Archive for July, 2012

What would you choose? Flexibility vs. Disk Space

Hard DiskWith Windows Server 2012, Microsoft has changed its Server Core strategy. In short, Microsoft now focuses on the flexibility to switch the Graphical User Interface (GUI) from a full installation to a minimal shell and even further down to server core, instead of reducing the disk space needed to run the Operating System. (the ‘disk foot print’)

Is this bad?

Many systems administrators will tout the advantages of a small disk foot print in the following ways:

  1. Faster to implement
    With less data on a (virtual) disk, the Operating System can be deployed faster initially. When deploying over the network, less data needs to be transmitted, resulting in a faster deployment and also less strain on the network.
      
  2. Less hardware needed
    If you need less disk space, you can use cheaper disks in your systems. When deploying virtual servers, less expensive SAN storage is needed.
      
  3. More secure
    Less data on a disk results in a significantly smaller attack surface. If there’s less code in use, then less errors in code can be leveraged.

However, these three arguments are moot points.

First of all, I’ve rarely seen an admin sitting idly by a server watching it install its Operating System. If he/she is not documenting what he/she just did or already preparing next steps in the deployment process, he/she is probably checking out social media or solving another incident.

Second, disk hardware is not expensive anymore. The difference between a Server Core installation and a Full installation in Windows Server 2008 R2 is 7GB. You cannot buy physical disks in this size range. Also, on SAN storage, disk deduplication significantly decreases the factual disk foot print on the SAN itself.

The third point is a bit harder to debate, although the ‘in use’ part is the actual part of the sentence that makes the difference. While Server Core installations in Windows Server 2012 have a bigger disk foot print, a smaller percentage of that code is actually in use when you compare it to Windows Server 2008 R2-based Server Core installations. As I’ve explained in my blogpost Permanent Link to Updating Server Core and switching GUIs, a Server Core installation differs from a full installation by the amount of GUI-related features hardlinked to in the Side by Side store in the C:WindowsWinSxS folder, which in turn is linked to the C:WindowsServicingPackages folder.

Graphical

The diagrams below illustrate the differences in disk foot print between Server Core and Full installations of Windows Server 2008 R2 and Windows Server 2012:

Comparison of Server Core Disk Foot Print and Attack Surface between Windows Server 2008 R2 and Windows Server 2012

The real impact

Apart from the flexibility Microsoft is giving us to switch between the full Graphical User Interface and more minimal user interfaces, there is some real impact with Microsofts new Server Core strategy. One of the most prominent areas of impact is virtual migrations, whether they are Storage vMotions, Storage Migrations (with System Center Virtual Machine Manager), Live Storage Migrations or Shared Nothing Live Migrations: Migrating the storage for a virtual machine running Server Core will take longer, since there is more disk data to transfer.

The alternative

An alternative way Microsoft could have shaped its new Server Core strategy would be with a ‘net-install’. We see these kinds of installs regularly with Linux flavors, where the base installer is run from a setup/live disk and every add-on component is downloaded from (distributed) repositories on the web. Given the recent certificate collision attacks on the Windows Update functionality, I think it’s a good thing Microsoft decided not to pursue this idea. It will be hard to guarantee the integrity of system files when you need to get these from the web.

What do you think?

Do you think Microsoft did the right thing to hand us the flexibility of switching GUIs in the way they did it, would you go for the alternative or would you fix Server Core in a whole other way?

Updating Server Core and switching GUIs

windows_update_icon-120x120Windows Server 2012 offers new capabilities related to Server Core. As I’ve mentioned before, it is now possible to switch the Graphical User Interface (GUI) mode after initial installation. This new capability allows us to configure a Windows Server system to our needs, using the interface we know and love, and then afterwards make it run in Server Core mode for optimum performance and security.

Applicable updates

One of the configuration steps you might want to perform in the Full Graphical Interface (known as ‘Full installation’) is running Windows Update using the familiar Windows Update interface:

WindowsUpdateWinServer2012

This will install all applicable updates to a Windows Server, including updates for the Metro Start Screen and Internet Explorer. However, when you don’t intend to use the server as a Terminal Server and intend to convert it to a ‘MinShell’ or ‘Server Core’ installation, you might think these updates are of no use.

You may opt not to run Windows Update when in Full Installation, and run sconfig.cmd after converting the server to a more optimum GUI mode and install the applicable Windows updates from the command line then. This approach has a downside, though. If you need to switch back to a full installation or ‘MinShell’ installation, the system would be vulnerable immediately after the required reboot.

For instance, if you need to change the binding order of network interface cards (NICs) and convert the box back, because it’s so darn easy in the graphical interface, then, you would miss updates for every component introduced, since the last Service Pack.

So, updating in the Full Installation initially isn’t such a bad idea when you’re getting started with Server Core in Windows Server 2012. I would even recommend it, if you’ve not been using Server Core in Windows Server 2008 or Windows Server 2008 R2.

Disk space penalties

Luckily, when you run Windows Update, the penalty in disk space is minimal.

As you might be aware, since switching GUIs in Windows Server 2012 does not require the installation media, the bits for all three GUI modes are already on the disk.

Under the hood, when you apply Windows updates to Windows Server 2012, you update the files in the Side by Side store in the C:WindowsWinSxS folder, which in turn is linked to the C:WindowsServicingPackages folder.

Switching GUIs and adding/removing Server Roles and Features simply enables and disables hard links to files in the Side by Side store. Updating in Windows Server 2012 involves updating the files in the Side by Side store and, therefore, updates the files in use through these hard links.

This is also the reason why switching GUI modes in Windows Server 2012 doesn’t free up the amounts of disk space we’re used to when comparing Server Core installations to Full installations in Windows Server 2008 and Windows Server 2008 R2. A vanilla Server Core Installation takes up 9 GBs of hard disk space, where a vanilla Full Installation fills up 12 GBs of hard disk space with data.

Freeing up disk space now, more than ever, involves removing the installation files for GUI modes, Server Roles and Server Features. More information on this process is available here. Since this limits the possibilities for the Windows Server installation to perform tasks and provide services in the network, this is not something to take lightly. Of course, when configuring highly customized Windows Server installations you might, if you need security and/or performance and disk space is of the essence.

Concluding

One area of Server Core you don’t have to be concerned with when switching the Graphical User Interface (GUI) in Windows Server 2012 is Windows Updates.

Microsoft has created a delicate balance where new Server Core admins can enjoy updated systems by simply performing maintenance tasks in Full installation mode, while also enabling more seasoned Server Core admins to tweak the box further in terms of used disk space.