Windows Server 2003: A Worthy Upgrade?

Thursday Sep 18th 2003 by Steven J. Vaughan-Nichols

While blessed with across-the-board improvements in speed and management options, Microsoft's biggest and best server OS yet also has more than its fair share of teething problems.

Let's start with the best news about Windows Server 2003 — this is Microsoft's fastest server operating system ever for the bread and butter of networking: file and Web page serving. That's no hype. Server 2003 blows the doors off NT and W2K Server, races by untuned Samba on Linux, and bounds by Apache on Linux.

Its Active Directory (AD) implementation is also worlds better than W2K's, and, best of all, you can finally upgrade to AD from NT domains without tears. See our Practically Painless NT to Windows Server 2003 Migration Special Report for details.

There is one fly in the AD soup, though. Server 2003 AD Domains can operate in one of four modes: Mixed mode; Server 2003 Interim, which you can think of as Mixed mode for most purposes; Native; or Server 2003 mode. In Mixed mode, both NT 4.0 and Server 2003 Domain Controllers can be used.

With Mixed mode, you can always take your network back to being a NT 4.0 Domain, but once you go Native, there's no going back. On the positive side, you do get to enjoy such features as group nesting, universal groups, and more power to restructure Domains the same way you do now with W2K Native AD.

But to really get the best stuff in the new AD, such as the power to rename any domain in your forest and change the DNS name or NetBIOS name of any child domain or even the forest root domain, all your servers must be in Server 2003 mode, which means all your servers must be running Server 2003. That would be a major pain in anyone's IT wallet.


While we all love file and Web server speed, a well-tuned Samba setup can give Server 2003 a run for the winner's cup and does so at a far lower price. And, TUX, a Red Hat-designed Web server, can run neck and neck with Internet Information Server (IIS) 6.0 all day long. But IIS 6 does have more than just raw speed going for it.

IIS 6 includes a new kernel-mode driver, http.sys, which handles Web requests that renders the overall Web server immune from common Web applications failures. In the past, an application failure could take down IIS and all its Web sites.

With IIS 6, on the other hand, if a single Web service application fails – because an SQL Server request fails, for example – the Web Server automatically creates a new, identical twin process to service any outstanding requests. If that also falls on its face, the process is permanently closed, but the other Web servers keep right on going. The net effect is that IIS is much more stable.

IIS 6 also uses application pools and multiple worker processes to better manage Web applications. The easiest way to think of this is that in Server 2003, IIS 6 runs virtual machines for each Web site being serviced. Combine this with improved load balancing and interprocess communications (IPC) – one of IIS 5's weakest points – and you have both a more sprightly and more stable Web server.

But in order to use all of this, your Web designers will need to learn to use IIS 6's application programming interfaces (APIs). Older applications will still work in a backward-compatible mode. They'll still run faster than on W2K and IIS 5, but they won't nearly as fast as they could, and they won't get many of the stability benefits that IIS 6 offers.

Page 2: Continued...

Unfortunately, this backward-compatibility comes with a price. You can either run Web applications with the new application pool/worker process mode or the old Inetinfo services mode, but not both.

The real worry with http.sys, and thus IIS 6, is that by operating at the kernel level, if a cracker does manage to break into the Web server, the entire operating system is open for their manipulation. Microsoft tried to make IIS 6 more secure, but Blaster has shown everyone that Microsoft is still a long, long way from living up to its security promises.

Security and Other Issues

In fact, how many server operating systems have received a security warning from the Department of Homeland Security? Well, OK, the rest of Microsoft's server family, but Server 2003 was supposed to be the most secure Windows operating system ever. It simply isn't living up to its hype in this area.

If security is your major concern, you're better off with Linux or one of the BSD operating systems. No, they're not perfect either, but practically speaking, you're much less likely to have your servers compromised using these OSes than you are with Server 2003.

Another problem with Server 2003 is that almost none of your older server applications will run on Server. For example, if you want to run Exchange Server, you must first wait for a version that will run on it to come out, namely Exchange Server 2003, and then pay for the upgrade.

Do you begin to see a common theme here? To get the most from AD, all your machines must be upgraded to Server 2003. And to run your normal, work-a-day server applications, you must upgrade your applications.

Frankly, upgrading to Server 2003 isn't just a matter of upgrading one machine here, a department there, and so on. To really get the goods, Microsoft wants you to shift your entire enterprise to Server 2003 and Server 2003-compatible applications.

That's not news. All software companies want you to do that. But Microsoft seems to be forcing the issue with their failure to adequately support not just their older server programs, but their current generation as well. Honestly, given the costs of such upgrades, it's hard to see any company making such a move anytime soon.

Yes, there's a lot to like about Server 2003, but the bad news is that with its high price tag, when you look at the costs of a complete deployment, as well as ongoing security concerns, a wise CIO or server administrator is going to continue running existing server operating systems for a long time to come.

This feature originally appeared on EITPlanet.

» See All Articles by Columnist Steven J. Vaughan-Nichols

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved