Windows Server 2003 Add-Ons, Part 2by Mitch Tulloch, author of Windows Server 2003 in a Nutshell and the upcoming Windows Server Hacks
In a previous article we looked at some of the feature packs available for Windows Server 2003. Feature packs extend the capabilities of Windows Server 2003 in various ways, and help you get the most out of your Windows-based network. In this article I'll cover three more feature packs that can be useful in enterprise environments.
WSRM is an add-on that lets you allocate CPU and memory resources for server processes. This can be a big help if you have several business-critical applications running on your server and want to ensure each gets its own fair share of resources. WSRM manages resources from a standard MMC console that lets you create resource allocation policies based on process matching criteria you define. In Figure 1 for example, a policy called DayTimePolicy allocates CPU usage to three processes: BizCrit (a business-critical CRM application), Batch (a batch-mode accounting package), and Default (any other applications running on the server). Note that BizCrit has been allocated 70% of CPU time to ensure its availability to users during the daytime, while Batch has only a 25% share of the CPU, since most of this applications processing is done at night.
Figure 1: The Windows System Resource Manager console.
A few things to note. First, these CPU limits are soft limits, so if Batch is not running then BizCrit can effectively utilize 100% of the CPU if no other applications are running. Second, when a soft limit is exceeded, WSRM logs an event to the event logs and can optionally send an email message to an administrator. Finally, kernel-mode system processes like lsass.exe and winlogon.exe are free from any resource restrictions, and a number of user-mode svchost.exe processes are also excluded, though the exclusion list for user-mode processes can also be modified.
Other functionality in WSRM includes a calendar, resource monitor, and accounting feature. The calendar lets you specify which policy applies to which time or day. For example, you could define another policy called NightTimePolicy that gives Batch priority for CPU usage during off-hours. Resource Monitor is basically an embedded System Monitor snap-in that gives you real-time information on resource usage. And Accounting lets you filter and export resource usage data to CSV files for importing into Excel to generate reports.
WSRM is a good first step for Microsoft in the area of real-time system resource management, and there are several places you could use it in the enterprise. If you're running several business-critical applications on IIS 6 for instance, you could use WSRM to allocate CPU and memory resources to each application pool on the machine. Another scenario could be when you have Terminal Services (TS) deployed and you want to allocate different TS resources to different groups of users. And developers can use it to help diagnose memory leaks for applications they are debugging.
WSRM runs only on Windows Server 2003 Enterprise Edition and comes packaged with the retail product as an extra CD, but if you've got a volume licensing agreement with Microsoft you can also download WSRM as a burnable .iso image. Microsoft also has an animated simulation showing how WSRM works, and it's well worth the half-hour needed to view it.
SUS 1.0 with SP1 is the latest incarnation of Microsoft Software Update Services (SUS), a tool for deploying patches across a network to Windows 2000, Windows XP, and Windows Server 2003 machines. SUS lets you download critical security updates from Microsoft, approve which ones you want deployed, and farm them out to machines that need them. The client-side of SUS is version 2.2 of Automatic Updates, which is included in SP 1 for Windows XP and in Windows Server 2003, but must be downloaded for earlier platforms. By configuring Automatic Updates (AU) to point to your SUS server instead of Windows Update, you can schedule how updates are downloaded and installed from your SUS server (see my previous article Tuning Automatic Updates for tips on tweaking AU scheduling).
Figure 2: Using the Web-based administration tool for SUS.
Think of SUS as a tool for small or medium businesses (SMBs) to ensure the security of their networks by keeping their machines patched and up-to-date. At the other end of the spectrum are home users, for which AU combined with Windows Update are enough, and large enterprises, for which a more suitable tool might be Systems Management Server (SMS). SMS is Microsoft's comprehensive solution for managing Windows-based networks (SMS 2.0 has its own SUS feature pack that integrates SUS functionality into SMS, while SMS 2003 has SUS functionality built-in).
SUS 1.0 with SP1 runs on any version/edition of Windows 2000 Server and Windows Server 2003. System requirements are modest, though make sure you have enough free disk space for the updates SUS downloads. SUS is easy to use (with its Web-based console) and easy to manage (using the new .adm templates you import into Group Policy). SUS runs on top of IIS and is one of the best things to come out of Microsoft's Trustworthy Computing Initiative. You can download the product here.
ADS is a tool designed to simplify the mass deployment of Windows onto bare metal machines that support the Preboot Execution Environment (PXE) standard. ADS includes a new set of disk imaging tools designed by Microsoft, certificate-based security, and a framework for remote execution of script-based installs. Figure 3 illustrates the main ADS console, which is simple in design and use.
Figure 3: MMC console for Automated Deployment Services.
If you're already familiar with Remote Installation Services (RIS) you might ask, why ADS? First, ADS is specifically tailored for high-speed deployment of server images only, including all versions/editions of Windows 2000 Server and Windows Server 2003. RIS on the other hand can be used for deploying both server and client operating systems, including Windows 2000 and Windows XP. Second, while RIS deployments are usually sequential and user-initiated (pull method), ADS is designed for hands-off, large-scale, administrator-driven installations (push approach). Third, while RIS mainly uses script- or file-based deployment methods, ADS exclusively uses images.
Fourth, ADS supports multicast deployments while RIS does not, and the speed of deployment using ADS is independent of the number of servers you are concurrently deploying (RIS servers can bog down quickly when large numbers of simultaneous installs are done). Other enhancements in ADS include an ability to deploy multiple volumes per computer, image-editing tools, storing images on SQL Server (or using MSDE instead), programmatic extensibility, and being able to use ADS without using Active Directory -- a big plus for back-room deployments.
To use ADS you must have a licensed copy of Windows Server 2003 Enterprise Edition and you have to use a .NET Passport account to register on Microsoft's web site. You also need volume-licensing media of the platforms you want to create images from (you can't use retail shrink-wrapped versions for this purpose). Microsoft has more information on ADS and you can download the ADS 1.0 feature pack here.
If you are planning on deploying Windows Server 2003 on your network, the feature packs I've discussed in this article and the previous one are definitely worth a look at. In a future article of this series I'll examine more tools you can download for Windows Server 2003 that can make your life easier.
Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.
Return to WindowsDevCenter.com.
Copyright © 2009 O'Reilly Media, Inc.