Top Ways to Light up Your Apps on Windows Server Codename
“Longhorn”
Whether you are a developer building web applications, to a developer writing core server based system
services, Windows Server “Longhorn” provides many new features that you can leverage to build more
secure, flexible, and innovative applications.
1) Build More Flexible Web Applications
For developers wanting to build flexible web applications, IIS7 provides a very powerful platform in which to
build upon. With IIS7, you can take control of the web server footprint to increase security and decrease
patching, more quickly resolve faulty applications, go to market faster and reduce support costs with
simplified deployment and application configuration, as well as rapidly leverage new technologies with IIS7’s
extensible framework. IIS7 is also more efficient to manage with the introduction of new management APIs, a
powerful new UI, a suite of command line tools, as well as the capability to manage IIS7 directly from
Windows PowerShell.
Modular Architecture. IIS is now factored into more than 40 feature modules that can be independently
installed, removed, or replaced -- dramatically reducing the potential attack surface, and lowering the
footprint on the machine.
Comprehensive Extensibility. Developers can leverage IIS7’s modular design to take advantage of its
extraordinary extensibility.



Request Processing Pipeline -- IIS7’s core features are delivered as modules built using a new set of
public APIs. For the first time developers can use these APIs (rather than ISAPI) to extend, replace, or
add functionality with native or managed modules and handlers. These custom services become part
of the core http request processing pipeline servicing all incoming requests. This allows you to use
managed code to service requests intended for any Web application including static content, PHP, or
classic ASP.
Extensible User Interface – The new UI is also modular and extensible. Using Winforms, create a page
to configure the application and load it as a feature in the IIS7 UI. Then delegate authority to change
or lock these settings. This allows seamless integration into the IIS7 feature set, eliminates the need
to provide a separate configuration console for the application, and enables the settings to be
managed with the new API, APPCMD, Powershell or other administration tools.
Extensible IIS7 Configuration Schema – The IIS7 Schema is easily extended with a simple XML snippet.
Extending the schema
Powerful Diagnostic Capabilities. IIS7 enables developers and IT Professionals to easily troubleshoot
errant Web sites and applications. IIS7 exposes runtime diagnostic information to administrators. IIS7 can
also be configured to automatically log detailed trace events for requests when failures are detected (based
on user configurable rules) or requests that take too long to execute. These diagnostic capabilities in IIS7 are
extensible as well, so new diagnostic events can be inserted into custom modules, handlers, and ASP.net
applications and custom trace providers can replace existing providers in the tracing infrastructure.
New IIS 7 Configuration Model. IIS7 configuration has been redesigned to streamline administration and
provide many new features.



Delegated Administration:. An IIS7 administrator can delegate control of specific features to a Web
site operator or developer. When a features is delegated, a developer can control the feature’s
configuration in Web.config. Delegated administration makes site deployment easier as site
configuration settings are deployed with the Web site content. It also reduces the number of requests
to server administrators to make common Web site configuration changes -- such as altering the
default Web page or enabling a type of authentication.
Granular Locking: Authority over delegated settings is centralized and granular. An IIS7
administrator can delegate control of the default document service by IIS7, but in doing so can
require that ‘Contosohome.aspx” (for example) will always be in the list. IIS7 configuration
granularity provides a rich set of options including: LockElements, LockAllElementsExcept,
LockAttributes, LockAllattributesExcept, and LockItem.
.NET Collaborative Configuration: IIS7 configuration is based on and works with the ASP.NET
configuration model. The centralized store for IIS7 configuration (Applicationhost.config) is an XML
file that has been redesigned from IIS6’s metabase.xml to conform to an ASP.NET style configuration
file. Additionally, both ASP.NET and IIS7 optionally use Web.config to store configuration
information. You can even configure .NET settings within the IIS UI and manage both ASP.NET and
IIS7 configuration with the same programmatic interfaces.
Improved Security. Built on the excellent track record of IIS 6, IIS 7 offers increased security through a
reduced installation footprint, granular locking of features, integration with .NET role and membership
providers, and URLFiltering capabilities. Additionally, security administration is easier as the IIS anonymous
user is now a built-in account rather than a local account. This helps to insure file permissions for the
anonymous user are consistent between servers.
More Information:



The .NET Show: Bill Staples and Scott Guthrie on IIS7
End-To-End Extensibility Example
Downloads on IIS.net
2) Build Connected Systems
If you are writing enterprise grade distributed applications, Windows Server Codename “Longhorn” is the
best platform you can target. Every aspect of the application life cycle enjoys state of the art support: service
development, hosting, process modeling, manageability, performance, interoperability out of the box,
extensibility, protection of the current investments… all those facets of distributed software development and
management are natively implemented by Windows Server codename “Longhorn” features.
Even if you are simply porting your Windows DNA based application, you will enjoy the great benefits
brought by various key enhancements in the core services such as a completely redesigned TCP stack,
enhanced transaction capabilities, MSMQ evolutions, and much more.
The Microsoft .NET Framework 3.0, the latest version of Windows’ managed API, is on board out of the box.
The .NET Framework 3.0 includes, among other things, Windows Communication Foundation (WCF) and
Windows Workflow Foundation (WF): the former is the ideal platform for the development of services,
while the latter brings all the power of workflow based programming and business process management at
the operating system level.
Windows Process Activation Service (WPAS) is a new feature of Windows, which allows any process to
take advantage of message listening capabilities at the system level without the usual limitations which afflict
port management in user mode. Such a new service, made possible by a redesign of the request management
architecture in IIS7, enables on-call activation without limitations on intended transport, hosting process or
instancing model. This in turn enables hosting of both HTTP-based, as well as non-HTTP-based applications
within IIS7.
MSMQ 4.0. The Microsoft Message Queuing stack evolves. It is now possible to group messages in logical sub
queues, avoiding the recreation of multiple physical queues and the expensive copy operations required by
that approach. Sub queues are used for implementing efficient poison message handling. MSMQ also
introduces the long awaited transactional remote receive: it is now possible to receive in transacted fashion
messages from a remote queue, in the context of a DTC transaction.
More Information:



.NET Framework Developer Center
Microsoft .NET Framework 3.0 Community
Introducing the .NET Framework 3.0
3) Develop Federation-Aware Applications
As the business need for ubiquitous user access has evolved, the demand upon Web applications is to no
longer only support users inside the firewall. Potentially, these same applications, or portions of them, need
to now be accessed by vendors, partners or customers as well. How do you provide access for these
constituencies to applications built around the domain-based identity model? At the minimum, it infers
additional user account management. Each constituent must have a domain-based identity inside the firewall
as well. If this is hundreds or potentially thousands of additional user accounts, it’s a further burden on IT and
help desk staff to manage provisioning/de-provisioning of accounts and password resets for those loosely
affiliated with the organization.
Active Directory Federation Services (AD FS) enables the cross-domain reach of your Web applications
while preserving a Windows Integrated Authentication experience inside the firewall and providing a SSO
experience across Web applications for those outside the firewall. Furthermore, AD FS makes additional user
account management unnecessary because it provides an infrastructure for establishment of federation trust
relationships with partner organizations. Due to the federation trust relationship, accounts from the partner’s
domain can be trusted to have access to specific applications within your domain. Therefore, in a federated
trust model, each organization continues to manage its own domain-based identities, but they can also
securely project and accept these digital identities, including their associated access rights, into or from other
partner organizations.
Active Directory Lightweight Directory Services (AD LDS) serves as an excellent candidate as an Identity
Provider (IP) for business scenarios that desire an extranet directory to store customer user accounts, etc.
where these accounts need to be separate from the enterprise AD user account store. AD FS can be configured
with a federation trust relationship to authenticate to an AD LDS IP and provide digital identities, including
claims, to federation-aware Web applications. Another potential use for AD LDS as an IP is in support of a
hosted, Software as a Service (SaaS) model where a highly scalable directory service is required to contain
multiple organizations within a single directory. This too could have a federation trust relationship with a
hosted set of SaaS federation-aware applications.
Windows Authorization Manager (AzMan), originally introduced in Windows Server 2003, provides a
robust programming model and MMC Snap-in to manage RBAC authorization policies. Authorization
decisions have for years been codified into business applications requiring the application to be modified as
the business needs evolved. With AzMan, the authorization policy is managed separately from the
application’s code. The application then loads the policy dynamically at runtime and applies it to a specific
user’s context. This provides a tremendous advantage for the enterprise. First, with AzMan, developers have a
programming model that standardizes a way to perform authorization access checks using the API. Secondly,
through its intuitive UI, AzMan provides a way for business owners to manage which roles should have access
to what business operations. Therefore, as the business evolves and roles must be added or changed, these
are made in the policy by the business owner and the underlying business application does not need to be
changed.
More Information:



Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager
Introduction to Active Directory Application Mode
How to bundle ADAM with your application
Screencasts:




Getting Started With AzMan
Programming AzMan
AzMan in the Enterprise
AzMan on Windows Server “Longhorn” and Windows Vista
4) Design Highly-Manageable Applications
In today’s rapidly changing IT environment, it is critical that application errors be diagnosed and solved
quickly by IT Operations, without the need for costly escalation. This requires datacenters and applications to
be designed to be highly-manageable. Microsoft’s strategy for enabling these highly-manageable systems is
called the Dynamic Systems Initiative.
The Dynamic Systems Initiative (DSI) is Microsoft's technology strategy for products and solutions that
help businesses enhance the dynamic capability of its people, process, and IT infrastructure using technology.
To enable applications to be managed within the DSI world, they must be “designed for operations”. This
dossier gives a brief introduction on how this can be done using the technologies found within Windows
Server Codename “Longhorn”.
Windows Eventing 6.0 is the updated event technology and API for writing events to the windows event
logs. One of the key improvements is the ability to write XML structured data to the event log, allowing the
details of the events to be searched and filtered. Features of Windows Eventing 6.0 include:





XML based manifest for events
Improved performance and reliability
Improved log management
Improved Event Viewer
Event forwarding
Windows Installer is the technology that allows software to be installed and uninstalled in a clean, structured
and repeatable way. The new Windows Installer 4.0 provides enhancements that make your application
deployment smoother and more successful. Features of Windows Installer include:


Automatically works with the restart manager
Is compliant with UAC on Vista and Longhorn Server

Adheres to Windows Resource Protection (WRP)
To take advantage of the features in Windows Installer 4.0, you simply need to create a Windows Installer
Package for your application.
Windows PowerShell is the next generation command shell and scripting language for the Windows
Platform. Windows PowerShell is shipped with Windows Server Codename “Longhorn”. It is the ultimate
scripting environment for both IT Pros and Developers. Features of Windows PowerShell include:






Full access to the .NET Framework
Full access to existing scripting capabilities including WMI and COM
Full Scripting Capabilities
Object output
Built in Security
100% extensible
You can provide support in your applications for Windows PowerShell by simply exposing management
functionality via a .NET class, or you can implement a fully functional PowerShell command, known as a
cmdlet, using your favorite .net language.
The Microsoft Management Console 3.0 (MMC 3.0) is the premier GUI environment for administrators,
providing a consistent interface for administrative tasks within Windows that Administrators are very
familiar with. Rather than defining your own administration user interface, you can take advantage of the
framework provided by MMC 3.0, allowing you to focus on the administration tasks and not the GUI
plumbing. MMC 3.0 features include:





Full .NET Framework support
Massive Reduction of code compared to previous versions
Windows Forms Hosting
Improved Reliability and Snapin Isolation
Improved Graphical Layout and Functionality
The improved Windows Task Scheduler 2.0 allows you to schedule jobs at specific times more predictably,
reliably, and securely. New features fulfill the need for more complex and proactive system and application
management, especially task synchronization and activation on events.
Rather than an application implementing its own Task Scheduler, it should use the Windows Task Scheduler,
which will provide a consistent interface and experience to Operations. Features of the improved Task
Scheduler include:






Trigger Tasks based upon events in the Event log
Multiple Triggers per Task
Improved Security with process isolation
Improved Reliability and Performance
Support for Scripting and Command Line task management
Improved Task monitoring
More Information:



Windows PowerShell
Design for Operations
Dynamic Systems Initiative
5) Develop More Reliable Applications
Building truly reliable applications that can handle everything thrown at them, including everything from
power outages to hardware failures, has always been notoriously difficult. With the addition of several new
technologies in Windows Server “Longhorn”, building reliable applications has become easier than before.
Application Recovery and Restart. Application Recovery and Restart is a set of technologies that give
applications the opportunity to control what actions are taken on their behalf by the system when the
application fails. The application can take action to do things like attempting to recover documents, or even
have the system automatically restart the application after recovery or diagnosis is complete.
Restart Manager. The primary reason software updates require a system restart during an installation or
update is that some of the files that are being updated are currently being used by a running application or
service. The Restart Manager enables all but the critical system services to be shut down and restarted and
guarantees that blocking DLLs and resources are unloaded. This frees files that are in use and allows
installation operations to complete.
Using the Restart Manager DLL, an installer can use the Restart Manager to register files that should be
replaced during the installation of an application or update. Then during a subsequent update or installation,
the installer can use the Restart Manager to determine which files cannot be updated because they are
currently in use. Installers can direct the Restart Manager to shutdown and restart applications or services
based on the file in use, the process ID (PID), or the short-name of a Windows service.
Transactional NTFS. Transactional NTFS is an enhancement to NTFS that allows all file operations on an
NTFS file system volume to be performed within the scope of a transaction. This is made possible by a new
transaction infrastructure in the kernel that allows operating system services to participate in transactions
via the new Kernel Transaction Manager.
Transactional NTFS is also fully capable of communicating with the MS Distributed Transaction Coordinator,
meaning that TxF operations can participate in transactions that are leveraging any other Resource Manager
that DTC is capable of working with. What does this mean to you? It means that you can now have an
application that not only encompasses database calls, but also operations to the file system as well (think of
Document Management solutions). With transaction enhancements being made to the new SMB 2.0 protocol,
you can also now contain distributed file operations within a transaction as well.
Transactional Registry. The Transactional Registry (TxR) is an enhancement to the Registry that allows all
registry operations to be performed within the scope of a transaction. This is made possible by a new
transaction infrastructure in the kernel that allows operating system services to participate in transactions
via the new Kernel Transaction Manager.
Kernel Transaction Manager. The Kernel Transaction Manager (KTM) is a transaction management service.
It makes transactions available as kernel objects and provides transaction management services to system
components such as Transactional NTFS (TxF), and Transactional Registry (TxR).
KTM is scalable; it will work on both large-scale applications and small-scale applications. KTM provides
isolation across all types of operations, allowing a consistent view of data. You can use the transaction scope
to “bracket” the sections of your application, providing atomicity for some operations and not others. KTM
helps with concurrency problems. It does not affect performance, and it is available everywhere. KTM can be
used to provide transactions for file management scripts and backups. During backups, KTM can provide a
consistent snapshot between the registry, file system, and databases.
More Information:



About Transactional NTFS
Transaction Resources List
Kernel Transaction Manager and Friends
Screencasts:


Developer Meet Server - Transactional NTFS
Developer Meet Server - Transactional NTFS + WCF
6) Build for Scalability
Windows Server Codename “Longhorn” provides new scalability enhancements that enable you to build,
deploy, host, and manage even the most demanding applications. The businesses of today and tomorrow
demand more scalability from their servers, and Windows Server Codename “Longhorn” delivers by
providing developers new ways to control the concurrent processing behaviors of their applications.
Thread Pool API Enhancements. The new Thread Pool API in Windows Server Codename “Longhorn” gives
developers more control over the how worker threads execute asynchronous callbacks within their
application. By efficiently managing these callbacks and the creation of new threads, these enhancements
provide a means to reduce the number of application threads needed by an application.
The original thread pool has been completely re-architected in Windows Vista. The new thread pool is
improved because it provides a single worker thread type (supports both I/O and non-I/O), does not use a
timer thread, provides a single timer queue, and provides a dedicated persistent thread. It also provides
clean-up groups, higher performance, multiple pools per process that are scheduled independently, and a
new thread pool API.
Thread Ordering Service. The thread ordering service in Windows Server Codename “Longhorn” controls
the execution of one or more client threads. It ensures that each client thread runs once during the specified
period and in relative order. Each client thread belongs to a thread ordering group. The parent thread uses
this function to specify the period for the thread ordering group and a time-out interval.
Wait Chain Traversal. Wait Chain Traversal (WCT) in Windows Server Codename “Longhorn” enables
debuggers to diagnose application hangs and deadlocks. A wait chain is an alternating sequence of threads
and synchronization objects; each thread waits for the object that follows it, which is owned by the
subsequent thread in the chain. A thread waits for a synchronization object from the time it requests it until it
has acquired it. A lock is owned by a thread from the time the thread acquires it, until it releases it. Lock
ownership is equivalent to the lock waiting for the thread to release it. Therefore, if thread 1 waits for a lock
that is owned by thread 2, this is the same as saying that thread 1 waits for thread 2.
More Information:


Thread Pooling
Using Wait Chain Traversal
7) Go Virtual
Windows Server Virtualization is Microsoft’s new hypervisor-based Virtualization product. Virtualization is a very
powerful technology that enables consolidation of existing servers, business continuance through flexible data recovery
capabilities, lowers the requirements (and total cost of ownership) of testing and development environments, as well as
providing unique capabilities to make the management of branch offices easier than before.
Server Consolidation. There are many different approaches to server consolidation, virtualization being a very
powerful option. With Virtualization, you can combine heterogeneous workloads while still maintaining isolation through
the use of virtual machines. Not only will this help increase the efficient of existing hardware, it will also aid in the
reduction in the total cost of ownership by reducing the overall cost of running a datacenter.
Business Continuance. Leveraging Virtualization for business continuance provides the capabilities of having a rapid
backup and restore process, ideal for disaster recovery scenarios. With the virtualization stack in Windows Server
“Longhorn”, some unique high availability capabilities become available to you, in the realms of both host clustering as
well as guest clustering. These capabilities are important because you can address key recovery scenarios, from planned
and unplanned downtime to failover load balancing.
Testing and Development. Testing and development traditionally has large hardware requirements. These
requirements can be minimized through the use of virtual machines. For testing and development, the use of
virtual machines is ideal. They create distributed application environments, provide rapid provisioning
capabilities, and the disk state features allow you to capture point-in-time information.
In addition, due to the extensive WMI interfaces that Windows Server Virtualization exposes, you can enable
automation and remote control of any virtual machines being used and drive them directly from your testing
suite or automated build tool.
Branch Office. Branch offices have multiple IT needs, often when there is little to no IT staff available to
them. With Virtualization, you can simplify branch office IT operations. Leveraging the benefits of
virtualization, you will be able to create a more agile infrastructure. New management capabilities will allow
you to move virtual computers without impacting the users. Virtual computers will also be able to
automatically manage themselves.
You can also consolidate branch office infrastructure in many ways by leveraging Virtualization. Multiple
virtual machines can be hosted on a single virtual server, serving all branch office workloads. By doing this,
you can lessen the reliance on IT support. Another extension to this is the ability to ship out a “branch office
in a box” containing a set of VHD’s to update the branch office rather than having to do physical upgrades
directly on the machines themselves. Microsoft’s Virtualization offerings can also integrate into core IT
services like Active Directory and other Microsoft management technologies and tools.
Windows Server Virtualization. Windows Server Virtualization is Microsoft’s new hypervisor-based
Virtualization product. There are some key features in Windows Server Virtualization that supports the
scenarios outlined above.
Windows Server Virtualization supports both 32-bit and 64-bit hosts as well as guests, and can leverage the
new hardware-based virtualization technologies. It also supports the capability of supporting large memory
support (> 4 GB), as well as supporting “memory over-commit” (assigning more virtual memory to a virtual
machine than physical memory in the virtual server), enabling the hosting of larger workloads in a virtual
environment.
Also, to be able to scale better than previous Microsoft Virtualization offerings, Windows Server
Virtualization will provide Symmetric Multi-Processing capabilities for virtual machines (up to 8way). Pass-
through disk access for virtual machines will also be present in Windows Server Virtualization so that virtual
machines can have access directly to a physical disk rather than being forced to use virtual hard disks.
Windows Server Virtualization also introduces a new architecture through the use of Virtual Service
Providers (VSP) and Virtual Service Clients (VSC). This new architecture provides a way for virtual machines
to request access to shared hardware like disk devices, networking devices, etc. This looks for the highest
possible performance with lowest possible overhead.
From the aspect of the performance of the parent OS itself, it is important to realize that Windows Server
Virtualization can leverage the Windows Server “Longhorn” server core minimal install option. Server Core is
a stripped-down version of Windows Server “Longhorn” that loses the GUI and includes only the most
common server functions. This means that the parent OS will have minimal consumption of resources as well
as a small attack surface, making even more resources directly available to the virtual machines and less
chance for the virtual server itself to be compromised.
More Information:


Microsoft Virtualization Home
Windows Server Virtualization - An Overview