Windows Server 2016 incorporates the core technology behind Microsoft's Azure public cloud and makes it available to organizations of any size for creating in-house networks, private clouds, or hybrid systems that combine on-premises and cloud-based resources.
Most businesses today combine local systems and cloud services to achieve the right balance of control and economy needed to optimize productivity, meet security and compliance requirements, and contain the costs of IT management and operations. Windows Server 2016 is a cloud-smart operating system that is ideal for hybrid network models where some applications and services are hosted in the cloud and others are hosted on premises. Windows Server 2016 brings a wealth of new and improved features that cover key areas of information technology including security and assurance, server and desktop virtualization, availability and disaster recovery, management automation, resource utilization, scalability and performance.
Successful deployments of Windows Server 2016, particularly in the case of hybrid networks, can require a broad range of technical expertise rarely found in the IT staffs of small and midsize organizations. Progent's roster of subject-matter experts can provide the skills you need, when you need them, to create high-value IT solutions built on Windows Server 2016. Progent's nationwide team of Microsoft-certified consultants, project managers and security experts have experience helping companies migrate to Windows Server 2016 and can assist you to evaluate the benefits of Windows Server 2016 for your business, design and implement a smooth upgrade plan, and provide prompt and efficient follow-up support.
Progent can also help you integrate Windows Server 2016 with the latest releases of key Microsoft's platforms by providing services such as Exchange 2019 migration expertise, Exchange 2016 consulting, SQL Server 2016 integration, and SharePoint 2016 development. Progent can also help you combine your on-premises network with public cloud services by providing expertise such a Microsoft 365 Exchange Online consulting, Amazon AWS integration, and Google Cloud integration consulting. Progent's consulting, troubleshooting and training services for Windows Server 2016 are available online and Progent also offers onsite consulting in major metropolitan areas across the United States.
New Features of Windows Server 2016
Windows Server 2016 delivers across-the-board enhancements that impact practically all key areas of information technology including compute, identity and access, administration, networking, security and assurance, storage, availability, and application development.
In terms of sheer scale, the major improvements in Windows Server 2016 over Windows Server 2012 R2 are substantially higher maximums for host memory and logical processors (LPs) as well as virtual memory and virtual processors (VPs) for Generation 2 virtual machines (VMs). These increases make it possible to virtualize even the most demanding workload such as machine learning.
Feature
|
Windows Server 2012/2012 R2
|
Windows Server 2016
|
Host memory support
|
4 TB per physical server
|
Up to 24 TB per physical server
|
Host logical processor support
|
Up to 320 LPs
|
Up to 512 LPs
|
VM memory support
|
Up to 1 TB per VM
|
Up to 12 TB per VM
|
VM virtual processor support
|
Up to 64 VPs per VM
|
Up to 240 VPs per VM
|
Windows Server 2016 provides significant improvements in scale over Windows Server 2012/2012 R2
Windows Server 2016's increased scale improves the performance of e-commerce applications such as large in-memory databases for Online Transaction Processing (OLTP) and Data Warehousing. Windows Server 2016's scale improvements can essentially eliminate the performance difference (less than 5%) between running these workloads on a physical vs. a virtual machine.
Major Enhancements in Windows Server 2016
Windows Server 2016 incorporates a long list of new and improved features, many of them impacting multiple areas including Hyper-V, failover clustering, identity and access, security and assurance, storage, administration and networking. (For virtual machines originally created on Windows Server 2012 R2 and later transferred to a server running Hyper-V on Windows Server 2016, you must reconfigure the VMs manually. Progent can help you with this process.)
Important new and enhanced features of Windows Server 2016 include:
- Containers, popularized by Docker for Windows and Linux, are a method of operating system virtualization that allows an application and its dependencies to run on an abstracted OS, decoupled from variations in operating systems releases and the composition of the underlying network infrastructure and without the overhead of a full-fledged virtual machine. This allows almost instant application deployment and consistent operation when applications are moved to different environments. Windows Server 2016 containers, which use a light-weight VM for each container, allow applications such as web sites to share a kernel, which is also shared by the host. Hyper-V containers provide greater isolation by providing each container with its own kernel. This additional level of isolation can be a compliance requirement for applications running in public clouds.
Windows Server containers share a kernel. With Hyper-V containers, each container has its own kernel.
- Shielded Virtual Machines prevent the data and state of VMs from being seen, modified or stolen by a compromised fabric manager or by malicious software that has gained administrator privileges. Shielded Virtual Machines encrypt data and state so Hyper-V administrators can't see video output and disks. Shielded VMs work for Generation 2 VMs and can be limited to run only on trusted fabrics. A Host Guardian Service stores the keys required for a trusted Hyper-V host to prove its health to run Shielded VMs..
- Nano Server is a new installation option for the Standard and Datacenter editions of Windows Server 2016 that provides a lightweight server OS with a far smaller footprint than Windows Server Core. The compact size of Nano Server enhances security by presenting a small attack surface, frees up compute and storage resources, and improves deployment and reboot times. Nano Server can be deployed in the cloud or in physical datacenters and is a secure and cost-effective solution for hosting clustered or non-clustered Hyper-V VMs, Scale-Out File Server storage, or cloud applications running in a container or VM guest OS. Nano Server is also suited to act as a DNS server or web server running Internet Information Services (IIS). Unlike Windows Server Core, Nano Server supports only 64-bit apps and tools, does not support Group Policy, and cannot be used as an Active Directory domain controller. Because Nano Server is headless, you must perform all management remotely. Available tools include PowerShell, Windows Management Instrumentation (WMI), or Windows Remote Shell (WinRS). You can monitor Nano Server by using Microsoft COM 2016.
- Cluster Operating System Rolling Upgrade introduces the ability to live-migrate running VMs to a host powered by an earlier version of Windows Server such as Windows Server 2012 R2. In this case, all nodes run at a Windows Server 2012 R2 functional level until you upgrade all nodes in the cluster and update the cluster functional level via a Windows PowerShell cmdlet. Each node in the cluster can be upgraded in place with no need to stop or restart the cluster or create a new one. Existing cluster objects such as cluster name and IPs stay the same and remain online during the entire upgrade procedure.
You can migrate Windows Server 2016 VMs to an older host OS for zero-downtime rolling upgrades
- Credential Guard uses virtualization-based security to protect derived domain credentials against Pass-the-Hash or Pass-The-Ticket attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets. Malicious software with administrative privileges running in the OS cannot steal data protected by virtualization-based security.
- Remote Credential Guard helps protect credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. This feature also enables single sign-on for Remote Desktop sessions. Remote Credential Guard allows Kerberos and blocks NTLM, blocks Pass the Hash attacks, and prevents a credential's use after disconnection.
- Just In Time (JIT) Privileged Access Management (PAM) supplements Just-Enough Administration (JES), which was introduced with Windows Server 2012 R2, by providing a role based access control platform for limiting the period of time that fabric, storage, server and network administrators are granted access privileges for anything that can be managed with Windows PowerShell. JIT allows essential tasks to be carried out and audited without granting fulltime admin privileges and exposing the network to compromised administrators.
- Virtual Machine Load Balancing provides an automatic mechanism for maximizing the performance, availability and utilization of nodes in a failover cluster. This feature detects overloaded nodes and assigns VMs from those nodes to ones that are under-committed. VM Load Balancing performs live migrations and so requires no downtime. Three thresholds can be selected in PowerShell to determine the aggressiveness of load balancing based on the VM memory pressure and CPU utilization of the node. Failure policies such as fault domains are followed. Virtual Machine Load Balancing allows you to save the costs of adding new server hardware to a failover cluster without compromising availability or performance.
VM Load Balancing automatically live migrates VMs from overloaded nodes to under-committed ones
- Windows PowerShell Direct allows you to run Windows PowerShell commands in a VM from the host, simplifying the automation and scripting of VM management and configuration.
- Start Order Priority for Clustered VMs provides greater control in determining which clustered VMs are started or restarted first so that VMs that provide services are activated before VMs that use those services.
- Storage Replica allows you to configure synchronous block-level replication between clusters or servers for high-availability or disaster recovery. You can mirror data within the same datacenter or between different datacenters with crash-consistent volumes to eliminate data loss at the file-system level. With synchronous replication, mission-critical applications write data to two or more locations simultaneously before completing any write operation. Because Storage Replica works with data blocks rather than files, unlike DFS Replication, it is not vulnerable to file locks, open handles, or other file-level issues. Storage Replica also supports asynchronous replication between geographically separate sites connected with slower network links. Asynchronous replication does not guarantee zero data loss.
Storage Replica allows replication between clusters with zero data loss at the file-system level
- Storage Spaces Direct, or S2D, makes it easy to create and manage software defined, shared-nothing storage clusters using commodity servers and their internal storage and built-in Ethernet connections. By logically grouping physical storage drives into virtual storage pools, Storage Spaces Direct allows you to scale out networked-attached storage simply by adding new physical servers or by attaching additional storage hardware to existing servers. The scale-out servers can be connected over SMB3 file shares via the Ethernet with RDMA connections included with industry-standard servers at a fraction of the cost and complexity of deploying a Fibre Channel SAN storage fabric.
When you create volumes from a storage pool, S2D automatically creates the virtual disk, partitions and formats it, adds it to the cluster, and converts it to a clustered shared volume (CSV). The fault-tolerant volumes in a cluster can survive the loss of a drive or an entire server, and S2D automatically configures read/write cache, tiers, resiliency, and erasure coding across columns. Storage Spaces Direct will automatically use the fastest media available, such as flash storage, to form a built-in always-on cache.
With System Center 2016 Virtual Machine Manager (VMM), you can configure a disaggregated (converged) deployment, where compute and storage resources run on separate Hyper-V clusters. or a Hyper-converged deployment where Hyper-V compute and S2D run on the same cluster with no separation between them. A converged deployment allows enterprises to scale compute/workload independently from the storage cluster. Hyper-converged deployments are an attractive option for smaller organizations and branch offices because they are easy to configure and minimize hardware costs. (See System Center 2016 Virtual Machine Manager consulting services.)
- Host resource protection helps keep a VM that is using excessive resources from degrading the performance of the host or other VMs. When monitoring identifies a resource glutton, the VM can be allocated fewer resources. PowerShell can be used to activate or disable this feature.
- Hot Add and Remove for Network Adapters and Memory allows you to add or remove a network adapter or adjust the amount of memory assigned to a VM without incurring downtime. This feature can be used for Generation 2 VMs running Windows or Linux.
- Cloud Witness permits you to use Microsoft Azure cloud resources to create an arbitration point as a Failover Cluster quorum witness. The Azure-based Cloud Witness is allowed a vote and can take part in the quorum calculations. Cloud Witness allows you to follow best practices by setting up an off-site quorum witness, but by using the Azure cloud you avoid the time, cost and management hassle associated with setting up a third physical site. You can use the Cluster Quorum Wizard to configure Cloud Witness as a quorum witness.
Azure-based Cloud Witness is a fast, affordable way to configure a failover cluster quorum witness
- Network Controller, the same network controller found in Microsoft Azure, consists of a pair of APIs that run as a server role on a Hyper-V VM and provide a central point of automation to manage, configure, monitor, and troubleshoot your datacenter's virtual and physical network infrastructure. You can use Network Controller with Windows PowerShell, the Representational State Transfer (REST) API, or management tools like System Center Virtual Machine Manager (SCVMM) or System Center Operations Manager (SCOM). Network Controller supports firewall, virtual network, software load balancer, and RAS Gateway management.
- Workgroup and Multi-domain clusters eliminate the previous restriction that a cluster can be created only between member nodes joined to the same domain. Windows Server 2016 lets you create a Failover Cluster without Active Directory dependencies, making it possible to create Multi-domain Clusters and Workgroup Clusters that are not domain joined.
- Production Checkpoints allow you to use the Volume Snapshot Service (VSS) rather than saved state for point-in-time capture of the state of a virtual machine. This makes it practical to use checkpoints for production workloads rather than just test or development environments, as was recommended with Windows Server 2012. Restoring a checkpoint is just like restoring a backup. You can easily disable checkpoints for individual VMs if performance requires it.
- Improvements to Win32 Time and Hyper-V Time Synchronization Services enables compliance with upcoming regulation for 1ms time accuracy.
- Encryption support for the OS system disk can protect the operating system disk via BitLocker drive encryption in Generation 1 VMs. For Generation 2 VMs, this can be accomplished using a virtual Trusted Platform Module (TPM).
How Progent Can Help You with Windows Server 2016
Progent's Microsoft-certified consulting team can help organizations of any size to plan and carry out a migration or upgrade to Windows Server 2016 using an on-premises, cloud-centric, or hybrid deployment model. Progent can help you set up pilot systems to test Windows Server 2016 running your workloads, design a hybrid architecture that combine local and cloud resources, and take advantage of the new rolling upgrade feature to update the operating system of your cluster nodes from Windows Server 2012 R2 to Windows Server 2016 without stopping your Hyper-V or the Scale-Out File Server workloads. Progent can help you configure the new Storage Replica feature for zero-data-loss disaster recovery and show you how to set up the new Cloud Witness feature to save time and money while setting up failover clusters. Progent's SQL Server 2019 integration consultants, SQL Server 2017 experts and SQL Server 2016 consultants can help you benefit from the increased maximum memory and core count enabled by Windows Server 2016.
Progent's information assurance consultants can help you deploy new security feature like Windows and Hyper-V Containers, Shielded Virtual Machines, Credential Guard, Remote Credential Guard and Just In Time (JIT) Privileged Access Management to make it easier for you to comply with regulatory and industry data security requirement such as SOX, ISO 27001, PCI DSS 3.2, and FedRAMP. Progent team of Cisco CCIE-certified network infrastructure consultants is one of the largest of any independent IT services firm in the U.S., and Progent can help you build and manage a hybrid network infrastructure that supports the high-availability and disaster recovery features of Windows Server 2016. To help you manage your Windows Server 2016 and Hyper-V environment, Progent offers services that include PowerShell scripting help, Network Controller deployment, System Center 2016 Virtual Machine Manager (SCVMM 2016) hybrid cloud management consulting, and System Center 2016 Operations Manager (SCOM 2016) integration. Progent also offers the ProSight suite of network management outsourcing packages that provide small and mid-size businesses with low-cost server and infrastructure monitoring and management services.
Progent's Online Consulting and Troubleshooting Services
Progent is a pioneer in providing advanced online consulting and troubleshooting support and has provided remote expertise to businesses in every state in the U.S. (Refer to Progent's Customer Testimonials.) Progent also offers on-premises support in major metropolitan areas throughout the U.S. Progent can provide as-needed expertise to help you through occasional technical bottlenecks or comprehensive project management outsourcing or co-sourcing services.
If you need immediate online support from a Microsoft-certified consultant, visit Progent's Online Support Services.
Download the Datasheet for Progent's Windows Server 2016 Consulting Services
To download a datasheet describing Progent's consulting services for Windows Server 2016, click:
Progent's consulting expertise for Windows Server 2016. (PDF - 319 KB)
Contact Progent for Help with Windows Server 2016
For more information about Progent's consulting and troubleshooting services for Windows Server 2016, call 1-800-993-9400 or visit Contact Progent.