To
help organize and manage the expanded functionality of Windows Server
2008 R2, the platform continues to use the roles and features paradigm.
The roles and features enable administrators to add and manage
functionality in coherent blocks. This includes tools to summarize,
manage, and maintain the installed roles and features.
Roles in Windows Server 2008 R2
Server roles in Windows
Server 2008 R2 are used to organize the functionality of the operating
system. The server roles are an expansion of the server roles of
previous versions of Windows, with significant enhancements. Roles
usually include a number of related functions or services that make up
the capabilities that the server will offer. A role designates a primary
function of the server, although a given server can have multiple
roles.
Windows Server 2008 R2 includes the following roles:
Active Directory Certificate Services
Active Directory Domain Services
Active Directory Federation Services
Active Directory Lightweight Directory Services
Active Directory Rights Management Services
Application Server
DHCP Server
DNS Server
Fax Server
File Services
Hyper-V
Network Policy and Access Services
Print and Document Services
Remote Desktop Services
Web Server (IIS)
Windows Deployment Services
Windows Server Update Services
Within each role, a number of
role services make up the role. The role services allow the
administrator to load only the specific services that are needed for a
particular server instance. In some cases, such as for the DHCP Server
or DNS Server roles, the role and the role service are one and the same.
In other cases, the role will contain multiple services that can be
chosen. For example, the File Services role contains the following role
services:
File Server
Distributed File System
DFS Namespaces
DFS Replication
File Server Resource Manager
Services for Network File System
Windows Search Service
Windows Server 2003 File Services
Indexing Service
BranchCache for Network Files
Adding a role and role
services installs the binaries (that is, the code) that allow the
services to function. There is typically additional installation and
configuration that needs to be done after the roles are installed, such
as for the Active Directory Domain Services role.
Only loading the roles
required for each server and, thus, only the appropriate binaries,
reduces the complexity, the attack surface, and the patch surface of the
server. This results in a more secure, less complex, and more efficient
server—in short, resulting in fewer headaches for the administrator who
has to manage the server!
Note
The patch surface of a server is
the code in the server that requires patches to be applied. This can
increase the need for patches and, thus, downtime, as well as
administrative overhead. If code is installed on a server, it needs to
be patched even if that particular code is not in use on a server. This
is analogous to the attack surface of the server.
A good example of this is the
Web Server role. If a domain controller has the Web Server role added,
any patches that apply to the code base of the Web Server role need to
be installed. This is true even if the services are disabled or just not
used. Thus, the patch surface of the domain controller has been
increased.
However, if the domain
controller only has the roles (and, thus, the code) for the roles it
needs, the patches for other roles will not need to be applied to the
domain controller. Thus, the patch surface of the domain controller has
been reduced.
Features in Windows Server 2008 R2
In addition to the roles
and role services, Windows Server 2008 R2 also has the ability to add
features. Features are typically supporting components that are
independent of the server role, but might provide support for a role or
role service. For example, a domain controller is configured with the
Active Directory Domain Services role. However, in some organizations,
the domain controller will also serve as a Windows Internet Naming
Service (WINS) server. WINS is a feature in Windows Server 2008 R2.
There are many different features in Windows Server 2008 R2, including the following:
NET Framework 3.5.1 Features
Background Intelligent Transfer Service (BITS)
BitLocker Drive Encryption
BranchCache
Connection Manager Administration Kit
Desktop Experience
DirectAccess Management Console
Failover Clustering
Group Policy Management
Ink and Handwriting Services
Internet Printing Client
Internet Storage Name Server
LPR Port Monitor
Message Queuing
Multipath I/O
Network Load Balancing
Peer Name Resolution Protocol
Quality Windows Audio Video Experience
Remote Assistance
Remote Differential Compression
Remote Server Administration Tools
RPC over HTTP Proxy
Simple TCP/IP Services
SMTP Server
SNMP Services
Storage Manager for SANs
Subsystem for UNIX-Based Applications
Telnet Client
Telnet Server
TFTP Client
Windows Biometric Framework
Windows Internal Database
Windows PowerShell Integrated Scripting Environment (ISE)
Windows Process Activation Service
Windows Server Backup Features
Windows Server Migration Tools
Windows System Resource Manager
Windows TIFF IFilter
WinRM IIS Extension
WINS Server
Wireless LAN Service
XPS Viewer
The features are installed with the Server Manager Add Features Wizard. To add a feature, execute the following steps:
1. | In the Initial Configuration Tasks Wizard or Server Manager, click the Add Features link.
|
2. | Select a feature or set of features.
|
3. | Click Next to accept the selected features.
|
4. | Click Install to install the selected features.
|
5. | Click Close to exit the wizard.
|
6. | Close the Server Manager window.
|
The feature will now be installed.
Note
Unlike previous versions
of Windows, all the binaries for Windows Server 2008, Windows Vista,
Windows 7, and Windows Server 2008 R2 are installed in the
C:\WINDOWS\WINSXS directory. All the components—that is, roles and
features—are stored in the WINSXS directory. This eliminates the need to
use the original DVD installation media when adding roles or features.
However, the trade-off is that
the WINSXS folder is more than 5GB, as it contains the entirety of the
operating system. In addition, it will grow over time as updates and
service packs are installed. For a physical machine, the additional disk
space is not much of an issue. However, for virtual machines, it means
that there is an additional 5GB of additional disk space that has to be
allocated for each and every Windows server.
