2 Windows Server features worth a second look

Two Windows Server features that have been widely ignored by the enterprise community deserve a second look — especially because Microsoft has enhanced them in Windows Server 2012: Server Core and DirectAccess.

Here’s what you should know about each, so you can take advantage of their underused potential.

[ Get ready for Windows Server 2012 with the Windows Server 2012 Deep Dive PDF special report. | Stay atop key Microsoft technologies in our Technology: Microsoft newsletter. ]

The simple power of Server Core

Server Core is the stripped-down interface for Windows Server, and as such, it eliminates the GUI services and dependencies that can be used to attack the system. In Windows Server 2012, Server Core has been expanded to include most roles — it can do almost everything, unlike its predecessor.

Server Core still starts with a cmd.exe shell rather than PowerShell because of the dependencies of PowerShell, which is a bit of a drag; it’d be nice if Microsoft retired cmd.exe. But you can swing into PowerShell from Server Core’s cmd.exe by typing powershell. (and you can edit the registry to make PowerShell the default shell.)

Should you want to switch into the GUI, type Add-WindowsFeature Server-GUI-Shell to install the Server GUI. (When you want to remove the GUI, open PowerShell and type Remove-WindowsFeature Server-GUI-Shell.) It’s easy to swap back and forth between these two modes.

But really you don’t need or want to run the GUI on your servers. Remember: Servers are meant to be workhorses. Having a resource-intensive GUI only robs your system of the processor and memory it needs to do its job. It’s better to use the command line through remote PowerShell.

You might be thinking you can have your GUI and full server resources too by remoting into the server from your desktop; that way, you use the desktop’s resources instead of the server’s to get the GUI interface you know and love. Don Jones, a PowerShell expert and Microsoft MVP, says you shouldn’t get comfortable in doing that. He believes Windows Server 2012 is a “shot across the bow” for a future Windows Server that will have no GUI at all. His advice: “Stay off the console.”

This time, DirectAccess really lets you lose the VPN

Originally released in Windows Server 2008, DirectAccess promised to eliminate the need for VPN connection setup woes by allowing systems to connect directly to their internal LAN. This was supposed to allow domain-managed clients to access their corporate network any time they were on the Internet without having to go through a VPN.

But due to the complexity of setup (such as the requirement of having IPv6 on the internal network) and finicky nature of DirectAccess, many companies avoided it. Instead, most either stayed with traditional SSL VPNs or used Forefront Unified Access Gateway (UAG) to provide secure remote access. Some used DirectAccess with UAG, which made DirectAccess work better but also greatly increased the complexity of setup and management.

In Windows Server 2012, DirectAccess has evolved quite a bit. The most complex part now seems to be finding out how to install it on the server. Here’s the answer: It’s been added to the Remote Access role. From Server Manager, you click Add Roles and Features to launch the wizard and select the Remote Access role to install. As you go through the wizard, it will tell you can add either or both of two components: Routing, and DirectAccess and VPN (RAS). It’s now a much simpler setup process.

DirectAccess also now supports deployments behind edge firewalls and border router/NAT devices. It supports a single network adapter (previous versions required at least two with public IP addresses assigned), so you can put the system in your DMZ. Alternatively, you can place it in your internal network if you don’t use an DMZ or a perimeter network. Multiple entry points are supported for larger organizations that require client roaming. And Windows 8 systems can automatically select the closest entry point, aka geo-selection.

Once you get DirectAccess up and running, your Windows 8 systems will automatically work with it, but your Windows 7 systems will need the DirectAccess Connectivity Assistant 2.0 installed. This tool improves the connection experience and supports one-time-password authentication.

Don’t let the old flaws keep you away

Both Server Core and DirectAccess made theoretical sense in Windows Server 2008 R2, but their limitations and complexities blocked or complicatd their adoption. They continue to make sense today. With the technical improvements and greater flexibility that Windows Server 2012 brought them, you now have no excuse to ignore them.

This story, “2 Windows Server features worth a second look,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.