Locking Down the Configuration of a Server Appliance
6/22/2010
Restricting the functionality and configuration of a server appliance is necessary step for a server-appliance manufacturer when preparing it for resale to customers. Unlike a general-purpose server, you typically do not want the end user configuring your appliance. A predictable configuration for your server appliance helps to ensure that you can support it for its intended purpose.
Restricting the configuration of the server appliance is important because the manufacturer is typically responsible for it, including the hardware, software, and operating system. The manufacturer is typically also the support contact when issues occur with the appliance.
The following table compares the role of the manufacturer of a server appliance to the role of the manufacturer of a general-purpose server.
Factor | Server-appliance manufacturer | General-purpose server manufacturer |
---|---|---|
Knows the role of the server or server appliance |
Aware, because the manufacturer builds the server appliance for a specific role. |
Not aware. Sometimes servers are optimized for a specific task such as storage, but the manufacturer is not ultimately aware of what the end user does with the server. |
Knows which applications are installed by the end user |
Aware, because the manufacturer installs applications. Installation of applications by an end user might not be permitted by licensing agreement. |
Not aware. The manufacturer does not know which applications an end user might install. |
Understands the changes made to OS configuration by the end user |
Aware, because changes are limited by the manufacturer. The manufacturer pre-configures the server appliance and might only allow a limited or predefined set of configuration changes by the end user. |
Not aware. An end user can configure the server based on the requirements of the end user. |
Understands the changes made to hardware by the end user |
Aware, because changes might be constrained by the hardware design. The manufacturer might limit hardware changes, or the physical device might not support hardware changes. For example, the hardware might be a sealed unit. |
Not aware. An end user can change memory modules, hard disk drives, network cards, and so on. |
In This Section
- Attack Surface Reduction for a Server Appliance
Describes how to make the server appliance more secure by minimizing the exposure of security vulnerabilities.
- Configuration Lockdown for a Server Appliance
Explains how to ensure that the configuration and settings for the server appliance do not change.
- Package Removal From Server Core
Provides information about removing packages from Server Core for server roles and optional features.
Related Sections
- Server Appliances and Windows Embedded Server
Defines server appliance and describes the role of Windows Embedded Server in server-appliance development.
- Checklist for Server Appliance Development
Shows the steps for planning and developing a server-appliance platform based on Windows Server 2008 R2 or Windows Server 2008.
- Building a Server Appliance Based on Server Core
Explains how to evaluate if Server Core is appropriate for your server-appliance project, and describes how to build a server appliance based on Server Core.
- Creating a Remote Management Interface for a Server Appliance
Describes how to implement a remote-management solution as part of the development of a server-appliance platform.
- Implementing a Servicing Model for a Server Appliance
Describes how to develop the server-appliance platform to keep the operating system on the server appliance up-to-date.