Agencies that want to increase the stability and security of their systems and extend the useful life of older hardware should take a good, hard look at Server Core, an installation option of Microsoft Windows Server 2008.
In the past, if you chose to do a full installation of Windows, you received the binary code for all of the server operating system’s features, even if you didn’t want or need it all. The problem is that more binaries create more attack surface; thus, a less secure system. They also lead to more patch management and, therefore, more maintenance.
Tip 1 Learn what is and isn’t included.
Server 2008 offers two installation options: Full and Server Core. Server Core is basically a stripped-down version that runs only limited functions, such as Active Directory, Domain Name System, Dynamic Host Configuration Protocol, File/Print, Hyper-V, Internet Information Services and a few others. Because Server Core supports only a subset of features available from the full installation, Microsoft has removed anything not needed, including many OS components and services, the Windows Explorer desktop shell, Microsoft Management Console and most GUI tools.
Tip 2 Consider the possibilities.
Server Core also has a much smaller disk footprint, requiring only 1.6 gigabytes, compared with 7.6GB for a full installation; and the default memory footprint is only 180 megabytes, compared with about 310MB. You might be able to run Server Core on older hardware, with disk space and RAM that would not support a full installation, thereby extending the life of your gear.
One of the most common uses for Server Core is for infrastructure servers, such as domain controllers, DNS servers and DHCP servers. Andrew Mason, principle program manager lead for Windows Server Core at Microsoft, says he’s seen a wide range of Server Core deployments, “with the most common roles being Hyper-V and servers with both Active Directory and DNS installed.”
By supporting Hyper-V, Server Core provides an ideal platform for consolidating multiple servers onto a single server through virtualization, while keeping virtual machines securely isolated from one another. Branch offices that might have less physical security and few (or no) IT staff to maintain servers are also good candidates for Server Core.
Tip 3 Prepare yourself for
When you first log on to Server Core, it’s a bit shocking. All you get is a command prompt — no desktop, taskbar or Start menu. Managing a Server Core installation locally can be a bit challenging for administrators who aren’t comfortable working from the command line.
Apart from Notepad, Registry Editor and a couple of Control Panel utilities (all of which must be launched from the command prompt), there are few other GUI tools available. When you’re logged on locally to a Server Core box, you’re limited to using Windows command-line tools, batch scripts and scripts written in VBScript that use Windows Management Instrumentation (WMI) to manage your Server Core installation.
Tip 4 Take full advantage of remote management.
Remote management is a lot easier because you can use the same MMC consoles you would use to administer a full installation of Server 2008, either by enabling the Remote Server Administration Tools feature on a full installation or by installing RSAT on Windows Vista with Service Pack 1. Other options for remotely managing a Server Core installation include using Terminal Services to access the remote desktop, using Windows Remote Management (WinRM) to execute remote commands or using Group Policy to apply policy settings to a Server Core installation.
You can manage Server Core remotely almost identically to the way you manage a full installation — that’s almost identically. You can’t install the .NET Framework on Server Core, so you cannot run managed code (which makes Server Core unsuitable as an application-hosting platform) and you can’t install PowerShell or run most PowerShell commands remotely against a Server Core installation. About the only PowerShell command you can use to remotely manage a Server Core installation is the Get-WMIObject command, which lets you manage it using WMI the same way you might using VBScript.