Scott Schnoll
MCT MCSE MCSA MCP Microsoft MVP
Product Support Manager TNT Software (http://www.tntsoftware.com)
President NOBUG (http://www.nobug.org)
Technical Perspective
Windows Server 2003 Family
OOBE
IIS6.0
Feature Highlights
Upgrading
.NET Framework
Q & A
Windows Server 2003
Upcoming Windows Server Family Products
Windows Server 2003 Web Edition
Windows Server 2003 Standard Edition
Windows Server 2003 Enterprise Edition
Windows Server 2003 Datacenter Edition
Compare Editions at:
http://www.microsoft.com/windows.netserver
/evaluation/features/compareeditions.mspx
Anticipated Release: April 24, 2003 (S.F., CA)
System Requirements
Minimum
CPU: Pentium 133*
RAM: 128MB**
Disk: 1.5GB (x86), 2.0GB (Itanium)
Recommended
CPU: 550MHz or greater
RAM: 256MB or more
Disk: 2.5GB or more
*Datacenter requires minimum of 400Mhz for x86 systems. Datacenter and Enterprise require
minimum of 733MHz for Itanium systems.
**Datacenter requires 512MB RAM minimum.
Web Edition
New SKU targeted at ISPs/ASPs/Web Farms
Only available via selected Partner channels;
Not available via Retail channel
Native ASP.NET & .NET Framework
2-way SMP
2GB Memory
Network Load Balancing
Single VPN connection
SMB Connection Limit 10 concurrent
Per seat
No CALs required
Blocks mainstream messaging, database apps
Web Edition
Disabled/Unavailable Services and Features
Enterprise UDDI Services
Removable and Remote Storage
FAX Service
Services for Macintosh (File/Print)
DCPromo
Certificate Services
Terminal Services Application Mode
Windows Media Service
Itanium/64-bit support
Cluster Service
MMS
RIS
Internet Connection Sharing/Internet Connection Firewall
PKI/Smart Cards (client-side only)
Standard Edition
Includes features in Web Edition, plus
Enterprise UDDI Services
Requires MSDE or SQL Server 2000 w/SP3 or later
Directory used by applications to locate web services
Internet Authentication Service (50 RADIUS
servers max; unlimited users)
Internet Connection Firewall (LAN, VPN &
PPPoE)
Internet Connection Sharing
Network Bridge
4-way SMP
4GB memory
Can be DC/GC
Standard Edition
Disabled/Unavailable Services & Features
Itanium/64-bit support
Cluster Service
Terminal Server Session Directory
MMS
Enterprise Edition
Moving from Advanced back to Enterprise
Includes features in Standard Edition, plus
Server Clusters (8 nodes!)
Supports Itanium Processors
8-way SMP
32GB memory (x86); 64GB memory (Itanium)
Integration with Microsoft Metadirectory Services
Hot-Add Memory*
Non-Uniform Memory Access (NUMA)*
Terminal Services Session Directory (NLB, F5, Radware)
Windows System Resource Manager
When to recycle
When to restart
IIS 6.0 HTTP.SYS/KM Queuing
Uses Worker Processes and Application Pools
Worker process executable (w3wp.exe) loads
WWW service DLL into its working set to
perform loading/unloading of ISAPI modules
and for authorization and authentication
HTTP.sys listens for requests and routes them
to the appropriate application pool queue
Application Pool is nothing more than an
HTTP.sys queue and at least one worker
process. Application pools serve requests for a
unique Web application
IIS 6.0 HTTP.SYS/KM Queuing
Prevents third-party code from crashing
IIS
Failed worker processes automatically
restarted
There may be a temporary disruption in
the processing of a request, but the
request will be processed, and end-user
experience is preserved
IIS 6.0 Worker Process Isolation
Isolation
mode introduced in IIS 4.0
No more in-process applications
Worker Worker
Process Process
WWW
Service
Administration ISAPI ISAPI
and Extensions Extensions
Monitoring
HTTP.sys
IIS 6.0 FTP Service
FTP User Isolation
Like a home directory for FTP users
Isolates their folder from other users
folders
Users top-level folder appears as root of
FTP
Configurable PASV Port Range
PASV requires addl connection (formerly
ephemeral port but now configurable)
IIS 6.0 Security
Ships in locked down state only static
content can be served
New lower privilege service account (low
privilege user context)
ASP more secure (always run as a low-
privileged account anonymous user)
Auto-rejects requests for unknown file
extensions
More aggressive timeouts, limits on uploads,
etc. to further harden against attacks
Buffer overflow protection
File verification before passing file requests to
request handler (e.g., ISAPI extension)
IIS 6.0 Metabase
XML format
Can be edited while IIS is running
Improved backup/restore
Extensible schema
Backward compatible with metabase APIs
and ADSI
Smaller footprint, faster reading
Configuration rollback
IIS 6.0 Command Line Tools
iisweb.vbs: Create, delete, start, stop, and list Web sites
iisftp.vbs: Create, delete, start, stop, and list FTP sites
iisvdir.vbs: Create and delete virtual directories, or display
the virtual directories of a given root
iisftpdr.vbs: Create, delete, or display virtual directories
under a given root
iisconfg.vbs: Export/import IIS configuration to XML file
iisback.vbs: Backup and restore IIS configuration
iisapp.vbs: List process IDs and application pool IDs for
currently running worker processes (W3WP.EXE)
iisext.vbs: Configure Web service extensions
IIS 6.0 Developer Enhancements
ASP.NET and Passport integration
Specify an arbitrary set of buffers/file handles in
one client send call: HSE_REQ_VECTOR_SEND (call
ServerSupportFunction() )
Worker process recycling (tell IIS to recycle
process): HSE_REQ_REPORT_UNHEALTHY
Create dynamic request response and serve from
kernel: DYNAMIC CACHING (FLAG)
Identify final send in response to reduce
kernel/user transitions: FINAL SEND (FLAG)
ISAPI support for custom errors
Improved ISAPI Unicode support
COM+ services in ASP
IIS 6.0 - Performance
20,000 pooled applications in IIS6 vs <
3,000 in IIS5
1,000 isolated apps on a single
machine, each with its own security
identity on IIS6 vs maximum of 100 on
IIS5
Support for Web Gardens
Where a set of equivalent processes on a
computer each receive a share of the requests
that are normally served by a single process
IIS 6.0 Other
Other services mostly same as IIS 5.0
FTP, SMTP, NNTP still contained within
Inetinfo.exe
Disabled after upgrading from NT4 or
Windows 2000
Group Policy can be used to prevent
rogue IIS installations
Includes MSDE
Feature Highlights
Installation
Can be deployed via Remote Installation
Services
Setup Manager Wizard Create Answer Files
Recovery Console can be delivered from RIS
Greater flexibility for answer files (image install
can have multiple answer files)
Disk Duplication
Improved SysPrep Tool
Create DCs from replicas (e.g., backup
tape) dcpromo /adv
Feature Highlights
POP3 Service
RPC over HTTP
Web-based Server Administration
OOB 10-20% faster than Windows 2000
Core Improvements
Better scaling for 16 & 32 CPUs
Fewer & shorter locks
Better process cache alignment
Improved memory allocator (needs to be turned on by
app in code)
True 64-bit
Address space increased from 4GB to 16TB
Feature Highlights
Active Directory Functional Levels
Determines what OS DCs can run
Forest
Windows 2000 (NT/2000/2003) Default
Windows Server 2003 interim (NT/2003)
Windows Server 2003 (2003)
Domain
Windows 2000 mixed (NT/2000/2003) Default
Windows 2000 native (2000/2003)
Windows Server 2003 interim (NT/2003)
Windows Server 2003 (2003)
To raise forest functionality, you must be a member of
Enterprise Admins
To raise domain functionality, you must be a member of
Domain Admins or Enterprise Admins
Feature Highlights
Active Directory
Forest-to-Forest Kerberos transitive trusts
Groups
5000 member limit gone
Group membership replication improved to per-change level
Attribute added to GC does not trigger full GC
replication (Windows Server 2003 forest mode)
DCs can cache Universal Group membership (Site
level option only in Sites without GC)
Quotas on number of objects that can be owned
(Domain Admins & Enterprise Admins exempt)
DNS configuration for DCPromo improved (error-
checking, error messages, self-healing)
Feature Highlights
Feature Highlights
Active Directory
Schema Version 30 (RC2)
Domain rename (including forest root)
DC rename
Bulk load via multi-threaded utility
Reset DS Restore password while DC online
ADUC Improvements
Object-oriented searches
Saved Queries support in ADU&C
Multi-select and edit in ADU&C
Drag and Drop in ADU&C
Feature Highlights
Active Directory
Support for inetOrgPerson class (RFC 2798) as a security
principal with UI support
Application Partitions provide administrator defined
contexts for replication of data used by applications, on
targeted DCs (e.g., DNS, DHCP, RAS, RADIUS, etc.)
ADMT v2 in the box: provides user, group, computer
migrations to Windows 2003 AD from NT 4, Win2k AD,
or Windows 2003 AD. Includes passwords, scriptable,
great cookbook and training docs.
Lingering Objects Removal scavenger for garbage AD
entries
Option to disable site-site replication compression
(reduces CPU usage on DCs)
Major KCC-ISTG performance improvements (Windows
Server 2003 forest level)
Feature Highlights
Active Directory
Dynamic Entries w/TTL values (RFC 2589)
LDAP connections over TLS (RFC 2830)
Digest authentication for LDAP connections
using DIGEST-MD5 SASL (RFC 2829)
Virtual List Views (as defined by IETF LDAP
extensions working group)
Schema Objects can be deactivated
Feature Highlights
Active Directory in Application Mode (AD/AM)
AD outside of LSASS process (e.g., not an OS service)
Is not deployed on DC
Supports multiple instances on single box
Still uses Windows security (NT/NOS AD domain)
Targeted at specific deployment scenarios
Applications that need simple app directory
For directory developers, quick build/destroy
Extranets
Migrations
Enables apps to store private directory data relevant
only to that app without configuration in a NOS directory
Runs on Windows XP, Windows Server 2003 Standard,
Enterprise and Datacenter
Feature Highlights
High-Availability
Automated System Recovery (w/cluster support)
F2
Last resort, but could save your system (not your data)
Creates backup + ASR floppy for recovery
Hot-plug PCI (limited)
Memory mirroring (Datacenter)
Reboot Reason Collector (Shutdown Event Tracker)
Emergency Management Services
Out-of-band, headless management
Feature Highlights
Clustering
8 nodes in Enterprise/Datacenter
Models
Single Node (Local Quorum)
Single Quorum Device (Traditional Server Clusters)
Majority Node Set
Print Drivers install for all nodes
Kerberos support for Virtual Servers
Multicast heartbeat
WMI support for management and events
NLB
Per virtual server/ip port rules (affinity, etc.)
NLB manager allows central config of NLB settings across a cluster
Feature Highlights
File System / Storage
Performance Improvements
Chkdsk 2x faster than Win2K
Data Freighting
Clone volumes and move to another host on a SAN
Manageability
Improved ACL Editor
Software Update Services
Enhanced WMI
Event Correlation Components
Event Forwarding Components
WMIC (WMI Command Line)
Added namespace providers
Improved WMI Security
Improved Help & Support
ntcMds.chm Command line utilities
documentation
All tools fully remotable: /S ServerName
Feature Highlights
Distributed File System
Multiple roots on a single server
Ability to control FRS staging location on non-
DCs
Ability to filter links for large DFS roots
Ability to define scheduling per-link for
replication
Ability to define replication topologies
Uses AD site metrics to locate closest DFS
share
Feature Highlights
Windows Media Services 9 Series
Fast
Fast Stream Stream data to WMP9 faster
Fast Cache Stream data ahead to counter drops in network
Fast Recovery Uses Forward Error Correction to provide
redundant packets to wireless clients
Fast Reconnect Auto reconnects broken connections
New Plug-In Architecture
> 1,000 interfaces
Usage Scenarios
7x24 Internet radio
Terrestrial radio with AFTRA support (ad replacement)
Corporate TV
Feature Highlights
Windows Media Services 9 Series
Other
Server-side playlists
On-demand streaming to PCs and devices
Ad logging
Performance Enhancements
2x faster than Windows 2000
4x faster than Real Server
Technical Perspective
Scott Schnoll
MCT, MCSE, MCSA, Microsoft MVP
Product Support Manager - TNT Software
President NOBUG
Copyright 2002-2003 Scott Schnoll All Rights Reserved
Microsoft, Windows, and other referenced marks are property of Microsoft
Corporation and used herein with permission