Windows server

10 Best New Windows Server 2016 Features

By Terry J. Morgan

Windows Server 2016 is now generally available for use. Its release reflects contemporary trends in information technology around containerization and hybrid connectivity with cloud services. The list of new features in Windows Server 2016 is staggering, but 10 stand out.

Nano-server

Nano Server offers a 92% smaller installation footprint than the Windows Server Graphical User Interface (GUI) installation option. Beyond that, these compelling reasons might prompt you to start running Nano for at least some of your Windows Server workloads:

  • The bare-metal operating system means far fewer updates and reboots are required.
  • Since you have to administratively inject all server roles from outside of Nano, the server has a significantly reduced attack surface compared to the Windows Server GUI.
  • Nano is so small that it can be easily transferred across servers, data centers and physical locations.
  • Nano hosts the most common Windows Server workloads, including Hyper-V host.

Nano is intended to be managed entirely remotely. However, Nano includes a minimal local management user interface called “Nano Server Recovery Console”, shown in the previous screenshot, which allows you to perform initial configuration tasks.

Containers

Microsoft is working closely with the Docker development team to bring Docker-based containers to Windows Server. Until now, containers existed almost entirely in the Linux/UNIX open source world. They allow you to isolate applications and services in an agile and easy-to-administer way. Windows Server 2016 offers two different types of “containerized” Windows Server instances:

  • Windows Server container. This type of container is for low-trust workloads where you don’t mind that container instances running on the same server can share some common resources
  • Hyper-V container. It is not a Hyper-V host or virtual machine. Instead, it is a “super isolated” containerized Windows Server instance that is completely isolated from other containers and potentially the host server. Hyper-V containers are suitable for high-reliability workloads.

Linux Secure Boot

Secure Boot is part of the Unified Extensible Firmware Interface (UEFI) specification that protects a server’s boot environment from the injection of rootkits or other boot-time malware.

The problem with Windows Server based Secure Boot is that your server would explode (figuratively speaking) if you tried to create a Linux based Hyper-V Gen 2 VM because the Linux kernel drivers were not part of the store trusted devices. Technically, the UEFI firmware of the VM shows a “Failed to verify Secure Boot” error and stops booting.

Windows Server and Azure engineering teams seem to love Linux these days. As a result, we can now deploy Linux VMs on Windows Server 2016 Hyper-V without issue without having to disable the otherwise stellar Secure Boot feature.

ReFS

The Resilient File System (ReFS) has long arrived in Windows Server. In Windows Server 2016, we finally get a stable release. ReFS is designed as a high performance, high resiliency file system for use with Storage Spaces Direct (discussed later in this article) and Hyper-V workloads.

Storage Spaces Direct

Storage Spaces is a great feature of Windows Server that makes it more affordable for administrators to create redundant and flexible disk storage. Storage Spaces Direct in Windows Server 2016 extends Storage Spaces to allow failover cluster nodes to use their local storage inside that cluster, avoiding the previous need for a shared storage structure.

ADFSv4

Active Directory Federation Services (ADFS) is a Windows Server role that supports claims-based identity (token). Claims-based identity is crucial due to the need for single sign-on (SSO) between on-premises Active Directory and various cloud-based services.

ADFS v4 in Windows Server 2016 finally brings support for OpenID Connect-based authentication, Multi-Factor Authentication (MFA), and what Microsoft calls “Hybrid Conditional Access.” This latest technology enables ADFS to respond when user or device attributes no longer comply with security policies at either end of the trust relationship.

Nested virtualization

Nested virtualization refers to the ability of a virtual machine to host virtual machines itself. It’s always been a “no” in Windows Server Hyper-V, but we finally have that capability in Windows Server 2016.

Nested virtualization comes into its own when a business wants to deploy additional Hyper-V hosts and needs to minimize hardware costs.

Adding Hyper-V hot virtual hardware

Hyper-V Server allowed us to add virtual hardware or adjust the RAM allocated to a virtual machine. However, these changes historically required us to shut down the virtual machine first. In Windows Server 2016, we can now “hot add” virtual hardware while virtual machines are online and running. I was able to add an additional virtual network interface card (NIC) to my running Hyper-V virtual machine.

direct powershell

In Windows Server 2012 R2, Hyper-V administrators typically performed Windows PowerShell-based remote administration of virtual machines the same way they would with physical hosts. In Windows Server 2016, PowerShell remoting commands now have -VM* parameters that allow us to send PowerShell directly into Hyper-V host VMs!

Invoke-Command -VMName ‘server2’ -ScriptBlock {Stop-Service -Name Spooler} -Credential ‘tomsitprotim’ -Verbose

We used the new -VMName Invoke-Command cmdlet parameter to run the Stop-Service cmdlet on the Hyper-V virtual machine named server2.

Shielded VMs

The new Host Guardian Service server role, which hosts the Shielded Virtual Machine functionality, is far too complex to discuss in this limited space. For now, suffice it to say that Windows Server 2016 Shielded Virtual Machines allow much deeper and more granular control over access to Hyper-V virtual machines.

For example, your Hyper-V host may have VMs from multiple tenants, and you need to ensure that different groups of Hyper-V administrators can access only their designated VMs. By using BitLocker Drive Encryption to encrypt virtual machine virtual hard disks, Shielded Virtual Machines can solve this problem.

Final Thoughts

Summarizing the previous list, we can conclude that the Windows Server engineering team focused on the following operating system subsystems:

  • Calculate
  • Virtualization
  • Security

These three previous feature areas also go hand-in-hand with the Microsoft Azure cloud, unsurprisingly. If you haven’t already, go ahead and download Windows Server 2016 Technical Preview 5 and get started yourself.

Related posts:

  1. WatServ obtains an advanced specialization for the migration of Microsoft Windows Server and SQL Server to Microsoft Azure
  2. Marvell Technology: Do you have any chemistry? Windows Server 2022 and Marvell QLogic Fiber Channel
  3. Windows Server 2022 is here! – Virtualization review
  4. KB2757011 interrupts Remote Web Access in SBS / WHS11 – Fixed!
Terry J. Morgan
You might also like More from author

Comments are closed.