Windows Server Code Name ‘Longhorn’ reached the Beta 3 stage in its development on the 25th April (which means that we’ve finished adding features; we’re feature complete). Longhorn will be given an official name soon (I know it, but cannot tell you – an educated guess would probably be correct). We’re still on schedule to be finished (Release to Manufacture – RTM) before the end of 2007.
Some of you will already be evaluating Longhorn; some of you have a bunch of servers lying around just for that purpose (most of us don’t).
My intention in this article is to get you ‘playing’ with Longhorn quickly and without the need for those physical servers (you will need a PC with a minimum of 1Gb of memory though).
The quickest and easiest method is to use Virtualisation and the quickest and easiest route to that (assuming you aren’t already using something else) is with Virtual PC. Virtual PC 2007 is the only version that will work well with Longhorn, so if you’re not already running it, you can get it for free from here. Virtual PC 2007 comes in two ‘flavours’ 32-bit and 64-bit; the 64-bit version performs a lot better, but you do need to be running a 64-bit version of Windows to use it (XP, Server 2003 or Vista).
You can download Beta 3 of Longhorn from here: www.microsoft.com/getbeta3 - you’ll need a Windows Live ID (Hotmail, MSN or Passport).
You’re options are 32 or 64-bit versions of all the SKUs (Datacenter, Enterprise, Standard and Web Server).
My suggestion is to download the 32-bit Enterprise Edition & run it in a Virtual PC. 32-bit because Virtual PC 2007 only emulates 32-bit hardware. Enterprise Edition because it has more functionality that Standard or Web and the same functionality as Datacenter (apart from support for lots of CPUs – something you haven’t got in a Virtual PC).
Once you have Virtual PC 2007 installed and have downloaded Beta 3, you’re ready to start ‘playing’.
Fire up Virtual PC 2007 and create a new Virtual Machine (Selecting Windows Server 2003 will default to 256Mb) – give it 512Mb or Longhorn won’t install (once Longhorn is installed, you can reduce this if need be). Undo Disks are turned off by default (you can leave it switched off until the install is finished – this will save you time in the long run as you won’t have to merge the undo disks).
When you start the new virtual machine, it will attempt to perform a PXE boot (seeing as there is nothing installed on it yet) - Press ESC to bypass PXE boot. It will then fail to boot from its hard disk.
Right click the little CD icon in the bottom left hand corner of the Virtual PC and select Capture ISO image. Select the ISO image of Beta 3 that you’ve just downloaded. Press Enter and the Virtual machine now boots from DVD image.
When setup starts, select ‘English (Ireland)’ as your Time and currency format. Click Next. Click ‘Install now’.
Just a little ‘gotcha’ here. If you need to do something else whilst all this is going on, you’ll need to ‘release’ your mouse from the virtual machine. Windows Longhorn has not got the Virtual PC additions installed (yet) – so to get your mouse back, press the right Alt key (Alt Gr) and move your mouse outside of the virtual pc.
Back in the installation, either enter your product key (you don’t need to type the dashes) or leave it blank. If you enter your key – you get two options to install: the version that matches your product key (Enterprise in this case) and the Core version of the same (Enterprise Core). If you leave the product key blank, you get to choose from Datacenter, Enterprise or Standard (and the Core versions of each). The install will work fine if you choose one that doesn’t match your product key, and you’ll be able to run for 30 days without activation (then your product key will not match your installation, activation will fail and the install will fall back into limited functionality mode). If you want to run for more than 30 days, go through the getbeta3 download process again and choose the correct product (just don’t bother downloading) – the media is the same.
Next you’ll be offered a Custom Install (Upgrade is greyed out as you’re doing a clean install).
Next you’ll be asked to choose where to install Windows – Click Next (and install onto Disk 0 Unallocated Space) – setup will format your VHD and the installation will start.
I’ve run through this process for both Enterprise and Enterprise Core. My laptop is pretty powerful and I have Hardware Virtualisation enabled, so my install times were quite quick. Yours will/may differ, but here are mine for your information (time to go and have a cup of tea):
Start - 11:53
Copying files, Expanding files, Installing features, Installing updates, Completing installation.
Finished - 12:16 (23 minutes)
Start - 13:39
Finished - 13:48 (9 minutes)
The big reason that Core takes less than half the time, is that it takes up less than half as much space (it really is just the ‘core’ components of a Windows server – it hasn’t even got explorer).
The Virtual Hard Disk (VHD) for the full install is nearly six gigabytes (5,971,508), whilst the VHD for Core is just over one and a half (1,645,076).
Longhorn will auto logon as administrator (blank password) when it’s finished installing. If you’re still having your cup of tea, it will lock itself.
The next thing to do is install the Virtual Machine Additions to get better video and mouse integration (Within the Virtual PC window, click Action, Install or update Virtual Machine Additions – this logically puts a CD into the virtual pc’s drive). Within the VM, start Setup, click Next and eventually Finish. Click Yes to the Reboot required.
Doing this on Core Server is slightly different (as you don’t have Windows Explorer to help you – you only have a command prompt). The VM Additions CD will not automatically play, you’ll need to run ‘d:\windows\setup’ (setup will be the same and you’ll be asked to reboot). Once rebooted, logon as Administrator (with a blank password) and run ‘shutdown /s /t 0’ to shut the machine down.
After the reboot of your full installation, logon and perform a shutdown (we’re just going to save all the effort you’ve just put in – wouldn’t want to lose it all). Within the Virtual PC console, highlight your Longhorn machine and click on Settings. Now click on Undo Disks and check the Enable undo disks box. Having Undo Disks enabled lets you do as much testing as you fancy and gives you the ability to ‘go back to the start’ by simply discarding anything that you’ve done since you started the virtual machine (if you want to keep what you’ve done, simply choose to merge your undo disks when prompted). You can disable the sound card while you’re at it too as Longhorn doesn’t have drivers for the emulated Soundblaster card (un-check Sound, Enable sound card).
If you want to get some memory back, you can reduce the amount of memory you have allocated to the virtual machines. Setup needed 512Mb, but if you look at your running machines, you’re not using anywhere near that. My full installation is using 300Mb and my Core installation is only using 185Mb. This will go up as we add roles and features (more on this in a later article).
Whether you installed the full Enterprise Edition or the Core server, you now have a server with a blank administrators password, with an unknown computername in a workgroup.
On the full install, the Initial Configuration Tasks (oobe.exe) runs which will guide you through the tasks you need to do (password, computername, domain or workgroup) also through updating the server.
On the Core install it’s a bit harder (you only have a command prompt) – you’re going to have to remember your old command-line tools:
net user administrator * (this will prompt you for your new password).
hostname (this will tell you what your server is currently called).
netdom renamecomputer LH-XZY /newname:ServerCore (this will change the computername from LH-XYZ to ServerCore – a reboot is required to make it take effect ‘shutdown /r /t 0’).
netdom join ServerCore /domain:contoso.com /userd:administrator /password:* (this will join the server called ServerCore to the contoso.com domain using the domain administrator’s credentials and will prompt you for the password – a reboot is required to make it take effect ‘shutdown /r /t 0’).
That’s all for this instalment. I will follow up with more detail, but for now you have enough to start ‘playing’ with Beta 3 of Windows Server Code Name ‘Longhorn’.
In this third and final article, Michael Riva and I are going to be covering our 'for sale' products that sit at the network edge: Internet Security and Acceleration (ISA) Server 2006 and Intelligent Application Gateway (IAG) 2007. Michael is a security consultant, who recently joined Microsoft Ireland as a Partner Technical Specialist (technical pre-sales and advice to and through our Partners) - basically, he's the guy who has the practical experience of implementing these solutions. See Michael's full biography below.
Internet Security and Acceleration (ISA) Server 2006
Prior to Internet Security and Acceleration (ISA) Server, we had a product called 'Proxy Server', which was our web caching solution. Unfortunately for us, most people associate ISA Server with its long-distant relative Proxy Server - if asked about ISA Server, they 'normally' reply along the lines of 'That's a nice Proxy solution - which I'll put behind a "real" firewall'. Internet Security and Acceleration (ISA) Server 2006 is actually the third generation of our fully functional firewall, VPN, web caching proxy and an application reverse-proxy solution (previous versions were in 2004 and 2000). In the last seven years of ISA, there have only been ten security updates, and only three of them where flagged as critical (there was one for ISA 2004 and there haven't been any for ISA 2006).
ISA Server's core firewall component focuses on the application-layer (layer seven) filtering, and especially on the HTTP/FTP/SMTP services. What does that mean? It simply means that ISA will not only open or close a network's ports, it will also screen for malformed or malicious network packets.
Application Layer Filtering (ALF) is nowadays the mandatory extra component that makes your network way more secure than it used to be. Relying on a single firewall without having any ALF mechanism either for inbound or outbound connection is really dangerous. Many hackers actually use opened ports on firewalls to send malicious code to an internal server. A DNS attack, for example, could be performed through any opened port. A malicious piece of code will successfully pass any basic packet or circuit -filtering firewall while having the appropriate ALF solution in the way will simply drop these kinds of packets. There are even 'solutions' out there that will let you run any application (that may use any port) through your firewall over port 80 (the port that's always open, as it's for HTTP).
You might think ISA Server would be slow because it scans the network traffic; it is actually very fast, as it is able to handle up to 1.5GB/s. A basic ASIC chip optimised to run a packet filer (this is the case with many firewall vendors) is most of the time a lot slower than ISA. The average speed of an entry-level Cisco Pix firewall, for example, would be around 300MB/s. It is worth pointing out here that you can either purchase ISA as a dedicated appliance or 'build your own' - in which case the underlying hardware can be as powerful as you need (you can even configure an array of ISA Servers, which will load balance the traffic).
ISA Server can act very well as a front-end or back-end firewall (or simply as 'the firewall' in small to medium environments); but for bigger network environments, it is highly recommended to use ISA Server as a back-end solution in conjunction with another third-party firewall. There are three reasons for this: Firstly a front-end firewall will take off most of the network load by reducing dramatically the amount of traffic being sent to the DMZ or internal network. Secondly, it is a good practice to use different vendors for your front and back-end firewalls, because if one layer in your defence is compromised, you have another (Defence in Depth). And lastly, because ISA Server is designed to offer an extra layer of security to Exchange, SharePoint and IIS mainly (we understand exactly what that traffic looks like and are able to work with it on its way through). It is obviously able to provide extended security to any web server or application.
In the Exchange case, for example, the authentication mechanism is performed by the ISA Server itself and no longer by the Exchange server. That gives you the insurance of only legitimate traffic being sent to your Exchange server, lowering your Exchange server load in the mean time.
ISA is also able to counter many attacks out of the box such as Windows out-of-band (WinNuke), Land, Ping of Death, IP half scan, UDP bomb, Port scan, DNS host name overflow, DNS length overflow, DNS zone transfer, POP3 buffer overflow and SMTP buffer overflow. This feature provides an enhanced way to protect your back-end servers from external but also from internal attacks from employees, which we see more and more nowadays.
Intelligent Application Gateway (IAG) Server 2007
IAG Server (formerly known as WHALE) is an SSL VPN appliance that considerably simplifies the way you can provide remote access to applications. The acquisition of IAG from Whale Communications was one of those instances where we liked the product so much, we bought the company.
Most SSL VPN solutions are hard to implement, because they do not work from most locations, due to an inability to install client-side software and/or due to firewall restrictions. With IAG Server you simply need a web browser (Internet Explorer, Firefox, etc) to get access to the published applications.
The uniqueness of IAG Server resides in the fact it will give remote users access to a specific application but not to the local network or servers themselves (the remote user's machine is never connected to the corporate network). To explain: IAG Server typically would not handle packets from layer one to six and will only send/receive packets from layer seven (application layer) to the remote user. In other words, it means the remote user does not even get a company's network IP address. So the user has absolutely no network access at all to a company network, but still he or she will be able to access published applications such as Outlook Web Access, Domino, SAP, WebSphere, SharePoint (just some examples of the predefined application-specific positive logic to protect back-end servers out of the box).
Out of the box IAG Server is able to work with 60 authentication vendors such as RSA Security, Vasco, Swivel, ActivCard Aladdin. It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+.
Another great feature is the 'attachment wiper'. This feature will systematically erase all traces of the session from the access device (with a pre-downloaded ActiveX or Java applet).
Every time the remote user logs off or simply closes the Internet browser, the applet will kick off and delete any trace, including cookies, user credentials memorised by the browser, URL entries, temporary files created by the downloading of files or any other mechanism during the user session. The 'attachment wiper' will overwrite seven times the disk clusters where those files were stored, making any reinstatement attempt technically impossible, even with the help of the FBI and NSA forensic tools!
The other main feature of IAG Server is its capability to instantly generate an 'endpoint report'.
IAG checks the remote machine to make sure that it conforms to corporate policy (i.e. what anti-virus signatures it is running, what patch level it is at or what version of any particular application is installed). Then, depending on the state of the machine and the user requesting access, it will dynamically limit access to specific features of the requested application. For example, we could define a rule, such that if a remote user does not have the latest version of the corporate anti-virus solution, he will not be allowed to upload any attachment to his emails.
IAG Server simply eliminates the risk of network attacks and operating system vulnerabilities as it only provides a means to access specific applications (or some of the features only) to approved users from approved machines.
I hope you have enjoyed reading this series of three articles - I have enjoyed writing them.Dave
Yesterday Darren Dillon and I presented the first of Microsoft Ireland's 'Longhorn Academy'. The Longhorn Academy is a select group of 120 Irish IT Professionals attend (mostly certified Microsoft professionals in Enterprise/UMM accounts). Here's most of us:
The Microsoft Technology User Groups in Ireland have got together to put on yet another great day-long conference for 2007. This year it's called the Irish Microsoft Technology Conference (last year it was the Irish .NET Developer Conference - but they had to drop the 'developer' because there is just so much content for IT Pros this year!!).
· When? June 7th, 9am till late.
· Where? Cineworld complex , Dublin
· Cost? 50 euros (to help the groups cover costs).
With 18 sessions from expert international and local speakers, this is one event that you will not want to miss! The event represents the largest ever Irish gathering of top-quality speakers on Microsoft technologies. They are covering everything from the newly-announced Silverlight and Expression products to WCF, Biztalk, SQL Server, Longhorn Server, Security, mobile development, Infocard, game development (our own Rob Burke even promises some Mindstorm robotics integration in his long-awaited talk on XNA). Have a look at the list below to get an idea of the sessions you will get to choose from. Visit www.mtug.ie/imtc for more details... or just bite the bullet and BOOK ONLINE now! It is sure to be sold out quickly.
Hope to see you there!
For quick reference, here is the list of sessions (visit www.mtug.ie/imtc for more details). You will get to attend six of the sessions.
· Building Silverlight Applications using .NET (Part 1 of 2) - by Tim Sneath
· Building Silverlight Applications using .NET (Part 2 of 2) - by Tim Sneath
· Visual Studio "Orcas" and AJAX - by Steve Marx
· Exploring Ajax Patterns - by Steve Marx
· Designing Ultimate Experiences with Expression Studio - by Carrie Longson
· Hacking Websites for fun and profit - by Barry Dorrans
· CLR User-Defined Types in SQL Server 2005 - by Hugo Kornelis
· How to Use Indexes to Speed Up Your SQL Server Database - by Hugo Kornelis
· Service Broker - processing work asynchronously - by Simon Sabin
· Windows Server Code Name ‘Longhorn’ - by Dave Northey
· Visual Studio for DB Pros (aka Datadude) - by Alan Crowley
· Microsoft’s Virtualisation Strategy and Products - by Dave Northey
· Forget Passwords! Implementing CardSpace in Web Apps & Services - by Dominick Baier
· Windows Mobile Development - by Andy Wigley
· Game development with XNA - by Robert Burke
· BizTalk and RFID - by Gar Mac Criosta
· WCF Essentials – what everyone needs to know about WCF - by Paul Fallon
· Hardcore WCF – WCF Internal, customising WCF and how the bits work - by Paul Fallon
I've just been building my demo machines for an event I have tomorrow. One of my demos is configuring a Core Server installation - so I figured I'd share the effort.
When the Core installation is finished, you have a server with an unknown name, with a blank administrator's password in a workgroup.
To get it configured you'll need these commands:
net user administrator *hostnamenetdom renamecomputer <ComputerName> /NewName:<NewComputerName>netsh interface ipv4 show interfacesnetsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP>index=1netdom join <ComputerName> /domain:<DomainName> /userd:<UserName> /passwordd:*
And a few optional ones:
Cscript C:\Windows\System32\Scregedit.wsf /ar 0WinRM quickconfigcontrol timedate.cplcontrol intl.cplSlmgr.vbs -atostart /w ocsetup /?
Have fun, Dave.
There's going to be a lot of TechEd online this year.
The place to extend the Tech·Ed experience online! Easily access Tech·Ed content – including webcasts, virtual labs, podcasts – when you want, where you want. Gain the technical education you need to build, deploy, secure & manage solutions.
There's already a few webcasts available, including Bill Gates Discussing Hardware Innovation.
So, the Windows Hardware Engineering Conference (WinHEC) was on the other week in Los Angeles. I didn't get to go, but would have liked to. There is some really great content on the main site plus a load of videos of the keynote presentations.
There's also a bunch more videos at the Virtual WinHEC site.
If you've got the time and want to find out what's going on in the world of hardware, I recommend you dip in and out of soome of these.
Just a reminder to everyone in Cork - I'll be down delivering a session on Windows Server 2008 (Longhorn) on Monday 18th June for MTUG (Microsoft Technology Users Group). I'll be in the Imperial Hotel on South Mall from 19:00 - 21:00. Everyone is welcome, but you should register here.
See you on the 18th.
I've put my Windows Server Longhorn presentation here.
Get it whilst it's hot! Just stumbled across this.