Microsoft talks up Longhorn Server security

Security and reliability top Microsoft's list of promises to customers for the next major Windows Server release. On Thursday, the software maker shared some details on a few of the security and identity management features it has in store for the Windows Server, code-named Longhorn, which is due in 2007.

One of the new features is "secure-at-install," which is designed to help secure new installations of the operating system in specific server roles. When a new server is installed as a terminal server or file server, for example, the system will automatically find and apply security updates that apply to a particular role, Microsoft said.

In terms of reliability, Windows Server Longhorn will have a "self-healing" file system, Microsoft said. The system can fix itself on the fly if there is a bad sector on a hard disk or even a processor that is showing a high rate of self-correcting errors, the software maker said.

"The self-healing file system is a first line of defense," said Jeff Price, senior director of Windows Server marketing. Essentially, "self-healing" means Microsoft's defrag and chkdsk, or check disk, tools are running in the background. Users who want more advanced disk maintenance will still want to purchase third party tools, according to Microsoft.

Additionally, new transactional capabilities in the Windows file system and registry will let administrators more easily roll back any changes in case of an error, Microsoft said.

Another security feature planned for the Longhorn server release is Network Access Protection, or NAP. This feature, originally planned for Windows Server 2003 R2, lets users perform a "health check" on PCs connecting to their network and block clients that don't meet rules--for example, for patches and virus signatures. Windows Server 2003 R2 is an interim Windows Server release that is due by year's end.

When it comes to management features, Microsoft on Thursday at its Professional Developers Conference in Los Angeles shared some of its plans for Active Directory, the company's software for tracking computer users and privileges.

At an unspecified time after it releases Longhorn Server, Microsoft plans to add a Security Token Service, or STS, to Active Directory. This new service is to extend capabilities Microsoft plans to offer with Active Directory Federation Services, or ADFS, which is set to ship with Windows Server 2003 R2.

ADFS lets users create trust relationships with other Active Directory users and enable authentication across corporate boundaries. STS will offer extended federation and privacy support, and integrated resource discovery and management, among other features, Microsoft said.

STS also will support InfoCard, a code name for a new Microsoft technology designed to provide secure storage for identity information that will be shared with online services such as Web stores.

"The STS offers a unified model for managing credentials across different types of authentication methods," said Price. Microsoft's WinFX programming model lets developers program to it while InfoCard offers a single interface on the client PC, he said.

For developers, Microsoft made available at the conference code of WinFX, its next-generation programming model. WinFX is designed to make it easy for developers to use security features in Windows. Developers no longer have to write the security code for dealing with identity and access in Windows themselves, according to Microsoft.

PDC attendees also received a copy of Longhorn Server, a so-called community technology preview version. Microsoft released an initial beta of the server product in July, at the same time as the beta for the desktop version of Longhorn, now called Vista. However, the beta of the server OS was made available only to a small group of testers.

While PDC attendees were given a preview version of Longhorn Server, Price said the company is still deciding how often and to whom future test versions will be given. Although Vista and Longhorn Server are being developed in tandem, proportionally more of the server code is coming in later, he said. This could mean less of a need for widespread testing until after Beta 2.

On Thursday, Microsoft also released the first beta version of Windows Server 2003 Compute Cluster Edition, a new edition of its Server OS aimed at high-end computing clusters. Microsoft hopes to ship the final version in the first half of next year.

One of the goals, Price said, is to make the software similar to competing software that are more familiar to the clustering crowd. As part of that, Microsoft plans to include in the OS the open-source Message Passing Interface.

The Professional Developers Conference ends Friday.

News.com's Ina Fried contributed to this story.