Dude, Who Stole my GUI
Ok... enough of the melodramatics... Let's talk about Microsoft Windows 2008 Server Core installations.
A core server installation is a scaled-back version of the full server install. All system administration is done via command prompt. There is no GUI. Once the server is on the network though it can be administrated remotely via Microsoft Management Console (MMC).
A server core will not include.Net Framework, Internet Explorer, or any other feature not critical to server operations. After installing the core the adminitrator has the ability to configure it for one or more of many basic roles: domain controller, DNS server, DHCP server, file server, print server, Windows media server, terminal services Gateway, Web server, and virtualization server.
There are two main compelling reasons why we will see the entire industry rapidly adopting core installations. The first has to do with security and the second with availability.
By introducing core installations in Windows Server 2008 Microsoft has dramatically reduced the possible surface area for an attack. In previous versions, by default, the operating system was installed with the vast majority of its functionality enabled. This meant, that features installed on a server, but not actively being used, might be exploited to gained access to the system and it's data. Personally, I feel that getting rid of the GUI was taking this to a bit of an extreme, however it does show how serious of a commitment Microsoft is made to security these days.
The second reason to consider core installations is server availability. One of the largest causes of scheduled system unavailability is the requirement to keep your servers patched. When Microsoft reduced the surface area of the operating system it also reduced what needed to be patched. Now, instead of having to apply patches for Internet Explorer or IIS, you only have to patch for the core install, any roles that have been added, and software running on top of the operating system. This could potentially cut in half the amount of patching required.
The bottom line is that in spite of the whining you will hear from your system administrators core installs are going to be the way to go. (It's also quite possible regulatory considerations and auditors will give you no choice in the matter.) Any inefficiencies introduced on the system administration side will be more than offset by the savings you will gain from increased system availability.
Below is a list of configuration commands I used when setting the core installation demo:
netsh interface ipv4 show interfaces
netsh interface ipv4 set address name="2" source=static address=192.168.1.4 mask=255.255.255.0 gateway=192.168.1.1
netsh interface ipv4 add dnsserver name="2" address=192.168.1.3 index=1
netdom renamecomputer win-43215454 /NewName:lab2
For a step-by-step guide on configuring a server core go to the following link:
http://technet2.microsoft.com/windowsserver2008/en/library/47a23a74-e13c-46de-8d30-ad0afb1eaffc1033.mspx?mfr=true
Hi Paul - particularly liked the opening paragraph
You might find my post on a">http://www.markwilson.co.uk/blog/2007/08/a-few-commands-to-get-started-with-windows-server-core.htm">a few commands to get started with Server Core useful?
Cheers, Mark
Reply to this
(looks like that URL got mangled by a plugin... should be http://www.markwilson.co.uk/blog/2007/08/a-few-commands-to-get-started-with-windows-server-core.htm).
Reply to this
Good site Mark. A lot of good information.
Reply to this
Isn't this what Netware was doing 15 years ago? When MS decided everything should be GUI at the server.
Reply to this
Exactly, never discounted good idea just because it's old. Computing technology seems to be such a cyclical.
First we had the monolithic model where there was one giant server that processed everything for a company. Then came the personal computer which revolutionized computing and made it a viable option for midsize companies. A few years of personal computers resulted in the client/server model. Due to the proliferation of these servers we got a new consolidation wave with virtualization technology and now are headed back to the monolithic model.
-Paul
Reply to this
Paul, nice blog and interesting article. I guess it's true that MS is serious about security, even if they are getting here kicking and screaming. As an Oracle guy I find it interesting to compare/contrast the concept of "core installations" when it comes to Oracle. These days Oracle is all about the GUI, one-button install - and the default install loves to burden the database with a whole slew of options and frankly, "Oracrap" as I call it. Then the DBA has the next decade to manage, patch, and scratch his head as he attempts to keep the inner-workings functional -- all the while having no idea what pieces and parts are really needed by the application.
So Hopefully the trend toward "core installations" isn't limited to operating systems but covers the entire technology stack. I sort of doubt it, but one can be hopeful.
And by the way, long live command line!
Reply to this
Hey, that was interesting,
Keep up the good work,
Anyway, thanks for the post
Reply to this