Microsoft Windows Essential Business Server 2008: EBS and System Center

We (and Microsoft) told you to expect Essentials everywhere! In May 2008, Microsoft made available for public preview two significant new server products:

  • Small Business Server (SBS 2008)
  • Essential Business Server (EBS 2008)

SBS 2008 and EBS 2008, previously known by their respective codenames of Cougar and Centro, are important because they are based on the all new server technologies that include Windows Server 2008 and Exchange Server 2007. Additionally, both products can use System Center Essentials as a primary management platform and require 64-bit CPUs. SBS 2008 is a single-server solution for up to 75 desktops, with an optional second SQL server, which can run a 32-bit OS. Essentials is not bundled with SBS 2008 as it is with EBS 2008.

A later article in this series will look at management technologies in SBS 2008. This article focuses on the System Center components in EBS RC0 (Release Candidate 0). Windows EBS 2008 is a superset of SBS 2008, and is the new three-server suite combining database, messaging, directory, file and print, and security/firewall services (with an optional fourth server running SQL Server, which can be 32-bit or 64-bit). Years in development, this product is for the mid-market space of up to 300 desktops. The messaging, security, and management server components are split across three servers that are installed in one multi-phased setup procedure and managed as a group.

You may confuse the EBS product with the System Center Essentials product since both include the word “essential.” To tell them apart, remember that System Center Essentials uses a plural noun, while Essential Business Server takes the singular adjective. EBS in fact installs Essentials, and uses it as the management and updating engine for the network.

While the installation process is mostly automated, building out an EBS suite takes several days and a significant amount of install time. There are several dozen post-installation tasks that you are walked through using wizards. Each EBS server features a unique desktop wallpaper—here is a composite screen shot of each server desktop with icons for the server technologies (roles) deployed to each EBS server:

Essentials in EBS

System Center Essentials 2007 SP1 is installed automatically on the first server that is built, the Management Server. The Essentials EBS instance is modified from a default Essentials by adding management packs for Exchange 2007, Forefront Server Security (for Exchange 2007), and Forefront TMG (former codename ISA Server Nitrogen). There is also an EBS management pack that we’ll take a closer look at in a moment. Essentials agents are automatically deployed to the Security and Messaging servers, and the Essentials product features are pre-configured during the EBS install.

The only portion of the Essentials setup not fully automated during the initial EBS install is configuring the Updating features of Essentials. Launching a task from the menu of EBS post-installation tasks will configure the Essentials updating features. After you complete EBS setup and the post-configuration tasks, all three EBS servers are now fully monitored by Essentials. For a quick high-level software inventory of what’s installed by EBS setup, consult the Essentials Daily Health Report—here is the Installed Software portion of that report:

A goal of the EBS product is to shield the administrator from having to choose among the various server administration consoles (such as Essentials) and MMCs (Microsoft Management Consoles), and offer up single top-level administrative interface for all routine network admin activities. You can see some screenshots of the EBS Administration Console at the EBS feature overview page: We’re not going to cover that part of EBS here, but we can clear up an issue of some speculation during EBS development—specifically, that while EBS includes and uses Essentials, the primary UI (the EBS Administration Console) is “not Essentials” but rather “part of EBS.”

The EBS Management Pack

We asked “what does the EBS management pack do?” Remember EBS is not designed to use the Essentials console for local monitoring, but uses the EBS Administration Console. Perhaps this is why the EBS management pack does not expose any new views in the Essentials console. Creating a custom view of all alerts generated by the EBS management pack, you can see that it is mainly doing configuration checks to make sure that the many EBS servers and applications remain properly installed and licensed:

Managing the TMG firewall component of EBS is error-proofed by pre-creating applicable custom protocols and access rules needed for Essentials agent -> Management Server (or gateway) communication and for publishing Remote Web Workplace (a key component in Service Provider mode that can be difficult for some customers to get right without some help). Here’s a shot of some of the firewall access rules from the TMG firewall:

EBS on Hyper-V

The current pre-release EBS version is not supported with virtualization and requires three physical servers. However, Microsoft plans to provide virtualization options for the released version of EBS. We tried for several weeks to install all three EBS servers as guests on the same dual-core Hyper-V host with 8GB RAM, but this was not successful—possibly  because of resource limitations while installing the third server. Once we gave up trying to get all three servers running as Hyper-V guests, we successfully installed the EBS Management Server on the physical host, an HP ML 115 (dual-core AMD X64) with 8-GB RAM, using these steps:

  1. Install Hyper-V role on the Management Server
  2. Upgraded Hyper-V to RTM.
  3. Create two VMs, one for the Security server (2-GB and 1 CPU) and one for the Messaging server (3-GB and 2 CPU).
  4. Install Security server into first VM. Use Legacy NIC for the External adapter. After OS install but before proceeding with EBS portion, insert Integration disk and install the Hyper-V RTM client support.
  5. Install Messaging server into second VM. After OS install but before proceeding with EBS portion, insert Integration disk and install the Hyper-V RTM client support.

EBS with Remote OpsMgr (ROM)

Now we’ll have some fun. We have EBS deployed on one physical host and two virtual guests, and we will enable Service Provider mode on the EBS Essentials server. This will pilot an EBS customer contracting with a service provider for enhanced remote monitoring and/or managed services, enabling the customer to outsource monitoring support.

Once the local Essentials instance is connected to the back-end NOC by running the Enable Service Provider Mode applet from the Start menu of the EBS Management Server, the management packs running in the service provider instance of OpsMgr (Remote OpsMgr) are downloaded to the customer Essentials server. The EBS server is approved in the Remote OpsMgr Operations console after running the gateway approval tool just like bringing any other customer Essentials server into management. Once the Essentials server is green in the Remote OpsMgr console, we can push Remote OpsMgr agents to the other two EBS servers, and have remote eyes-on all three customer EBS servers.

Our Remote OpsMgr instance already had management packs for Exchange 2007 and Forefront Server Security for Exchange loaded. We imported the TMG (Nitrogen) and EBS management packs distributed with the EBS product into the Remote OpsMgr management group, thereby enabling the Remote OpsMgr management group to monitor all the server technologies in EBS (see note 1). Hardware vendor and advanced application management packs from the Remote OpsMgr instance (such as Virtual Server) are applied to customer servers without need to modify the EBS instance of Essentials.

Importing the EBS management pack creates a new group type, “Windows Essential Business Server core servers computer group,” against which you can target custom views and monitors. The screenshot below shows a diagram view for a customer EBS group—filtering for Critical/Warning object will quickly show what is wrong across the three-server group:

To simulate a customer administrator accessing their Remote OpsMgr Web Console, we scoped an Operator role to the Essentials customer group. Only relevant view folders were exposed in the user role’s tailored console view. We then created a custom EBS dashboard view that rolls up the EBS diagram, Exchange 2007 health, IIS Web site health, and logical disk health—see that customer’s Web Console below:


There is going to be a great market for EBS for the mid-size organizations that need to migrate their infrastructure from Windows 2003 and Exchange 2003 together. Since this move always means new hardware (the configuration requires all 64-bit servers with a good bit of memory), there is a lot of work involved in planning and getting the migration done right. EBS greatly reduces the risk and the cost of migration to these new technologies, as the EBS installation wizard is built to guide an organization though the migration step by step, automatically employing best practices and good security.


  1. After importing the EBS management pack into the Remote OpsMgr management group, go to the Authoring space -> Management Pack objects -> Rules, search for the Microsoft.Windows.EssentialBusinessServer.RunUpdateServicesScheduledTask rule. Create an override to disable this rule for all objects of Management Server class. Then create an override to enable the rule for a specific object of the Management Server type, selecting the EBS server. (Otherwise this rule will create noise by running on non-EBS management servers.)
  2. The Remote OpsMgr instance included pre-release Windows Server 2008 and IIS 2008 management packs not yet included with EBS.
  3. The hotfixes needed to get Exchange 2007 SP1 monitored correctly by OpsMgr 2007 SP1 were installed on all EBS servers as well as the Remote OpsMgr instance. (KB950853, KB951979)

This entry was posted in System Center. Bookmark the permalink.

3 Responses to Microsoft Windows Essential Business Server 2008: EBS and System Center

  1. Matt says:

    Hi,Will there be any issues if I remove the Security server from the network after the installation? I have no need for the Sec server as I already have a well configured firewall.Cheers,Matt

  2. Operations says:

    Hi Matt,We don\’t believe the EBS solution is supported with any of the three main servers permanently turned off. For example, the Messaging server is completely dependent on the Security server due to the Exchange Edge subscription and Web Publishing rules for Outlook Anywhere, Active-Sync and other features. Also your daily bandwidth use will appear integrated into the EBS console when using TMG which is very convenient. If you are going to keep your existing firewall, this is totally supported by EBS, and you should indicate this during EBS setup. Choose the topology option to create a DMZ between your current firewall and the Security server (known as putting the Security server ‘behind’ the current firewall).If you are dead set against running TMG then EBS might not be the right product. As a fan of TMG we suggest you give it a try for some of the unique things it can do most other firewalls can’t, such as branch off a web publishing rule based on the paths in the URL. This lets you efficiently bundle a lot of different server apps under one public-facing certificate. Hope this helps!

  3. Jessie says:

    Hi Matt,I met a problem – I had EBS server 2008, and 1 Vista machine. I joined Vista into the domain of EBS.And then using Discover computers and devices wizard to search the Vista. It successed. But from Computers and Devices tab of the EBS Administration Console, I can\’t see the Vista machine displayed as the client. Did you meet the problem before? Could you please give the solution?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s