Windows’ file server service bears the official name of SMB, which stands unhelpfully for Server Message Block. (Blame IBM, not Microsoft, because an IBM guy first designed it.) SMB has changed little over its roughly 25 years of life, with its biggest changes being support of somewhat bigger block sizes so as to be able to make use of networks faster than 100 Mbps (appeared in 2000), the ability to handle multiple paths, and the addition of digital signatures so as to foil man-in-the-middle attacks (appeared in 2001).
Windows Server 2012 R2 sports a somewhat reworked version of SMB that handles slow networks better, handles encryption more intelligently, cranks up throughput on file transfers, and supports PowerShell.
File Server Resource Manager
You can manage data stored on a file server using the tools in File Server Resource Manager. Some of the tools included help you to automate classification and reporting and manage files and quotas.
With Dynamic Access Control’s File Classification Infrastructure you can control and audit access to files on the file server. You can now get more control on how your files are classified on your file servers. With the enhanced features, classifying files can be done manually or automatically.
You can read more about this topic starting in“Files, Folders, and Basic Shares.” Web-based Services
Finally, there’s the subset of the Internet that’s become more important than all the rest of the Net put together: the Web and related services. They’re important to Windows, and they saw some big changes in 2012 R2.
Web Server IIS
Windows’ file services may not have changed much over the years, but that’s not the case for Windows’ web server. One key to hardening any server product is to keep the amount of code exposed to the Internet to a bare minimum; if a web server can support, for example, something called FastCGI but your website doesn't need FastCGI, then why run FastCGI on an Internet-facing server and risk the possibility that someone discovers a way to use IIS’s FastCGI to hack the server? Clearly you wouldn't, so it’d be nice to just strip your web server software of the things that you aren't going to need. (Security folks call this “minimizing the attack surface.” Sometimes we think they play too much Halo.)
The perfect web server, then, would be composed of dozens of small modules, each of which could be removed or added as needed to allow the web administrator to build a web server that did exactly what she needed it to do...but no more. That was the guiding light for Windows Server 2008’s IIS 7.0, a complete overhaul of IIS including some of the latest security technologies, including WinRM. (When you’re doing remote administration of an IIS 7 box, you're using that protocol rather than RPC.)
Knowing how companies live and breathe on the Internet in today’s market, we would expect no less from Microsoft than for it to wave its technology wand across the web server. With the release of Windows Server 2012 R2 comes the newest version of the web server, IIS 8.0.
IIS 8.0 has also received a wealth of new rich features to administer and secure your website. Here are a few important changes made in IIS 8.0:
[caption id="" align="alignnone" width="639"]
WHAT’S NEW IN WINDOWS SERVER 2012 R2[/caption]◆ Application initialization
◆ Dynamic IP address restrictions
◆ Centralized SSL Certifi cate Support
◆ CPU throttling
◆ FTP logon attempt restrictions
◆ Server Name Indication (SNI) support
◆ Improved SSL and confi guration scalability
◆ Support for multicore scaling on NUMA hardware
Even if you’re not a webslinger by trade, it’s never a bad idea to understand the current Windows web server—so don’t skip Chapter 19, “Web Server Management with IIS.”
FTP Server
Microsoft gets some things right and some things wrong. In a few cases, the company gets things terribly wrong, as was the case with the built-in File Transfer Protocol (FTP) server software that shipped with Windows for the past 15 years or so. It was so clunky, was so diffi cult to confi gure, and offered such minimally useful logs and an inability to confi gure things that should have been childishly easy to confi gure (such as user home directories) that
just about everyone who needed a Windows FTP server ended up shelling out a few bucks for a third-party FTP server. Starting with Windows Server 2008 and R2, however, things changed considerably. As far as we can see, Microsoft tossed out all the FTP server code and rebuilt it from scratch. In Windows Server 2012 R2, they also added the ability to restrict the number of failed logon attempts that can be made to an FTP account in a certain period. So if you need a Windows-based FTP server, fl ip over to the IIS chapter to learn about the new changes to the FTP server.
Post a Comment