Windows Server 2016: clouds to the masses
Microsoft has released the server operating system Windows Server 2016, adding support for containers and a new edition of Nano Server. Windows Server 2016 has been in development for several years and, in parallel with the improvement of the OS, its preliminary versions were released. Since October 1, 2016, the Windows Server 2016 product line has been available, consisting of six editions: WS 2016 Datacenter, Standard, Essentials, MultiPoint Premium Server, CAL, Windows Remote Desktop Services CAL 2016.
One of the main directions in the development of Microsoft Server 2016 was support for public and private clouds. Many of the innovations in Windows Server 2016 are taken from Azure and brought into the mainstream. Windows Server 2016 also significantly improved the Hyper-V hypervisor, adding support for containers and Nano Server, a new “stripped-down” version of Windows Server. The goal is still the same – native support for cloud applications.
10 Reasons to Love Windows Server 2016: Security (Privilege/Identity Management, Security), Application Platform (Nano Server, Containers), Software Defined Data Center Platform (Compute, Storage, Networking, RDS), Management (server management tools, new version of PowerShell).
In essence, this OS resembles Windows 10 in server version. Server 2016 uses the same kernel as Windows 10 Anniversary, and typing ver at the command prompt will give you the same response: Microsoft Windows [Version 10.0.14393]. Windows Server 2016 has the same Start menu as Windows 10 Anniversary (when installed with Desktop Experience).
Windows Server 2016, now with Windows 10 desktop.
Anything interesting to note? Microsoft’s list includes more than 40 new capabilities, including nested virtualization for Hyper-V containers and deployment of Hyper-V hosts in Azure or other public clouds. Many of the new Hyper-V features relate to creating and maintaining guest VMs.
You can change the capacity of virtual disks and memory “on the fly”, add and remove virtual network cards. Virtual machines can be given discrete access to devices on the PCIe bus, such as disk controllers. And a Windows Server 2012 R2 cluster with Hyper-V can be upgraded to Server 2016 without interrupting services.
Of course, some solutions are not cheap, and therefore do not fall into the category of mass solutions. For example, a disaster-proof configuration with two Azure Stack systems located at different sites. Of course, you can run Azure Stack on one server, but rather for testing purposes. However, most of the changes affect the widest range of users.
Updated hypervisor
The Hyper-V hypervisor has undergone numerous improvements. The following changes can be highlighted:
The Hyper-V client supports Windows 10.
Connected Standby compatible.
Purpose of a discrete device.
Monitor virtual machine activity to optimize system resource utilization (RCT).
Using alternative accounts when connecting to another Windows Server 2016 system.
Updated control protocol and other improvements.
New Hyper-V functionality is the most popular and anticipated innovation in Windows Server 2016 ( according to a SpiceWorks survey ). They are noted by more than 30% of respondents.
It also added support for nested virtualization, which allows you to run virtual machines on a hypervisor that is itself installed in a virtual environment.
Nested virtualization means that you can run Hyper-V in a VM that is a guest on the Hyper-V server, a guest on the Hyper-V server, etc.
This feature may be relevant for developers and modeling of virtual infrastructures, as well as for more efficient use of container applications. Many previous restrictions have also been removed.
Hyper-V in Server 2016 has become more scalable.
Microsoft Hyper-V now allows you to allocate up to 12 TB of RAM to a virtual machine (instead of one) and up to 240 virtual processors (instead of 64). The Hyper-V host supports up to 24 TB of RAM. To reduce overhead and enhance security, you can run Nano Server on a Hyper-V host. For administration in this case, you can use PowerShell and remote access.
Safety
In Windows Server 2016, security mechanisms have been further developed. In particular, the most valuable system data, Windows Server 2016 cryptographic modules, components responsible for the integrity of the OS kernel, passwords, etc. are placed in a separate Hyper-V container called Virtual Security Module (VSM). Access to this data is impossible even if the system is compromised .
Another important feature is the virtual TPM (Trusted Platform Module), which allows you to use encryption tools in virtual machines using Bitlocker, and Credential Guard for securely storing identification data. The use of Virtual TPM is especially relevant, for example, when placing VMs in the cloud.
Host Guardian Service is an important security component. It works in conjunction with other Windows Server 2016 components to provide a high level of protection for Shielded VMs.
In terms of security, protected virtual machines – Shielded VMs – have become an interesting solution, but their creation requires a Windows Server Datacenter and a separate server with the Host Guardian Service for storing keys and checking the rights of the VM to run on a specific platform.
Host Guardian Service is used to verify that the Shielded VM is running. And with the help of Guarded Fabric tools, you can flexibly configure your network infrastructure and divide it into separate isolated network segments.
Shielded VM technology allows you to create protected virtual machines in the cloud infrastructure, which can only be accessed by their owner. The administrator is only allowed to turn such virtual machines on and off. He has no right to interfere with their work, read data, intercept traffic, or change their configuration. The Shielded VM mechanism may be in demand by hosting providers providing virtual server rental services.
The ability to connect a virtual display to a VM using Hyper-V administration tools in Shielded VM is also blocked. How can you fix a VM if something goes wrong and it won’t start? In this case, Microsoft offers a clever solution – launching such a VM inside another Shielded VM. When creating Shielded VMs, you must also take into account that they have increased requirements for system resources.
Improved PowerShell provides easier and more comprehensive control over your environments, significantly improving system security. Also, one of the key security functions is the differentiation of access rights during administration.
Windows Server 2016 also introduces a tool called Just Enough Administration (JEA). This means that administrators can log in with temporary accounts limited to specific roles. That is, an administrator logging into the system from a PC infected with a virus will not cause much harm. Windows Credential Guard also limits the potential damage from malware in this scenario. And temporary administration rights (Just in Time Administration) can be granted using Microsoft Identity Manager Privileged Access Manager.
Storage and Networking – Software Defined
As you know, in Window Server 2012, using Storage Spaces, you can create fault-tolerant memory pools on SAS disks connected to the server without using a traditional SAN (Storage Area Network). Storage Spaces Direct makes it possible to directly connect SAS, SATA or SSD drives to a Server 2016 cluster. This can be used to create software-defined storage systems (SDS).
Storage Spaces Direct can be used to directly connect storage devices.
There is now the ability to dynamically manage the bandwidth of Storage Quality of Service (QoS) virtual disks. You can apply Storage QoS policies both to the disk subsystem of an individual virtual machine and to a group of VMs.
Storage Replica implements block synchronous replication between configured servers using the SMB 3.1.1 protocol.
Using Storage Replica tools, administrators can replicate data between remote servers, cluster systems and data centers, thereby increasing their disaster resilience and preventing losses at the file system level.
To support SDN (Software Defined Networking), the Network Controller role has been added to Server 2016. Network Controller is designed to manage virtual switches, load balancers, firewall rules, and virtual gateways in Hyper-V. VXLAN (Virtual Extensible Local Area Network) is also supported.
Nano Server
Nano Server is an even more compact version of Server Core. It is convenient to use it as a host system for deploying virtual machines, as a DNS or IIS server, or for running applications in containers.
Service level improvements: fewer vulnerabilities, fewer reboots.
According to Microsoft, Nano Server has a 93% smaller VHD size and requires 80% fewer reboots. Such a system can be used for various special functions and tasks. Moreover, Nano Server runs both on a physical server and in a VM. It does not have a GUI – only Sysinternals tools .
Nano Server is also convenient to use in the Microsoft Cloud Platform infrastructure to support cloud services and serve applications running in a virtual environment, containers or on physical servers. It can be used to deploy computing clusters and build horizontally scalable file storages.
Due to its compactness and efficient use of resources, Nano Server provides higher VM density, that is, more OS instances can be placed on one physical host, which reduces IT infrastructure costs.
Containers
An important difference between Windows Server 2016 and previous versions of Microsoft server operating systems is support for container technologies. Windows Server containers are part of the open source Docker project. They allow you to run applications in isolated environments on different platforms, quickly deploy and move them between servers.
Windows supports two types of containers: Windows Server containers and Hyper-V containers.That’s correct! Lightweight server containers like Docker containers do not require a separate Windows license. Windows Server containers function similarly to Docker containers for the Linux platform. They use a common operating system kernel, which makes them more compact and flexible than traditional virtual machines.
Each Hyper-V container has its own copy of the Windows Server kernel, and the isolation is provided not by the operating system, but by the hypervisor.
Windows Server containers share OS resources but behave like independent instances of the operating system. However, you cannot run a Linux container in a Windows Server OS environment and vice versa. To launch a container, its image is taken from a repository (public or private) and modified if necessary.
A Docker container running on Windows Server 2016.
Hyper-V containers are isolated by virtualization tools, have their own copy of the Windows kernel, and in the Standard version they do not require a license. Such containers have a higher level of isolation, comparable to virtual machines. This approach is more demanding on server resources, but increases the stability of the server OS and the reliability of containers.
Both types of containers are managed in the same way. Windows Server and Hyper-V containers can be managed using PowerShell and WMI, as well as Docker tools. The latter provide a unified administration environment and allow you to manage containerized applications in a Windows Server or Linux environment.
Configuring containers in Windows Server 2016. Hyper-V containers can be used to run applications with increased information security requirements.
A good option for deploying containers is Nano Server. However, you need to remember that Nano Server is a stripped-down Windows. If IIS, for example, works in it, then the .NET Framework no longer does (only cross-platform .NET Core). Indeed, not all applications are currently compatible with Nano Server.
Docker images on Nano Server can be very compact.
Docker containers on Windows are still in their early stages. It will take time for administrators to master them, and for developers to bring them to fruition. Microsoft will also need to add appropriate options to existing tools like Visual Studio.
Other options
Windows Server 2016 includes many other innovations. The system received a new mechanism for distributing updates, operating on the principle of the BitTorrent P2P protocol, and support for the SSH protocol. Windows Server 2016 ships with Windows Management Framework 5.1 and a new version of PowerShell that uses the .NET Framework 4.6.
The updated Windows PowerShell allows you to operate with an even greater number of cmdlets that perform various management tasks. Specifically, PowerShell 5 offers cmdlets for managing local users and groups and the Get-ComputerInfo cmdlet for obtaining detailed system information.
The innovations also affected Active Directory services. You can now use smart cards for certification keys. Active Directory Domain Services provides even greater security for identifying corporate and personal devices.
Organizations’ plans to migrate to Windows Server 2016 ( based on SpiceWorks survey conducted in November 2015).
There is a new format for virtual machine configuration files (.VMCX and .VMRS) with a higher degree of protection against failures at the storage level, the ability to safely boot Linux guest operating systems and support for OpenGL and OpenCL by the Remote Desktop Service (RDS).
The mechanism for updating the OS of cluster hosts without stopping it (Cluster Operating System Rolling Upgrade) makes it possible to update the cluster with zero downtime by sequentially updating its individual nodes.
Windows Server 2016 also includes IP Address Management (IPAM) tools to help you manage IP addresses more easily. Of course, it is impossible to talk about all the innovations of the new OS in one article. This is just a very superficial “first look”.
Windows Server 2016 editions
How many editions does Windows Server 2016 have? Good question. Six were mentioned above. There are Standard and Datacenter editions, which differ in licensing schemes. Standard includes licenses for only two VMs or Hyper-V containers running Windows Server, while Datacenter does not limit the number of VMs. The Datacenter edition will be required to work with some new features, including Storage Spaces Direct, Storage Replica, Shielded Virtual Machine, and several networking features. The Standard version costs $882 for 16 cores. Datacenter will cost a minimum of $6,155.
Functional differences between the Datacenter and Standard editions of Windows Server 2016.
Below are the features that are only available in the Windows Server 2016 Datacenter edition:
Storage Spaces Direct – an extension of Storage Spaces technology to create highly available clustered storage;
Storage Replica is a technology for block data replication between storages;
Shielded Virtual Machines – technology for protecting the contents of Hyper-V virtual machines;
Host Guardian Service is a server role designed to support protected virtual machines (Shielded VMs) and prevent unauthorized access to them;
Network Fabric – centralized monitoring and management of network infrastructure;
Microsoft Azure Stack – SDN stack support for building hybrid solutions.
Nano Server is licensed as a Windows Server tool, but requires a Software Assurance license in place of the base license and is not sold separately. There is also a free Windows Hyper-V Server, used only as a Hyper-V host, as well as a version of Windows Server Essentials for small businesses – up to 25 users and 50 devices, which does not require CALs (Client Access Licenses). The Essentials costs $501, but there are cheaper OEM versions available. OEM versions of Windows Server Foundation are no longer available.
Purpose of Windows Server 2016 editions and licensing models.
There are a couple more special editions: Windows Storage Server for storage systems and Multipoint Premium Server, mainly for remote desktops in the education sector. The Standard and Datacenter versions are installed by default without a GUI (Server Core option).
By default, the Windows Server 2016 installation procedure is GUI-free.
To summarize, it can be noted that Windows Server 2016 provides many opportunities for the full deployment and operation of IT infrastructure in the cloud. The new OS makes it easier to access and identify an organization’s services and applications, whether they are hosted in the cloud or on physical servers. The Microsoft server platform is actively developing in accordance with industry trends and business preferences. A lot of work has been done, the system is developing in the right direction. You can test the operation of Windows Server 2016 by renting a virtual VPS server for a free trial period of 3 days.