|
||
|
|
|
              |
|
 |
 |
||||||||||||
|
 |
|
||||||||||
By William Van Winkle |
||||||||||||
|
[ TERMINAL SERVICES: EXPANDING ACCESS ] At a time when every business, big and small, should be turning its eyes to security, it’d seem crazy to open the gates to your customer’s organization. Yet the idea behind Terminal Services is to make networked resources available to the people who need them—not just over the local LAN, but from anywhere. Windows Server 2008 takes the Terminal Services features you likely learned about through SBS 2003’s Remote Desktop to an entirely new level of connectivity. But it does so through even more secure channels. The core functionality of Terminal Services centers on a user-friendly experience. When your customer connects to his corporate network from a hotel somewhere, he should be greeted by a fully functional desktop that looks like his machine at the office. As a reseller, you enable that familiar environment through Microsoft’s new Remote Desktop Connection 6.0 software. The package adds several new features: support for 16:9 and 16:10 displays, spanning across monitors, combined desktop resolutions of up to 4096 x 2048, and display data prioritization, a QoS measure that favors display bandwidth traveling over the network. If you install the Desktop Experience feature, Microsoft’s Remote Desktop Connection software will reproduce the remote machine’s desktop layout on that local client. Desktop Composition further mimics the customer’s familiar computing experience by enabling Windows Aero support on a Vista-equipped remote system. Again, there are some clear benefits to the look-and-feel enhancements rolled into Server 2008. Now it’s possible to work on the desktop in your office, from home, at the same resolution, across several screens, and with familiar settings. Here’s where Terminal Services becomes a real asset to resellers—especially those with experience configuring remote desktops in Small Business Server 2003. Terminal Services Gateway (TS Gateway) is a role service within Terminal Services that lets users connect to corporate assets remotely from any Internet-equipped device. In the past, you might have sold your customer an SSL or IPsec VPN router to enable secure connections from outside of the network. TS Gateway gives you the same type of functionality from within Windows. When you would set up SBS 2003, it’d often be necessary to open port 3389 on your customer’s router, allowing Remote Desktop Protocol traffic through. If there were a problem with remote connectivity, it was usually tied to a network configuration issue. TS Gateway sends RDP data to port 443 instead, over an SSL tunnel. Most businesses have 443 open already because it’s the default for secured HTTP traffic. The benefit to you is simple: no more banging your head against a wall trying to figure out why customers can’t connect to their remote assets. SMBs win here as well. They can connect from anywhere. Moreover, you can save them the money they’d otherwise spend on an SSL VPN router. Even as it simplifies connectivity, TS Gateway buckles down on security. The TS Gateway Manager snap-in console lets you specify exactly who can connect remotely, whether they’re from user groups on the server or groups in the Active Directory Domain Services. You can also set TS Gateway to use Network Access Protection (NAP) to further enhance security in an environment where you’re deploying Vista on the client machines. We’ll dig further into NAP shortly, but in brief, the technology verifies that machines connecting to your customer’s network are healthy before they’re granted permission to join up. Veterans of SBS 2003 Premium: Microsoft claims you can apply your skill set in ISA (Internet Security and Acceleration) Server to make TS Gateway even safer. However, when we talked to Server 2008 product manager Eric Rezabek about mixing TS Gateway and ISA, the software firewall app seemed to take a back seat in light of Terminal Service’s new security features. Expect the next version of ISA to take a higher-profile position as upcoming Server 2008 bundles are finalized and launched. In order to get TS Gateway working properly, you’ll have to get your customer set up with an SSL certificate, so it’s a good time to familiarize yourself with the SSL and Transport Layer Security (TLS) cryptographic protocols. “If you’re setting up Server 2008 in a test environment to familiarize yourself with the TS Gateway features, you can use a self-signed certificate,” says Microsoft’s Rezabek. “Moving into SMB networks, you’ll want to be the link between your customer and VeriSign or another certificate authority able to provide an official SSL certificate.” When you take the polished user experience enabled by Remote Desktop Connection 6.0 and add the streamlined connectivity provided by TS Gateway, you’re left with a foundation for the most significant capability in Server 2008’s Terminal Services role, RemoteApp. Per Microsoft, RemoteApps are programs that your customers access remotely through Terminal Services. Because of the QoS improvements, the applications look like they’re running locally. Minimize them, maximize them, resize windows, or run multiple RemoteApps side by side. Just think about the simplicity you can offer to an organization running its own line-of-business software. Using RemoteApps, you can give customers access to that specialized software from anywhere— stationary systems in a branch office connected through a persistent connection or laptops on the road, syncing up on demand. When we first heard about RemoteApps, two issues came to mind that we thought might affect resellers. The first was compatibility. In an office where five people have access to accounting software, you could seemingly load the app onto a server and have two or three at a time inputting data. But if one RemoteApp session started manipulating the data set, would a second connection be able to interact with the changing database on-the-fly? Microsoft says you shouldn’t see any problems like that. It does, however, recommend testing applications to see which ones work best as RemoteApps. This is easier said than done, of course, when you don’t have access to your customer’s software library. The feature’s potential is at least compelling enough to warrant an on-site pilot program before you push Server 2008 to a live machine.
load the app onto a server and have two or three at a time inputting data. But if one RemoteApp session started manipulating the data set, would a second connection be able to interact with the changing database on-the-fly? Microsoft says you shouldn’t see any problems like that. It does, however, recommend testing applications to see which ones work best as RemoteApps. This is easier said than done, of course, when you don’t have access to your customer’s software library. The feature’s potential is at least compelling enough to warrant an on-site pilot program before you push Server 2008 to a live machine. Our second concern was licensing. If an SMB is running one server at the head of a 25-seat network, and each box has its own copy of Microsoft Office, couldn’t you save a significant sum by loading Office onto the server and exposing its various components as RemoteApps? Microsoft’s Eric Rezabek helped clarify for us. “TS licensing under Server 2008 works the same as old TS licensing, which is a bit different than licensing for the operating system itself,” he said. “You do have to have TS CALs in place, along with a TS licensing server.” Fortunately, you can run the TS licensing server on the same hardware running Terminal Services. A five-pack of CALs—whether they’re user or device licenses—costs $749. Your customer does end up paying for the convenience of getting remote access to an app running over the network, but many businesses will find the expense more than worthwhile. Terminal Services Web Access and Terminal Services Printing are extensions of the RemoteApp capability. Through TS Web Access, you can make RemoteApps available not only through a direct link with the server, but also through Web browser. Users don’t have to fire up an instance of the RDC client. Terminal Services Printing includes a special software driver that lets your customer print from a RemoteApp session onto a local printer.
[ SECURITY ON LOCKDOWN ] Given Microsoft’s emphasis on security in Windows Vista, you had to know Windows Server 2008 would address the topic even more aggressively. While we’re still on the fence as to the effectiveness of Vista’s annoying “improvements,” the additions made to Server 2008 appear much more noteworthy. To begin, Microsoft is encouraging resellers to make moves in manageability and compliance by more aggressively enforcing policy. Windows Server takes the driver’s seat in ensuring the client systems connecting to your customer’s network meet the requirements you define. If they don’t, Server 2008 aids in remediation. The backbone of Microsoft’s security strategy is Network Policy and Access Services, an umbrella that covers the previously mentioned Network Access Protection technology, secure wireless and wired access, remote connectivity, and central network policy management. Pay particular attention to NAP, itself consisting of several components that perform check-ups on clients connecting to a Windows Server network. In an SMB, your biggest concern as a VAR isn’t going to be deliberate attacks on the infrastructure. Rather, you have to worry most about the employee who connects remotely with a personal laptop infected with a virus or an unpatched version of Windows XP, vulnerable to any number of security holes. NAP is the vehicle by which you approve or reject requests to join the network. Specify if you want NAP to check for firewall software, anti-virus software with the latest definitions, the latest version of your anti-spyware software, and whether Microsoft Update Services is enabled. Clients that check out are allowed onto the network. Those that don’t can either be flat out denied or ushered onto a restricted network, where a remediation server can help get them up to date. From there, you can facilitate ongoing monitoring, so if a networked client turns off Windows Firewall, it’ll be flagged as noncompliant and restricted until the feature is re-enabled. Surely there’s a brandnew opportunity for an ongoing maintenance contract with your SMB customers here. Set up Windows Server 2008 with Network Policy and Access Services, configure NAP for ongoing policy enforcement, and guarantee the credentials of each machine connecting to your customer’s network. NAP is perhaps the most exciting piece of the Network Policy and Access Services role. However, a handful of other useful technologies become available once you get the role up and running. For example, you can configure 802.11 wireless access to the network, complete with NAP policy enforcement. Routing and Remote Access lets you deploy VPN and dial-up remote access service if it’s needed. And a configurable software router empowers you with all of the functionality you’d want from a hardware solution purchased separately. A handful of MMC snap-ins make all of those features relatively easy to manage, too. That’s great news for resellers without much experience locking down SMB networks.
The Windows Firewall was a big part of the SBS 2003 Service Pack 1 update, even though Microsoft disabled it by default. Here, the Firewall feature is automatically turned on for the first time in a Windows Server-based operating system. Windows Firewall filters all IPv4 and IPv6 traffic that enters or leaves the system, and all incoming traffic is blocked unless it’s a response to an outgoing request. Traffic in both directions is also wrapped up in IPsec to verify its integrity. Microsoft then combines controls for the firewall’s user interface and IPsec into one MMC called Windows Firewall with Advanced Security. For the VARs out there more intimately tied to security, Windows Server features a number of more nitty-gritty enhancements, from integration of IPv6 to CNG (Cryptograph Next Generation) to Active Directory Certificate Services and Active Directory Domain Services. There’s plenty of detailed security information available through the Server 2008 reviewer’s guide Microsoft hosts on its TechNet site. Just visit technet.microsoft.com and run a search for it. [ GETTING BUSINESS ONLINE ] Your business customers buy servers for many reasons. Some of them want to centralize data on one machine. Others want more granular control of who can connect to the company. But you can’t forget the folks looking to get their businesses online through a Web page or some other type of application enabled over the network. If you did any Web work in Server 2003, Internet Information Services should be a familiar hosting platform. In Server 2008, IIS 7.0 takes the spotlight, supporting all existing ASP, ASP.NET 1.1, and ASP 2.0 apps without any modification. (Read: You won’t run into compatibility issues and have to recode an app.) Under Server 2003, it was easy to change one field and tank an entire Web site. IIS 7.0 includes new troubleshooting tools that help solve those configuration issues. Tweaks to security, administration, and health management round out the improvements to IIS. When an SMB wants to serve up information through an application rather than a Web page, the new Application Server role in Server 2008 is the way to go. Now, traditionally, it’d be a struggle for a reseller to figure out the features and services he needs to get a line-of-business app running on a central server. Using the Add Roles Wizard, however, you can choose the role service you want to install, and Windows Server automatically adds the features needed to support that role. From there you can open the application to clients on the same domain, systems connected through the Internet, or other servers—even those running different operating systems. There are two more Web-oriented features that were originally slated to launch with Windows Server 2008 but didn’t make the cut. Windows SharePoint Services, the collaboration technology included in SBS 2003, and Windows Media Services, available on Windows Server 2003. Both will be released as separate software packages, according to Microsoft’s Eric Rezabek. At least in SBS, SharePoint Services seemed like one of those value-adds that VARs didn’t hit hard enough. With a bit of setup and some input from your business customer, the Web-based tool is especially great for syncing teams working in different places. Version 3 of the software adds more compliance-oriented functionality, helping lock down sensitive information. There’s also a two-tier model for administering SharePoint Services, along with a more flexible network configuration. Gone are the days of losing connectivity to your customer’s SharePoint site without a clue as to getting it back. Windows Media Services isn’t new. But the version you can download after installing Windows Server 2008 is optimized for the new operating system. It can, for instance, be installed as a Server Core role—ideal if your customer is setting up a big storage machines tasked with serving up streaming video. Windows Media Services also takes advantage of caching and proxying under Server 2008 to help conserve network bandwidth and minimize latency. A handful of other new features make Windows Media Services an interesting little add-on for businesses dabbling in streaming content online. When you’re ready to try Windows Media Services on your Server 2008 system, check out http://microsoft.com/windows/windowsmedia/forpros/ server/server.aspx. [ VIRTUALIZE THIS ] Last month we took a look at the state of virtualization and what the technology actually means to SMBs, especially now that Microsoft is adding Hyper-V as a built-in role to the 64-bit versions of Windows Server 2008. Our conclusion was that you should be looking at virtualization as an opportunity to engage your customers in consolidating their servers, cutting back on power usage, and simplifying management. If you still haven’t explored any further, consider the Server 2008 launch a reminder. Microsoft still plans to make the production release of Hyper-V available within 180 days of Windows Server 2008, so it isn’t far off on the horizon. How will Hyper-V fare against more established solutions from VMware and Citrix? That remains to be seen. Hyper-V is missing live migration support in its first iteration, though, so it isn’t quite as feature-complete as its competition. Nevertheless, you can’t really argue against a robust hypervisor-based virtualization platform included as part of an operating system you’re already buying. Now that the technology is being pushed into more mainstream channels, expect interest from SMB customers who would never have thought that their infrastructures made good candidates for virtualization.
As mentioned, Hyper-V will only work on 64-bit versions of Windows Server 2008. In turn, the hypervisor supports 64-bit guest operating systems (important if you’re going to start consolidating server software) and the ability to allocate processing resources from dual- and quad-core CPUs. Hyper-V is unique in its ability to virtualize any device for which there is a Server 2008 driver, setting a new benchmark for hardware compatibility. The technology’s only hardware requirement is processor support for either AMD Virtualization or Intel Virtualization Technology, which all of your servers should have. Don’t be intimidated by Hyper-V’s licensing structure. Microsoft makes it easy to manage—much easier than Windows Server or Terminal Services licensing, at least. Customers who buy the Standard edition of Server 2008 can add one virtual machine on top of the parent OS. Step up to the Enterprise edition and they get four virtual machines. Windows Server 2008 Datacenter grants an unlimited number of VMs; mileage is limited by the underlying hardware. Getting Hyper-V up and running is remarkably easy. From the Server Manager, choose to Add Roles. From there, you’re literally four clicks away from a virtualization equipped server system. Select the Hyper-V role and continue through the wizard’s prompts, reading each carefully. You’ll restart the system, and Server 2008 will fire back up to finish configuration. Once Hyper-V is up and running, Microsoft’s Virtual Machine Manager is the tool you’ll use to set up VMs and optimize hardware utilization. [ THE BETTER TOGETHER STORY ] There’s a good chance that, up until now, you’ve struggled to move cost-conscious SMBs from Windows XP to Vista. The Aero interface just isn’t compelling enough on its own to justify the upgrade. With the launch of Server 2008, however, businesses that adopt Vista will also see the most benefit from Microsoft’s server OS. The opportunity here for resellers is phenomenal. With a chance to upgrade servers and client systems alike, Server 2008 is really the jumpoff point for an organization-wide upgrade. NAP is one of the best examples of Server 2008 and Vista working together to simplify the VAR’s management load while at the same time bolstering security. Vista enables NAP by default. Under XP, you’d need to add the Network Access Protection Client to enable client health enforcement. Vista also leverages client-side caching that works with Server 2008, so centralized resources are made available, even if the server machine drops offline. Of course, there’s also a long list of enhancements to Terminal Services that give remote clients connecting through Vista a user experience that looks a lot more like their office desktop.
[ LOOKING FORWARD ] You’ll see several versions of Windows Server 2008 spring up during the course of 2008. The first round, which will have already launched by the time you read this, includes the Windows Server 2008 Standard, Enterprise, and Datacenter editions, available in x86 and x64 trims. Server 2008 is the last operating system you’ll see from Microsoft with a 32-bit variant, so make the move to 64-bit now if you have the chance. Besides, that’s the only way to get Hyper-V support. In roughly six months, Microsoft says we’ll see Windows Server “Cougar”—Small Business Server 2008. If there is a reason to hold off on adopting Windows Server 2008, this is it. Expect Cougar to mash together the best pieces of Server 2008, Exchange Server 2007, SharePoint Services 3.0, SQL Server 2005, and the System Center Essentials. It doesn’t sound like there are any plans for a 32-bit version of Cougar, so take that as another nudge toward adopting 64-bit technology in all of your business-class solutions if you haven’t already. If SBS is the go-to for organizations typifying the “S” in SMB, Windows Essential Business Server, previously know as “Centro,” handles the “M.” Essential Business Server is set to include Server 2008, Exchange, System Center Essentials, ISA Server, and Forefront Security for Exchange. The kicker here is that the software bundle is deployed across multiple machines, not one box. Talk about the perfect application to showcase the scalability of an SMB blade like Intel’s Modular Server. Also in the pipeline are the Windows HPC Server 2008, Windows Storage Server 2008, and Server 2008 for Itanium- based systems, limited to IA-64-based architectures. By the end of this year, the Windows Server 2008 family should be as well filled out as the Server 2003 lineup today. [ THE START OF SOMETHING SPECIAL ] Windows Server 2008 is enough like its predecessor that successful VARs already deploying Server 2003 should be able to transition smoothly if they get an early jump on the operating system’s inner workings. At the same time, the OS introduces so many new features and capabilities that it really is an entirely new beast. If you never did jump on the Server 2003 (or SBS 2003) bandwagon, here’s your chance to grab this bull by the horns early on, before it leaves the gate. Customers running Windows Server 2003 or something older are perfect upgrade candidates for Server 2008. And it goes without saying that anyone buying a whitebox server should be picking the OS up as well. SMBs running a version of Small Business Server might prefer to wait a few months before committing to Windows Server 2008, Essential Business Server, and Small Business Server, codenamed Cougar. There will be a lot of functionality in those latter two editions that customers won’t see from the Server 2008 versions selling right now. Regardless of which Server 2008 edition you and your customers choose, rest assured the operating system is a much more compelling step forward than what Vista offered over Windows XP. The Windows Server setup is much more streamlined. The management snap-ins consolidate a lot of important information. And wizards guide you through once-complex technologies borrowed from enterprise computing, like virtualization and high-availability clustering. Revamped Terminal Services, enhanced security, and brand-new features like NAP and Hyper-V add on to a long list of truly exciting specs. Server 2008 also gives customers several reasons to finally want Vista on their client desktops. With the launch of Server 2008, Microsoft makes it easier for resellers to learn about and deploy technologies that might have required an on-site specialist only a year ago. Get involved with Server 2008 and its new features, demonstrate the software’s benefits to your customer (through the new Terminal Services, perhaps?) and profit accordingly. |
||||||||||||
 Back to top
|
||||||||||||
Copyright © 2008 RAM Magazine. All rights reserved.
Do not duplicate or redistribute in any form. |
||||||||||||
