Windows Server 2016 is a cloud-friendly OS that features proven technology used by Microsoft Azure, one of the worldís largest public clouds, and makes it available for creating on-premises IT networks, private clouds, or hybrid solutions that integrate local resources with public cloud services. Window Server 2016 is offered in Standard, Datacenter, and Essentials editions. The Datacenter edition includes unlimited virtualization rights as well as a number of advanced security, storage and management features. Installation options for the Standard and Datacenter editions include Server Core, Server with Desktop Experience, and the new Nano Server.
The majority of today's businesses have adopted a hybrid networking model that integrates on-premises IT systems with public cloud services. Retaining local datacenters in this era of the cloud can be driven by any combination of factors such as regulatory or industry requirements concerning data security, legacy systems that do not port easily to a cloud environment, latency issues for performance-critical applications, disaster recovery/business continuity strategies, or management style and temperament. Windows Server 2016 includes unprecedented support for building advanced hybrid solutions that combine the economies of public clouds with the advantages of on-premises systems to deliver fast time to value.
Hybrid deployments of Windows Server 2016 can be complex, requiring in-depth knowledge of an array of IT disciplines including server and desktop virtualization, network infrastructure, cloud integration, information assurance, failover clustering and disaster recovery, application configuration, collaboration, centralized and automated management, and remote troubleshooting. This demands more technical expertise than is usually available in the IT staffs of small and midsize organizations. Progent's team of Microsoft and Cisco certified consultants and ISSAP-certified data security experts can supplement the skills of your in-house staff to help you plan, deploy, manage and troubleshoot your Windows Server 2016 ecosystem based on leading practices. Progent offers remote or onsite consulting support and mentoring and can help you resolve occasional technical issues or provide comprehensive project management outsourcing or co-sourcing to make sure you complete your Windows Server 2016 initiative on time and on budget.
Progent can also show you how to set up the latest versions of core Microsoft applications to run with Windows Server 2016 by delivering services like Exchange 2019 planning and deployment expertise, Exchange 2016 migration consulting, SQL Server 2016 integration and development, and SharePoint 2016 consulting support. Progent can help you create hybrid solutions that incorporate public cloud services by providing expertise in Office 365 Exchange Online integration and Amazon AWS cloud integration.
Enhancements to Windows Server 2016
Windows Server 2016 offers a wide selection of new and improved features, particularly in the areas of data protection and high availability. Processing and memory scale have also been substantially increased compared to Windows 2012/2012 R2:
These increases in the scale of Windows Server 2016 can boost the performance of resource-intensive applications like massive in-memory databases for Data Warehousing or for large-scale Data Analytics. Microsoft reports that these improvements can allow Windows Server 2016 to run workloads on a virtual machine with less than a 5% performance loss compared to a physical machine.
- Maximum host memory has increased from 4 TB per physical server to 24 TB per physical server
- Maximum host logical processors (LPs) have increased from 320 LPs to 512 LPs
- Maximum VM memory has increased from 1 TB per physical server to 12 TB per physical server
- Maximum VM virtual processors (VPs) have increased from 64 VPs per VM to 240 VPs per VM
Headline Enhancements in Windows Server 2016
Windows Server 2016 delivers an abundance of new and enhanced capabilities including technologies originally developed to support Microsoft's Azure cloud, which uses the same Hyper-V hypervisor. Windows Server 2016 also implements the Azure Virtual Filtering Platform technology to ensure the consistency model across the private and public cloud. These new features can add resilience, security and manageability to private clouds and facilitate the integration of on-premises environments with Azure and other public clouds.
New features available with Windows Server 2016 include:
How Progent Can Help You with Windows Server 2016
- Cluster Operating System Rolling Upgrade
Windows Server 2016 is the first release of Windows Server to support down-level VM migrations. You can create a VM under a Windows Server 2016 host and live migrate it to a host running an earlier version of Windows Server. You can run the Windows Server 2016 VMs at the functionality level of the older OS until all the VMs in the cluster have been updated, then seamlessly update the entire cluster to Windows Server 2016 functionality without incurring any downtime.
- Credential Guard
Credential Guard uses virtualization-based security (VBS) to block common authentication attack vectors by providing strong isolation for credential derivatives like NTLM hash and Kerberos tickets. Rather than storing derived credentials in process memory associated with the Local Security Authority (LSA), Credential Guard stores them in the new component of the Windows kernel called Isolated LSA, which is virtualization-based and inaccessible to any process running within the operating system. Credential Guard can also be used with device certificates to help prevent attacks based on user credential theft.
- Remote Credential Guard
Remote Credential Guard helps keeps your credentials from being stolen over a Remote Desktop connection by redirecting authentication requests back to the requesting device. Remote Credential Guard also enables single sign-on (SSO) for Remote Desktop sessions. The Remote Desktop client and server must be joined to an Active Directory domain, and only Kerberos authentication is supported.
Credential Guard and Remote Credential Guard deliver powerful authentication solutions
- Just In Time (JIT) Privileged Access Management
Just-in-Time (JIT) administration complements the older Just Enough Administration (JEA) process to enhance Microsoft's Privileged Access Management (PAM) platform. JEA access management provides an alternative to RBAC that lets you limit the access privileges of an administrator to those required for a specific task. JIT access management allows you to the control the duration of an admin's access privileges. Together, JIT and JEA Privileged Access Management help prevent malicious administrators or people with stolen administrative credentials from accessing or destroying sensitive data or disrupting operations.
- Network Controller
Network Controller is made up of dual application programming interfaces (APIs) that run on a Hyper-V virtual machine and provide a centrally located mechanism for automating crucial IT tasks including the administration, configuration, maintenance, backup, monitoring, and debugging of both physical and virtualized resources. The Northbound REST API supports network monitoring and configuration changes. The Southbound API talks to network devices and detects service configurations. You can use Network Controller with applications like SCVMM or SCOM, the REST API, or Windows PowerShell to manage firewalls, virtual networks, software load balancers, and RAS Gateways.
- Shielded VM
To provide enhanced security for tenant VMs within a cloud environment, Windows Server 2016 Hyper-V introduces Shielded Virtual Machines. This feature for generation 2 VMs utilizes Trusted Platform Module (TPM) hardware and BitLocker encryption to protect against compromised fabric by ensuring that shielded VMs can run only on healthy and approved hosts in the fabric. With shielded VMs, the Host Guardian Service (HGS) uses attestation and key protection to make sure only known, valid hosts can start shielded VMs, live migrate them, and securely release the keys of the VMs.
Shielded VMs protect against compromised fabric and renegade administrators
- Cloud Witness
The Cloud Witness feature introduced in Windows Server 2016 allows organizations with an Azure subscription to use Microsoft's Azure public cloud as an arbitration point, or witness, for failover clusters. The Cloud Witness behaves like a file-share witness. It does not hold a copy of the cluster database, uses standard Azure Blob Storage, and adds minimal recurring expense to the Azure Storage Account. Cloud Witness makes it possible to establish a separate arbitration point without the cost and hassle of provisioning and managing a remote data center. Cloud Witness supports a variety of deployment scenarios including disaster recovery stretched multi-site clusters and failover clusters without shared storage such as SQL Always On and Exchange DAGs.
- RAS Gateway Multitenant BGP Router
Windows Server 2016 adds BGP support to the RAS Router role. This allows VMs to communicate with networks outside their assigned routing domain, lets you create endpoints into the virtual network, and makes it possible to connect virtual and physical networks.
- Storage Replica
Storage Replica is a disaster recovery and high-availability feature introduced in Windows Server 2016 to provide synchronous mirroring for zero-loss data protection. Unlike DFS replication, Storage Replica uses block-level rather than file-level replication and so is able to work with open files without the risk of lost data. To achieve crash-consistent mirroring, Storage Replica requires that each write operation of an application is performed at two locations simultaneously before completion of the IO. This can require high-bandwidth site-to-site connections and high-speed storage infrastructure, making Storage Replica operating in synchronous mode practical mainly for mission-critical applications that can accept some performance degradation in exchange for guaranteed zero data loss. An asynchronous mode is available for wide-area deployments that can risk some data loss. The replication process is simple: (1) The application writes data. (2) Log data is written and the data is replicated to the remote site. (3) Log data is written at the remote site. (4) The remote site sends an Acknowledgement. (5) The Application write is acknowledged and logs write through.
Synchronous Storage Replication provides zero-loss, crash-proof data protection for mission-critical applications
- Workgroup and Multi-domain Clusters
Windows Server 2016 allows you to create a failover cluster with member nodes that are not joined to the same domain name. Message Queuing (MSMQ), which stores properties in AD DS, is not supported by multi-domain failover clusters because the clusters have no Active Directory dependencies. Also, live migration is not supported. Cloud Witness is the recommended quorum configuration.
- Nano Server
Nano Server, a stripped-down and cloud-optimized installation option for Windows Server 2016 Standard and Datacenter editions, has less than 10% of the disk footprint or VHD size of Server Core and is over 25 times smaller than Server with Desktop Experience. This compactness improves security by minimizing the attack surface, increases resource utilization by making it possible to increase VM density, and speeds up setup and reboot time from minutes to seconds. You can deploy Nano Server as a compute host for part of a failover cluster, a compute host for Hyper-V, a container host, a storage host for a Scale-Out File Server (SOFS), a DNS server, a web server running IIS, or an application platform for cloud apps running in a virtual machine guest. Nano Server works with the same hardware drivers as Windows Server, but since plug-and-play is not supported you must add drivers for network adapters, drives, storage controllers etc. to the Nano Server image prior to deployment. Similarly, you must add any required role or feature binaries. This helps preserve Nano Server's small footprint. Nano Server is headless, so you do not have the option of using Remote Desktop. All management has to be performed remotely, using command-line tools like Windows PowerShell or GUI platforms like Azure's web-based Server Management Tools. You can monitor Nano Server via System Center 2016 Operations Manager (SCOM).
Nano Server is a new headless installation option for Windows Server 2016 with an ultra-small footprint
- Storage Spaces Direct
Storage Spaces Direct, included in the Datacenter edition of Windows Server 2016, makes it possible to build high-availability, high-performance and cloud-scale storage for Hyper-V VMs by using industry-standard server hardware with internal drives such as SATA SSD and Non-Volatile Memory Express (NVMe) devices. Instead of requiring a shared SAS fabric, Storage Spaces Direct reduces deployment complexity and cost by using SMB3 and SMB Direct (RDMA) for fast storage and reduced CPU overhead. Storage Spaces Direct scales from 2 to 16 servers. If a drive fails, Storage Spaces Direct preserves availability by automatically reconstructing degraded data on the remaining drives. You can deploy Storage Spaces Direct in a converged infrastructure where compute and storage resources are separated or in a hyper-converged model where compute and storage resources share the same physical machine.
- Hot Add and Remove for Network Adapters and Memory
For high availability on Generation 2 VMs running Windows or Linux, Windows Server 2016 allows you to add or remove a network adapter or change the memory size of a virtual machine without requiring downtime.
- Software Load Balancing
Software Load Balancing (SLB) is designed as an alternative to hardware load balancing for providing cloud scale and high availability while evenly distributing tenant network traffic among virtual network resources. When notified that a service requires SLB, Network Controller requests and provisions a Software Load Balancing multiplexer (SLB MUX) and assigns the SLB MUX a virtual IP address, which the BGP announces to the network. The SLB MUX accepts connections and routes them to the virtual machines that support the service. If any SLB MUX fails, Network Controller can initiate a new SLB MUX and reannounce the routes through BGP while live migration capability protects tenant workloads from downtime. You can use PowerShell to set the SLB thresholds based on the node's VM memory pressure and CPU utilization. You can use System Center 2016 Virtual Machine Manager (SCVMM) to configure Network Controller, deploy SLB MUXs, and install SLB Host Agents on computers running Windows Server 2016 and Hyper-V.
Software Load Balancing (SLB) in Windows Server 2016 provides cloud scale and high availability
- Windows PowerShell Direct
Windows PowerShell Direct allows convenient remote management of a Windows Server 2016 VM from a Windows 10 or Windows Server 2016 Hyper-V host. You need guest credentials, but there are no network configuration or firewall policy issues for Hyper-V administrators to deal with while using PowerShell to automate and script VM management and configuration.
- Start Order Priority for Clustered VMs
You can organize the VMs in a cluster into tiered groups and specify start-order dependencies among the various tiers. VMs with dependencies on other VMs are started later. This avoids situations, for example, where a VM that requires a service is started before the VM that provides that service.
- Windows Server and Hyper-V Containers
Containers allow Windows Server 2016 to provide advanced security and high VM density for cloud applications. A Windows Server Container is a lightweight OS virtualization technique that allows applications to run in secure isolation from one another without touching the memory, storage, or network infrastructure used by other containers or by the host. A Hyper-V Container provides even higher isolation by running a Windows Server Container within a Hyper-V partition.
Progent's Microsoft-certified consulting team can assist businesses of all sizes to design, implement and troubleshoot Windows Server 2016 deployments for on-premises, cloud-centric or hybrid environments. Progent can help you configure pilot systems to verify Windows Server 2016's ability to support your workloads, plan a hybrid deployment model that integrates on-premises and cloud-based infrastructure and services, and carry out a seamless migration from your current version of Windows Server to Windows Server 2016. Progent's information assurance consultants can assist you to set up the new security and compliance features of Windows Server 2016 such as Credential Guard and Remote Credential Guard, Shielded Virtual Machines, and JIT Privileged Access Management. Progent's high-availability experts can help you plan and deploy failover clustering enhancements like Cluster OS Rolling Upgrades, Cloud Witness, and Multi-domain Clusters. Progent's disaster recovery planning consultants can help you plan and integrate disaster recovery innovations like Storage Replica, Software Load Balancing and network controller hot-swapping.
To help you manage your Windows Server 2016 and Hyper-V ecosystem, Progent offers services that include System Center 2016 Virtual Machine Manager hybrid cloud management consulting, and System Center 2016 Operations Manager (SCOM 2016) integration, and Progent can show you how to benefit from other hybrid management solutions like Network Controller and PowerShell Direct. In addition, Progent's SQL Server 2017 experts and SQL Server 2016 consultants can help you take advantage of the improved scale of Windows Server 2016. Progent also offers the ProSight suite of outsourced network management services that provide smaller organizations with affordable and comprehensive server and infrastructure monitoring, management and optimization services.
Progent's roster of Cisco CCIE-certified network infrastructure consultants is one of the largest of any independent IT services firm in the U.S., and Progent can help you design, deploy, manage and troubleshoot hybrid infrastructure that efficiently integrates your on-premises and cloud resources.
Progent's Remote Consulting and Troubleshooting Support
Progent has more than a decade of experience delivering high-level online consulting and troubleshooting services and has provided online support to organizations in every state in the U.S. (See Progent's Customer Testimonials.) Progent can also provide on-premises support in major metropolitan areas across the U.S. Progent offers as-needed guidance to help you resolve challenging technical issues or full project management outsourcing or co-sourcing services.
If you need immediate online support from a Microsoft-certified consultant, visit Progent's Online Support Services.
Contact Progent for Windows Server 2016 Expertise
To learn more about Progent's consulting and troubleshooting support for Windows Server 2016, call 1-800-993-9400 or go to Contact Progent.