Sneak Preview: Meet the Network Controller


The Windows 10 technical and customer previews received a lot of attention in the IT press. Microsoft has also released a technical preview of the next generation of Windows Server – currently unnamed but referred to by some as Windows 10 Server and by others as Windows Server vNext – and IT pros have had a little time to play with it and discover what’s new.

Most of the differences between Server vNext and Server 2012 R2 lie in the many improvements and enhancements to existing features and services such as ADFS, Hyper-V, Remote Desktop Services and Storage Services. There are, however, a few features that are completely new, and in the networking arena the one that most IT professionals will probably find most interesting is the Network Controller.

What is the Network Controller?

It might sound on first hearing like another term for the NIC, but the Network Controller is actually a new server role that will be available in the next version of Windows Server. You install it like any other server role, through the Add Roles and Features wizard in Server Manager. The purpose of the Network Controller is to give you a way to automate the management, configuration, monitoring and troubleshooting of your network infrastructure – both physical and virtual.

Under the hood, it uses two APIs, one that you use to interact with the Network Controller and another that it uses to communicate with the network. Microsoft calls these the Northbound and Southbound APIs. The Northbound API is the one that enables you to communicate with the Network Controller and use it for monitoring and configuring the network and deploy new devices. At the practical level, you can do that in several different ways. If you prefer the command line, you can use PowerShell, which is quickly becoming Microsoft’s interface of choice for Windows Server tasks, or you can use the REST API (Representational State Transfer). If you prefer a graphical interface, you can use System Center Virtual Machine Manager (VMM) or another management application.

What, exactly, can you control with the Network controller? Basically, these are network infrastructure elements, including your physical switches and routers and the network adapters that are installed in your host computers, your Hyper-V virtual machines and virtual switches, VPN gateways, firewall software and load balancers. You can configure IP subnets and VLANs and design rules to redirect traffic to VMs that are set up as virtual appliances. You can also use Network Controller features to conduct discovery of network elements and monitor your physical and virtual network using SNMP and keep an eye on the health of your network devices and underlying networks.

You can install the Network Controller server role on physical servers or on servers running in Hyper-V host VMs. Microsoft recommends a cluster of three Network Controller servers for high availability in large data center environments.

Managing the physical network

Given Microsoft’s focus on Azure and cloud computing, it isn’t surprising to see that Azure terminology has begun to leak over into Windows Server. The two products are, after all, intertwined in many ways. Azure is the platform on which Windows Server runs in Microsoft’s Infrastructure as a Service (IaaS) vision, although you can provision Linux virtual machines on it, too (or instead). Gartner rated Azure as an industry leader both as IaaS and PaaS (Platform as a Service).

Some of those IT pros who haven’t yet made the transition “to the cloud” might not be sure what it means when they see the phrase “network fabric.” But don’t worry; it’s really not something new and mysterious. Microsoft uses it, in the context of the Network Controller, to refer to the physical network, the topology over which the network components communicate with one another.

In the broader networking world, “fabric” may be used in other ways by other vendors or IT writers. The fabric is often taken to refer to a more flattened architecture (in contrast to the more traditional point-to-point design of networks in the past). For more on the definition of “network fabric,” see this article titled “Tracking the Elusive Definition of Network Fabric” by Arthur Cole over on the EnterpriseNetworkingPlanet web site.

Within Microsoft, the fabric consists of more than just the network fabric. The Windows fabric is the layer that supports the microservices into which Azure apps can be decomposed.

In Azure, the fabric controller is the part of the Azure platform that is used for managing and monitoring both the physical and virtual servers.

Given our simpler definition above, then, fabric management refers to such tasks as:

  • Configuring IP subnets
  • Setting up and managing virtual local area networks (VLANs)
  • Managing layer 2 and 3 switches
  • Managing network interface adapters

The Network Controller gives you a centralized tool for planning, designing, deploying and monitoring the elements of the fabric.

Managing the virtual network

Today’s networks are, in most cases, not made up merely of a lot of physical servers that the client devices access. In fact, in some small business networks there might be two or three powerful physical servers, but that doesn’t mean you don’t have separate domain controllers, email servers, web servers, DNS servers, file servers, database servers and all the other types of servers that are needed to support a company’s users.

In a Windows-based network, virtualization means Hyper-V, and Microsoft has made a whole slew of improvements to the Hyper-V role in Windows Server vNext as well as client Hyper-V on Windows 10. These include rolling Hyper-V cluster upgrade, storage quality of service, production checkpoints, Linux secure boot, a new VM configuration file format and improvements to Hyper-V Manager, among others.

With the Network Controller in Windows Server vNext, you will be able to deploy, configure and manage your virtual network. That includes not just the VMs but the Hyper-V Virtual Switch and the virtual network adapters on your VMs that emulate those physical devices.

You can also deploy, configure and manage VMs that are part of a Windows Server Gateway cluster. A Windows Server Gateway is a software router and gateway that runs in a VM and can be used by enterprises and cloud services providers for routing between physical networks and virtual networks that are created via Hyper-V virtualization. Windows Server Gateway is integrated with Hyper-V and is multi-tenant aware, so that it can route data to and from each tenant in a multi-tenant environment without compromising the isolation necessary for maintaining security in such an environment. You can create Windows Server Gateway clusters with failover, with two physical servers running Hyper-V and each with a VM configured to be a Windows Server Gateway.

The Windows Server Gateway is also called the Routing and Remote Access Service (RRAS) Multi-tenant Gateway.

The features of the Windows Server Gateway that you can manage with the Network Controller include adding and removing gateway VMs from a cluster, site-to-site VPN gateway connectivity using IPsec or GRE, point-to-site VPN connectivity, layer 3 forwarding and Border Gateway Protocol (BGP) routing. The Network Controller can also be used to perform load balancing of site-to-site and point-to-site VPN connections between gateway virtual machines.

Many software vendors offer virtual appliances that are installed in virtual machines. A virtual appliance is a type of software appliance; basically it’s just a VM image that’s preconfigured so that you can run it on a hypervisor without going through the whole process of installing the OS, installing the application or utility software, etc. Virtual appliances are often VMs that function as dedicated firewalls, antivirus and antimalware appliances, and other security-related functions.

The Network Controller in Windows Server vNext includes a feature that’s called Service Chaining Management. Although it might not be obvious from the name, the purpose of this feature is to enable you to design rules for redirecting network traffic to these types of VMs that are configured to be virtual appliances.

Monitoring the virtual and physical networks

Another important function of the Network Controller is to monitor both the physical and virtual networks. In addition to detecting active network data such as network loss and latency , the monitoring service can also monitor element data using SNMP polling and traps and public management information bases (MIBs). Some of the data points that can be monitored in this way include link state, system restarts, and BGP peer status. You can monitor individual devices or device groups (combinations of physical devices such as racks or subnets).

Impact analysis is another feature of the monitoring service in the Network Controller, which uses topology data and reports on the health of the virtual networks that are affected by problems in the underlying physical networks. This service is integrated with System Center and generates reports in an aggregated format.


The Network Controller is a brand new feature in the upcoming version of Windows Server. Although at this time we don’t know what its name will be or when it will be released for general availability, the technical preview that Microsoft released late in 2014 gives us a taste of what we can expect, and some of the network functionalities that we can look forward to.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top