A New Kind of Home Computer: Windows Home Server Preview

WHS as a Webserver/Gateway/Everything Else

The final major task of WHS is to act as a webserver and gateway computer to the internet. Many people want to be able to access their files outside of their private network and WHS offers the ability to get this done and more.

As we mentioned previously, WHS comes with a very locked down version of IIS 6.0 as the webserver software. Enthusiasts looking to use a WHS server as a full-fledged webserver will be disappointed to find that out of the box the webserver abilities are limited to a web interface of some of the previously mentioned features of WHS. While we'd imagine this is quite possible to work around, it's not something that can be done inside of the WHS console.

In this respect, most of the webserver abilities of WHS are mentionable for being unmentionable. When the remote access option is enabled (it's disabled by default) accounts that have been flagged as having the rights to use remote access and are using a strong password may log into the web server. The entire transaction is encrypted, which as of this point is actually problematic because the security certificate doesn't (and can't) match the server, throwing up certificate warnings when attempting to log in. Since we're using the release candidate, we're not sure how this affects the release version at this point.

Once logged in, a user is presented with a few options. The first and most useful of these is accessing all the shared folders that user has access to. This entails both uploading and downloading of files via an HTML interface, basically replicating the feature set available as if it were done via a Windows share. While this is a useful feature we also feel Microsoft has missed a massive chance to do more with webserver access of the shared folders. For example, why not make the Photos folder a special photo gallery folder where photos can be viewed and manipulated as they can with other internet photo gallery services? It would certainly make sharing photos with the relatives easier.

The other ability users gain when logged in is using the WHS server as a fully HTTPS-encapsulated gateway for RDP. With the right passwords, users can log into the RDP console interface for the server itself, or the server can relay RDP controls to any clients on the network that are connected to the server and capable of acting as an RDP server (some versions of XP and Vista). We're a bit at odds with this second feature because it's so strange. It makes sense to offer RDP access to the server itself for management of the server and the network, but we don't immediately see the utility of being able to RDP into everything else. Certainly it's a nifty feature and we'll keep it, but we don't see it being very useful to all but a handful of users. How many people actually run a version of Windows that's RDP-server capable, after all?

This also brings up the security aspect of the remote access feature, which is something that can't be easily dismissed. The fact that Microsoft is encouraging users to purposely expose a computer to the internet with an active service, while necessary to enable the features offered by remote access, troubles us all the same. As the only thing exposed (if everything is configured correctly) are the ports required for IIS and not the more vulnerable Windows sharing services, this is potentially very secure as IIS 6.0 has had very few problems over the years. But at the same time we're worried about how many servers and routers won't be configured correctly, and what may happen when the next IIS exploit is found.

Is the version of IIS 6.0 locked down enough to keep it from being a participant in the next Code Red worm? If Microsoft is successful with WHS, there's going to be a massive increase in the number of IIS webservers on the internet, and that opens the possibility for major trouble if any exploits are found right after a patch Tuesday. Then again, we don't have any idea of how many users would be able to even access their server from the internet; blocking ports 80 and 443 are popular activities with ISPs.

On a lighter note, Microsoft is offering their own dynamic domain names for WHS owners who do use remote access and want something easier to remember than an IP address. Microsoft recently picked up the homeserver.com domain, and WHS owners will be able to reserve a subdomain for themselves that the WHS software will keep updated. It's a small feature among the whole, but we'd call it important in making WHS more usable with the average home user. We're still not ready to call these remote access features more than an interesting side show, but it does tilt things slightly more in favor of WHS.

Finally, Microsoft has taken an interesting approach with WHS when it comes to dealing with the shortcomings of the product. Microsoft has included an SDK for WHS for developing a new class of applications Microsoft is calling add-ins. Add-ins allow the server to do new things such as new services for clients, for the remote access component, or a new GUI. Among those developed for the release candidate, we have seen add-ins for a BitTorrent client, connecting TiVos, and using wake-on-LAN for clients that are turned off.

This will be something that we'll definitely need to keep an eye on, as add-ins could potentially resolve a lot of our complaints with WHS. We should have a better idea of what these add-ins can do (and do well) once Microsoft's Code2Fame contest for creating add-ins comes to a close and the add-ins are released. It's unusual for Microsoft to be interacting with the development community on this level, so we're interested to see how things turn out.