What’s New in Hyper-V — Virtualization Review

In depth

Windows Server 2019: What’s new in Hyper-V

An overview of what’s new in general and specifically for virtualization and containers in the next release of LTSC, Windows Server 2019, scheduled for the second half of 2018.

• By Paul Schnackenburg
• 04/30/2018

In case you haven’t been keeping track of the various versions of Windows Server coming from Microsoft (and it’s confusing), here’s the TLDR:

Since the release of Windows Server 2016, there are now two “paths” of Windows Server: the Semi-Annual Channel (SAC), which releases two releases per year (in Server Core – no GUI release only) and the Long Channel. term. Servicing Channel (LTSC), which will be released every two to three years, just like Windows Server has for many years.

You must have Software Assurance to use the SAC releases, and they are only supported for 18 months, while the LTSC releases will have the normal five-year mainstream support (new features and bug fixes), followed by five-year extended support (bug fixes only).

In this article, I’ll be looking at what’s new in general and specifically for virtualization and containers in the next LTSC release, Windows Server 2019, which is expected to be released in the second half of 2018 (a good guess is that it will be released in Ignite in September). This article is written on build 17650, released on April 24, 2018.

Failover Clustering
One of the biggest complaints I hear from cluster administrators is the difficulty of moving a cluster from one domain to another (mergers are a common cause of this); this issue is resolved in 2019. Using just two PowerShell cmdlets, you can remove the cluster name account from the original Active Directory domain, stop cluster functionality, log out of the source domain, and add all nodes to a workgroup, then join them to the new domain and create new cluster resources in the destination AD domain. This definitely adds flexibility around Hyper-V clusters and their domain status.

Speaking of clusters, most companies I talk to tend to keep the number of nodes in their clusters relatively low (six, eight, 12, and 16 nodes), even though the maximum number of nodes is 64, and have rather more clusters. Each of these clusters is completely separate but that will change in Windows Server 2019. You will be able to group multiple clusters (Hyper-V, Storage and even Hyper-Converged), with a master cluster resource running on a cluster, coordinating with a Cluster Set Worker in each cluster. You will be able to perform a live migration of virtual machines from one cluster to another. I see this being useful for scaling Azure Stack (currently limited to 12 nodes) and bringing the Software-Defined Datacenter (SDDC) concept closer to reality.

Another minor but potentially vital detail is to use a file share witness stored in DFS. It’s not and never was supported, but not everyone reads the documentation. Imagine a six-node cluster with three nodes in a separate building with a file share witness as the tiebreaker for quorum. You might end up in a situation where the network connection between the two buildings is down and the three nodes on one side are keeping the cluster service (and therefore the VMs) running because they can talk to the share witness of files. But the other side has a DFS replicated copy of the same file share witness, so they also decide to keep the cluster service running (because they also have the majority of votes) and both sides could potentially write on primary storage. simultaneously, resulting in severe data corruption. In Windows Server 2019, if you try to store a file share witness in DFS, you will receive an error message and if added to DFS Replication later, it will stop working.

You can also create a file share witness that does not use an AD account for scenarios where a domain controller is not available (DMZ) or in a cross-domain workgroup/cluster.

Storage replication and migration
In Windows Server 2016 (Datacenter only), we finally got the missing piece of the puzzle in Microsoft’s assault on SANs: Storage Replica (SR). This directly competes with (very expensive) SAN replication technologies and allows you to replicate from any volume on a single server or cluster to another volume in another location (synchronously up to 150km [90 miles for those of you in the United States]), asynchronously anywhere on the planet). This is useful for creating stretched Hyper-V clusters for very high resiliency or for disaster recovery (DR) in general.

In Windows Server 2019 Standard, we get SR “Lite”: single volume per server (unlimited in Datacenter), single partnership per volume (unlimited in Datacenter), and up to 2 TB volumes (unlimited in Datacenters). These are the current preview limitations and voting is open to change this.

Hyper-V Replica is a different technology from SR. For example, you can create a stretched Hyper-V cluster with SR as the transport mechanism for the underlying storage between the two locations, then use Hyper-V Replica for DR, replicating the VMs to a third location or to Azure .

A totally new feature, Storage Migration Service is coming to Windows Server 2019. Intended to solve the problem of migrating older versions of Windows Server to 2019 or Azure, it is not directly related to Hyper-V, although you you can of course use it from within virtual machines or to migrate data to Azure Stack.

Data deduplication is now available for Storage Spaces Direct (S2D) with the ReFS file system, so you can expect to save up to 50% disk space. Speaking of S2D, Microsoft now supports Persistent Memory (or Storage Class Memory), which is essentially battery-powered DDR memory sticks, which enables storage with incredibly low latency. Another new feature is performance history for S2D, where you can get performance history on disks, NICs, servers, virtual machines, vhd/vhdx files, volumes, and the whole cluster. You can use PowerShell or Windows Admin Center to access data.

Containers
There’s a lot of emphasis on hybrid cloud in this preview, which makes sense, given Microsoft’s assertion that most businesses will be in a hybrid state for a long time to come. The focus on containers continues with much smaller images available for both Server Core and Nano Server images.

But the coolest feature so far is the ability to run Linux containers on Windows Server. This first saw the light of day in one of the SAC releases and it makes a lot of sense. Remember that on Windows (unlike Linux) we have two types of containers, Windows Containers and Hyper-V Containers. For a developer, they work exactly the same and it’s a deployment choice (develop on normal containers and deploy to production in Hyper-V containers). The Hyper-V flavor gives you the security isolation of a virtual machine despite being much smaller than a “real” virtual machine. So the next logical step was to run a different operating system inside the container, in this case Linux. Following a tutorial, I was able to quickly set up a Linux container.

Security
The battle to increase security continues unabated and in this release we get Windows Defender ATP Exploit Guard, which bundles four new features: Network Protection blocks outbound access of processes on the server to untrusted hosts/IP addresses based on Windows Defender SmartScreen information. Controlled access to files protects specified folders from access by untrusted processes such as ransomware while Exploit Protection mitigates vulnerabilities similar to what EMET did. To finish, Reduced attack surface (ASR) allows you to set policies to block malicious files, scripts, lateral movement, etc.

Windows Defender Advanced Threat Protection (ATP) is now also available for Windows Server and can integrate with your current deployment.

These measures will increase the security of your Hyper-V hosts, but another feature (also seen for the first time in an SAC release) applies directly to virtualization deployments: encrypted networks in SDN. A single click when you create a new virtual network in the SDN stack ensures that all traffic on that network is encrypted, preventing eavesdropping. Note that this doesn’t protect against malicious admins but oddly Microsoft has promised such protection in future releases, aligning network protection with the Shielded Virtual Machines host security offering.

Windows Admin Center
No discussion of the future of Windows Server is complete without mentioning the free, web-based Windows Admin Center (WAC), formerly known as “Project Honolulu”. It will be the GUI for managing Windows Server, including Hyper-V servers, clusters, Storage Spaces Direct, and HCI clusters. It has many advantages over the current combination of Server Manager, Hyper-V Manager, and Failover Cluster Manager (with PowerShell) that we use today, including the simple fact that everything is in a single user interface.

Wrap
As I predicted, the semi-annual SAC releases of Windows Server allow Microsoft to work on bringing new features to a faster pace than in the past and it shows in this preview, which contains several new and improved elements to make our lives as administrators virtualization more easily.