As we've come to expect from new versions of Windows Server, Windows Server 2016 arrives packed with a huge array of new features. Many of the new capabilities, such as containers and Nano Server, stem from Microsoft's focus on the cloud. Others, such as Shielded VMs, illustrate a strong emphasis on security. Still others, like the many added networking and storage capabilities, continue an emphasis on software-defined infrastructure begun in Windows Server 2012.
The GA release of Windows Server 2016 rolls up all of the features introduced in the five Technical Previews we've seen along the way, plus a few surprises. Now that Windows Server 2016 is fully baked, we'll treat you to the new features we like the most.
Containers represent a huge step for Microsoft as it embraces the open source world. Microsoft has worked together with Docker to bring full support for the Docker ecosystem to Windows Server 2016. (Windows 10 Anniversary edition delivers essentially the same feature set.) You install support for Containers using the standard method to enable Windows features through Control Panel or via the PowerShell command:
You must also download and install the Docker engine to get all of the Docker utilities. This line of PowerShell will download a Zip file with everything you need to install Docker on Windows Server 2016:
Invoke-WebRequest "https://get.docker.com/builds/Windows/x86_64/docker-1.12.1.zip" -OutFile "$env:TEMP\docker-1.12.1.zip" -UseBasicParsing
Full documentation for getting started with containers can be found on the Microsoft MSDN website. New PowerShell cmdlets provide an alternative to Docker commands to manage your containers (see Figure 1).
Figure 1: You can manage both Windows Server Containers and Hyper-V Containers through native Docker commands or through PowerShell (shown).
It's important to note that Microsoft supports two different container models: Windows Server Containers and Hyper-V Containers. Windows Server Containers are based on the standard Docker concepts, running each container as an application on top of the host OS. By contrast, Hyper-V Containers are completely isolated virtual machines, incorporating their own copy of the Windows kernel, but more lightweight than traditional VMs. Hyper-V Containers will make it possible to do nested virtualization within Hyper-V.
Container images are built against a specific operating system. This means you'll need a Linux virtual machine to run a Linux container image on Windows. Windows Server Containers are an embedded feature of Windows Server 2016 and work with the Docker ecosystem out of the box. Microsoft is using GitHub for posting Windows versions of the different Docker components and encourages participation from the developer community.
Nano Server is the result of a massive refactoring of the existing Windows Server code base with the intent to get to a minimally functional state as the end goal. It's so minimal, in fact, that it doesn't have any direct user interface besides the new Emergency Management console. You will manage your Nano instances remotely using either Windows PowerShell or the new Remote Server Administration Tools.
A Nano instance consumes not much more than 512MB of disk space and less than 300MB of memory, depending on your configuration (see Figure 2). This will make a huge difference for virtual machines built on top of Nano, which will serve as a lean and mean infrastructure host on bare metal and as a stripped-down guest OS running in a virtual machine. Nano Azure VM instances can be created with a Microsoft-supplied PowerShell script. Microsoft promises to greatly simplify the process of building a bootable USB on Nano Server with a forthcoming GUI application.
Figure 2: Nano Server not only boots faster, it consumes less memory and less disk than any other version of Windows Server.
Op de volgende pagina: Shielded VM's
One of the key new security features in Windows Server 2016 comes in the form of Shielded VMs. Shielded VMs use VHD encryption and a centralized certificate store to authorize the activation of a VM only when it matches an entry on a list of approved and verified images. Each VM uses a virtual TPM to enable the use of disk encryption with BitLocker. Live migrations and VM-state are also encrypted to prevent man-in-the-middle attacks. Key protection and host health attestation are maintained by the new Host Guardian Service running on a different physical host.
Microsoft supports two different attestation models: admin trusted and TPM trusted. Admin trusted mode, whereby VMs are approved based on membership in an AD security group, is much simpler to implement but not as secure as the TPM trusted mode, where VMs are approved based on their TPM identity. However, TPM trusted mode requires hardware that supports TPM 2.0; admin trusted brings some measure of security on older host hardware where TPM 2.0 is not available.
Figure 3: Shielded VMs are encrypted at rest using BitLocker. They can be run by an authorized administrator only on known, secure, and healthy hosts.
Microsoft has supported replication in the world of Hyper-V, but it has been limited to asynchronous replication of virtual hard disks. That changes with Windows Server 2016, as you now have the ability to replicate entire volumes at the block level. Further, you can choose between synchronous and asynchronous replication. It works in conjunction with what Microsoft calls a "stretch cluster," meaning two systems clustered together but physically separated.
This feature, called Storage Replica, is primarily aimed at disaster recovery scenarios where a "hot" backup is needed for a quick fail-over in case of a major catastrophe. Both server-to-server and cluster-to-cluster replication are supported. In the synchronous mode, you get fully protected writes on both systems, resilient to either node failing.
Storage Spaces Direct
Windows Server 2012 shipped with Storage Spaces, which provides similar functionality to RAID but in software. Windows Server 2012 R2 added the ability to build a highly available storage cluster based on the same Storage Spaces technology and Microsoft clustering. The one big requirement for this high-availability cluster is making all storage accessible to participating nodes through an external JBOD array. The JBOD array must also contain SAS drives for their multi-initiator support.
Windows Server 2016 takes Storage Spaces a step further, with the ability to create a highly available storage system using only directly attached disks on each node. Resiliency across nodes is achieved over the network using the SMB3 protocol. This new feature, called Storage Spaces Direct (S2D) can take advantage of hardware like NVMe SSDs, while still supporting older SATA-based hardware. You will need only two nodes to form an S2D cluster.
Enabling this feature can be accomplished with a single PowerShell command:
This command will initiate a process that claims all available disk space on each node in the cluster, then enables caching, tiering, resiliency, and erasure coding across columns for one shared storage pool.
Faster Hyper-V storage with ReFS
The Resilient File System (ReFS) is another feature introduced with Windows Server 2012. Designed from the beginning to be more resistant to corruption than its predecessor, ReFS brings many advantages to the NTFS on-disk format. Microsoft has elevated both the usefulness and the importance of ReFS in Windows Server 2016 by making it the preferred file system for Hyper-V workloads.
ReFS has huge performance implications for Hyper-V. For starters, you should see new virtual machines with a fixed-size VHDX created almost as fast as you hit Return. The same advantages apply to creating checkpoint files and to merging VHDX files created when you make a backup. These capabilities resemble what Offload Data Transfers (ODX) can do on larger storage appliances. One point to keep in mind: ReFS allocates the storage for these operations without initializing it, so there could be residual data left over from previous files.
Hierna: Hyper-V rolling upgrades
Hyper-V rolling upgrades
Upgrading to a new operating system presents significant challenges on many fronts. In previous versions of Windows Server, it was not possible to upgrade a cluster without downtime. This can be a significant issue for production systems. Often the workaround was to stand up a new cluster running the updated operating system, then live-migrate the workloads from the old cluster. Naturally, accomplishing this required deploying new hardware.
Windows Server 2016 supports rolling cluster upgrades from Windows Server 2012 R2, meaning you can perform these upgrades without taking down the cluster or migrating to new hardware. The process is similar in that individual nodes in the cluster must have all active roles moved to another node in order to upgrade the host operating system. The difference is that all members of the cluster will continue to operate at the Windows Server 2012 R2 functional level (and support migrations between old and upgraded hosts) until all hosts are running the new operating system and you explicitly upgrade the cluster functional level (by issuing a PowerShell command).
Hyper-V hot add NICs and memory
Previous versions of Hyper-V did not allow you to add a network interface or more memory to a running virtual machine. Because downtime is always bad, but change is sometimes good, Microsoft now allows you to make some critical machine configuration changes without taking the virtual machine offline. The two most important changes involve networking and memory.
In the Windows Server 2016 version of Hyper-V Manager, you'll find that the Network Adapter entry in the Add Hardware dialog is no longer grayed out. The upshot is that an administrator may now add network adapters while the VM is running. Similarly, you can now add memory to VMs originally configured with fixed amounts of memory. Previous versions of Hyper-V supported dynamic memory allocation so that the VM would consume only what it needed up to the amount provisioned. But they prevented a VM with a fixed amount of memory to be modified while running.
Convergence is the buzzword here, with new features coming to help enterprises and hosting providers merge traffic from multiple tenants to reduce the number of network interfaces. This can reduce the required number of network ports by as much as half in some cases. Another new capability is called Packet Direct, which focuses on increasing efficiency across workloads to include everything from small packets to large data transfers.
Windows Server 2016 includes a new server role called Network Controller, which provides a central point for monitoring and managing network infrastructure and services. Other enhancements supporting the software-defined network capabilities include an L4 load balancer, enhanced gateways for connecting to Azure and other remote sites, and a converged network fabric supporting both RDMA and tenant traffic.
Storage QoS updates
Storage Quality of Service (QoS) was introduced with Hyper-V in Windows Server 2012 R2, making it possible to place limits on the amount of IO that individual VMs could consume. The initial release of this feature was limited to placing QoS limits at the Hyper-V host level. As a result, Storage QoS in Windows Server 2012 R2 works well in a small environment but can present a challenge when you need to balance IOs across multiple hosts.
Windows Server 2016 allows you to centrally manage Storage QoS policies for groups of virtual machines and enforce those policies at the cluster level. This could come into play in the case where multiple VMs make up a service and should be managed together. PowerShell cmdlets have been added in support of these new features, including
Get-StorageQosFlow, which provides a number of options to monitor the performance related to Storage QoS;
Get-StorageQosPolicy, which will retrieve the current policy settings; and
New-StorageQosPolicy, which creates a new policy.
New PowerShell cmdlets
PowerShell continues to receive updates with each new release of the operating system. Windows Server 2016 will see a significant number of new PowerShell cmdlets focused on specific functionality. You can even use PowerShell commands to check each new release to see the differences. The PowerShell cmdlet
Get-Command returns a list of commands that can be sent to a file for further processing. Microsoft's Jose Barreto posted instructions on his blog for exactly this.
New cmdlets of interest include 21 DNS-related commands, 11 for Windows Defender, 36 for Hyper-V, 17 for IIS administration, and 141 commands related to the Network Controller, to name a few. The other big push for PowerShell in this release relates to Desired State Configuration (DSC). Microsoft has done a lot of work to make DSC the tool for initially configuring and maintaining not only Windows Server but Linux servers as well. Couple that with the recent open-sourcing of PowerShell with new versions for Linux and MacOS, plus the new package manager service OneGet, and you have tons of new PowerShell-driven possibilities.
As increasing numbers of workloads move to virtualized instances in the cloud, it becomes important to reduce the footprint of each instance, to increase the security around them, and to bring more automation to the mix. It also makes sense to provide more advanced networking and storage functionality in software. In Windows Server 2016, Microsoft is pushing ahead on all of these fronts at once.