Question : Determine Your Need for Server Core

During the process of installing Windows Server 2008, perhaps you noticed the Server Core option. What exactly is Server Core, and does your particular company have a need to implement it?

Answer : Determine Your Need for Server Core

Solution: Server Core is a new feature in the Windows Server world. It installs a command-line administration-only version of Windows Server 2008 that helps reduce the attack surface of the server. Traditionally, there are many attack options on a Microsoft server, and you, the administrator, need to be aware of that and take action to ensure security. However, with Server Core, less code is installed (that is, there is a smaller footprint), and with that reduction in code comes a reduction in the number of places an attacker can hit. Fewer moving parts equals fewer vulnerabilities.

Note

What is the attack surface area of an operating system? Keep in mind that each application added to a system provides a corresponding opportunity for attack and so poses a risk. In addition, certain services may leave your system open to infiltration. This is all considered the attack surface, and the goal in securing a system is to reduce that surface, typically by turning off or removing features that are unnecessary.


Until you see a Server Core system for yourself, you may not believe that you are really going to be working from a command prompt again. But that is truly what you have at your disposal. In fact, the Explorer shell is not even installed. You may be surprised to learn that you aren’t working with the new PowerShell command prompt.

PS Note

At the time of this writing, PowerShell was not functional in Server Core because it requires the .NET Framework, which cannot be installed on a Server Core system at this time. The .NET team has worked on providing a modularized version for Server Core admins to be able to work with PowerShell, and this will be available in R2. See the section “Incorporate Server Core Changes in Server 2008 R2,” later in this chapter.


Now, keep in mind that Server Core isn’t able to provide all the server roles that a typical server would have. The supported roles in Server Core include the following:

  • Active Directory Domain Services (ADDS)

  • Active Directory Lightweight Directory Services (AD LDS)

  • DHCP Server

  • DNS Server

  • File Services

  • Internet Information Services (IIS)

  • Print Services

  • Streaming Media Services

  • Windows Virtualization (Hyper-V)

And, as you will soon see, you cannot use the Server Manager tool to install these roles. Instead, you need to install them through the command line, using a tool called ocsetup.exe.

Keep in mind that third-party application software cannot typically be installed and managed on a Server Core server, so this server isn’t going to be used for things like your antivirus management or even some of the management solutions that Microsoft provides that must be installed on top of the server and require certain underlying services to be running. What this is a good fit for in an environment, however, is in areas like DNS or DHCP services or even file services.

Note

Although IIS is installable on Server Core, Server Core doesn’t currently support ASP.NET. Due to the lack of support for managed code, there are many reasons you might not be able to use Server Core for your particular web server (for example, no IIS-ASPNET, IIS-NetFxExtensibility, IIS-ManagementConsole, IIS-ManagementService, IIS-LegacySnapIn, IIS-FTPManagement, WAS-NetFxEnvironment, and WAS-ConfigurationAPI).



Random Solutions  
 
programming4us programming4us