Microsoft's long-awaited Windows Server 2008 delivers speed, security and management advancements; but its virtualization and network access control features come up short.

In our testing of Windows Server 2008 cold code the product officially launches on Wednesday - we found that Microsoft has made a number of improvements to its flagship server operating system.

For example, new server administrative-role schemes boost security, the Server Manager program improves manageability, Internet Information Server (IIS) Web management features are revamped, Active Directory is easier to control and Windows Terminal Services has been redesigned. Windows Server 2008 is also significantly faster than Windows Server 2003, especially when client machines are running Vista.

Unfortunately, a highly anticipated feature, the Hyper-V server virilization tool, is missing. Microsoft includes a beta version of Hyper-V with Windows Server 2008 editions, but it is not expected to release final code until the third quarter of this year.

Also missing is compatibility between non-Windows (and older Windows) clients and Microsoft's Network Access Protection (NAP) scheme, Microsoft's version of NAC.

NAP uses client-side "health certificates" to give or deny clients access to the network. An "unhealthy" client is shunted to remediation servers for antivirus updates or security patches.

We tested NAP as implemented in Windows Server 2008 and found that it works as long as the client is running Windows XP or Vista. It won't let clients running any other brand of operating system access its protected resources, thus hampering the potential success of NAPbecause all client types must be vetted for NAC to work effectively

Rethinking server roles

Microsoft wants administrators of Windows Server 2008 editions (it will ship in the usual flavors of Standard, Enterprise, Data Center and Itanium-specific code) to think of the server as playing certain roles. Server roles are aggregated objects that suit commonly-thought-of services, such as print services, file sharing, DNS, DHCP Active Directory Domain Controller and IlS-based Web services. Microsoft has defined 18 roles in all.

The services running on any role-based server are partitioned and enabled through Server Manager, Microsoft's renamed, revamped administrative application - either through its GUI or command-lineinterface (CU) front end. It's a vast improvement over the 'Configure Your Server' routines found in Windows 2000 and...