Microsoft continues to make improvements to Hyper-V and the enhancements
in Windows Server 2016 will expand on current functionalities while
introducing some new ones, including key security features for both
cloud and on-prem environments.
Virtualization has consistently been one of the hot topics in the IT
industry over the last decade because of the numerous benefits it offers
to IT pros. The ability to more fully utilize hardware capabilities
while also offering the scalability to avoid performance problems is a
killer feature. The reliability of being able to cluster virtualization
hosts and migrate virtual machines (VMs) improves disaster preparedness
and reduces downtime due to maintenance. Finally, the convenience of
being able to rapidly deploy new VMs -- either manually or with
automated tools such as Windows PowerShell -- eases the workload for IT
pros reducing monotonous, labor-intensive tasks.
Microsoft's Virtualization Strategy
Microsoft's goal is to do to the data center what Hyper-V has done
with server deployment and management. By bringing the entire structure
to the software level, you gain the ability to automate more aspects of
your data center, and thereby gain efficiencies.
In the last few versions of Windows Server, Microsoft has made a
concerted effort to improve Hyper-V and the technologies supporting it
into a fully-featured software-defined data center. These features span
every aspect of the data center, including storage, networking, and
compute. Windows Server 2012 and Windows Server 2012 R2 introduced
features like IPAM (IP Address Management), Storage Spaces, and
multi-tenant site-to-site VPNs, each of which brings something to the
table for hosting environments. Windows Server 2016 expands on these
features with Storage Replica and some new networking roles that have yet to be fully documented.
Security Improvements
The security concerns addressed in Hyper-V with Windows Server 2016
are intended to protect your VMs from multiple potential attack vectors,
like malware and fellow administrators overstepping their management
roles. Microsoft is completely aware that one big reason cloud adoption
hasn't taken off the way it could has to do with corporate trust; and
now the company is making efforts to show that cloud solutions offer
comparable -- if not better -- security to your on-premises data center.
A
Trusted Platform Module (TPM) is a critical piece of hardware shipping
in modern computer hardware that enables numerous security features
within supporting OSes. Windows Server 2016 offers support for a Virtual
TPM to be enabled and configured for your VMs. The primary benefit
gained by this new functionality is the ability to enable BitLocker
encryption for entire guest VMs, preventing unauthorized access to the
system or files contained within the virtual hard drives.
The introduction of Shielded VMs in Windows Server 2016 is another
feature that enables you to protect a guest VM from the administrator of
the host server. With Shielded VMs the administrator of the host server
can start or stop Shielded VMs, but cannot change the configuration,
see inside the virtual disks, or see what processes are running within
the guest OS. This is a perfect solution for large hosting environments
that don't want the management team being able to see inside customer
VMs, or for any industry where a separation of duties or need-to-know
policies must be strictly enforced.
Management Improvements
Microsoft has made efforts in Windows Server 2016 to improve resource
allocation between VMs, or even a group of VMs belonging to a
particular customer. Distributed Storage QoS improves the existing
Storage QoS capabilities to be able to monitor and enforce performance
thresholds on customer VMs rather than individual VMs. This allows extra
freedom for customers to ramp up the workload of a particular VM at the
cost of other customer VMs without impacting other VMs hosted on the
server. Additionally, Host Resource Protection is a heuristics-based
system used to identify patterns of access that are abnormal to typical
workloads and often seen in malicious activities. Host Resource
Protection can identify and throttle these systems in order to protect
other VMs on the system.
Improvements in Storage and Cluster resiliency aren't new features as
much as they are tweaks to how certain situations are handled. In
previous versions of Windows Server, a VM would likely crash if
connectivity to its storage were lost. In Windows Server 2016 the VM is
simply suspended after 60 seconds of lost connectivity. Once access to
the storage is regained the VM is resumed automatically. Similarly,
cluster nodes will go into an isolated state for four minutes if unable
to communicate with the rest of the cluster. If cluster connectivity is
unavailable for four minutes, VMs are failed over to another node. If a
node is unable to maintain a connection with the remainder of the
cluster, VMs will be failed over and the node will be quarantined.
Many of the new features coming to Hyper-V in Windows Server 2016 are
simply improvements in the day-to-day operation of VMs. In Windows
Server 2016, VM memory allocations can be adjusted while the VM is
running, and network adapters can be added or removed without shutting
down the VM. Checkpoints, previously only supported in test
environments, are now fully supported in production. Checkpoints in
Windows Server 2016 use Volume Shadow Services instead of a saved state,
resulting in many enterprise systems recognizing the action as if it
were a traditional backup operation. PowerShell Direct can now be used
to directly reference a guest VM without the need for PowerShell
remoting or even network connectivity.
Microsoft
continues to make aggressive improvements to one of the premier
virtualization platforms in the world. The changes implemented in
Windows Server 2016 address problems and concerns felt by many IT pros,
and do so with an eye toward protecting their customers even from their
own hosting environment, whether that be Microsoft or a third party.
It's a good precedent to set, and one we hope Microsoft continues to
follow.
