The best mantra on security is to reduce the surface area for attacks. This means to have the minimum number of components or code running at a given point to get the work done, no more and no less (Slogan Courtesy: Oswald Cartoon character Henry Penguin). For example, if you are running a web server for serving static web pages and images, why install and run .NET Framework/JAVA or a Database server or COM+ components. In *nix world this was possible for years but in Windows, though this was possible – it required the average Systems Admin to have extensive knowledge of each and every service running on the machine.

Now Microsoft has simplified this with the introduction of Windows Server 2008 Core. The Server Core installation of Microsoft Windows Server 2008 provides a minimal environment for running specific server roles that reduces the maintenance and management requirements and the overall attack surface area. To provide this minimal environment, a Server Core installation installs only the subset of the binaries that are required by the supported server roles. For example, the Explorer shell is not installed as part of a Server Core installation. Instead, the default user interface for a Server Core installation is the command prompt. You can manage either locally at the command prompt or remotely by using Remote Desktop. You can also manage the server remotely by using the Microsoft Management Console (MMC) or command-line tools that support remote use.

In Tech Ed 2007 – Microsoft announced that the Server Core installation option of Microsoft Windows Server 2008 now includes Internet Information Services 7.0 (IIS7). IIS 7.0 introduces much-wanted capability such as shared Web server configuration across servers.

As a side note: I envisioned :-), a similar SKU about 8 years back when I presented this mock presentation on MSDOS.NET for grabbing the audience before my Commerce Server 2000 presentation in Tech Ed 2000.

References: Server Core: Windows Without Windows

Categorized in:

Tagged in: