Windows Server 2016’s new features
One would imagine that most IT administrators and managers have run demos and previews of the new official Windows Server 2016 server operating system, but in 2017, many will also consider deploying or upgrading their systems with this new OS for production workloads.
Traditionally, Microsoft has always launched new and exciting features in their new operating systems, and this is no different. Here are some of those features:
- Nano Server: This is an installation option that offers a “real” minimal-footprint headless version of Windows Server. So basically, this is even more minimal than Server Core installation. It boasts 93% lower VHD size, 92% fewer critical security advisories, and 80% fewer reboots than Windows Server. No console login, no GUI; all management needs to be done remotely through PowerShell or WMI. The advantage of using a Nano Server is that such servers would be highly secure due to less footprint for attacks, available due to less reboots, and portable due to their small size.
- Containers: The word “Docker” and “Container” are the new IT buzzwords of the 2010s. Until now, containers have existed almost entirely in the UNIX open-source world. They allow you to isolate applications and services in an agile, easy-to-administer way. In Windows Server 2016, one can use containers either as a Windows Server Container or as a Hyper-V container. Hyper-V container is not a VM or a Hyper-V host; it is a containerised Windows Server instance that is completely isolated from other containers to achieve high-trust applications and workloads.
- Linux Secure Boot: Secure boot is a feature that protects a server’s start-up environment against rootkits and other boot-time malware. Previously, if you tried to use a Linux-based Hyper-V VM with Secure Boot, this would not work since the Linux drivers were not part of the trusted device store. Using Hyper-V 2016, we can now deploy Linux VMs successfully without having to disable Secure Boot.
- ReFS: ReFS has been around for a long time but nobody used it since it was not very stable to use in production workloads. One of the many features of ReFS is the removal of the much-hated 256-character limit for file paths that is present in NTFS. The Windows 2016 ReFS file system is a stable version for high-performance, high-resiliency IO loads designed for use with Hyper-V workloads, but can also be used for file server workloads.
- Rolling upgrades for storage clusters and Hyper-V: Gone are the days where you had to create a brand-new cluster and manually migrate each host (and virtual machines), taking days and weeks in the process. With Windows Server 2016, one can upgrade a Windows 2012 R2 cluster to Windows Server 2016 gradually. It will run in a mixed environment happily until all the nodes are upgraded to Windows Server 2016.
- Hot add and remove of RAM and virtual NICs: Using Windows 2016 Hyper-V, one can add and remove network cards and RAM on a running virtual machine. No need to switch the virtual machine off anymore.
- Hyper-V within Hyper-V (Nested virtualisation): Hyper-V can now run in a virtualised environment within another Hyper-V instance. This is a nice addition for lab and training scenarios, and necessary for the new container support mentioned previously.
- Shielded Virtual Machines: Shielded VMs allow for a much deeper, fine-grained control over Hyper-V access. This is done using the new Host Guardian service in Windows Server 2016. It can protect data from any form of unauthorised access even if they are Hyper-V administrators. The virtual disks can also be encrypted using BitLocker.
- PowerShell Direct: Previously, the IT administrator had to log into all virtual machines to run PowerShell commands pretty much in a similar way to a physical machine. PowerShell Direct enables you to run PowerShell commands in any guest OS of the virtual machine without requiring you to go to any network layer. There is no configuration required and all you require are the credentials for the guest OS of the virtual machine.
- Storage Spaces Direct: Windows Server 2016 comes with vast improvements for the storage system. Like in the earlier release in Windows 2012 called Storage Spaces, it lets clusters access storage using external enclosures. However, in Windows 2016, it can also let you access disks that are internal to the cluster nodes.
- Storage Replicas: Through Storage Replicas, replication can be done using Windows 2016 at a block level instead of file level through SMB3, and can be synchronous or asynchronous. Replication direction can be changed and snapshots can be used while the files are in use. This is an excellent way of provisioning block-level disaster recovery without resorting to expensive SAN infrastructure.
It would certainly seem that the Microsoft engineering team have put much thought and huge efforts to focus on improving compute, virtualisation and security aspects of the already-excellent Windows Server 2012 R2.
It would be no surprise to hear that IT administrators, who have identified these benefits, are already thinking of upgrading existing clusters to Windows Hyper-V 2016 in 2017 and possibly even using Storage Replicas for replication instead of SAN replication.
2017 will doubtless be the year where deploying Windows Server 2016 and Hyper-V Server 2016 in all forms is possible (Nano servers, containers, virtual machines, clustering), whilst enjoying the multitude of improvements and new features it provides. With this in mind, I wish you a Happy New Year 2017!
Vincent Farrugia is a Technology and Security Manager at Deloitte Malta. For more information, please visit http://www2.deloitte.com/mt