Windows Server 2016 is now available for general use. Its release coincides with contemporary information technology trends concerning containerization and hybrid connectivity related to cloud services. The list of new features in Windows Server 2016 is staggering, but 10 of its features in particular stand out, as listed below.
- Containers
(Image credit: Microsoft)
Microsoft has worked closely with the Docker development team to make Docker-based containers a part of Windows Server. Containers have, before Windows Server, existed almost entirely in the Linux/UNIX open-source world. They allow you to isolate applications and services in a nimble, easy-to-manage fashion. Windows’ new server platform offers two different types of “containerized” Windows Server instances, those being:
Windows Server Container. This container type is intended for low-trust workloads where you don’t mind that container instances running on the same server may share some common resources.
Hyper-V Container. This isn’t a Hyper-V host or VM. Instead, it’s a “super-isolated” and containerized Windows Server instance that is completely isolated from other containers and potentially from the host server. Select Hyper-V containers for high-trust workloads.
- Nano Server
Nano Server sports a 92% smaller installation footprint than the Windows Server graphical user interface (GUI) installation option. Beyond that, these remarkable facts and features may make you start running Nano for at least some of your Windows Server workloads:
- Bare-metal OS means far fewer updates and reboots are necessary.
- Nano Server has a much-reduced attack surface when compared to a GUI Windows Server, because you must administratively inject any server roles from outside.
- Nano is so small that it can be ported easily across servers, data centers and physical sites.
- Nano hosts the most common Windows Server workloads, including Hyper-V host.
- Nano is intended to be managed completely remotely. However, Nano does include a minimal local management UI called “Nano Server Recovery Console,” shown in the previous screenshot, that allows you to perform initial configuration tasks.
- Storage Spaces Direct
Storage Spaces is a noteworthy Windows Server feature that makes it more affordable for administrators to create redundant and flexible disk storage. Storage Spaces Direct in Windows Server 2016 extends Storage Spaces to allow failover cluster nodes to use their local storage inside this cluster, avoiding the previous necessity of a shared storage fabric.
- Linux Secure Boot
Secure Boot is part of the Unified Extensible Firmware Interface (UEFI) specification that protects a server’s startup environment against the injection of rootkits or other assorted boot-time malware.
One issue with Windows Server-based Secure Boot is that your server would meltdown (only figuratively, of course) if you tried to create a Linux-based Generation 2 Hyper-V VM because the Linux kernel drivers weren’t part of the trusted device store. Technically, the VM’s UEFI firmware presents a “Failed Secure Boot Verification” error and stops startup.
The Windows Server and Azure engineering teams apparently love Linux nowadays, therefore, we can now deploy Linux VMs under Windows Server 2016 Hyper-V without hassle, or having to disable the otherwise stellar Secure Boot feature.
- ReFS
The Resilient File System (ReFS) has been a long time coming in Windows Server. In Windows Server 2016, we finally get a stable version. ReFS is intended as a high-performance, high-resiliency file system intended for use with Storage Spaces Direct and Hyper-V workloads.
- ADFS v4
Active Directory Federation Services (ADFS) is a Windows Server role that supports claims (token)-based identity. Claims-based identity is crucial, thanks to the need for single-sign on (SSO) between on-premises Active Directory and various cloud-based services.
ADFS v4 in Windows Server 2016 at last offers support for OpenID Connect-based authentication, multi-factor authentication (MFA), and what Microsoft calls “hybrid conditional access.” This latter technology allows ADFS to respond when user or device attributes fall out of compliance with security policies on either end of the trust interface.
- Nested Virtualization
Nested virtualization refers to the capability of a virtual machine to itself host virtual machines. This has historically been a “no-go” in Windows Server Hyper-V, but the ability to do that in Windows Server 2016 has arrived.
Nested virtualization makes sense when a given business wants to deploy additional Hyper-V hosts and needs to minimize hardware costs.
- Hyper-V Hot-Add Virtual Hardware
The Hyper-V Server has allowed us to add virtual hardware or adjust the allocated RAM to a virtual machine, although historically those changes required that we first power-down the VM. In Windows Server 2016, you can now “hot-add” virtual hardware while VMs are online and running. You can even add an additional virtual network interface card (NIC) to your running Hyper-V virtual machine.
- Shielded VMs
The new Host Guardian Service server role, which hosts the shielded VM feature, is much too complex to discuss in this article. For now, suffice it to say that Windows Server 2016 shielded VMs allow for much deeper, fine-grained control over Hyper-V VM access.
Let’s say your Hyper-V host may have VMs from more than one tenant, and you need to ensure that different Hyper-V admin groups can access only their designated VMs. By using BitLocker Drive Encryption to encrypt the VM’s virtual hard disks, shielded VMs can solve that problem.
- PowerShell Direct
In Windows Server 2012 R2, Hyper-V administrators ordinarily performed Windows PowerShell-based remote administration of VMs the same way they would with physical hosts. In Windows Server 2016, PowerShell remoting commands now have -VM* parameters that allow you to send PowerShell directly into the Hyper-V host’s VMs:
Invoke-Command -VMName ‘server2’ -ScriptBlock {Stop-Service -Name Spooler} -Credential ‘tomsitprotim’ -Verbose
Here’s an example use of the new -VMName parameter of the Invoke-Command cmdlet to run the Stop-Service cmdlet on the Hyper-V VM named server2.
The Takeaway
To recap the above list, we can conclude that the Windows Server engineering team put massive emphasis on the OS subsystems Compute, Virtualization, and Security. Not surprisingly, those three feature areas also fit hand-in-glove with the Microsoft Azure cloud. If you haven’t already done so, you might want to download Windows Server 2016 Technical Preview 5 and test drive it for yourself a bit.
Need Help Setting Up Windows Server 2016?
If you need advice on how to set up and utilize Windows Server 2016, you can talk to a software support specialist at ComputerHelpLA, which is a proven leader in providing IT consulting as well as operating system and software management in Los Angeles. Contact one of our helpful IT experts at (310) 893-0878 or send us an email at info@computerhelpla.com today, and we can help you with any of your questions or concerns.