TechEd 2007: Virtualization to Become Ninth Server Core Role
ORLANDO - At a morning session introducing many to the window-less Server Core installation option in the forthcoming Windows Server 2008, Microsoft product manager Andrew Mason made it official: Windows Virtualization Services (code-named "Viridian") will become the ninth role available for the trim server option, joining Internet Information Services 7 announced last Monday and other common, unattended role such as DNS server, DHCP server, and Active Directory Application Mode (now called AD LDS).
This addition may be both welcome and extremely important for enterprises working to create homogeneity of services where heterogenous (OS-specific) applications are deployed. Now SUSE Linux and other systems can be hosted by servers that don't need to waste space managing Windows printer and display drivers, such as DirectX and Direct3D, when they're not ever going to be used there anyway.
Monday's announcement referred to IIS7 as the seventh Server Core role. Yes, we're keeping count, and no, you're not asleep. There is indeed an eighth role, and based on the graph we saw this morning, Windows Media Services is that #8 role. This will enable an unattended server to stream media, even though it's not necessary for that server to display or play that media locally.
Mason also confirmed that there are no plans at present for Server Core to run on Itanium-based servers, and from the sound of his statement, that doesn't look likely to change. As he explained it, the key application server role option will not work on Server Core, for reasons it seemed he would explain if he could. That fact may be the sole reason (or excuse) for Server Core's omission on Itanium.
Server Core reduces the footprint of the OS from about 5 GB in WS2K8 to 1.5 GB, and based on recent tests, will reduce the number of patches admins may need to employ by 60% over Windows 2000. The reason there is very simple: There's no need for admins to patch files that simply aren't there.
The implication there is simpler still: There may be fewer security flaws in a system where fewer opportunities for such flaws exist.
Server Core-based systems may be administered through a tool called Windows Remote Shell, though as Mason revealed this morning, this is by no means a full-featured tool. Essentially it's a kind of relay service for a complete command or call to a script. The standardized WS-Management protocol will be supported as an option.
Though it wasn't news to anybody in the crowd, the sad fact that PowerShell will not run on Server Core was repeated. The .NET Framework requires a GUI, Mason explained again, and PowerShell requires the .NET Framework. While there's considerable support for the movement to "component-ize" .NET to disable its graphics requirement and thus enable PowerShell to run there, we learned yesterday there may be some opposition to that idea for security reasons.
Though he could not speak for Microsoft, one of its best friends at these conferences, Windows IT Pro contributing editor Mark Minasi, told BetaNews he suggests Microsoft not go down that road. Adding .NET to the Server Core mix would expand its attack surface, he believes, vastly increasing the possibility for outside attacks by expanding its programmability.
However, as we learned this morning, many of the scripts Server Core does run - including some of the so-called "unattend files" - are based in VBScript, the unmanaged local interpreter whose relative security reliability was proven in 2000 by the proliferation of the "ILOVEYOU" virus.