
Windows Server 2016: What’s New
In the coming months, Windows Server® will start rolling out to company datacenters. Microsoft® made a significant investment in WS 2016 to address company needs for cloud requirements. As a result, this iteration includes support for containers, tighter integration with Microsoft’s Azure® cloud service, more security for Hyper-V® virtual machines, and improvements to RDS. Let’s take a look at how the infrastructure of WS 2016 has been inspired by Azure and see what cloud technology has been implemented in Windows Server 2016 deployments.
The Move to a Software-Defined Datacenter
Virtualization administration has become increasingly complex, especially in multi-tenant environments. Windows Server 2016 has introduced the separation between fabric administration and service or application administration. Fabric administration is the responsibility of the physical layer of the system: storage, networking, and compute components. Application or service administration handles the installation and management of applications and services. The idea is to separate administrative privileges between the administrators that manage the hardware and those that handle the software. From the fabric administration point of view, WS 2016 also addresses the challenge of hardware component compatibility issues, migration to and from the cloud.
What’s New in Windows Server 2016?
The four major areas of innovation for Windows Server 2016 are:
- Security
- Azure-inspired infrastructure
- Hybrid application platform
- RDS
Security
Emerging security threats have put security at the top of IT professionals’ concerns. The Identity Theft Research Centre reported 781 high-profile industry attacks in 2015, which is the highest since they started operation 11 years ago. They also assume that 40% of attacks are not even reported. Windows Server 2016 has a long list of built-in security features and protection that we’ll review below.
Credential Security – Credential Guard, introduced with Windows® 10, uses virtualization-based technology that encapsulates credentials stored in the system within a VM. This creates a boundary between the VM hosting the credentials and malware or malicious software, preventing system breaches.
Administrator Security – More granular administrator privilege settings were introduced to ensure admins only have access relative to their role. In addition to the previously mentioned separation between fabric and application administrators, Windows Server 2016 can create administrator roles with time-based limitations to ensure long-term protection of the system.
OS Protection – Windows Server 2016 is equipped with Azure-grade OS protection. This adds protection to the OS no matter where it is deployed, whether in the private or public cloud. The system is now equipped to examine OS behavior for abnormalities. If abnormal behavior is detected, action is automatically taken to block malicious code. This is achieved with Control Flow Guard, Windows Defender improvements, and advanced code integrity policies.
Protection for VMs – Microsoft shielded VMs provide advanced VM protection. They have been introduced in Windows Server 2016 powered by Bitlocker and the new Host Guardian Service.
Bitlocker encrypts the disk and state of the VM, “shielding” it from malicious software or disgruntled admins.
On top of that, Host Guardian Service is a new component within Windows Server that allows an encrypted VM to scale like a normal VM on a normal fabric. Host Guardian Service allows Hyper-V hosts to get Bitlocker keys from a central location to create what Microsoft has coined a “protected fabric.”
Encrypted VMs can now move to hosts that are trusted by a Host Guardian forest while remaining encrypted.
Azure-Inspired Infrastructure
As the title of this section suggests, the years of knowledge from providing over 200 Microsoft services reliably in Azure are brought to the WS 2016 fabric. This provides admins with a cost-effective and flexible platform to completely virtualize the data center by using the same compute, storage, and network virtualization features that power Azure in the public cloud.
Virtualize Anything with Ease – Windows Server 2016 mitigates the downtime experienced with previous upgrades by adding dynamic memory and the ability to add and remove hard drives and disks, making it easy to upgrade to the WS 2016 fabric. In addition, the Linux community will be pleased to hear that Windows Server 2016 will support Linux technologies such as containers and docker engines.
Flexible Workload Placement – Azure also inspired workload management technology that further simplifies the administrator’s life, starting with the Network Controller that improves network management through centralized control of network policies. These policies apply to physical network components such as switches, routers, and load balancers as well as virtual components like virtual switches.
In addition, the Distributed Firewall feature relieves administrators from having to configure ports and firewalls while migrating VMs from host to host or datacenter to datacenter. The required ports for applications running in the VMs are automatically opened to provide connectivity across the infrastructure.
High-Performance Storage – Distributed Storage Spaces in Windows Server 2016 enable multi-commodity servers with no shared storage to be configured as a single storage pool. Think of it as a pseudo-RAID array that spans across physical servers. For example, whereas with RAID you might have six disks and parity on one disk, Storage Space Direct would provide storage across six servers and parity on one server. Standard servers can be used with local storage to build highly available and scalable software-defined storage.
Hybrid Application Platform
Windows Server 2016 embraces container technology. While not a new technology—Linux has been using it for 10 years—it is new to the Windows space. It further accelerates app deployment, streamlines development and testing, lowers app deployment costs, and increases server consolidation.
Nano Server Deployment Option – At its core, the Nano Server is a scaled-down version of Windows built specifically for the workload required. It’s a lightweight and portable version of Windows Server that is below server core grade and can be deployed in a couple of hundred MB with key roles and features (storage, IIS, DNS, Hyper-V, etc.). This provides admins with just enough OS, optimized for the next level of containerized applications. Developers now have a three-tier choice when developing applications: full applications that can run on RDS, traditional VMs, and containers.
Windows Server and Hyper-V Containers – Containers provide a boundary within a system, which is less overhead than a VM. They provide a read-only view of the OS where the application can be run. This allows for multiple isolated applications to run on the same host with minimal overhead. While Hyper-V containers use a hypervisor to create that additional layer of isolation, Windows Server containers are specifically for isolated applications. This technology enables agile application development and deployment within the Windows ecosystem.
Windows Server 2016 and RDS
While Microsoft introduced a number of improvements in the new Remote Desktop Services 2016, the main three areas of improvement are graphics, scalability, and interoperability with Microsoft’s cloud service offering, Azure.
Graphics Improvements: The new version of RemoteFX® used in Hyper-V VMs supports up to OpenGL 4.4, the cross-platform language and application programming interface for rendering 2D and 3D graphics. With OpenGL and Direct Device Assignment (DDA) technology, every VM in a Hyper-V environment has its own GPU driver, making it possible to simultaneously run several sessions that use graphic-accelerated applications from the same server.
Scalability: The highlight of the scalability features in RDS 2016 is that the High Availability Connection Broker no longer requires its own SQL server cluster. It can either use an existing non-dedicated SQL Server or an Azure SQL database, making RDS easier to implement. Microsoft also optimized the login process to better handle login storms, also known as 9 A.M. scenarios, which are the slowdowns that users experience when many users log in at the same time first thing in the morning.
Better Interoperability with Azure: The Microsoft RDS and Microsoft Azure teams worked together to optimize the interoperability between the solutions, making them almost a tightly coupled solution. For example, the High Availability Connection Broker can now use an Azure-hosted database. In addition, an RDS 2016 setup can use the Azure Active Directory Domain Services, so it does not require an actual domain controller machine. RDS 2016 also includes the Azure quick-start templates, allowing users to automate the RDS 2016 setup.
Is RDS 2016 Enough to Manage virtual applications and desktops?
While the new features in Windows Server 2016 provide RDS with better graphic performance, strong scalability, and cloud readiness, it cannot yet be considered a complete and independent solution. Using RDS alone to create and manage application and desktop delivery is a complex process and still requires several add-ons such as NLB, reporting tools, and a high availability solution. This complexity could discourage businesses from adopting an application delivery solution.
Improving RDS 2016 with Parallels Remote Application Server (RAS)
Parallels® Remote Application Server (RAS) enhances the RDS infrastructure to provide the functionality and flexibility that businesses need. A cost-effective system with zero-admin built-in enterprise features, it takes advantage of the RDP protocol improvements while being easy to set up, manage, and scale-up. Hundreds of businesses have already chosen Parallels RAS for its exceptional end-user experience, lower TCO, and its straightforward and easy-to-use console.
Parallels RAS brokers the connection between RDSH applications and desktops to client devices via a proprietary protocol and Microsoft Remote Desktop Protocol. This means that all the graphics and performance improvements of OpenGL available in WS 2016 are automatically implemented in Parallels RAS. The further improvement of the RDP protocol will reduce the differences with other protocols on the market such as HDX and PCoIP.
Parallels RAS improves and simplifies the usage of Microsoft RDS in four main areas:
- End-User Experience – Microsoft RDS 2016 cannot provide a seamless experience on every device. For instance, Chromebook™ is not supported, and usage on mobile devices is limited by the reduced screen size. In addition, the improved web access still does not provide all the features needed to be considered a valid alternative to the classic client access. Parallels RAS fills this gap, allowing organizations to provide users with a seamless experience across multiple platforms.
- IT Administrator Experience – While Windows Server 2016 made an effort to simplify the use of RDS, many of the limitations of WS 2012 have not been addressed. Printing is still a source of concern, configuring the RDS role requires different manual tasks, and NLB is not considered the best option to create a reliable and high availability environment. Parallels RAS replaces the Microsoft connection broker with a fully integrated connection broker capable of advanced reporting, automatic print driver redirection, and resource-based load balancing. Parallels RAS is an all-in-one solution, eliminating the need for third-party add-ons.
- Security – Windows Server 2016 has a strong security background, improving the protection of the fabrics, applications, and VMs on-premises and in the cloud. However, IT administrators still need to look for a third-party solution for the reinforced security necessary for the remote access of RDS. Parallels RAS has an extensive set of features to increase the level of security. In fact, many organizations concerned about data protection choose Parallels RAS for its ability to control end-user activity and its advanced filtering.
- Scalability and System Reliability – “Windows Server 2016” invested heavily in the integration with Azure to simplify scalability, system reliability, and cloud integration. Although RDS can now be fully deployed in Azure, gateway high availability and TS load balancing still require extra add-ons to reach a satisfactory level of performance. Parallels RAS offers zero-admin load balancing and high availability for gateways and TS without any extra cost. In addition, it is able to work with Azure and AWS™ to provide IT administrators with more options to build their on-premises and hybrid cloud.
Download a free trial of Parallels RAS today!
References
Microsoft’s Windows Server 2016 is now generally available – Tech Crunch
What’s New in Windows Server 2016 Technical Preview – https://technet.microsoft.com/en-us/windows-server-docs/get-started/what-s-new-in-windows-server-2016-technical-preview-5
What’s New in Windows Server 2016 – https://mva.microsoft.com/en-us/training-courses/what-s-new-in-windows-server-2016-preview-12592
What new features are in Windows Server 2016 – BizTech Magazine
Windows Server 2016: End Of One Era, Start Of Another – The Next platform