Five positives on Longhorn Server networking

New benefits will mean better reliability, faster network connections and easier management

With all of the coverage of Windows Vista and its many improvements for client desktops, it's easy to forget that an equally large team of developers is working on the next generation of Windows on the server. Many enhancements are slated for Longhorn Server and most are actually already checked into code and operational in the latest beta release. These benefits aren't incremental, either. Some represent significant improvements to the core Windows code base, and will mean better reliability, faster network connections and easier management.

Here's a look at five new benefits of Longhorn Server that you will welcome with open arms.

1. The TCP/IP stack in Longhorn Server performs substantially better than the stack in previous versions of Windows. The new stack, touted as the Next Generation TCP/IP Stack, has been rewritten almost from scratch in order to squeeze every possible bit of performance out of your network connections.

Two prominent new features designed to boost efficiency are receive window auto-tuning and compound TCP. With receive window auto-tuning, Windows automatically adjusts the optimal receive window size on a regular basis, taking into account delays on the wire, average throughput speeds, and other transmission performance statistics. The stack will adjust to allow receive windows up to 16 MB in size, which significantly cuts down on wasted network bandwidth during transmissions.

Coordinating with the receive window auto-tuning is the compound TCP feature, which automatically adjusts the send window to best match the destination host's receive window, also dramatically cutting wasted network bandwidth. Microsoft claims that in internal testing, it cut in half very large file backups over a standard 1G bit/sec. network connection.

2. Longhorn Server (and Windows Vista) will natively support IPv6 as a fully integrated component of the operating system. You may have been frustrated at attempting to deploy IPv6 on IPv4-native platforms, like Windows XP and Windows Server 2003; installing and configuring two separate IP stacks often caused problems and confusion. In Longhorn Server, however, IPv4 and IPv6 are built together on a common transport foundation, which means they operate together seamlessly and without any installation or configuration difficulties.

Longhorn Server also includes a GUI component so that IPv6 can be configured from the standard Network Connections interface with which you are likely familiar. IPv6 is no longer a third cousin; it's integrated directly into the product and, in fact, cannot be removed. It is also enabled by default.

3. There are many more controls for configuring and managing wireless connections. Wireless connections were essentially a free-for-all in Windows XP and Windows Server 2003, but now with Longhorn Server, administrators can denote lists of allowed and denied wireless networks so that users aren't connecting to random networks that might pop up wherever they happen to be. (This doesn't protect against spoofed SSIDs, however.)

Longhorn Server, and Windows Vista by definition, also fully support Wi-Fi Protected Access 2 (WPA2), the newest and most secure wireless connection protection mechanism. This WPA support can be used in conjunction with 802.1x authentication to create a very secure, quarantined network when Network Access Protection (NAP) is enabled.

Additionally, the "netsh" command has a new "wlan" context that allows complete configuration of wireless connections from the command line, making the entire negotiation process easily scriptable.

4. The new firewall -- the Windows Firewall with Advanced Security -- now filters both incoming and outgoing packets and has a completely rewritten GUI interface. The new firewall component supports firewalling for incoming traffic, which was impossible in previous versions of Windows. The firewall, by default, drops all unsolicited incoming traffic that does not respond to a previous request. It also filters unsolicited traffic that hasn't been specifically allowed in the exception list. This weeds out a lot of viruses and other malware that spread through the network attacking hosts without protection for incoming traffic.

The GUI for the firewall has been completely redesigned and put into its own Microsoft Management Console (MMC) window, allowing easy access to both the port and application control of the core firewall feature as well as the packet filtering technology allowed by new IPsec integration, detailed in the next point.

5. IPsec integration throughout the entire product is greatly improved. You might remember from Windows Server 2003 that there were two possible places to configure packet filtering-at the Windows Firewall level, and at the IPsec level. If you weren't careful, you could duplicate or contradict settings made in one place in another place, making for more than a few potential head-scratching moments.

The good news in Longhorn Server is that IPsec functionality is unified and integrated in more places; you configure IPsec and the firewall from the same console, and the command-line tools to configure the firewall can configure IPsec as well.

Additionally, Longhorn Server tries to detect whether a host on the other end of the transaction can use IPsec for the whole transaction during the initial negotiation, which means you don't have to create policies mandating IPsec for certain computers-it happens automatically.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about MicrosoftSEC

Show Comments