Windows Server 2016 Delivers Key Hyper-V Improvements
Windows Server 2016 will include improvements to the Hyper-V role that runs virtual machines (VMs). Improvements should enable organizations to deploy and maintain VMs faster and more easily than with Windows Server 2012 R2, and they should provide more comprehensive high availability and security to guest OSs. The updated Hyper-V requires upgrading to Windows Server 2016 (and Datacenter edition for some features), which may have licensing repercussions.
Improvements to High Availability and Disaster Recovery
Several new features included in Windows Server 2016 are intended to help deliver high availability and disaster recovery solutions based on the Hyper-V role. These include Storage Replica, storage resiliency and compute resiliency, and Storage Quality of Service (QoS).
Storage Replica is a new feature in the Datacenter edition of Windows Server 2016 that allows for disaster recovery between servers or clusters with potentially no data loss; however, Storage Replica is not suitable for all scenarios, and it is not a replacement for application-specific replication technologies. Storage Replica delivers synchronous or asynchronous replication from one active source volume to another single passive replica volume. The replica can be in the same physical server, another independent server, a peer server in a cluster, or a remote server in a stretch cluster. (In a stretch cluster, failover occurs from a cluster server at one site to a cluster server at a remote site. Stretch clusters must use synchronous replication to enforce integrity.)
Storage resiliency and compute resiliency are two features offered by Windows Server 2016 that provide rapid recovery of VMs in the event of a hardware failure. Storage resiliency pauses a running VM for up to 60 seconds if the storage it is running from becomes temporarily unavailable, and it resumes the VM as soon as the storage returns. Hyper-V compute resiliency allows a VM to continue to run for up to four hours if the host of the VM falls out of the failover cluster hosting VMs. If the host fails to rejoin or repeatedly falls out of the cluster, the VM can be migrated to another host in the cluster automatically.
Storage QoS allows an organization to ensure that one group of VMs does not starve other VMs on the same host of bandwidth available to storage devices to the point that VM performance or availability is harmed. The 2016 release of System Center Virtual Machine Manager (VMM) will offer management of Storage QoS for Hyper-V VMs.
Improvements to Hyper-V Manageability
Beginning with Windows Server 2016, Microsoft will provide updated drivers for virtual hardware through Windows Update, rather than bundling them within Hyper-V Integration Services, the software that is installed in guest OSs to enable interaction with the hypervisor. This should ensure the latest drivers are automatically installed in VMs when they receive Windows updates, without a need to update the Integration Services software. VMs without connectivity to Windows Update will be able to be updated through PowerShell.
When connecting from a physical server running Windows Server 2016 or a PC running Windows 10 to a VM running Windows Server 2016 or Windows 10, administrators can connect to PowerShell running on the VMs without configuring any shared networking between the physical server and guest OS. This functions solely from the physical server to guests running directly on that server. This functionality, called PowerShell Direct, will likely prove most useful for small deployments of Hyper-V that are managed individually rather than through automated deployment and management tools. Administrators also may find the features useful when initially deploying the OS, migrating it, or debugging problems locally.
Windows Server 2016 will include a new installation mode called Nano Server that is designed to minimize the on-disk footprint and RAM requirements of the OS. Nano Server will minimize deployment time, reduce the downtime needed for servicing and reboots, limit targets for outside attackers, and improve performance. Initially, Nano Server will support a limited range of use cases, but it should prove ideal for hosting Hyper-V VMs. Nano Server provides no local user interface, and all ad-hoc management of Nano Server is performed remotely, using Windows Remote Management (which will offer a limited form of PowerShell remoting), Microsoft's Emergency Management Services, or Common Information Model sessions. Windows Server 2016's Server Manager is also expected to support remote deployment and management of roles that can be installed on Nano Server.
Windows Server 2016 will provide recursive Hyper-V, where a VM can host other VMs within it. This feature may be particularly useful for deploying and managing a group of VMs for training or demonstration purposes.
Docker Containers Supported
Microsoft will support Docker containers in Windows Server 2016 beginning with the third preview of the OS in summer of 2015. Docker is similar to Microsoft's App-V application virtualization engine in that it allows applications to be quickly installed or upgraded without traditional installers or scripts, and with little or no impact to other existing applications. But Docker is primarily geared toward server applications, while App-V is most commonly used for Windows desktop applications.
Docker containers deliver isolation and other benefits like those of hardware virtualization technology, such as Microsoft's Hyper-V. However, all Docker containers on a given OS environment (OSE) run in a user space on that one OS instance, which requires less hardware and simplifies management overhead, since only the single OS instance needs to be deployed and maintained. Microsoft's Docker implementation will be based on the Server Core and Nano Server installation modes of the OS.
Docker containers will require physical or virtual OSEs based upon an image of Windows Server 2016. Microsoft will also provide Hyper-V Containers, which are Docker containers that use a standardized Windows server image provided automatically by Hyper-V. The creation and destruction of this underlying VM will be managed automatically by Hyper-V but share the same container format. Technical information and licensing details on Microsoft's container implementation are sparse, but they will likely improve after the arrival of the third preview of the OS in the second half of 2015.
Improvements to Hyper-V in Windows Server 2016 begin with the upgrade process that now allows modifications while the VM is online. Currently, when migrating the host OS from Windows Server 2012 R2, Hyper-V can perform a rolling upgrade of Windows Server failover cluster servers to Windows Server 2016 without requiring downtime. The upgrade process is also reversible until such point that all servers in the cluster have been upgraded to the newer version of the OS, and the cluster has internally been upgraded to the Windows Server 2016 failover clustering functional level.
Hyper-V now allows virtual network adapters (NICs) and RAM to be added or removed while a VM is running. VHDS files (renamed from VHDX files) shared between two clustered VMs can be resized online. These features allow VMs to be modified while online, eliminating some events that previously required a maintenance window and reboot for modification.
In terms of virtual hard disk creation and management, VHDS files on the Hyper-V host can now be backed up while VMs are online, and storing VHDX files on ReFS will offer significantly faster creation and resizing of these files than was previously possible on earlier versions of Windows Server, regardless of file system.
Improvements to Hyper-V Security
Microsoft has enhanced Hyper-V in terms of security with Windows Server 2016 in the following ways:
- Shielded VMs will provide delegated administration. A Hyper-V administrator can start and stop a shielded VM, but cannot change the configuration, view or control it, or otherwise manipulate the contents of the VM. The Host Guardian Service provides the layer of protection and ensures that only authorized administrators connect to the VM and operate or modify it.
- Host Resource Protection is a new technology included in Hyper-V that tracks VMs in order to identify unusual access attempts or unusual resource utilization, to ensure the VMs remain available and secure.
- A Virtual Trusted Platform Module (TPM) is now available for use with Hyper-V VMs and enables the protection of VM volumes with BitLocker full-volume encryption (FVE).
- Linux Secure Boot is also available for VMs in Hyper-V, which can help ensure the boot-time security/integrity of Linux VMs running on Windows Server 2016.
Availability and Resources
Most of these features will require Windows Server 2016, which will probably become available for production use in the first half of 2016. Microsoft has not yet stated which features client Hyper-V (available on x64 Windows 10) will or will not receive, and other than Storage Replica, if any new features will require Datacenter edition. Also not yet known are which features will be included in the free Hyper-V Server download that includes no licensing rights to the Windows Server or Windows client OSs.
What's new in Hyper-V in Technical Preview is described at https://technet.microsoft.com/library/dn765471.aspx.
Microsoft's plans for supporting Docker containers are described at azure.microsoft.com/blog/2015/04/08/microsoft-unveils-new-container-technologies-for-the-next-generation-cloud/.
Windows Server previews are available in the Azure portal and from https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview.
The use of SMB shared storage with Hyper-V is described at https://technet.microsoft.com/library/jj134187.aspx.