Windows Server virtualization (WSv) features:
- Provides powerful virtualization and network management technology that enables businesses to take advantage of virtualization’s benefits without buying third-party software
- Reduces IT costs, centralizes network management, increases network security and reliability, and provides scalability to help control hardware budgets
- Provides unprecedented ability to leverage host hardware allowing virtualization of very demanding workloads:
- Up to eight processor cores per virtual machine (VM)
- More than 32GB or RAM per VM
- Utilizes a 64-bit Hypervisor based architecture that supports hardware-assisted virtualization, utilizing both Intel VT and AMD “Pacifica” technology
- Supports 32-bit and 64-bit VMs running side-by-side
- Supports Windows, Linux, and Xen-enabled Linux as operating systems on VMs
- Takes advantage of a new hardware-sharing architecture VMBus for VM to host interaction of disk, networking, input/output, and video hardware
- Utilizes a microkernelized architecture and insulates the kernel, providing a more secure platform for virtualization
- Allows memory page sharing that reduces memory consumption by maintaining only a single copy of memory pages shared by multiple VMs
- Makes synthetic devices available hardware to VMs without limitations created by emulation, allowing new features such as hot-add NICs and storage
- New storage features, such as pass-through disk access and dynamic storage addition which allow VMs more access to data, and external programs and services more access to data stored on VMs
- Flexible, role-based security allows delegation of VMs
- Enables High availability scenarios where WSv hosts or VMs running on WSv hosts can be clustered
- New management tools and performance counters make the virtualized environment easier to manage and monitor
- Allows for backup of VMs while they are running
- Addresses these key Virtualization scenarios:
- Automation of test and development environments
- Business continuity and disaster recovery
- Dynamic Datacenter
Internet Information Services (IIS) 7.0 enhancements:
- Is a major upgrade to IIS 6.0
- Provides a modular design and installation, resulting in enhanced security and reduced attack surface
- Allows flexible extensibility model for powerful customization
- Improves administration with the new IIS Manager graphical tool, and new appcmd.exe command-line tool
- Provides comprehensive diagnostic and troubleshooting tools that allow easy visibility and tracking of requests running on the Web server
- Allows delegated administration of Web sites
- The same web.config files are used by IIS 7.0 and the ASP.NET application framework providing one configuration store for all Web platform configuration settings
- Utilizes a distributed configuration, which allows administrators to specify IIS configuration settings in files that are stored with the code and content
- Enables Xcopy deployment of Web sites
- Provides programmatic access to configuration stores through WMI provide or Microsoft.Web.Administration
- Enables application and health management for Windows Communication Foundation (WCF) services
Server Core features:
- Allows administrators can choose to install a minimal installation of Windows Server with specific functionality and without any unneeded features. The server roles available are:
- Dynamic Host Configuration Protocol (DHCP) server
- Domain Name System (DNS) server
- File server
- Active Directory® Domain Service (AD DS)
- Active Directory Lightweight Directory Services (AD LDS)
- Windows Media® Services
- Print Management
- Windows Server Virtualization
- Reduces software maintenance
- Decreases the attack surface of the server
- Reduces management
- Requires less disk space
Server Manager, the expanded Microsoft Management Console, enhancements:
- Simplifies and centralizes server management through a single MMC console, allowing administrators to view and manage all of the tools that affect server productivity
- Enables easy addition or removal of server roles, such as Active Directory Domain Services or File Server, and features, such as Windows BitLocker™ drive encryption
- Allows multiple roles and features to be added in a single Server Manager sessions—role and role service dependencies are tracked, so required components are dynamically removed or added
- Provides Server Manager wizards to streamline common server management tasks
- Provides an Initial Configuration Tasks window that opens automatically after the operating system installation process is complete; this moves interactive elements of setup to post installation, eliminating the need for the administrator to interact with the installation of the operating system
Read Only Domain Controller (RODC) features:
- Hosts a read-only replica of the database in Active Directory Domain Services (AD DS) for a given domain
- Designed to be installed in locations where physical security for the domain controller cannot be guaranteed, such as branch offices
- Allows local authentication for users in remote and branch office locations
- Provides local and AD Integrated DNS and Global Catalog (GC) services
- Utilizes unidirectional replication saves bandwidth (hub sites don’t have to pull changes from the RODC)
- Prevents domain user account data from being compromised if the RODC physical security is compromised
- Provides configurable credential caching on the RODC
- Allows administrative permissions to be delegated to local users to manage the RODC without allowing that user any additional permissions on the domain
Network Access Protection (NAP) features:
- Provides a set of client and server side components and services that prevents unhealthy computers from accessing and compromising an organization’s network
- Allows administrators to create health policies for clients such as firewall-enabled virus software installed and updated
- Validates clients health upon connection to the network and continuously while clients remain connected
- Enforces heath policies through DHCP, VPN, IPSec, 802.1x (clients evaluated on connection or use of services)
- Restricts or denies client network access for non-compliant computers
- Performs automatic remediation for noncompliant client computers
- Helps ensure the network and systems aren’t compromised by unhealthy computers
Cryptography Next Generation (CNG) features:
- Allows customers to use their own cryptographic algorithms or implementations of standard cryptographic algorithms
- Performs basic cryptographic operations, such as creating hashes and encrypting and decrypting data, as well as creation, storage and retrieval of cryptographic keys
- Supports the current set of CryptoAPI 1.0 algorithms
- Provides support for elliptic curve cryptography (ECC) algorithms
- Allows the use of custom cryptography algorithms in cryptography-related applications
Windows Deployment Services (WDS) features:
- Replaces Remote Installation Services (RIS) from previous versions
- Provides a simplified, secure means of rapidly deploying Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or to install Windows components from CD or DVD media.
- Uses a new image format (WIM) and deployment service (WDS) that simplifies image management, resulting in a faster, more reliable deployment for both clients and servers.
Enhancements to Existing Features
Active Directory Domain Services (AD DS) enhancements:
- Provides an AD DS Installation Wizard that streamlines and simplifies AD DS installation and configuration
- Includes a new Find command in Active Directory Sites and Services snap-in that makes locating domain controllers across the enterprise easier
- Makes available new auditing options that allow administrators to track Directory Service changes, including modification, creation, undeletion, and movement of objects, as well as previous and new attribute values
- Incorporates Restartable Active Directory allowing administrators to stop and restart Active Directory domain services without restarting the domain controller, to perform offline AD DS operations more quickly
- Allows Group Policy settings to be viewed with the command-line tool Auditpol.exe
Active Directory Lightweight Directory Services (AD LDS) enhancements:
- Replaces functionality that was provided by Active Directory Application Mode (ADAM)
- Provides a robust, scalable directory service for directory enabled applications, for which integration is either not desirable or not necessary
- Use the same code base as Active Directory Domain Services
- Provides the following directory service features
- Multimaster replication
- Support for the Active Directory Service Interfaces (ADSI) application programming interface (API)
- Application directory partitions
- LDAP over Secure Sockets Layer (SSL)
Active Directory Rights Management Services (AD RMS) enhancements:
- Provides services to enable creating information-protection solutions that work with any AD RMS-enabled application to provide persistent usage policies for sensitive information
- Allows administration through a Microsoft Management Console (MMC)
- Integrates with Active Directory Federation Services (AD FS)
- Supports self-enrollment of AD RMS servers
- Provides delegation of responsibility by means of new AD RMS administrative roles
- Allows creation of rights-protected files and templates, and licensing of rights-protected information to trusted entities
DNS Server enhancements:
- Provides name resolution for both IPV4 and IPv6 TCP/IP based networks
- Enables background zone loading of zone data from AD DS during DNS service restarts, which allows the DNS server to respond to requests for other zone data more quickly
- Supports Read-only Domain Controllers (RODCs)
- DNS Server is available as a Server Core role
- Allows GlobalNames zones for static, global records with single-label names, a service which was traditionally be supplied by WINS; DNS will eventually phase out WINS
- Provides DNS clients with changes that facilitate the location of close domain controllers
Failover Clustering enhancements:
- New setup wizards eliminates potential setup and configuration errors
- Uses IPv6, which is fully integrated into failover clusters for node or heartbeat communication
- Uses Domain Name System (DNS) without legacy NetBIOS dependencies, eliminating the need for WINS and NetBIOS name-resolution broadcasts
- Allows associations between a network name resource and multiple associated IP addresses, so that the network name will be available if any of the IP addresses are available.
- Utilizes the more reliable Transmission Control Protocol (TCP) rather than the less reliable User Datagram Protocol (UDP) for cluster “heartbeats”
- Enhances security in failover clusters include:
- A new security model: Cluster Service now runs in the context of the LocalSystem built-in account.
- Auditing: Administrators can use auditing to capture information about who accessed a cluster and when it was accessed.
- Encryption: Windows Server 2008 allows administrators set inter-node communication to be encrypted.
- Allows geographically dispersed clusters, meaning cluster nodes no longer need to be on the same IP subnet or configured with complicated VLANs.
Network Load Balancing enhancements:
- Supports IPv6, in addition to other protocols, for all communication
- Supports for NDIS 6.0 while retaining backwards compatibility with earlier NDIS versions
- Provides WMI enhancements for IPv6 and multiple dedicated IP address support
- Improves denial of service (DOS) attack and timer starvation protection—NLB can detect and notify applications when an attack is underway, or when a node is under excessive load
- Supports for multiple dedicated IP addresses per node, allowing multiple applications to be hosted on the same NLB cluster in scenarios where separate applications require their own dedicated IP address
Windows Server Backup enhancements:
- Incorporates a new, faster backup technology
- Simplifies restoration
- Simplifies operating system recovery
- Improves scheduling
- Supports DVD media
Windows Reliability and Performance Monitor enhancements:
- Combines the functionality of several previous stand-alone tools, including Performance Logs and Alerts, Server Performance Advisor, and the System Monitor into the Windows Reliability and Performance Monitor MMC snap-in
- Allows the use of Data Collector Sets to group data collectors into reusable elements for use with different performance monitoring scenarios
- Provides wizards and templates to save time performing common performance monitoring tasks
- Provides the Resource View, which presents real-time graphical overview of CPU, disk, network, and memory usage
- Calculates a System Stability Index that reflects whether unexpected problems reduced the reliability of the system, and provides details to help troubleshoot the root cause of the problem in the Reliability Monitor
- Provides unified property configuration for all data collection, including scheduling, and the ability to save collector sets as templates.
- Improves reporting by allowing administrators to easily duplicate reports and assess how changes to a server have affected performance or review the report’s recommendations.
TCP/IP Stack enhancements:
- Window Auto-Tuning and Compound TCP makes better use of available network bandwidth
- High-loss environments, which help make connectivity more consistent and reliable
- Neighbor Unreachability Detection for IPv4, which provides better detection and recovery when network nodes become unavailable
- Changes in Dead Gateway Detection, which allow computers to determine of a previously dead gateway has come back online which can result in faster throughput
- Changes to PMTU Black Hole Router Detection, which can help prevent connections from termination
- Network Diagnostics Framework support provides an extensible architecture that helps users recover from and troubleshoot problems with network connections
- Windows Filtering Platform is a new architecture that provides APIs, so the Independent Software Vendors (ISVs) can filter at several layers in the TPC/IP protocol stack and throughout the operating system, allowing them to create firewalls, antivirus software, diagnostic software, and other types of applications and services
- Explicit Congestion Notification that can address issues on congested routers, and provide better, more overall throughput
- Windows Firewall with Advanced Security enhancements:
- Supports filtering for both incoming and outgoing traffic which helps prevent spread from an infected computer
- Integrates firewall and IPSec management in a single new MMC Console, preventing overlapping policies, and allowing for local and remote firewall configuration (remote configuration is not possible in the current Windows Firewall without a remote desktop connection).
- Provides many new ways to configure firewall exceptions. Exceptions can be configured for:
- IP protocol number
- Source and destination
- All or multiple ports
- Specific types of interfaces
- ICMP and ICMPv6 (ping) traffic by Type and Code
- Restricting firewall rules to either users, groups, or computers
Terminal Services enhancements:
- Provides Remote Desktop Connection 6.0 or later
- Provides Remote Desktop Connection display improvements, including:
- Custom display resolutions, and 16:9 displays
- Monitor spanning
- Desktop experience
- Desktop composition
- Font smoothing
- Display data prioritization for input devices
- Redirection for Windows Portable Devices, specifically media players based on the Media Transfer Protocol (MTP), and digital cameras based on the Picture Transfer Protocol (PTP)
- Redirection of Windows Embedded for Point of Service devices, such as full function point-of-sale workstations, network bootable “thin client” point-of-sale terminals, customer-facing information kiosks, and self-checkout systems
- Provides Single Sign-On (SSO) for Terminal Services sessions
- Distributes sessions in a TS Farm with the TS Session Broker
- Enables TS Easy Print to reliably print from a TS RemoteApp or full desktop session to a local or network printer installed on the client computer
- Incorporates Licensing Improvements
- Terminal Services Per-Device client access license permits one device (used by any user) to conduct Windows sessions on any of an organization’s servers
- Terminal Services Per-User client access license permits one user (using any device) to conduct Windows sessions on any of an organization’s servers
Terminal Services Gateway (TS Gateway) enhancements:
- Enables remote users to connect securely to terminal servers and remote workstations across firewalls and network address translators (NATs).
- Provides a more secure model, allowing users to access only selected servers and workstations instead of the entire corporate network through a VPN.
- Leverages the security and availability of the HTTPS protocol to deliver Terminal Services with no client configuration.
- Provides a comprehensive security configuration model that enables administrators to control access to specific resources on the network.
- Transmits all RDP traffic that typically would have been sent over port 3389 to port 443, using HTTPS.
Terminal Services RemoteApp features:
- Provides access to the remote application that launches and runs in its own resizable window on the client computer’s desktop
- Reduces administrative effort by only having one central application on the server to maintain, instead of having to maintain individual installations on multiple desktops throughout the organization
- Improves the user experience, providing smoother integration of the remote application with the client computer desktop
- Allows any program that can run in a Terminal Services session or in a Remote Desktop session can run as a Remote Program
Terminal Services Web Access enhancements:
- Enables administrators to make Terminal Services RemoteApp programs available to users from a Web browser, without requiring any software installation by the user
- Enables users to access Remote Programs or entire desktops from a Web site over the Internet or from an intranet
- Includes a customizable Web Part, which can be incorporated into a customized Web page or a Microsoft Windows SharePoint® Services site
- Provides customization for the list of available programs through Group Policy integration
Terminal Services Licensing enhancements:
- Provides centralized administration for TS CALs and the corresponding tokens
- Enables license accountability, tracking, and reporting for both Per-Device and Per-User licensing mode
- Simplifies support for various communication channels and purchase programs
- Minimizes the impact on network and servers
Terminal Services and Windows System Resource Manager provides the following enhancements:
- Allows control of how CPU and memory resources are allocated to applications, services, and processes on the computer
- Improves system performance
- Reduces the chance that applications, services, or processes will take CPU or memory resources away from one another
- Creates a more consistent and predictable experience for users of applications and services
Public Key Infrastructure (PKI) enhancements:
- Provides PKIView tool for managing and monitoring the validity or accessibility of authority information access (AIA) locations, and certificate revocation list (CRL) distribution points (CDP) in the enterprise.
- Enhances Certificate Web enrollment
- Provides Network Device Enrollment Service (NDES) through Microsoft Simple Certificate Protocol (MSCEP), which allows network devices such as switches and routers to authenticate.
- Provides for distribution through Group Policy of all of the following types of certificates:
- Trusted root CA certificates
- Enterprise trust certificates
- Intermediate CA certificates
- Trusted publisher certificates
- Untrusted certificates
- Trusted people (peer trust certificates)
- Provides Online Certificate Status Protocol (OCSP) support as an option for certificate validation and revocation
- Allows Certificate management via Group Policy.
Windows SharePoint Server enhancements:
- Provides an enhanced, two tier administration model that simplifies administration with new management tools and GUIs.
- Provides new and improved compliance features and capabilities
- Supports new network configuration such as alternate access mappings, and pluggable authentication
- Improves search and collaboration features making it easier for users to quickly locate information and collaborate on projects
Windows Media Services enhancements:
- The built-in WMS Cache/Proxy plug-in can be used to configure a Windows Media server either as a cache/proxy server or as a reverse proxy server so that it can provide caching and proxy support to other Windows Media servers.
- The Windows Media Services services that are required to perform the Streaming Media Services role can be installed on a Server Core installation of Windows Server 2008.
Advanced Fast Start adds to the Fast Start capabilities by allowing Windows Media Player to begin playing content as soon as its buffer receives a minimum amount of data, further reducing the amount of time a user must wait to begin receiving the stream.
- Play While Archiving meansthat broadcast content can be archived to a file, and the archived content can be made available for on-demand requests or rebroadcast even before the broadcast is finished being archived.
- Improved fast-forward and rewind functionality for the video portion of content stabilizes network bandwidth availability by using separate files for each FF/RW speed. This results in a fixed bandwidth requirement per client, regardless of playback speed, and greatly smoothes the FF/RW experience.
- In the event of an interruption, such as a power failure, broadcast publishing points can be configured to begin running again automatically whenever the Windows Media server starts, so that viewers experience less disruption when viewing streaming content.
- Absolute Playlist Time adds the playlist timing value wallclock. You can use the wallclock value to automate broadcast schedules by assigning real-world clock values in Coordinated Universal Time (UTC) to attributes in server-side playlists.
- If the primary encoder fails or is stopped, you can configure Windows Media Services to pull content from an alternate encoder or other content source after a specified period of time by using URL modifiers in the path to the primary encoder.
- Windows Media Services is available as a component in x64-based versions of the Microsoft Windows Server 2003 operating system.
Read the complete article on Technet @> What’s New in Windows Server 2008 and Windows Server 2008 R2