Windows Server 2008, formerly codenamed Longhorn, is the server counterpart to Microsoft’s client-side Windows Vista platform. Based on tests in IT Week Labs, we believe firms will find that this is the most significant Windows Server release to date, with a range of new features that will appeal to small and large IT operations alike.

Available from 27 February, Windows Server 2008 is designed to be easier to set up and manage than previous versions. It also has a range of new capabilities that mean many firms will need fewer datacentre software products from third-party suppliers to support security, virtualisation, remote offices and home workers.

However, one important feature that is currently lacking is virtualisation. Microsoft’s Hyper-V virtualisation technology is to be integrated into Windows Server 2008, but this support is still in beta. We will look at Hyper-V in more detail once it is finished, which is currently set for August 2008. For our tests, we installed several copies of Windows Server 2008 on virtual machines operated using VMware Workstation 6.

Having installed the new operating system, we immediately noticed a new emphasis on security. Before we could log into our new servers we needed to set a “strong” password – one that contains numbers and punctuation as well as letters. Although this is a good step forward, firms that have until now standardised on simpler passwords may initially find this change a little irksome.

Once logged in, Windows Server 2008 presents a new Initial Configuration Tasks wizard. We found this made it easy to perform the mundane but necessary tasks, such as setting the time zone, allocating a fixed IP address and changing the server’s name. As with other versions of Windows, a restart is needed after changing the server’s name.

We were pleased to find the Windows Firewall ready-enabled and initially configured to allow only core networking functions, such as responding to ICMP “ping” packets and router broadcasts, while allowing outbound connections. We were also pleased to see the Windows update utility needed to be configured by an administrator before it would automatically download or install patches.

Windows Server 2008 builds on the concept of server roles that was introduced in the Small Business Edition of Windows Server 2003. In that version, role-based installation tools made it easy for IT managers to configure a system to perform specific tasks without needing to install all the required components individually. We used the Initial Configuration Tasks wizard to launch the Add Server Role wizard and configure it to function in one of the available roles.

While this wizard was reminiscent of similar tools in Windows Small Business Server 2003, in Windows Server 2008 one wizard replaces multiple installation tools from earlier versions, making it much easier for IT staff to operate.

For our tests, we selected the Active Directory (AD) Domain Services role, and the wizard displayed some useful reminders about steps we should take once the wizard had finished. In particular it told us we would need to run dcpromo.exe (Active Directory promotion tool) to make our server a fully functional domain controller. The wizard then proceeded to install the software components and presented a final dialogue box that had a link to run dcpromo.exe. We used this link, and dcpromo performed some additional configuration tasks, including creating an AD forest and installing a DNS server.

Although Windows Server 2008 has plenty of new features that organisations will wish to deploy, many of them are not compatible with a range of existing systems. For example, dcpromo warned us that new cryptographic default settings would prevent some earlier versions of Windows and non-Microsoft SMB clients from working properly with a 2008-style domain controller.

As many IT managers will be expecting, such compatibility issues mean firms must carefully plan their upgrade strategies and not rush headlong into deploying Windows Server 2008 in critical infrastructure roles. In general, the new features found in Windows Server 2008 are often compatible only with client systems running Windows Vista and XP SP2.

By default, dcpromo configured our AD to operate in Windows 2000 compatibility mode. While this maintained compatibility with a range of older systems, it meant we could not use some of the new features in 2008. Once a domain in an AD forest is upgraded, that domain will then have access to the AD 2008 features.

In our tests, we found 16 roles available in the Add Roles Wizard, including various AD configurations, web server (IIS), and network services such as DNS, DHCP, File Services and Print Services. There are also 35 optional features, such as failover clustering, BitLocker Drive Encryption and a new PowerShell scripting tool, that can be installed using a second wizard.

Probably the most popular of the new roles is the Network Policy and Access Services, which includes Network Access Protection (NAP). This controls access to network resources based on a client computer’s identity and compliance with corporate policies.

NAP cannot guarantee client systems are free from malware or viruses, but it will help IT managers ensure that Windows Vista and XP client systems are up to date with the latest patches. Third-party suppliers may also produce plug-ins to support some other clients in the near future.

Another highlight is a huge overhaul of Terminal Services to make it easier to deploy and manage server-based computing infrastructure. Likewise, IIS has been overhauled and new web sites can now be deployed simply by copying an XML file to the appropriate location on the server. This is strikingly reminiscent of the way people configure the Apache web server and is likely to prove extremely popular with companies running multiple web sites.

A new option for Read Only Domain Controllers is a boon for large organisations because it vastly improves security for branch office deployments.

There’s also been a fundamental shift away from the Windows graphical user interface (GUI) and toward configuration by scripting. While the Windows GUI is still the primary interface that most managers will use to configure services and applications, the PowerShell subsystem enables many tasks to be performed using scripts instead. The advantage of scripts is they can be easily distributed to multiple systems and executed repeatedly without risk of errors from mistyping a parameter or clicking on the wrong on-screen button.

The logical conclusion of the concept behind PowerShell would be a Windows server that did not have a GUI interface. While there is no such option in Windows Server 2008, several server roles can be installed using a new Server Core option, each of which has only a very minimal GUI. The benefit of these systems is that they require much less patching and can function with fewer resources; servers need less RAM than they would if performing the same function while configured with a full Windows GUI.

In tests, we found the PowerShell installation utility had options to install Standard Edition, Enterprise Edition and Datacentre Edition Server Core configurations. Having selected the appropriate option, the installation completed in much the same way as it did for the GUI-based configurations.

Once installed, a Server Core system appears quite different to any other Windows system we have seen before. IT managers will need additional documentation and training in order to work effectively with Server Core configurations. We needed to configure our server core system’s name, IP address and other initial configuration settings using a text-based command line interface. Having done this, we were then able to connect to the server and configure it using remote management tools such as the Microsoft Management Console (MMC). Microsoft provides a guide to building a Server Core installation here.