In the Windows Server Technical Preview 2, Microsoft provides a new installation option named Nano Server. Microsoft’s motivation in the development of Nano Server is twofold. First, Microsoft wants to satisfy long-standing customer requests for a real headless server installation option with reduced image footprint that minimizes required system updates and maximizes server uptime. Secondly, and of equal importance, Microsoft needs Nano Server to help drive its Azure cloud strategy and reduce operational cost and complexity.
Nano Server reduces the image footprint through the elimination of roles and features binaries from the core operating system (OS) files. The binaries for roles and features such as Hyper-V and Clustering are replaced by standalone packages that install like applications. There is no path to move from a Nano Server installation option to a Server Core option or full GUI option. If you decide that you need local access after installing Nano Server, you have to fully reinstall the system.
Microsoft has advertised that a base Nano Server installation requires only 400 MB, which gives it a footprint that is about 20 times smaller than a full server installation. Importantly, Nano Server retains full Windows Server driver support, so no need for vendors to develop new drivers.
All management of a Nano Server installed system is performed remotely through WMI and a new PowerShell instantiation that Microsoft is currently calling Core PowerShell. This new instantiation is needed because the full PowerShell depends on .Net which is not included in Nano Server. In the Windows Server Technical Preview 2 release, only about 628 PowerShell cmdlets are supported, but Microsoft is expanding cmdlet support as it progresses toward the general availability release.
Nano Server installation is supported for both the host OS of physical systems and for the guest OS of virtual machines. It is also supported in both Windows Server and Hyper-V Containers. Windows Server Containers are a new feature in Windows Server Technical Preview 2 that provide isolated environments within a Windows Server instance where applications run without impacting the system or other Windows Server Containers. Hyper-V Containers extend the isolation into the virtualization environment to ensure that instances of a guest OS remain isolated and do not affect the host OS or other Hyper-V Containers on the system.
Building Trust through Security
Microsoft customers that consider moving to Azure Virtual Machines cite the issue of trust and security as the number one issue that blocks their migration to the public cloud. This makes sense since all of us want to ensure that our data is secure, regardless of the host environment. When you have control of the physical systems on-premise and thoroughly understand the plan that is in place to safeguard your physical and data assets, there is less fear migrating application and data from physical servers to virtual machines in your private cloud. This becomes a much bigger leap when migrating from on-premise to a public cloud like Azure which has hundreds of customer virtual machines, websites, and applications running on a common set of servers, and who expect their data to be completely secure and isolated from all other customers.
One of the new features that Hyper-V supports in Windows Server Technical Preview 2 is a Trusted Platform Module (TPM) for virtual machines. Including a TPM in a virtual machine allows you to use BitLocker to encrypt your data even when it is running in a public cloud environment.
In Windows Server Technical Preview 2, Hyper-V also supports Shielded Virtual Machines which are encrypted and protected against access by system administrators in private or public cloud environments. Support for Shielded Virtual Machines depends on a new Host Guardian Service role. The Host Guardian Service role provides verification that a host is part of a hardened fabric and it also manages key distribution services for virtual machine encryption. In combination with System Center, there are several interesting scenarios to consider:
- You can create new or use existing VMs and convert running virtual machines to Shielded Virtual Machines
- You can export virtual machines for migration to a private or public cloud and grant guardianship to external administrators while maintaining highly secure virtual machines with data encryption
- You can create new VMs from a VMM template and ensure that base images used for template creation are trusted and were not maliciously altered
- External administrators can Live Migrate Shielded Virtual Machines between guarded hosts in the same manner prior to deploying the hardened fabric
- External administrators can backup, checkpoint and restore Shielded Virtual Machines in the same manner prior to deploying the hardened fabric
Another new security feature is Secure Boot for Linux virtual machines. One of the biggest security risks is that a malicious user gains access to a physical or virtual machine and exploits it through a root kit attack, effectively owning the system and any hosted applications and data. With Secure Boot for Linux, the kernel code is verified to ensure its integrity and that it is free of maliciously injected components.
Ensuring Performance through Resource Management
In the Windows Server Technical Preview 2 release, virtual machine storage perfomance can be fine-tuned through Storage Quality of Service (QoS) improvements. Specifically, Storage QoS now allows you to set Input/Output Operations per Second (IOPS) policy for a group of virtual machines that use the same Scale-Out File Server or CSV for storage. You can set both minimum and maximum IOPS in a Storage QoS policy. In this manner, no single virtual machine can use up all the storage resources and adversely affect the performance of the other virtual machines that share the storage. When Hyper-V spins up virtual machines, their performance is monitored and storage resource consumption regulated based on defined Storage QoS policies. When changes to Storage QoS policies or performance requirements for virtual machines occur, Hyper-V hosts are notified to ensure that all affected virtual machines are adhering to the refined policies.
Virtual Machine Resiliency
Virtual Machine Storage Resiliency and Virtual Machine Cluster Resiliency features are meant to keep virtual machines from crashing during unplanned storage and cluster outages. During a storage fabric outage, Virtual Machine Storage Resiliency ensures that virtual machines are suspended until the storage fabric is back online. This feature is similar to the Resilient File Handles feature that is available in Windows Server 2012. However, Virtual Machine Storage Resiliency is more robust in the sense that it can handle longer outage periods, while Resilient File Handles address shorter outage periods (around 30 seconds).
The objective of Virtual Machine Cluster Resiliency is to avoid the offloading of virtual machines across cluster nodes in the case that one node is temporarily disassociated from its cluster (e.g., transient network issues). Instead the virtual machines running on the isolated node continue their execution and are assigned an “unmonitored” status. If the issue resolves itself and a node rejoins its cluster within four minutes, the virtual machines return to a running status and execution continues. If a node becomes unreliable (e.g., several instances of losing communication to the cluster), then if and when it rejoins the cluster, the virtual machines are live-migrated to other cluster nodes, and the failed node is put in a quarantine mode.
Shared VHDX Improvements
Windows Server 2012 R2 introduced the ability to use a shared VHDX between multiple virtual machines to support deployment of less complex storage configurations for guest failover clusters. A weak link of this feature was that you could not perform a host-based scenario, instead you had to deploy an agent in the VM to back up the shared VHDX.
In the Windows Server Technical Preview 2, you can now perform a host-based backup of a shared VHDX. You can also perform an online resize of a shared VHDX. In the GUI, you will see that a shared VHDX is called a Shared Drive. In order to support the new shared VHDX functionality, Microsoft created a new VHD format named VHDS. You can continue to use existing shared VHDX format drives if you desire, but you will not be able to leverage the new features such as the online resize if you make this decision. Microsoft provides a quick process to convert a shared VHDX to a shared VHDS drive.
Virtual Machine Configuration
Windows Server Technical Preview 2 also includes several new features to eliminate impacts to virtual machine availability (meaning no reboot required) when changing virtual machine settings. The following features are included:
- Ability to resize memory for running virtual machines not configured with dynamic memory
- Ability to view memory usage for running virtual machines not configured with dynamic memory
- Ability to change the replication status of new virtual disks without affecting the Hyper-V replica configuration of existing virtual disks
- Ability to hot add/remove network adapters
- Ability to perform a Hyper-V cluster rolling upgrade from Windows Server 2012 with the ability to roll-back safely at any time
- Ability to view the virtual machine version in the GUI (Version 5 for Windows Server 2012, Version 6.2 for Windows Server Technical Preview 2)
- Ability to use Windows Update to update virtual machine integration services
There is also the ability to manually upgrade virtual machines separately from the Hyper-V host upgrade, but this requires shutting down the virtual machine.
Windows Server Technical Preview 2 contains a slew of new features with major advancements in security, resource management, virtual machine resiliency, VHD format, virtual machine dynamic configuration, and virtual machine availability. And there are even more new features than are possible to cover in this brief review. If this article has wetted your appetite, go to the Microsoft website, download and install the Windows Server Technical Preview 2 or the Microsoft Hyper-V Technical Preview 2, and test out all these great new features! Then make sure that you provide feedback to Microsoft if you encounter any issues or have suggestions for improvement!