microsoft Hyper-V Server 2008 in an SBS environment - this is a free (as in beer) underlying Hypervisor that allows deployment of multiple virtual machines, but also requires either a Windows Server 2008 or Vista SP1 system to function as a system console for provisioning and managing virtual machines. While Microsoft Hyper-V Server 2008 is free, every installed OS needs it's own license, unlike purchased OEM/Retail Server 2008 instances that include either rights to virtualize one (Standard Edition), four (Enterprise Edition), or unlimited (Datacenter Edition) instances on the same physical server.

A business might want to gather up multiple discrete server boxes running Line of Business servers onto one moder box, and this would allow them to do this without investing in any new operating system licenses. It is also possible to virtualize non-Microsoft Operating Systems (Linux, Solaris, etc.) and manage them from the SBS 2008 server.

>>tonyso: You can find more information about Microsoft Hyper-V Server 2008 at: http://www.microsoft.com/servers/hyper-v-server/default.mspx

Is it also recommended that the computer used for remote management should also not be joined to the SBS domain if the SBS primary server is virtualized on Server Core or Hyper-V Server? Wouldn't you run into major issues if your remote management box needed domain authentication to sign on?

Having another physical backup domain controller would prevent issues, relating to the advice given about not joining the parent partition to the domain.

For that reason, if you want to manage the server remotely from a domain-joined PC, and don't have a backup physical domain controller, wouldn't it be recommended to stick with the GUI version of Server 2008 as the parent so that you could still log on locally in emergencies? (You would still have to not join the parent to the domain though)

Given these difficulties, it almost seems like using Server Core/Hyper-V Server isn't nearly as flexible as having a local GUI.

Joe-Raby's comment is correct. Whenever you require that the remote management computer be part of an domain that is not trusted by the domain of the server running Hyper-V, then you should use Windows Server 2008 - which provides you a full GUI and local management. In either case, you should follow the best practice recommendations in the Windows Server 2008 Security Guide, for hardening your W2K8 VMs. Also review http://technet.microsoft.com/en-us/library/cc974516.aspx for best practice advice on Hyper-V security.

The GPO Accelerator can make this easier. The GPOAccelerator creates all the Group Policy objects (GPOs) that you need to deploy recommended security settings for your environment to save you hours of work that you would otherwise need to configure these settings.

BTW, the guide was published before Hyper-V RTM. When the Security Guide is updated, a new worksheet in the Attack Surface Reference Workbook will be added that lists the attack surfaces for Hyper-V. Until then, you can find the same information in the Hyper-V Attack Surface Reference Workbook, available for download today at http://download.microsoft.com/download/8/2/9/829bee7b-821b-4c4c-8297-13762aa5c3e4/Windows Server 2008 Hyper-V Attack Surface Reference.xlsx. Copy=-paste into your Attack Surface Reference Workbook from the Security Guide and you are good to go.

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=9ff6e897-23ce-4a36-b7fc-d52065de9960

Download the Windows 2008 Remote Administration Toolkit for Vista here. It will allow you to manage any role or feature on a Windows 2008 server. Remember that we are talking SMB market here, and that an additional AD DC isn't ussually affordable or available. Hyper-V allows us to take advantage of the Premium edition of the SBS 2008 server by installing both licenses on the same physical box. A perfect SMB set up if you ask me. One physical server, Hyper-V R2, VM1:SBS 2008, VM2: Windows 2008 server Standard as a Terminal server.

I'm currently installing this setup with the RC of Hyper-V Server R2. I'll post it here if I get in any trouble.