Due to the gluttony of Windows systems, the VPS environment is dominated by light Linux distributions: Mint, Colibri OS, Debian or Ubuntu, devoid of an unnecessary, as part of our tasks, heavy desktop environment. As they say, only console, only hardcore! And in fact, this is not an exaggeration at all: the same Debian starts on 256 MB of memory and one core with a clock cycle of 1 Ghz, that is, on almost any βstumpβ. For comfortable work, you will need from 512 MB and a slightly faster processor. But what if we tell you that the same thing can be done on a Windows VPS? That you do not need to roll heavy Windows Server, which requires three or four hectares of RAM and at least a couple of cores with a clock cycle of 1,4 GHz? Just use Windows Server Core - get rid of the GUI and part of the services. We will talk about how to do this in the article.
Who is this Windows Server Core of yours?
There is no intelligible information about what Windows (server) Core is even on the official website of Mikes, more precisely, everything is so confusing there that you wonβt immediately understand, but the first mentions date back to the era of Windows Server 2008. In fact, Windows Core is a workable Windows kernel Server (suddenly!), βthinnerβ by the size of its own GUI and about half of the side services.
The main feature of Windows Core is its undemanding hardware and fully console management via PowerShell.
If you turn to the Microsoft website and check the technical requirements, then to start Windows Server 2016/2019 you will need at least 2 gigabytes of RAM and at least one core with a clock speed of 1,4 GHz. But we all understand that with such a configuration, we can only expect the system to start, but certainly not the comfortable operation of our OS. It is for this reason that Windows Server is usually allocated more memory and at least 2 cores / 4 threads from the processor, if they do not provide it with an expensive physical machine on some Xeon, instead of a cheap virtual machine.
At the same time, the core of the server system itself requires only 512 MB of memory, and those processor resources that were consumed by the GUI just to simply draw on the screen and keep their numerous services running can be used for something more useful.
Here is a comparison of Windows Core services supported out of the box and a full-fledged Windows Server from the official Microsoft website:
application
server core
server withdesktop experience
command prompt
available
available
Windows PowerShell / Microsoft .NET
available
available
perfmon.exe
not available
available
Windbg (GUI)
supported
available
Resmon.exe
not available
available
Regedit
available
available
fsutil.exe
available
available
Disksnapshot.exe
not available
available
diskpart.exe
available
available
Diskmgmt. msc
not available
available
devmgmt.msc
not available
available
Server Manager
not available
available
mmc.exe
not available
available
Eventvwr
not available
available
Wevtutil (Event queries)
available
available
Services.msc
not available
available
control Panel
not available
available
Windows Update (GUI)
not available
available
Windows Explorer
not available
available
taskbar
not available
available
Taskbar notifications
not available
available
taskmgr
available
available
Internet Explorer or Edge
not available
available
Built-in help system
not available
available
Windows 10 Shell
not available
available
Windows Media Player
not available
available
PowerShell
available
available
PowerShellISE
not available
available
PowerShell IME
available
available
Mstsc.exe
not available
available
Remote Desktop Services
available
available
Hyper V Manager
not available
available
As you can see, a lot has been cut out of Windows Core. Services and processes related to the GUI of the system, as well as any "garbage" that is definitely not needed on our console virtual machine, for example, Windows Media Player, went under the knife.
Almost like Linux, but not it
Windows Server Core really wants to be compared with Linux distributions, but in fact this is not entirely correct. Yes, these systems are similar in terms of reduced resource consumption due to the abandonment of the GUI and many side services, but in terms of operation and some build approaches, this is still Windows, not a unix system.
The simplest example - by manually building the Linux kernel and then installing packages and services, even the lightest Linux distribution can be turned into something heavy and similar to a Swiss Army knife Weapons", but we won't). In Windows Core, there is much less such freedom, because, after all, we are dealing with a Microsoft product.
Windows Server Core comes with a ready-made assembly, the default configuration of which can be estimated from the table above. If you need anything from the unsupported list, you will have to add the missing items online via the console. True, do not forget about Feature on demand and the ability to download components as CAB files, which can then be added to the assembly before installation. But this script does not work if you have already discovered in the course of work that you are missing any of the cut services.
But what distinguishes the Core version from the full one is the ability to update the system and add services without stopping work. Windows Core supports hot-rolling packages without reboot. As a result, based on practical observations: a machine running Windows Core needs to be rebooted ~ 6 times less often than a machine running Windows Server, that is, once every six months, not once a month.
A nice bonus for administrators is that if you use the system as intended - through the console, without RDP - and do not make it a second Windows Server, then it becomes extremely secure compared to the full version. After all, most of the vulnerabilities in Windows Server fall precisely on RDP and the actions of a user who, through this very RDP, does what he should not. It's like the story of Henry Ford and his attitude to the color of the car: "Any customer can have a car painted any color that he wants so long as it is black". So it is with the system: the user can communicate with the system in any way, the main thing is that he does it through console.
Installing and managing Windows Server 2019 Core
We mentioned earlier that Windows Core is actually Windows Server without the GUI wrapper. That is, you can use almost any version of Windows Server as a core version, that is, refuse the GUI. For products of the Windows Server 2019 family, this is 3 out of 4 server builds: the core mode is available for Windows Server 2019 Standard Edition, Windows Server 2019 Datacenter and Hyper-V Server 2019, that is, only Windows Server 2019 Essentials drops out of this list.
At the same time, the Windows Server Core installation package does not particularly need to be looked for. In the standard Microsoft installer, the core version is offered literally by default, while the GUI version must be selected manually:
In fact, there are more options for managing the system than the one mentioned PowerShell, which is offered by the manufacturer by default. You can manage a virtual machine on Windows Server Core in at least five different ways:
- Remote PowerShell;
- Remote Server Administration Tools (RSAT);
- Windows Admin Center;
- Sconfig;
- ServerManager.
Of greatest interest are the first three positions: standard PowerShell, RSAT and Windows Admin Center. However, it is important to understand that by getting the benefits of one of the tools, we also get the limitations imposed by it.
We will not describe the capabilities of the console, PowerShell is PowerShell, with its obvious pluses and minuses. With RSAT and WAC, things are a little more complicated.
WAC gives you access to important system controls such as registry editing and disk and device management. RSAT in the first case works only in view mode and will not allow you to make any changes, and Remote Server Administration Tools needs a GUI to manage disks and physical devices, which is not about our case. In general, RSAT cannot work with files and, accordingly, updates, installation / removal of programs in editing the registry.
βSystem management
WAC
RSAT
Component Management
Yes
Yes
Registry Editor
Yes
No
Network management
Yes
Yes
View events
Yes
Yes
Shared Folders
Yes
Yes
Disk management
Yes
Only for servers with GUI
Task Scheduler
Yes
Yes
Device management
Yes
Only for servers with GUI
File management
Yes
No
user management
Yes
Yes
Group management
Yes
Yes
Certificate Management
Yes
Yes
Updates
Yes
No
Removing programs
Yes
No
System Monitor
Yes
Yes
On the other hand, RSAT gives us full control over the roles on the machine, while the Windows Admin Center can literally do nothing in this regard. Here is a comparison of the capabilities of RSAT and WAC in this aspect, for clarity:
βRole management
WAC
RSAT
Advanced Thread Protection
PREVIEW
No
Windows Defender
PREVIEW
Yes
Containers
PREVIEW
Yes
AD Administrative Center
PREVIEW
Yes
AD Domain and Trusts
No
Yes
AD sites and services
No
Yes
DHCP
PREVIEW
Yes
DNS
PREVIEW
Yes
DFS Manager
No
Yes
GPO Manager
No
Yes
IIS Manager
No
Yes
That is, it is already clear that if you abandon the GUI and PowerShell in favor of other controls, you wonβt be able to get away with using some kind of mono-tool: for full-fledged administration on all fronts, we need at least a bunch of RSAT and WAC.
At the same time, you need to remember that you will have to pay 150-180 megabytes of RAM for using WAC. Windows Admin Center creates 3-4 sessions on the server side when connected, which are not killed even when the tool is disconnected from the virtual machine. WAC also doesn't work with older versions of PowerShell, so you'll need at least PowerShell 5.0. All of this goes against our austerity paradigm, but comfort comes at a price. In our case, RAM.
Another option for managing Server Core is to install the GUI using third-party tools so as not to drag those tons of garbage that come with the full assembly along with the interface.
In this case, we have two options: roll out the original Explorer to the system or use Explorer ++. As an alternative to the latter, any file manager is suitable: Total Commander, FAR Manager, Double Commander, and so on. The latter is preferable if saving RAM is critical for you. You can add Explorer++ or any other file manager by creating a network folder and launching it through the console or scheduler.
Installing a full-fledged Explorer will give us more options in terms of working with UI-equipped software. For this we to the Server Core App Compatibility Feature on Demand (FOD) which will return MMC, Eventvwr, PerfMon, Resmon, Explorer.exe and even Powershell ISE to the system. However, you will have to pay for this, as in the case of WAC: we will irretrievably lose about 150-200 megabytes of RAM, which explorer.exe and other services will ruthlessly devour. Even if there is no active user on the machine.
This is what the system memory consumption looks like on machines with and without the native Explorer package.
Here a natural question arises: why all these dances with PowerShell, FOD, file managers, if any step left or right leads to an increase in RAM consumption? Why cover yourself with a bunch of tools and shy away from side to side to ensure a comfortable work on Windows Server Core, when you can just roll Windows Server 2016/2019 and live like a white man?
There are several reasons for using Server Core. First: in the current, almost half the memory consumption. If you remember, this condition was the basis of our article at the very beginning. For comparison, the memory consumption of Windows Server 2019, compare with the screenshots just above:
And now, 1146 MB of consumed memory instead of 655 MB on the Core.
Assuming you don't need WAC and use Explorer++ instead of the original Explorer, then you you will still win almost half a hectare on each virtual machine running Windows Server. If there is only one virtual machine, then the increase is insignificant, but if there are five of them? This is where the presence of a GUI matters, especially if you do not need it.
Secondly, any dance around Windows Server Core will not lead you to fight the main problem of operating Windows Server - RDP and its security (more precisely, its complete absence). Windows Core, even in the form of FOD, RSAT and WAC, is still a server without RDP, that is, it is not subject to 95% of existing attacks.
Remaining
In general, Windows Core is only slightly fatter than any stock Linux distribution, but much more functional. If you need to free up resources and are ready to work with the console, WAC and RSAT, use file managers instead of a full-fledged GUI, then you should pay attention to Core. Moreover, with it it will be possible not to pay extra for a full-fledged Windows, but to spend the money saved on an upgrade of your own , adding there, for example, RAM. For convenience, we have added Windows Server Core to our .
Source: habr.com