The Rationale for Windows Server Core

The need for something like the Windows server core installation option of Windows Server 2008 is pretty obvious. Windows Server today is frequently deployed to support a single role in an enterprise or to handle a fixed workload. For example, organizations often deploy the DHCP Server role on a dedicated Windows Server 2003 machine to provide dynamic addressing support for client computers on their network. Now think about that for a moment- you’ve just installed Windows Server 2003 with all its various services and components on a solid piece of hardware, just to use the machine as a DHCP server and nothing more. Or maybe as a file server as part of a DFS file system infrastructure you’re setting up for users. Or as a print server to manage a number of printers on your network. The point is, you’ve got Windows Server 2003 with all its features doing only one thing. Why do you need all those extra binaries on your machine then? And think about when you need to patch your system- you’ve got to apply all new software updates to the machine, even though the functionality that many of those updates fix will never actually be used on that particular system. Why should you have to patch IIS on your server if the server is not going to be used for hosting Web sites? And might not having IIS binaries on your server make it more vulnerable even though the IIS component is not actually being used on it or is even installed? The more stuff you’ve got on a box, the more difficult it is to secure (or to be sure that it’s secure) and the more complex it is to maintain.

Enter the Windows server core installation option of Windows Server 2008. Now, instead of installing all of Windows Server 2008 on your box while using only a portion of it, you can install a minimal subset of Windows Server 2008 binaries and you need to maintain only those particular binaries. The value proposition for enterprises of the Windows server core installation option is plain to see:

• Fewer binaries mean a reduced attack surface and, hence, a greater degree of protection for your network.

• Less functionality and a role-based paradigm also mean fewer services running on your machine and, therefore, again less attack surface.

• Fewer binaries also mean a reduced servicing surface, which means fewer patches, making your server easier to service and orienting your patch management cycle according to roles instead of boxes. Estimates indicate that using the Windows server core installation option can reduce the number of patches you need to apply to your server by as much as 50 percent compared with full installations of Windows Server 2008.

• Fewer roles and features also mean easier management of your servers and enable different members of your IT staff to specialize better according to the server roles they need to support.

• Finally, fewer binaries also mean less disk space needed for the core operating system components, which is a plus for datacenter environments in particular.

The Windows server core installation option of Windows Server 2008 is all of these and more, and it’s included in the Standard, Enterprise, and Datacenter editions of Windows Server 2008. Windows server core is not a separate product or SKU-it’s an installation option you can select during manual or unattended install. And it’s available on both the x86 and x64 platforms of Windows Server 2008. (It’s not available on IA64 and on the Web edition SKU of Windows Server 2008.) The bottom line? The Windows server core installation option of Windows Server 2008 is more secure and more reliable, and it requires less management overhead than using a full installation of Windows Server 2008 for an equivalent purpose in your enterprise.

A Windows server core server provides you with minimal server operating system functionality and a low attack surface for targeted roles.

Source of Information : Introducing Windows Server 2008