Posted on November 4, 2016
With the general availability of Windows Server 2016 (and its companion platform System Center 2016) as of September 26th, there are some key features your sysadmins or IT company should be talking to you about: features like container support, and the improved security and networking tools. We’ll list them here, in no particular order of importance, as they are all salient points regarding Microsoft’s latest server operating system. And, if your IT company isn’t telling you about these features, come see us, and we will help you optimize your WS 2016 experience.
- Smaller server footprints with Nano. Nano Server, the next evolution of Server Core, is an even more stripped-down version of Windows Server 2016. Though a Nano server must be managed remotely and can only run 64 bit applications, it can be optimized for minimum resources, requires far less patching, restarts very quickly, and can perform a number of specific tasks adroitly with a minimum of hardware.
Standout uses for Nano Server include IIS, DNS, F&P, application servers, and compute nodes. So, if you liked Server Core, you will love Nano. And, if you never “got” Server Core, you should give Nano a chance, especially if patching and downtime are challenges in your 24×7 shop.
- PowerShell 5.0 provides better server management. Windows Server 2016 features PowerShell 5.0 as part of the Windows Management Framework 5.0. Many notable improvements are to be found in PS v5, including support for developing your own classes, or the new module called PackageManagement, which lets you discover and install software packages on the Internet.
Also noteworthy, the Workflow debugger now supports command or tab completion, and you can debug nested workflow functions. To enter it in a running script you can now press Ctrl+Break (in both local and remote sessions) and also in a workflow script. And PS5 now runs directly in Nano server, so administration of this lighter-weight server platform is made even simpler.
- Container support offers enhanced density, versatility. Windows Server 2016 offers two kinds of containers to improve process isolation, performance, security, and scalability. The new WS Containers can be used to isolate applications with a dedicated process and namespace, while Hyper-V Containers present as entire machines optimized for the application.
Windows Server Containers share a kernel with the host, while Hyper-V Containers have their own kernel, both enabling you to get more out of your physical hardware investments. Additionally, Microsoft has announced that all Windows Server 2016 customers will get the Commercially Supported Docker Engine for no additional cost, enabling applications delivered through Docker containers to run on Windows Server on-premise installations or in the cloud, on Azure.
- Better secure identity management. WS 2016 brings some huge improvements to Active Directory, security, and identity management, such as Privileged Access Management (PAM), which restricts privileged access within an existing Active Directory environment. In this model, you have a bastion forest, sometimes called a red forest, which is where administrative accounts live and can be heavily isolated to ensure it remains secure. Just-in-Time administration, privileged access request workflows, and improved audition are all included, and best of all – you don’t have to replace all your DCs to benefit from this feature.
- Administrative work simplified. Need to enable administrators to delegate anything that can be managed through PowerShell? “Just Enough Administration” is a new capability in Windows Server 2016 that does just that. Do you have a developer who needs to be able to bounce services or restart app pools on a server, but not log on or make any other changes? With JEA you can give him or her exactly those abilities, and nothing more. Of course, you may have to write some PS1s to let them do that, but the cool thing is that with WS2016 you can do it.
- HA remote desktop improvement. If you want to set up highly-available RDS environments, but want to avoid the trouble and expense of setting up HA SQL, you can now use an Azure SQL DB for your Remote Desktop Connection Broker. This makes it both easier and less expensive to set up a resilient virtual desktop environment. Plus, the RD Connection Broker can now handle massively concurrent connection situations, commonly known as the “log on storm”, and it has been successfully tested to handle more than 10k concurrent connection requests without any failures.
- Software-defined storage makes for easier management. Software-defined storage enables you to create HA data storage infrastructures that can easily scale out, without breaking your budget. With software-defined storage, SMBs can start to take advantage of high-availability storage within their existing budgets.
Three new features are prominent here: 1) Storage Spaces Direct, which enables you to combine commodity hardware with availability software, providing performance for virtual machines; 2) Storage Replica replicates data at the volume level in either synchronous or asynchronous modes, while 3) Storage QoS guards against poor performance in a multitenant environment.
- More accurate time-slips. If you’ve set up an NTP server on your network or subscribed to NTP services from an NTP pool, you know how important time accuracy can be. Typically, Windows environments have been less worried about accurate time and more concerned with a consensus of time, with a five-minute drift being acceptable. Now, in Windows Server 2016, the new time service can support up to a 1ms accuracy, which should be enough to meet almost all needs. If you need more accuracy than that, you’ll need an atomic clock.
- Software-defined networking delivers connection flexibility. Software-defined networking is highly valuable in a virtualization environment, and enables administrators to set up networking in their Hyper-V environment – similar to what they can in Azure, including virtual LANs, routing, software firewalls, and more. Virtual routing and mirroring are also possible in Windows Server 2016, so you can enable security devices to view traffic without expensive taps.
- A big boost in security. There are so many security improvements in Windows Server 2016 that an entire post could be done on just that. For now, just know that WS2016 includes improvements to protect user credentials with Credential Guard and Remote Credential Guard, and to protect the operating system with Code Integrity, with a whole host of improvements with virtual machines, new anti-malware capabilities in Windows Defender, and much more.
Have Questions About Windows Server 2016?
If you need further advice on how to set up and utilize Windows Server 2016, you can talk to a software support specialist at Fuelled Networks, which is a proven leader in providing IT consulting as well as operating system and software management in Ottawa. Contact one of our helpful IT experts at (613) 828-1280 or send us an email at firstname.lastname@example.org today, and we can help you with any of your questions or needs.
Published On: 4th November 2016 by Ernie Sherman.