One of the major criticisms of the Windows operating systems has always been the tendency to run more services than are absolutely necessary. While these are usually in place for convenience and to provide a better desktop experience, on the Server platform, this can mean security problems and additional components to maintain. The base installation of Windows Server 2008 is essentially a barebones operating system with only enough components to run the file system, desktop and the IP stack.

Each of the services that the server will be providing to the outside world, must individually be enabled and configured before it can go into production. On its own, this would be a lengthy and delicate process as the system administrator would have to carefully plan the interaction between the components ensuring that they were installed in the correct order to fulfill the prerequisite requirements for each service. To simplify this, Server 2008 has introduced Server Roles that are functionality-based rather than service-based. This allows the network administrator to quickly configure a server to fulfill a purpose while the server itself provides process guidance to ensure that the correct dependency and security planning has been fully considered.

Installing, configuring, and managing these roles becomes a much simpler process allowing the perfunctory maintenance tasks to be assigned to less expensive resources freeing other staff to concentrate on higher value tasks. This provides a rapid ROI and greatly reduces the training needs of a staff moving to the Server 2008 platform.

Configuring Roles

1. Navigate to Start | Administrative Tools | Server Manager
2. Select the Roles node in the left panel
3. Click Add Roles in the Main Panel
4. Select the Checkboxes for the Roles that are to be configured
5. Click Next
6. Follow the role-specific prompts ...

Understanding the Server Roles

While many of the roles will be familiar to administrators of previous versions of Windows Server, some of them are new or contain additional functionality that was not available. These form a stable enterprise platform that covers a broad range of server responsibilities.

• Active Directory Certificate Services (AD CS)
  Certificate Services can provide either root or subordinate CA to manage corporate security certificates, certificate templates, and enrollment services.
• Active Directory Domain Services (AD DS)
  This is the core Active Directory Service.
• Active Directory Federation Services (AD FS)
  AD FS provides Single Sign-On (SSO) capabilities and external rights federation. You can provide external access to corporate data while allowing the foreign organization to manage its own rights/ security infrastructure through the web while maintaining distinct security boundaries.
• Active Directory Lightweight Directory Services (AD LDS)
  This is the Server 2008 replacement of the Active Directory Application Mode (ADAM). The AD LDS is an application level directory service that can be used to store application data or manipulate subsets of AD data through an LDAP interface.
• Active Directory Rights Management Service (AD RMS)
  This allows the network administrator to augment the normal file permissions with complex and robust rights management that adds a layer of security to the network by preventing corporate data from leaving the network. Resources that are managed by the AD RMS services cannot be accessed by unauthorized users who can't get a license token. This means, that a sensitive financial spreadsheet can't be emailed out of the organization or moved via USB key to be used by unauthorized third parties.
• Application Server
  This provides management and hosting options for applications using the .Net 3.0 (and 3.5) Framework. This enables ASP.Net within IIS as well as the Windows Communication Foundation (WCF).
• DHCP Server
  DHCP allows for mass management of configuration of IP settings and address leases. (DHCP Best Practices)
• DNS Server
  DNS provides the naming and lookup infrastructure for your network and the Active Directory.
• Fax Server
  This provides full, network-based fax services to hosts on your network.
• File Services
  Interoperation with Linux and NFS are included in the Files services as well as advanced features within the Distributed File System (DFS).
• Network Policy and Access Services (NPAS)
  This is a new service to the Windows Architecture and is possible one of the most exciting. NPAS encapsulates many of the functions of RRAS and IAS but adds full policy-based network access control. With NPAS, you can allow or deny even wired network access based on criteria such as AntiVirus updates, Anti-Spyware definitions, Domain Membership, Certificate, etc. You can even integrate the service with Cisco switches to actually disable the switch ports that noncompliant machines are connected or prevent wireless connections from unapproved machines.
• Print Services
  Building on the new architecture that was introduced in Windows Server 2003 R2, the 2008 Print Services allow complete control of the printing environment through Group Policy (GPOs) and increasing enterprise print performance.
• Terminal Services
  Terminal Services have been around since the introduction of Windows NT 4.0 TSE and maturing through Server 2003, but this is a completely new generation of Terminal Services making a huge jump to providing load balancing, web sessions, secure proxy, remote applications, and a host of other enterprise-class offerings. (Terminal Services)
• UDDI Services
  Universal Description, Discovery, and Integration (UDDI) services provides extranet integration between disparate networks and allows for the secure sharing of data across perimeter and external boundaries.
• Web Server (IIS)
  This is a new implementation of Internet Information Server (IIS 7.0) that provides many enhancements to the scalability and performance of web applications.
• Windows Deployment Services (WDS)
  While a previous version of WDS was available in previous versions of the server platform, this is now the standard tool used to deploy operating system images to both the Server and Workstation platforms. With the replacement of RIS and the implementation of Windows PE as the configuration environment for Vista and Server 2008, WDS is seeing a high adoption in companies wishing to manage their desktop platforms. WDS uses PXE to contact and configure remote workstations but can now use multicast to speed mass deployments.