Previous articles -> Microsoft believes in containers, too - Windows Server 2016 TP4 is now available

After a development period that started in 2014, last October finally the definitive version of Windows Server 2016 came out.

Windows Server 2016, available in the EssentialStandard and Datacenter editions, offers a lot of news with this release, mostly oriented in terms of security and scalability related to new software-defined architectures. The main difference with the past is the new licensing model: Microsoft now adopts a core-based (hyper-threading excluded) management instead of the previous socket-based approach. New licences will be calculated according to the number of cores of the server the OS will be installed on, instead of being calculated on the basis of the physical processors available. This decision comes, apart from arguments about marketing and profit margins linked with scalable infrastructures, from the will of the Redmond colossus of aligning to the new requirements of the Cloud world (and to those will sell Cloud infrastructures), where the boundaries between physical and hardware resources has become very subtle. A licensing model that considers cores and not processors is, for instance, very useful when quoting hosting plans, as the computational power unit is the single core indeed, and not the whole processor.

In general the use of Windows Server 2016 will require to licence all physical cores of the server with the minimum activation of 8 licences per-core (each covering two cores) for each processor, also in the case of quad-core processors, and with at least 16 per-core licences for each physical server (with dual-socket servers). Furthermore, licences will be sold in non-fractionable packets with two cores each.

server16 licensing

To keep a continuity of prices with the past, each 2-cores packet costs ⅛ of the respective licence for Server 2012 R2, which was valid for two physical processors and up to eight cores. Doing a little math we can verify that the required minimum activation of 8 licences (total of 16 cores) on Server 2016 costs as much as a Server 2012 R2 licence applied to 2 quad-core physical processors. What probably won’t be received positively in SMB contexts, where often Windows Server is still used with a native installation on single-socket servers, is the oblige to activate a number of licences higher that the needed. With reference to Microsoft’s website, prices (16 cores, basic minimum activation) for Windows Server 2016 are $882 for the Standard version and $6155 for the Datacenter version. The Essential version maintains the processor-based licensing model, doesn’t require any additional CAL (Client Access License) and is about $500.

Another striking difference with the past is the exclusion of a series of advanced features on the Standard version, which are only available with the Datacenter edition: this is a new approach with regards to the past editions of Microsoft’s server system. Specifically, the lacking features are about storage management (Storage Spaces Direct and Storage Replica), virtual machines security and protection (Shielded VM and Host Device Guardian) and the new networking stack. Nano Server is available with both licences, and the number of VMs or Containers that can be managed by Hyper-V in the Standard edition is 2; it’s unlimited with the Datacenter version.

First impressions

We have chose the Datacenter version in order to test the new features cited before: the installation routine and interface are just the previous ones: you can choose (if using the ISO image provided by Microsoft) whether to install the Standard, Standard with Desktop Experience, Datacenter or Datacenter with Desktop Experience version. Minimum requirements are low: referencing the TechNet, a 1.4GHz processor, 2GB of RAM for the GUI version and at least 32GB of hard disk space. The installation can be done with Nano mode, which is a lighter and stripped version of the complete OS suitable for specific uses.
The trusty Server Manager welcomes us; this is the dashboard here we can check the state of the server, see any notifications and install, remove and use features of the operating system (Roles and Features).

server2016 host guardian

The two most important news about security in virtualization are Shielded VMs and Host Guardian Service (HGS): they are two new service that work together to guarantee virtual machines security. The weak, and native for all existing hypervisors, point is the ease of VM management (copy, modify, delete, etc..) that is directly linked with the ease of acting maliciously upon them. Shielded virtual machines use a total encryption with BitLocker both on a disk and vm state level, so that only the VM administrator (or the infrastructure admin) can access them. As an additional security layer, the HGS service can be used to guarantee the execution of a certain VM only on specific and authorized Hyper-V hosts. The fundamental requirement is the presence of a TPM (Trusted Platform Module) chip on the physical host which manages all ciphering processes. Once the trusted host is declared as such, the Key Protection service provides keys required to unblock and execute Shielded VMs; in order to protect data and their state, VMs use a virtual TPM (vTPM) required by BitLocker to cipher disks.

The implementation of such structure requires a first setup of HGS, which is installed as role with Server Manager but requires a specific configuration that can be done only with Powershell. Similarly, the creation of protected VMs requires a catalog of signed and encrypted virtual disks associated to PDK key-files (to be assigned when creating the virtual machine). Naturally Server 2016 can manage Containers natively.

server2016 containers

Other functional new features about virtualization are hot add and remove of network cards (on gen 2 VMs), protected boot of Linux systems, a raise of RAM and processors limits on VMs and nested virtualization (ie a VM into a VM). Moreover, production checkpoints are introduced in this version, which are images of a VM in a certain instant, but, unlike being based on the instantaneous state, they leverage the VSS technology commonly used for the backup of virtual machines.

Storage management has news too with the introduction of Spaces Direct, a technology (which is the evolution of Storage Spaces on Server 2012) that realizes software-defined storages using the on-board storage of server, so without having to bring up ad-hoc solutions. Spaces Direct can be implemented in Converged and Hyper-Converged modes, which difference in the abstraction layer between VMs and disk. The former has a Scale-Out File server, the latter hasn’t got it as it directly places VMs on the Storage Spaces Direct layer. 
Storage Replica instead deals with the replication and synchronization of volumes distributed on different hosts and clusters and intervenes in disaster recovery situations. Thise service supports two operating modes: synchronous replica and asynchronous replica, which mainly differs in terms of required bandwidth.

Continuing with this software-defined perspective, Windows Server 2016 introduces the new Software Defined Network Stack that allows an hybrid and dynamic management of virtual network with a distributed firewall, network security groups (with related policies) and Quality of Service (QoS) management. The new System Center Virtual Machine Manager feature allows to implement and maintain complete network infrastructure, and the integration with Docker allows a native management of the containers networking.

In the next issue we will tell everything you need to know in order to take full advantage of Windows Server 2016 and its features!

About the Author

Lorenzo Bedin

Lorenzo graduated in Telecommunication Engineering and works as freelance IT consultant, after a period of training as systems analyst. Currently he provides hardware solutions, virtualized infrastructures and websites.