Enterprise-grade virtualization and next-gen app platform

With the releases of Windows Server 2012 and Windows Server 2012 R2, we made huge improvements across the board in software defined compute, storage, networking and more.  We’re regularly hearing about your successes as well as your next round of feature requests J. In these discussions with you, we’ve also noticed the conversation has matured. While virtualization continues to be an important aspect of your infrastructure, I’m rarely asked about feature comparisons at the hypervisor layer anymore. That’s a 2005 conversation. The conversation has shifted from virtualization to cloud, specifically hybrid cloud. It’s in these conversation that we see first-hand that our Microsoft Cloud strategy is resonating. Quite simply our goal is to provide you the best cloud whenever and wherever it makes business sense.

With Windows Server 2016 there are three core areas we are focusing on in the world of cloud and virtualization:

  • Providing a platform for next-gen cloud applications
  • Ensuring you can protect your datacenter assets from emerging threats
  • Continuing to deliver a cloud platform that is perfect for your mission critical workloads

Let’s dig into each of these areas for a moment

Providing a platform for next-gen cloud applications

Virtualization has been amazing technology for the datacenter, enabling efficiencies and cost savings through increased density and decoupling workloads from physical server hardware.   However, we believe that we have only just started on the journey of unlocking the capabilities of cloud computing.  Once you start running applications that were “designed for the cloud” on a fabric that was “designed for the cloud” you start to enable entirely new levels of efficiency and functionality.

Two big investments that we have made in this area are:

Hyper-V on Nano Server

Running Hyper-V on Nano Server, a highly focused and small footprint version of Windows Server, brings many benefits to your cloud environment.  Physical servers are quicker and easier to deploy, they need less patching and carry less configuration state.  This makes it incredibly easy to build true scalable cloud deployments.

Windows Server Containers

Containers are an exciting new technology for building, testing and deploying applications.  Applications are fueling the innovation in today’s cloud-mobile world, and developers hold the keys to the power of those applications. The more streamlined and efficient the process for developers to build and deliver their applications, the faster that more powerful applications can reach the business. This however, has to work across both the developers, and IT who hold the keys when it comes to the infrastructure that the applications will run on.

For the developers, containers unlock huge gains in productivity, and freedom – the ability to build an application, package within a container, and deploy, knowing that wherever you deploy that container, it will run without modification, whether that is on-premises, in a service provider’s datacenter, or in the public cloud, using services such as Microsoft Azure.  These containers don’t have to be deployed independently – developers can model complex multi-tier applications, with each tier packaged within a container, and these can be distributed across IaaS and PaaS models, again, increasing the overall surface area that the developer can aim for when releasing their application. This powerful abstraction of microservices provides developers with incredible potential to deliver applications more rapidly than ever before.  They can’t however, do it without the Operations’ team support.

On the Operations side, they benefit considerably by being able to gain ever higher levels of consolidation for applications and workloads than even virtualization could provide, and in addition, they can put in place a platform that can rapidly scale up and down to meet the changing needs of the business. This standardized platform is easier to manage, yet provides the developers with a consistent environment into which they can simple provide their app, and hit ‘run’.

Ensuring you can protect your datacenter assets from emerging threats

When it comes to datacenter security, one of the key design pillars of Hyper-v is to make virtual machine security on par with the physical machine security. If a physical machine is completely locked down and a hacker cannot gain access through a vulnerability, short of walking in to the datacenter and removing that physical server, it’s safe to assume that particular physical server is secure.

However, any seized or infected host that has been compromised by an attack, now puts the virtual machines at significant risk, as VMs can be copied from storage, over the network.

The flexibility of virtualization also poses a challenge in itself. For instance, without any form of hardware-based verification, which is rare in today’s x86 physical server space, there’s no way to identify legitimate hosts, which have or haven’t been compromised. This means a VM can, in essence, run anywhere.

So what is Microsoft’s approach to protecting virtual machines?

First, by utilizing the power of hardware-rooted technologies, we enable a new Virtual Secure Mode. This protects access to the processes and memory of the virtual machine, from the host itself, completely separating the guest OS, from host administrators. Host administrators cannot access guest VM secrets and can’t run arbitrary kernel mode code.

By implementing a new Windows Server role, the Host Guardian Service, it enables administrators to identify legitimate hosts, and certifies them to run protected virtual machines, known as Shielded VMs.

Finally, by integrating with the underlying hardware, we enable a new virtualized trusted platform module, or vTPM, that, when exposed inside the virtual machine, enables the guest operating system to take advantage of native encryption features such as BitLocker, protecting the valuable information within that shielded virtual machine. Features such as Live Migration still continue to work, and, the traffic is also encrypted, ensuring that even when moving virtual workloads around the environment, the data remains secure and encrypted.

Continuing to deliver a cloud platform that is perfect for your mission critical workloads

Third, and in many ways, most importantly we have been investing in continuing to improve the capabilities of Hyper-V as a great platform for your mission critical applications.  There are a number of capacities that we have focused on

Workload Availability

Across the entirety of Hyper-V we have looked for opportunities to reduce and remove times when virtualized workloads are offline, both planned and unplanned.  Here is a sample of some of the features and capabilities that increase your workload availability:

  • Rolling Cluster Upgrade

    With Windows Server 2016, we’re building on Cross Version Live Migration from Windows Server 2012 R2 and taking it to the next level.  You can now upgrade a Windows Server 2012 R2 cluster to Windows Server 2016 with zero downtime, zero extra hardware requirements, and guaranteed availability throughout the process.  You can read more about this technology here: https://technet.microsoft.com/en-us/library/dn850430.aspx

  • Online resize of virtual machine memory

    Building on our great feature of Dynamic Memory, you can now resize memory for virtual machines even when they are configured to use static memory.

  • Hot add / remove of virtual network adapters

    It is now possible to add and remove network adapters from Generation 2 virtual machines without needing to turn them off first.

  • Online resize support for Shared VHDX files

    Need to add more storage capacity to a virtualized cluster?  This is now easy to do while your critical virtualized application continues to run.

  • And more…

Guaranteed Performance

In Windows Server 2012 R2, we introduced Storage Quality of Service which provided the ability to set hard caps on a per virtual disk basis per host. It’s a good solution for noisy neighbors on the same host and is dynamically configurable. This was a necessary and important step to what we’re delivering in Windows Server 2016, namely, cluster-wide Storage QoS with comprehensive monitoring and flexible and customizable policies. You can set policies at a granular level based on your business needs such as: per VM, per virtual disk, per service or per tenant. At a high level, it looks like this:

Manageable

We have also been working hard on ensuring that Hyper-V and Hyper-V virtual machines are easy to manage and troubleshoot.  Two big investments in this area are:

  • Full support for alternate credentials in Hyper-V Manager and Hyper-V PowerShell.

    To help people manage Hyper-V in secure environments – you can now provide alternate credentials when connecting to remote servers.  This avoids the situation where administrators and needlessly using powerful credentials for non-essential tasks.

  • PowerShell Direct to virtual machine

    You can now run PowerShell commands directly in virtual machines from the host environment, provided you have the credentials for the guest operating system, with no need for extra configuration – or even network connectivity.  This allows for very powerful automation and orchestration of virtual machines.

As you can see, we’ve been busy and we look forward to your feedback with the Windows Server 2016 Technical Preview 2 and again, our sincere thanks.