I had a chance to speak with members of the Microsoft Home Server team at CES about Microsoft Home Server 2006. I managed to get some in-depth questions answered on the product so here it is.
Question: Will Home Server be available to the do-it-yourself buyers or will it only be available as a packaged deal?
Microsoft: For the time being, it will only be available as a packaged deal from major PC makers. But there is a lot of interest from the do-it-yourself market and Microsoft is looking in to it.
Question: What is Home Server based on? Is it based on Windows Server 2007 (or what ever it will be called)?
Microsoft: It’s based on Windows Server 2003 R2 along with some other components that the Home Server team developed for the home product.
Question: I noticed a fairly nice looking rich client management console. Is that web based or is that a rich client that needs to be installed?
Microsoft: Neither. It’s a rich Win32 application hosted on the server delivered to the client’s desktop seamlessly using the RDP (Remote Desktop Protocol). This is a feature similar to Microsoft Terminal Services in Windows Server 2007. The user interface is also available to remote users via web interface. The connection from the client to server is extremely thin and efficient (often less than 2 kbps in my experience on RDP).
Question: On the custom domain names that buyers may get if they adopt MS Home Server early (details not worked out yet), will that support DDNS Dynamic DNS non-static IP Internet connections typical of most DSL and Cable broadband connections?
Microsoft: Microsoft will support Dynamic DNS for custom domain names.
Question: How does the remote access work? Is that an HTTP tunneling technology that can bypass firewalls or is it just using RDP on TCP 3389 or some other redirected port?
Microsoft: It’s not using HTTP tunneling, but Microsoft Home Server can act as an RDP proxy which allows a single server on a single IP address to simultaneously host multiple RDP connections to multiple PCs.
Question: How does Microsoft deal with the issue of security. It’s hard enough for an IT professional to secure a publicly available server exposed to the Internet let alone someone in the home. This opens up a whole new can of worms on the security front because we now have millions of homes connected to the Internet with a wide-open server 24×7.
Microsoft: Microsoft has put a lot of work in hardening the home server using technology from Windows Server 2003 R2 with IIS 6.0 web server.
Note that IIS 6.0 since 2003 has only had two moderately critical flaws which is really quite amazing for a web server. Apache 2.0 has had more than 10 times the number of flaws in the same time period and some of which were more critical. But the biggest security issue with web servers besides poor administration is poor custom ASP or PHP coding which thankfully is not an issue with most home servers. Homes are currently safe if they have a firewall or router even if a serious flaw exists on the home network because it isn’t open to the public Internet. This is not just a Microsoft problem since the same thing is being done with Linux-based servers and appliances, but we’re talking about the server that holds all the user’s data open to the Internet. Only time will tell on the cyber-crime front but my prediction is that it will be a huge problem afflicting the industry in general as we move to a more connected digital society.
Question: One of the biggest security headaches in running a secure web server is the secure authentication issue and the pain of setting up and buying expensive SSL certificates. A lot of IT shops don’t even get this right and they set up these untrusted self-signed digital certificates that violate fundamental SSL security principles and many American Banks can’t even seem to get this concept straight. What chance does a home user have of dealing with this huge implementation challenge? What is Microsoft doing to make this easier?
Microsoft: We’re working on this.
Question: Wouldn’t it make sense for Microsoft to offer free SSL certificate signing with every Home Server and automate the whole thing?
Microsoft: That’s good feedback.
Question: Cisco has a technology on their firewalls called cut-through-proxy where ports aren’t open until a user authenticates. Wouldn’t that type of technology be good for the home and in general to minimize the open ports and vectors for attack?
Microsoft: We’re aware of this technology and it’s good feedback.
Question: How does Microsoft Home Server deal with PC backup?
Microsoft: Microsoft offers a full PC backup solution that includes data and system imaging. Even if a hard drive died on a PC, the customer can put in a blank hard drive and do a bare metal recovery using a bootable recovery CD.
Question: How does Microsoft deal with the issue of offline-backup from the home server? Let’s say the user’s computer is hacked and the hacker destroys or encrypts all the user’s data on the client and file shares on the Home Server.
Microsoft: Microsoft will have an add-on product that supports offline backups like an external USB/Firewire hard drive. The home server will run as a separate service that has exclusive access to the offline backup. The normal home server services will not have access to the offline backup. Microsoft Home Server also has point-in-time snapshot capability so that users can recover files from a previous state like a day or week before. (Vista also has this feature natively).
Question: Does Microsoft Home Server support single instant storage like Windows Server 2003 R2? (This means if two people in a home had separate folders with the same files on the same server, Home Server will only store one instance of the file)
Microsoft: Not at this point.
Question: Does Microsoft Home Server have the IAS (RADIUS) authentication server component of Windows Server 2003 built in? (This allows people to run Enterprise Class wireless LAN security that’s easy to manage.)
Microsoft: Not at this point.
Question: Is Microsoft Home Server an Active Directory server?
Microsoft: No, Windows XP home and Vista basic can’t support domain joins. Only business editions of Windows can support domain joins.
Question: But wouldn’t this make file sharing difficult since users are often prompted to enter in a username and password? Furthermore, Workgroup networking and file sharing has never worked consistently in Windows XP even if you manually sync up the usernames and passwords.
Microsoft: The Home Server client agent will synchronize passwords so that file shares on different machines can be seamlessly accessed. It’s also made Workgroup network file sharing more consistent and users won’t need to type in passwords for different shares.