News Stay informed about the latest enterprise technology news and product updates.

Experts weigh the good and bad of Windows Server Core

Microsoft Windows Server 2008 Server Core and its nine server roles offer a new way to administer Windows Server. Experts explain what you need to know about the set-up-and-go installation option.

This is the third article in a three-part series on Windows Server 2008's Server Core minimal install option.

Experts are questioning whether the set-up-and-go bare bones Server Core installation option in Windows Server 2008 is as easy to manage as Microsoft says it is.

More on Windows Server Core

Windows Server team delves deep into Server Core

Server Core roles could include Exchange and SAP

The Server Core install option, which essentially strips out all of the Windows Server 2008 OS features not needed to run a given server role, keeps getting more features and roles.

Last month Microsoft added IIS 7.0 and virtualization as Server Core roles on top of file server, print, DNS, DHCP, Active Directory, Active Directory Lightweight Edition and Windows Media Services.

Now, the company is working on adding the .Net Framework as a Server Core role to allow IT administrators to get the full power out of the IIS 7.0 Web Server and use PowerShell as a scripting language, said Ward Ralston, product manager with Microsoft's Windows Server team.

Server Core improvements or added complexity?

This has led some individuals who are testing Windows Server 2008 to wonder if Microsoft is making improvements or just adding to the complexity of what is meant to be a stripped-down install option for server roles.

"To succeed with Server Core, they need to keep in mind what their goal is --running a very small piece of the OS to reduce maintenance," said Michael Cherry, an analyst at Directions on Microsoft, a Kirkland, Wash.-based consulting firm, who has been testing Server Core and Windows Server 2008 Beta 3. "Adding .Net adds an unbelievable number of dependencies. At some point they need to reach a threshold, or they might as well install the whole thing," he said.

Server Core's benefits lie not only in reduced maintenance -- less patching is necessary, for example -- but also for IT managers who don't want to waste power running a small role on a large server. Older boxes are also ideal for running a stripped-down server role, he said.

"Virtualization is another good reason to use Server Core," Cherry said. "If you're going to run a bunch of virtual machines, making the parent OS as small as possible, just enough to control the virtual machine, that makes perfect sense."

Most liked options for server roles

Some of the more appealing server roles for Server Core are DNS, File Server, print and Windows Media Services, said Nelson Ruest, principle at Resolutions Enterprises, a Victoria, B.C.-based consulting firm. File Server and print for older hardware and the DNS role's read-only domain controller role is a good fit for remote offices, he said.

Now you have IIS 7.0 in Server Core, next is the .Net Framework. Then where is the security?

Nelson Ruest,
Resolutions Enterprises

A stripped-down version of the OS delivering just streaming video is an efficient use of Windows Media in Server Core as well, Ruest said.

As for IIS 7.0, it makes sense as a Server Core role for those who want to just use it to manage static Web pages, but little else can be done with this role in Server Core without the .Net Framework, he said.

By adding more server roles and, in turn, a larger attack surface, testers also question whether Server Core will remain as secure.

"Now you have IIS 7.0 in Server Core, next is the .Net Framework, then where is the security?" Ruest said.

Microsoft's Ralston, however, said the number of server roles in Server Core has little to do with the security of the install option. "When you do run and install a role, only then do the bits actually get installed in the OS and the features and functionalities in those ports get opened," Ralston said. "So to say that Server Core is more secure, say, with four roles than with the full install version of 2008 with maybe two roles installed, it all depends on how big the attack area is of the box."

Command-line interface for Server Core administration

A major change for administrators using Server Core will be the command-line interface versus a GUI to administer the box. Ruest said he believes that IT administrators will not jump on the command-line interface used in Server Core.

"The biggest drawback is the command line," Ruest said. "In order to get things done properly, people will have to learn Visual Basic script and all the commands in the command line."

Aside from the command line, there are many other options for administering the remote Server Core box, Ralston said.

Microsoft developed a new utility called the OC setup. And IT administrators can also use the GUI in any Windows Server 2008 box to remotely administer a Server Core box. Administrators can also use Windows Management Instrumentation to administer a Server Core box, Ralston said.

As for installation itself, Server Core can be installed on the Enterprise, Standard and eventually the Web Edition of Windows Server 2008. Once IT administrators choose the Server Core option, they cannot change and go with the full Windows Server 2008 install, and vice versa.

"You would have to reinstall," Ralston said. "Due diligence prevails here when you do your deployment."

Dig Deeper on Legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.