Less annoying: Longhorn Server

At Tech.Ed 2006 in Sydney last week, I managed to corner Windows Server Senior Product Manager David Lowe to talk about what Microsoft is doing in Longhorn Server.

He was surprisingly frank, saying that IT professionals have been complaining to Microsoft constantly, “why can’t I do this, why can’t I do that, this is always a pain. This is always a problem" in relation to Windows Server.

However, Lowe says Microsoft is working hard to improve some of the fundamentals of Windows Server that have been annoying system admins, like restarting domain controllers and Active Directory.

Paul Schnackenburg: How different is the shipping version of Longhorn Server going to look from beta 2?

David Lowe: I think beta 2 was actually a very good snapshot of what the final product will look like. We wanted to concentrate on some key roles that were important for us to test the quality of because they’re roles that Windows Vista will work very closely with.

So, things like Terminal Services because we’re going to be building that new client into Windows Vista, Network Access Protection because again that client is built in. IIS because IIS will be available in Windows Vista.

However, if there were 17 roles available in beta 2, it’s probably not going to go much above 20 in the final product.

Paul Schnackenburg: One of the new things in the new TCP/IP stack is SMB (Server Message Block) version 2. What's new in SMB2?

David Lowe:SMB 2.0 provides a number of key improvements that relate to file sharing that for example can improve performance across WAN links and this helps customers with branch office scenarios where there might be a high latency in the connection and that can lead to dropped connections.

So one of the things that it enables for example is offline file caching and if you’re familiar with how Office 2003 works against a Exchange Server 2003 you have your offline store and in a similar way a person on Windows Vista communicating with a Longhorn server accessing a file in a shared folder.

We actually cache the file locally and if the communication were to be dropped or the connection were to be dropped they would continue working on that local copy in a seamless fashion.

And then in the background when the connection is re established the rights are made and again the user doesn’t even see, isn’t even aware that there was a problem.

Paul Schnackenburg: So this is not offline folders like we have in XP today where you can say yes I want those cached to my machine, definitely. This just happens in the background?

David Lowe: Correct. This, of course offline files as you understand them is still available with Windows Vista and with Windows Server Longhorn but this is something that’s provided by SMB 2.0. Which also improves the way you can have multiple opens on a file and it takes care of locking and multiple access to a file.

It increases the number of shares that you can have and the number of files that can be accessed through a share. It also provides for mutual authentication and provides better support for encryption. And greater performance for encrypted files as well.

One other thing that then, although not directly related to SMB 2.0, but coming to file replication. We’re going to do on demand file replication as well so that a user for example in a branch office might see that a file is available on a share and although that share might be local and it’s been replicated off for example a centrally located share it’s only the first time that they actually click on it that the file will be replicated.

So that’s on demand replication. They see if you like a ghost of that file, they see that it’s present but the replication only occurs when they request it. And of course the administrator can control how that happens.

Paul Schnackenburg: I think you said in your presentation if I understood you correctly, now that we’ve got IP v 4 and IP v 6 in the same stack and they’re both online all the time. If you have a Vista client and a longhorn server will they talk version 6 to each other automatically?

David Lowe: That’s correct.

Paul Schnackenburg: Does that also work between two Vista clients?

David Lowe: Yes it does and in fact, although I’m not the Windows Vista product manager I do know for example that one common customer scenario that Windows Vista helps with is the ability to do ad-hoc peer-to-peer networking or peer networking.

A great scenario that that enables is if you and I were sitting here and we’re both running Windows Vista and I had maybe a PowerPoint deck and you said “that’s great, can I have a look at that?”

I could on an ad hoc basis share it with you. Even though we’re not connected to the same domain or anything like that and I would be able to offer you that file and you’d be able to open it up and we could collaboratively work on the same PowerPoint and IP v6 enables that through that ad hoc networking.

Paul Schnackenburg: Could you talk a little bit about Read Only Domain Controllers (RODC)? And where you see those fitting in?

David Lowe: RODC really are most applicable to customers with branch offices and as I mentioned earlier approximately 55% of enterprise customers have branch offices and have employees that are working outside of corporate head quarters. That’s 9.5 million customers that are operating in that kind of environment.

This builds on a lot of the branch office work we did in Windows Server 2003 R2 where we made it easier for administrators to be able to manage branch office resources. For example, the file replication system/services that we included with DFS replication and DFS namespaces, the new remote differential compression algorithm that we use that copies only the deltas out to those branch offices. The new print management console.

This is a great example of how the technologies we build into our platform reflect the new business challenges that most customers are facing. And that’s why were making quite a big investment in technologies that can help to improve the branch office experience.

As I mentioned there’s the RODC that will provide a better authentication and authorization experience for employees that are logging on in a branch office and it provides for a better experience for the IT professional as well because not only can they deploy a read only DC to a branch office they can actually delegate administration.

We’ve got a new administrative account or administrative group which is specific to the branch office that allows somebody in the branch office just to manage that domain controller. Of course, we still want to make sure that this doesn’t introduce potential risks with regard to a corrupted directory from a branch office replicating around the network and that’s why it’s a non writable copy of the directory.

So it provides a better experience for that end user without introducing any kind of inherent risks. And then because in a branch office you can’t necessarily ensure the physical security of a server, that’s why we let the administrator decide whether they want the passwords to be cached on that server or not.

So when a client first connects to their local read only domain controller, it will not actually authenticate them. It will forward the request to a central domain controller but then when the request is handled and passed on to the local client the local RODC will say “I need a copy of that credential” so that the next time they logon I’m able to handle that request. Of course you wouldn’t want thousands of these replicating everywhere; you only want those users who need their credentials cached. You choose as an administrator whether you’re happy with the passwords being physically stored on the box or not.

We also provide a re-startable domain controller service in Windows Server Longhorn and that means it will be easier for an administrator to remotely stop that domain controller service if they need to do maintenance on the server.

Paul Schnackenburg: Yes!

David Lowe: Without having to, for example, bring down the entire server and potentially affect users that are trying to do local printing or accessing files locally or a local intranet server. Again this is a much more flexible option and again it’s thinking of that branch office environment.

Paul Schnackenburg: Excellent. So the re-startable service is that just on the RODC or on all domain controllers?

David Lowe: No this is on all domain controllers.

Paul Schnackenburg: So you can actually restart Active Directory?

David Lowe: Yes. Many of the things in Windows Server Longhorn really what we think is that we’re addressing the IT Professionals wish list. It’s like the IT professional saying “why can’t I do this, why can’t I do that, this is always a pain. This is always a problem”.

So we’re very much basing the improvements we’re making in the product around what customers have told us they need to be able do and that’s going to make IT professionals more effective and have to spend less time managing and maintaining more time adding business value.