by CIO Staff

Microsoft ‘Longhorn’ Aims for Server Security

Aug 24, 20063 mins
IT Strategy

While not due for general release until this time next year, Microsoft’s next-generation server platform, code-named Longhorn, will be a more secure, manageable and modular operating system, according to the company.

During his presentation at this year’s Tech.Ed conference in Sydney on Wednesday, Microsoft server division senior product manager David Lowe said security, reliability and performance are the prime concerns of people running servers, and the company has focused its development efforts on those areas.

“We looked at the way services work in the operating system and reduced the surface area of those services,” Lowe said, adding that the right services now run under the right privileges.

Other security enhancements include the Bitlocker volume encryption tool and ability to selectively block new device installations.

While Vista and Longhorn is a shared development project with 70 percent to 80 percent common code, Lowe said Microsoft has not yet announced the official name for the server, but will do so “soon.”

Conceding the company’s TCP/IP stack hasn’t changed since Windows 95, Lowe said Longhorn’s stack is a complete redesign and supports IPv4 and IPv6 natively.

“No additional configuration needs to be done, and Longhorn has expanded IPSec integration,” he said.

“TCP can now auto-tune packet size based on the network, and the enterprise QoS allows us to mark packets at the protocol level and prioritize traffic—for example, with VoIP.”

The new Windows Firewall with advanced security supports three different profiles and additional configuration options down to the IP address, computer and user levels.

Also new is Network Access Protection (NAP), which can be used to provide a statement of health that is checked against a preconfigured policy. NAP supports DHCP, VLAN, 802.1x, and IPSec.

Windows servers have long been tethered by the requirement of a GUI, but this all changes with Longhorn’s new “Server Core” architecture.

“People use servers for certain roles and configurations, [and] if you don’t need any graphical applications, you don’t need a GUI,” Lowe said. “You can run your server in a headless scenario increasing the reliability and security.”

The core server roles are DNS, DHCP, File and Active Directory, but if you need anything else, you need a full installation.

Other new features include a server monitoring and management tool, a rebuilt Active Directory, and Terminal Services that support end-to-end encryption and smartcards.

Longhorn will ship with version 7.0 of the IIS Web server, which now sports a modular architecture with 40 installation components.

IIS 7.0 has a built-in management console running over HTTP, but will be integrated into Server Manager by the time it is released.

Regarding virtualization, Lowe said Longhorn won’t ship with the new hypervisor, but the Windows Server Virtualization will be available within six months of Longhorn’s release. This means it may not appear until 2008.

-Rodney Gedda, Computerworld Australia

This article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.