Nearly two years have passed since Windows Server 2008 R2 was released. Lauded by some (this analyst included) as Microsoft’s first R2 release containing functionality that businesses actually need
, the version has also been greeted with a healthy and steady increase in market share.
But while R2 is so much more than just a rollup of patches and updates, it stands to reason that some of its new features are far more successful than others. Although every OS version adds new capabilities, which of R2’s features are the real studs, and which could be considered duds by comparison?
Windows Server 2008 R2: The studs
We can’t start the studs list without a nod to Microsoft’s Hyper-V virtualization platform. Zero downtime, live migration capabilities and Dynamic Memory with R2’s first service pack have elevated Hyper-V to an enterprise-ready platform for virtual machines with this release.
In addition, Active Directory gained significant (and much-needed) PowerShell exposure, as well as object un-deletion support with the AD Recycle Bin. While the AD Recycle Bin is by no means easy-to-use, it introduces a limited ability to restore Active Directory objects after their deletion. R2’s new handling for managed service accounts -- too-often forgotten by many IT shops -- also improves service account administration.
As a first foray into block-level caching, the BranchCache feature is a winner for remote offices that suffer latent network connections. A set-it-and-forget-it solution, BranchCache is one of those rare “it just works” tools that you can easily turn on, walk away and see improvement with.
Every IT pro has lost hair and sleep over printer drivers. That’s why R2’s printer driver isolation is a boon to print servers everywhere. Configuring printer drivers to operate outside the spooler process keeps poorly-written drivers from crashing entire print servers, gaining big stud points from many admins.
The highly-touted Server Manager functionality in Windows Server 2008 RTM quickly lost its luster the moment administrators realized it only worked against the local computer. Adding remote management to Server Manager greatly enhanced its utility for server administration.
Windows Deployment Services (WDS) became much more useful with the addition of dynamic driver provisioning in R2. With this feature, deployment technicians can create a database of drivers for any computer. Once created, WDS and the Windows installation work together to inject whatever drivers are necessary. With the addition of this single feature, even large enterprises can finally realize the dream of single-image desktop management.
Even auditing got a facelift in Windows Server 2008 R2, with overburdened security logs now capable of being tuned with 53 categories of auditable events. Up from only nine in earlier OS versions, finding security events in the logs has gotten much easier.
R2 was a huge improvement for Remote Desktop Services (RDS), adding VDI capabilities and (with SP1) impressive multimedia support. RemoteApps is also much easier to provision with the introduction of RemoteApp and Desktop Connection. Simply create the RemoteApp and it will soon be available in your users’ Start menus.
But among all of R2’s new features is a decision that took guts. R2 is Microsoft’s first OS that’s limited to 64-bit hardware only. Creating a huge outcry on behalf of the zillions of now-incompatible 16-bit applications, Microsoft took a smart risk by eliminating x86 -- one that will cause short-term pain, but improve everyone’s lives in the long run. x64 exclusivity -- at least to this author -- is arguably R2’s biggest stud.
Windows Server 2008 R2: The duds
R2’s studs are absolutely improving the lives of IT professionals, as well as the experience of users everywhere. But those studs don’t come without a fair share of duds that didn’t quite live up to expectations.
The first of these is Windows clustering, specifically as it relates to Hyper-V. Long the bane of Windows administrators, clustering is a complex technology with an excess of moving parts. This doesn’t change with R2. In fact, clustering’s focus on remaining an everything-for-everyone solution makes it a far-too-difficult component for Hyper-V virtual machine failover. One hopes Microsoft will eventually recognize that a dead-simple clustering solution is fundamentally necessary for improving Hyper-V adoption.
Peeling back the scabs on Hyper-V just a bit more are the obvious limitations in its VDI toolsets. Bluntly put, attempting to create a VDI infrastructure with Microsoft alone is a project few outside the very small will successfully keep in production. Admittedly, merging Microsoft’s hypervisor with Citrix’s VDI management suite is the quietly-intended solution, but better tools for keeping VDI going after its implementation remain necessary.
A third dud gains its status by not taking a brilliant idea to its needed conclusion. RDS’ RemoteApp for Hyper-V lets admins install problem applications to VDI desktops and then present that specific application to users via an RDP session. Call it “one-to-one RDS” or “VDI without the desktop” -- RemoteApp for Hyper-V could have been a game-changer had its functionality been fully baked into RemoteApp and Desktop Connection or RD Web Access. As it is, the only way to implement this fantastic solution today is by manually editing RDP text files and distributing them through some manual mechanism. Microsoft is so imperceptibly close to a stud here that this omission at its final step drops it to the dud list.
We may never get to the day where every Windows server runs atop a command line-only interface, but it’s not impossible. Windows Server Core gains relatively little with R2 and seems to be getting less and less press as a useful installation option for security and resource use. Future editions should take Server Core to the command line nirvana it desires. Until then, its manifestation in this version remains a dud.
DirectAccess is quite possibly Microsoft’s most impressive new technology in R2. With DirectAccess, laptops outside the LAN remain on the LAN, giving users the freedom to work from anywhere with no change to their workflow. At the same time, it enables IT to maintain management of those systems wherever they’re located. Therefore, DirectAccess itself is an absolute stud, but the dud comes with its complex implementation. Requiring Internet Protocol Version 6 (IPv6), a series of new protocols and an installation that’s beyond the capacity of many IT professionals also makes DirectAccess a dud for forgetting that simplicity is just as important.
Lastly is another well-meaning technology that didn’t go far enough. Keeping inappropriate applications off of corporate assets is a chore for every IT shop. Microsoft AppLocker is a Group Policy-based solution that enables IT admins to determine which applications and versions are specifically approved. Anything else is blocked before execution.
That’s great for keeping desktops alive, great for software inventory assurance and even great for some types of malware protection, making AppLocker another example of a stud solution that also gets a dud for stopping short.
While AppLocker’s execution prevention mechanisms are first-rate, Microsoft released it without a simple solution for inventorying applications and creating rules. Yes, it is possible to inventory a single machine via an automated process, but an environment where every machine remains exactly the same is rare. Microsoft should augment this fantastic solution with a better inventory tool in future versions, because whitelisting is most assuredly the security wave of the future.
You can follow SearchWindowsServer.com on Twitter @WindowsTT.
ABOUT THE AUTHOR
Greg Shields is a Partner and Principal Technologist with Concentrated Technology, an IT analysis and strategic consulting firm. Contact him at http://www.ConcentratedTech.com.
This was first published in April 2011