On December 6th, Peters & Associates joined forces with Nimble Storage to present the latest in Windows Server 2016 and Nimble Storage solutions – and how they are working together to help customers.
At the time of this writing, Windows Server 2016 has been generally available for about 2 months. We are finding that some features are resonating with customers more than others. In case you weren’t able to join us on December 6th, below is a recap of some of the most important additions to Windows Server.
In order to understand why Microsoft introduced certain features, it’s important to understand where they originated. When Microsoft began to design their latest server operating system, they sought the advice of the market. What were the greatest concerns for their customers? What keeps a CEO or CIO up at night? Leaning on the guidance of research studies that probed for these answers, Microsoft settled on two core areas that they would focus on for the next release of their server platform:
- Security threats
- Datacenter efficiency
In the interest of brevity, I’ll use the rest of this post to share some high-level information on how Microsoft is addressing each of those areas. Over the next few months, we’ll use this forum to explain some of these features in more depth. If you have an interest in exploring these features and their place in your environment, email us at firstname.lastname@example.org.
Microsoft’s emphasis on security in this release of Windows Server came of no surprise to anyone that has IT responsibilities or reads the headlines. Given that, I won’t use this space to dwell on the need for security. However, if you are interested in staying up to date on threats, you should check out our monthly cyber security webinar. Here’s a recap from November’s webinar and the registration link for January’s webinar.
So, we know that Microsoft needed to focus on security in this release but what does that mean? What opportunities did they see to improve organizational security? Microsoft determined that there were three areas that represented the greatest vulnerabilities to organizational security:
- Protecting identities
- Securing virtual machines
- Building layers of security
More specifically, Microsoft recognized the following things:
- Identity is the key to accessing data in an organization. There are aspects of that which cannot be fully controlled by IT (i.e. a user having their credentials stolen), but IT needs to have the tools to help prevent that and minimize impact if that situation occurs.
- While virtualization has taken great strides in the past decade, many organizations have failed to recognize that virtual machines have different requirements for security than a physical machine. IT needs tools that specifically address the unique security needs of a virtual machine.
- Datacenters have multiple layers – if any of those layers are not secured, then none of your layers are secured.
Windows Server 2016 provides a number of new features to directly address the concerns above. As mentioned earlier, I won’t be going into the specifics in this post, but I’ll provide a high-level explanation of the new security features:
- Credential Guard – Uses virtualization technology to secure stored credentials.
- Remote Credential Guard – Based on the above, this eliminates the requirement to pass credentials to an RDP host.
- Just Enough and Just-in-Time Administration – New granularity in provisioning administrator rights to reduce the footprint of sensitive accounts.
- Shielded Virtual Machines – Leverages BitLocker to encrypt the disk and state of virtual machines.
- Host Guardian Service – Certifies host health prior to migrating or booting a shielded virtual machine.
- Device Guard – Prevents malware by only ensuring that permitted binaries can be executed from the moment the operating system is booted.
- Control Flow Guard – Protects against unknown vulnerabilities by helping to prevent memory corruption attacks.
Many organizations take advantage of public cloud technology like Microsoft Azure and Office 365, however there are still some workloads better suited for an on-premises datacenter. While building Windows Server 2016, Microsoft asked themselves – “how can we incorporate the advantages of the public cloud into our server platform?”
Microsoft decided to focus on three core tenants of the modern datacenter:
- Resilient computing
- Software-defined storage
- Azure-inspired networking
So what do those terms mean to Microsoft?
- Down time is lost money for an organization and intensifies the pressure on increasingly-lean IT teams. Organizations need their server operating system and virtualization platform to offer flexibility and resiliency.
- Storage space remains a major constraint in on-premises datacenters. While the cost per TB is falling, organizations are still overwhelmed with quickly expanding data needs that are difficult to match with hardware upgrades.
- Just as hardware is being pressed by storage growth, organizations are finding that the management of physical networking infrastructure is impacting their ability to make changes swiftly.
In order to address these needs, Microsoft introduced long list of features. Again, I won’t be diving into the specifics of these technologies or comparing them to alternatives, but I will describe the new features at a high-level. If you have an interest in the improvements to Hyper-V 2016, check out this blog post.
- Cluster OS Rolling Upgrade – Upgrade your fabric to Windows Server 2016 without any downtime for your Hyper-Virtual Machines.
- Mixed OS Cluster Mode – Ability for Windows Server 2012 R2 cluster nodes to operate with Windows Server 2016 nodes.
- VM Resiliency – Helps to preserve VM session state in the event of transient storage or network disruptions.
- Fault Domain-Aware Clusters – Enhances failover behavior, placement policies, heartbeating between nodes, and quorum behavior.
- Storage Replica – Enables storage-agnostic replication to provide an affordable business continuity and disaster recovery.
- Storage Quality of Service – Prevents “noisy neighbors” from impacting high-priority workloads.
- Storage Spaces Direct – Leverages local storage to build highly available and scalable software-defined storage.
- VXLAN-Based Virtual Networking – Provides deployment flexibility and mobility of tiers of your virtual networks between Azure or other providers.
- Network Security Groups – Allows for further granularity and protection of different applications based on needs without the time it takes to make changes to the physical network.
This is just a small set of the new features available with Windows Server 2016 and, we believe, representative of the most impactful changes that customers need to seriously evaluate.
Do you have more questions about Windows Server 2016? How can the latest features fit into your organizational security strategy? What does a cloud-integrated datacenter look like with Windows Server 2016? Email email@example.com to drill down into these questions with one of our Technology Infrastructure specialists. We can answer these questions and more.