Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Scott Schnoll
MCT MCSE MCSA MCP Microsoft MVP Product Support Manager TNT Software (http://www.tntsoftware.com) President NOBUG (http://www.nobug.org)
Technical Perspective
Windows Server 2003 Family OOBE DISCLAIMER: INFORMATION CURRENT AS OF JAN 2003 IIS 6.0 BUT IS SUBJECT Feature Highlights TO CHANGE Upgrading .NET Framework XML Web Services Q&A
Compare Editions at: http://www.microsoft.com/windows.netserver /evaluation/features/compareeditions.mspx Anticipated Release: April 24, 2003 (S.F., CA)
System Requirements
Minimum
CPU: Pentium 133* RAM: 128MB** Disk: 1.5GB (x86), 2.0GB (Itanium) CPU: 550MHz or greater RAM: 256MB or more Disk: 2.5GB or more
Recommended
*Datacenter requires minimum of 400Mhz for x86 systems. Datacenter and Enterprise require minimum of 733MHz for Itanium systems. **Datacenter requires 512MB RAM minimum.
Web Edition
New SKU targeted at ISPs/ASPs/Web Farms Only available via selected Partner channels; Not available via Retail channel Native ASP.NET & .NET Framework 2-way SMP 2GB Memory Network Load Balancing Single VPN connection SMB Connection Limit 10 concurrent
Web Edition
Enterprise UDDI Services Removable and Remote Storage FAX Service Services for Macintosh (File/Print) DCPromo Certificate Services Terminal Services Application Mode Windows Media Service Itanium/64-bit support Cluster Service MMS RIS Internet Connection Sharing/Internet Connection Firewall PKI/Smart Cards (client-side only)
Standard Edition
Requires MSDE or SQL Server 2000 w/SP3 or later Directory used by applications to locate web services
Internet Authentication Service (50 RADIUS servers max; unlimited users) Internet Connection Firewall (LAN, VPN & PPPoE) Internet Connection Sharing Network Bridge 4-way SMP 4GB memory Can be DC/GC
Standard Edition
Enterprise Edition
Moving from Advanced back to Enterprise Includes features in Standard Edition, plus
Server Clusters (8 nodes!) Supports Itanium Processors 8-way SMP 32GB memory (x86); 64GB memory (Itanium) Integration with Microsoft Metadirectory Services Hot-Add Memory* Non-Uniform Memory Access (NUMA)* Terminal Services Session Directory (NLB, F5, Radware) Windows System Resource Manager
Datacenter Edition
64-way SMP 64GB memory (x86); 512GB memory (Itanium) Windows Sockets: Direct access for SANs (Winsock Direct)
OOBE
Need to run ADPrep tool (/forestprep and /domainprep) to prepare Windows 2000 AD
OOBE
OOBE
Remote Assistance/Remote Desktop Automatic Updates Themes/Appearance Windows Update .NET Framework Configuration FPSE 2002/SharePoint Administration Volume license customers do not activate Non-volume license customers have 30 days
Product Activation
OOBE
Services run with Limited User Access (instead of admin) Significantly Reduced Attack Surface
Reliability improved across the board Every single line of code reviewed
IIS 6.0
Nearly 100% completely re-written Stack Overrun detection Components added/removed via Add or Remove Programs in Control Panel IIS Lockdown Tool built-in and called Web Service Extensions .NET Passport Integration
IIS 5.0 has a single process (inetinfo) that farms out requests to out-of-process applications (dllhosts) IIS 6.0 splits this functionality across two new components:
HTTP.SYS (kernel-mode listener) WWW Service Administration and Monitoring (usermode admin tool) On a test server w/8CPUs, IIS 6.0 showed a 100% performance gain over IIS 5.0 on the same hardware
Part of core WWW Service Handles configuration changes and process management Loads configuration from IIS metabase on startup Responsible for life cycle of worker processes When to start When to recycle When to restart
Worker process executable (w3wp.exe) loads WWW service DLL into its working set to perform loading/unloading of ISAPI modules and for authorization and authentication HTTP.sys listens for requests and routes them to the appropriate application pool queue Application Pool is nothing more than an HTTP.sys queue and at least one worker process. Application pools serve requests for a unique Web application
Prevents third-party code from crashing IIS Failed worker processes automatically restarted There may be a temporary disruption in the processing of a request, but the request will be processed, and end-user experience is preserved
Isolation mode introduced in IIS 4.0 No more in-process applications Admins create Application Pools
Set of web applications that share one or more worker processes Application pools separated by process boundaries Can move running applications between application pools Application Pool Namespace Group
Prevents worker process from harming IIS Eliminates lots of reboots Enables live debugging/development Self-healing (checks for faults, leaks, hangs, etc.) Treats applications as unit of administration Patches can be applied without interruption in service IIS 5.0 Isolation Mode
Backward compatibility Same as IIS 5.0, but shoehorns into IIS 6.0 HTTP.SYS model
Worker Process
WWW Service Administration and Monitoring
Worker Process
ISAPI Extensions
ISAPI Extensions
ISAPI Filters
ISAPI Filters
HTTP.sys
Like a home directory for FTP users Isolates their folder from other users folders Users top-level folder appears as root of FTP PASV requires addl connection (formerly ephemeral port but now configurable)
Ships in locked down state only static content can be served New lower privilege service account (low privilege user context) ASP more secure (always run as a lowprivileged account anonymous user) Auto-rejects requests for unknown file extensions More aggressive timeouts, limits on uploads, etc. to further harden against attacks Buffer overflow protection File verification before passing file requests to request handler (e.g., ISAPI extension)
XML format
Can be edited while IIS is running Improved backup/restore Extensible schema Backward compatible with metabase APIs and ADSI Smaller footprint, faster reading Configuration rollback
iisweb.vbs: Create, delete, start, stop, and list Web sites iisftp.vbs: Create, delete, start, stop, and list FTP sites iisvdir.vbs: Create and delete virtual directories, or display the virtual directories of a given root iisftpdr.vbs: Create, delete, or display virtual directories under a given root iisconfg.vbs: Export/import IIS configuration to XML file iisback.vbs: Backup and restore IIS configuration iisapp.vbs: List process IDs and application pool IDs for currently running worker processes (W3WP.EXE) iisext.vbs: Configure Web service extensions
ASP.NET and Passport integration Specify an arbitrary set of buffers/file handles in one client send call: HSE_REQ_VECTOR_SEND (call
ServerSupportFunction() )
Worker process recycling (tell IIS to recycle process): HSE_REQ_REPORT_UNHEALTHY Create dynamic request response and serve from kernel: DYNAMIC CACHING (FLAG) Identify final send in response to reduce kernel/user transitions: FINAL SEND (FLAG) ISAPI support for custom errors Improved ISAPI Unicode support COM+ services in ASP
20,000 pooled applications in IIS6 vs < 3,000 in IIS5 1,000 isolated apps on a single machine, each with its own security identity on IIS6 vs maximum of 100 on IIS5 Support for Web Gardens
Where a set of equivalent processes on a computer each receive a share of the requests that are normally served by a single process
Disabled after upgrading from NT4 or Windows 2000 Group Policy can be used to prevent rogue IIS installations Includes MSDE
Feature Highlights
Installation
Setup Manager Wizard Create Answer Files Recovery Console can be delivered from RIS Greater flexibility for answer files (image install can have multiple answer files)
Disk Duplication Improved SysPrep Tool Create DCs from replicas (e.g., backup tape) dcpromo /adv
Feature Highlights
POP3 Service RPC over HTTP Web-based Server Administration OOB 10-20% faster than Windows 2000 Core Improvements
Better scaling for 16 & 32 CPUs Fewer & shorter locks Better process cache alignment Improved memory allocator (needs to be turned on by app in code) True 64-bit Address space increased from 4GB to 16TB
Feature Highlights
Forest
Windows 2000 (NT/2000/2003) Default Windows Server 2003 interim (NT/2003) Windows Server 2003 (2003) Windows Windows Windows Windows 2000 mixed (NT/2000/2003) Default 2000 native (2000/2003) Server 2003 interim (NT/2003) Server 2003 (2003)
Domain
To raise forest functionality, you must be a member of Enterprise Admins To raise domain functionality, you must be a member of Domain Admins or Enterprise Admins
Feature Highlights
Active Directory
5000 member limit gone Group membership replication improved to per-change level
Attribute added to GC does not trigger full GC replication (Windows Server 2003 forest mode) DCs can cache Universal Group membership (Site level option only in Sites without GC) Quotas on number of objects that can be owned (Domain Admins & Enterprise Admins exempt) DNS configuration for DCPromo improved (errorchecking, error messages, self-healing)
Feature Highlights
Feature Highlights
Active Directory
Schema Version 30 (RC2) Domain rename (including forest root) DC rename Bulk load via multi-threaded utility Reset DS Restore password while DC online ADUC Improvements
Object-oriented searches Saved Queries support in ADU&C Multi-select and edit in ADU&C Drag and Drop in ADU&C
Feature Highlights
Active Directory
Support for inetOrgPerson class (RFC 2798) as a security principal with UI support Application Partitions provide administrator defined contexts for replication of data used by applications, on targeted DCs (e.g., DNS, DHCP, RAS, RADIUS, etc.) ADMT v2 in the box: provides user, group, computer migrations to Windows 2003 AD from NT 4, Win2k AD, or Windows 2003 AD. Includes passwords, scriptable, great cookbook and training docs. Lingering Objects Removal scavenger for garbage AD entries Option to disable site-site replication compression (reduces CPU usage on DCs) Major KCC-ISTG performance improvements (Windows Server 2003 forest level)
Feature Highlights
Active Directory
Dynamic Entries w/TTL values (RFC 2589) LDAP connections over TLS (RFC 2830) Digest authentication for LDAP connections using DIGEST-MD5 SASL (RFC 2829) Virtual List Views (as defined by IETF LDAP extensions working group) Schema Objects can be deactivated
Feature Highlights
Is not deployed on DC Supports multiple instances on single box Still uses Windows security (NT/NOS AD domain) Applications that need simple app directory For directory developers, quick build/destroy Extranets Migrations
Enables apps to store private directory data relevant only to that app without configuration in a NOS directory Runs on Windows XP, Windows Server 2003 Standard, Enterprise and Datacenter
Feature Highlights
High-Availability
Last resort, but could save your system (not your data) Creates backup + ASR floppy for recovery
Hot-plug PCI (limited) Memory mirroring (Datacenter) Reboot Reason Collector (Shutdown Event Tracker) Emergency Management Services
Feature Highlights
Clustering
Single Node (Local Quorum) Single Quorum Device (Traditional Server Clusters) Majority Node Set
Print Drivers install for all nodes Kerberos support for Virtual Servers Multicast heartbeat WMI support for management and events NLB
Per virtual server/ip port rules (affinity, etc.) NLB manager allows central config of NLB settings across a cluster
Feature Highlights
Performance Improvements Chkdsk 2x faster than Win2K File system I/O 100% - 139% faster than Windows 2000 Diskpart (command line disk management) Simple web-UI management NTFS read-only volumes WebDAV Redirector Improved SAN Support SAN support (iSCSI) Boot, pagefile, system disks on single HBA
Feature Highlights
Snapshot Technology Shadow Copy Service Shadow Copy Restore Hardware (Transportable) Shadow Copies Virtual Disk Service Open File Backups Data Freighting Clone volumes and move to another host on a SAN Application Recovery Manifest Apps register info on how to backup and restore
Feature Highlights
Group Policy
Many new settings (as in Windows XP Pro) RSOP Resultant Set of Policy Cross-Forest Support Modeling (calculate net effect of multiple GPOs) WMI Filters GPMC Coming Soon Enables
Backup and restore of Group Policy objects (GPOs) Import/export and copy/paste of GPOs Reporting of GPO settings and Resultant Set of Policy (RSoP) data Use of templates for managed configurations All GPMC operations to be scripted Management of all sites and domains and multiple forests Drag-and-Drop support
Full client included with Windows XP Full screen connection bar Save connection settings from same UI Enhanced client error messages (40+ new messages)
Improved usability
Audio output, Windows key combos, Disk drives and printers (local and network), Serial devices, Smart card, Clipboard (+files)
Increased network bandwidth savings over RDP 5.0 Remote experience turns off wallpaper, visual styles etc depending on network connection Auto-reconnect 128-bit bi-directional RC4 User prompted if redirections enabled
Enhanced security
Feature Highlights
Networking
IPv6 (requires reboot after installing; command line only configuration no UI yet) DNS
Stub zones (contains only enough resource records to identify authoritative name server) Conditional forwarding (forwards queries based on domain name) Auto-configuration of forest root _msdcs domain as a forest wide DNS partition for all DNS servers
Client Alternate Configuration Improved backup and restore
DHCP
Point-to-Point Protocol over Ethernet (PPPoE RFC 2516) routing and outbound only; cannot accept inbound PPPoE IPSec over NAT (IKE protocol auto-detects NAT and switches to UDP-ESP encapsulation per IETFs IP Security Working Group)
Feature Highlights
Networking
RADIUS failover, proxy load balancing Wireless passwords sent over 802.1x VPN
Feature Highlights
Message Queuing
MSMQ 3 clients use LDAP to talk to AD MSMQ can be installed on NON-DCs. Queue aliases and distribution lists allow mail subscriptions to include queues, including private ones through the use of an alias. Triggers are built-in no longer an SDK add-on Internet messaging URL access to submit to queues using HTTP Messaging over SOAP/HTTP in XML Load balancing Firewall friendly
Feature Highlights
Manageability
Event Correlation Components Event Forwarding Components WMIC (WMI Command Line) Added namespace providers Improved WMI Security
Feature Highlights
Multiple roots on a single server Ability to control FRS staging location on non-DCs Ability to filter links for large DFS roots Ability to define scheduling per-link for replication Ability to define replication topologies Uses AD site metrics to locate closest DFS share
Feature Highlights
Fast
Fast Stream Stream data to WMP9 faster Fast Cache Stream data ahead to counter drops in network Fast Recovery Uses Forward Error Correction to provide redundant packets to wireless clients Fast Reconnect Auto reconnects broken connections > 1,000 interfaces 7x24 Internet radio Terrestrial radio with AFTRA support (ad replacement) Corporate TV
Usage Scenarios
Feature Highlights
Other
Server-side playlists On-demand streaming to PCs and devices Ad logging Content in playlists adjustable on the fly
Performance Enhancements
2x faster than Windows 2000 4x faster than Real Server 2x faster than Apple
Feature Highlights
For Developers
Applications use manifest which detail which DLL versions they need DLL Loader uses SxS Manager to load proper version
Isolation levels Application pooling (like IIS 6 web gardens) Pause/Disable/Dump applications
Universal Plug and Play (UPnP) NetBEUI Network Interface Cards MSKB 317594 Modems MSKB 320892 Visual Basic 5.0 Runtime MSKB 327063
16-bit Support ACPI (except for 64-bit fixed tables) ASP.NET State Service Compressed (zipped) Folders DirectMusic DVD video playback support Enterprise Memory Architecture Fast User Switching Fax support Hot Add Memory IEEE 1394 audio support Internet Connection Sharing (ICS) Internet Connection Firewall (ICF) Internet Locator Service (ILS)
IPX (incl. SNMP over IPX) Client for NetWare Services for Macintosh NetBIOS OSPF .NET Framework NetMeeting Network Bridge Network Setup Wizard Recovery Console (as startup option; can still be used from CD) Remote Assistance Server Appliance Kit (SAK) Speech recognition Themes Windows Media Player Windows Media Services Windows Product Activation
In-Place Upgrade
Configure DNS on PDC Upgrade PDC to Windows Server 2003 Prevent PDC Locator Overload Synchronize FRS with directory replication master Verify AD configuration and functionality Add additional DCs to Windows 2003 Domain
The domain that you are upgrading is the root domain of the Windows 2003 forest. The domain is going to exist in your system for a long period of time. The domain must maintain its own DNS operations.
Reference a DNS server in the parent domain. Do this if you have already configured DNS for Active Directory in your environment, and the domain that you are upgrading is a temporary domain.
Feature for NT domains with a lot of Windows 2000 and Windows 2003 servers and XP Pro clients Windows 2003 DCs may not be able to authenticate all clients initially
If your domain has Win2000/XP clients, configure Windows 2003 DC to emulate Windows NT to enable these clients to authenticate. Upgrading clients in the domain without upgrading more than one DC eliminates load balancing and fault tolerance on the DC. Even if your domain includes only a few Windows 2000 or Windows 2003 clients, it is best to configure the Windows 2003 domain controller to emulate NT4.
Configure DC to emulate NT4 DC after installing Windows 2003 but before running DCPromo.
After upgrading the NT4 PDC to Windows 2003, configure a script file to copy the files in the Sysvol folder to the BDC that provides export services to other NT4 BDCs in your domain.
Examine the event log on the BDCs for events that confirm that objects that were created after you completed the upgrade process replicated to the BDCs. Event ID 5715 in the System event log indicates that the BDCs synchronized with the Windows 2003 DC. Make sure you can: Add users to the domain Log on to the domain from a client workstation Replicate changes throughout the environment Run services in the domain
In-Place Upgrade or DCPromo (promote) Windows 2003 member server ADPrep (copies the files 409.csv and dcpromo.csv from the i386 directory to the local computer to prepare the AD forest and domain)
Run ADPrep /domainprep in other domains first After upgrade, forest is at Windows 2000 functional level If all Windows 2000 domains are in native mode, domain functional level is automatically raised to Windows 2000 native after you upgrade the first DC to Windows 2003.
.NET Framework
Whats the relationship between Windows Server 2003 and the .NET Framework?
Hidden components that cannot be removed! RC2 ships with .NET Framework 1.1 Object-oriented programming environment Code execution environment Smart Clients XML Web Services Microsoft .NET Enterprise Servers Developer Tools & Environments
.NET Framework
Smart Clients
Windows XP Professional Windows XP Embedded Microsoft CE.NET Smart Devices: Tablet PCs, PocketPCs, PocketPC Phone Edition, Windows Powered Smartphone XBox
.NET Framework
.NET Framework
Application Center 2000 BizTalk Server 2000 Commerce Server 2000 Content Management Server 2001 Exchange 2000 Host Integration Server 2000 ISA Server 2000 Mobile Information Server 2001 SharePoint Portal Server 2001 SQL Server 2000 Windows Server 2003
.NET Framework
Versions
RC1 = v1.0 RC2 & RTM = v1.1 Upgrading from RC1 to RC2 discussed in MSKB 330046
Links
Downloads
Questions?
Technical Perspective
Scott Schnoll
MCT, MCSE, MCSA, Microsoft MVP Product Support Manager - TNT Software President NOBUG
Copyright 2002-2003 Scott Schnoll All Rights Reserved Microsoft, Windows, and other referenced marks are property of Microsoft Corporation and used herein with permission