Review: Much to like in Windows Server 2008

1 2 3 4 5 6 7 8 Page 6
Page 6 of 8

Network Access Protection

Viruses and malware are often stopped by software defenses before they can run within a user's session, but the ultimate protection would be if they never even got access to the network. In Windows Server 2008, computers are examined against a baseline set by the administrator. If a machine doesn't stack up in any way against that baseline, that system can be prevented from accessing the network -- quarantined, as it were, from the healthy systems until such time as the user is able to fix his broken machine.

This functionality is called Network Access Protection (NAP), and can be broken down into three key components:

  • Health policy validation, where the machine attempting to connect to the network is examined and checked against certain health criteria that an administrator sets. (See the Figure 4 examples of validation criteria for Windows Vista.)
  • Health policy compliance, which are checks configured such that managed computers that fail the validation process can be automatically updated or fixed via Systems Management Server or some other management software, as well as by Microsoft Update or Windows Update.
  • Access limiting, the main enforcement mechanism for NAP. It's possible to run NAP in monitoring-only mode, which logs the compliance and validation state of computers connecting to the network. But in active mode computers that fail validations are put into a limited-access area of the network, which typically blocks almost all network access and restricts traffic to a set of specially hardened servers that contain the tools most commonly needed to get machines up to snuff. See Figure 3 for a glimpse at some of the controls that grant, limit, or deny network access.

Figure 3 - New Network Policy

Click to view larger image

Keep in mind that NAP is only a platform by which these checks can be made -- pieces of the puzzle still remain needed after deploying Windows Server 2008. These still-needed pieces include system health agents (SHAs) and system health validators (SHVs) that ensure the checks and validations are made on each individual client machine. Windows Vista will ship with default SHAs and SHVs that can be customized (see Figure 4).

Figure 4 - Vista's System Health Validator

Click to view larger image

Manageability improvements

Servers are only effective if the administrator configures them properly. Windows Server products have traditionally been fairly simple to operate, but in Windows Server 2008 there are many improvements to the initial setup and configuration experience.

Figure 5 - Adding Roles wizard

Click to view larger image

Server Manager

Server Manager is a one-stop shop for viewing information on a server, looking at its stability and integrity, managing installed roles (see Figure 5), and troubleshooting configuration issues that may arise. Server Manager replaces the Configure Your Server, Manage Your Server and Security Configuration Wizard interfaces. It centralizes a variety of MMC 3.0 snap-ins, allowing you to see at a glance what roles and features are installed on any given machine, and giving you an easy jumping-off point to begin management of those pieces.

1 2 3 4 5 6 7 8 Page 6
Page 6 of 8
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon