Professional Documents
Culture Documents
love Windows
Server
2016
Speaker name
2. Security
3. Compute
4. Network
5. Storage
6. Remote Desktop Services (RDS)
7. Nano Server
8. Containers
9. PowerShell
10. Server Management Tools (SMT)
SDDC
Active Directory
2. Shielded VMs
3. Compute
4. Network
5. Storage
6. Remote Desktop Services (RDS)
APPLICATION PLATFORM
7. Nano Server
MANAGEMENT
8. Containers
9. PowerShell
10. Server Management Tools (SMT)
Security
Secure your
infrastructure
and applications
Secure privilege access with
Just In Time and Just enough
administration
Protect identity with Credential
Guard.
Breach resistance technologies
for preventing common attacks
and locking down what can run
on servers (whitelist)
Improved threat detection with
built in eventing
Shielded VMs
Run your virtual machines on
trusted hosts
Protect virtual machines from
compromised fabrics
Use TPM hardware to secure
hardware and virtual TPM to
encrypt VMs
Storage
Network
RDS
Application platform
Windows Server
containers
Bring the agility and density
of containers to the
Windows ecosystem
Secure containers and
flexible servicing with
Hyper-V containers
Manage with Docker
Nano server
Just Enough OS
Ideal for cloud inspired
infrastructure
Smaller image size,
smaller attack surface,
less reboots, fewer
patches
Ideal for next generation
app development
Built for Containers and
cloud-native apps
Management
PowerShell
PowerShell Desired State
Configuration
PowerShell Direct
Server Management
Tool (SMT)
Rich Web GUI
Manage all server
installations (Nano, Core,
Full)
Servers can be on-premises
or in the cloud
2. Shielded VMs
3. Compute
4. Network
5. Storage
6. Remote Desktop Services (RDS)
7. Nano Server
8. Containers
9. PowerShell
10. Server Management Tools (SMT)
Privileged
Identity
BEN
MARY
JAKE
ADMIN
Typical administrator
Capability
Social engineering
leads to credential
theft
Time
DOMAIN
ADMIN
BEN
MARY
JAKE
ADMIN
Just in Time
Capability
Just Enough
JEA + JIT =
DOMAIN
ADMIN
2-4 weeks
1-3 months
6+ months
Active
Directory
Azure Active
Directory
2-4 weeks
1-3 months
6+ months
Build visibility and control of administrator activity, increase protection against typical follow-up attacks
6. Attack Detection
http://aka.ms/ata
98725
21
Azure Active
Directory
2-4 weeks
1-3 months
6+ months
Active
Directory
Azure Active
Directory
2. Smartcard or Passport
Authentication for all admins
http://aka.ms/Passport
Protect
infrastructure
and applications
Windows Defender
Actively protects from known
malware without impacting
workloads
Code Integrity
Ensure that only permitted
binaries can be executed from the
moment the OS is booted
Shielded VMs
Host OS
Customer
Guest VM
Customer
Guest VM
Healthy
host?
Storage
Hypervisor
Hypervisor
Fabric
Fabric
BUILDING PERIMETER
COMPUTER ROOM
Generation 2 VMs
Supports virtualized equivalents of
hardware security technologies (e.g.,
TPMs) enabling BitLocker encryption for
Shielded VMs
Physical machine
Server
Administrator
Storage
administrator
Network
administrator
Backup
operator
Virtualization-host
administrator
Virtual machine
administrator
HYPER-V
HYPER-V
Virtual machine
Shielded
virtual machine
*Configuration dependent
Host OS
Guest VM
Guest VM
Guest VM
Hypervisor
Hyper-V Host 1
Fabric
Controller
Host OS
Guest VM
Guest VM
Hypervisor
Hyper-V Host 2
Host OS
Guest VM
Guest VM
Key Protection
Hypervisor
Hyper-V Host 3
Host OS
Guest VM
Guest VM
(TPM-mode)
1.Known physical machines
2.Trusted Hyper-V instance
3.CI-compliant configuration
Guest VM
Hypervisor
Hyper-V Host 1
Fabric
Controller
Host OS
Guest VM
Guest VM
Sure, I know
you and you
look healthy
Hypervisor
Hyper-V Host 2
Host OS
Guest VM
Guest VM
Key Protection
Hypervisor
Hyper-V Host 3
Compute
Rolling upgrades
without downtime (no
new hardware needed)
Mixed-mode clusters
Hot add/remove Fixed
Memory and vNIC
RDMA and PacketDirect
(40+Gb Ethernet)
Benchmark-setting
scale, performance,
and resilience
Best-in-class support
for Linux on Hyper-V
Mission-critical scale:
SQL, Exchange,
SharePoint, SAP, Oracle
Broad distribution
support, including:
RHEL, SLES, Ubuntu,
CentOS
Networking
performance: hot
add/remove vNIC and
in-guest vRSS
High-performance: live
migration and
StorageQoS
Maximum availability:
guest clustering
Node 1
Node 2
VHD
Storage
resilience
Windows
Server
2012 R2
Mixed
OS Mode
Windows
Server
2016
Failover
Cluster
Failover
Cluster
Failover
Cluster
Networking
Security
I dont want my workloads to be breached. If breached,
I must respond FAST. In seconds, not days.
Flexibility
I want to move my workloads into the cloud. I might
change my mind and move them back on-premises
tomorrow. I need a flexible cloud on my terms.
App Template
(network policies)
Back-End
10.3.0.0/24
Front End
10.1.0.0/24
Front-End VIP
Network
204.79.0.0/24
Middle-Tier
10.2.0.0/24
Agility with
the
Network
Dynamic Security
Segment your
(virtual) network
based on workload
needs
Apply policies (ACLs)
for traffic within a
segment, and across
segments
Route or Mirror
traffic to non-
On Premises 10.0/16
Internet
VPN
VPN
GW
Backend
10.3/16
Virtual
Networ
k
Fronten
d
10.1/16
Mid-tier
10.2/16
Security
Applianc
e
Security
Applianc
e
Hybrid flexibility
Woodgrove HQ
Public Cloud
MPLS
Exchange
WA
N
MPLS
MPLS Router
Public
internet
Contoso HQ
BGP
SQL Farm
GR
E
Gateway
(Internet Edge)
nnel
S2S Tu
30
N
A
VL
40
N
A
VL
Tu
nn
el
BGP
Contoso VNet
Gateway VM Pool
Woodgrove VNet
Robust gateways
Virtual networking
Software load
balancing
Network security
Distributed Firewall
Network Security Groups
BYO Virtual Appliances
Data plane
advancements
Performance: 10G, 40G, and beyond!
RDMA over Virtual Switch
Storage
Storage Spaces
Fibre Channel/iSCSI/FCoE
SMB3
SAN Partners
NAS
Microsoft Azure
Stack/Object Storage
Hyper-converged Infrastructure
Hyper-V Cluster
Elastic, reliable,
optimized with storage
spaces
Shared JBOD
Storage
System Center
Hyper-V
Fibre Channel/iSCSI/FCoE
Storage Array(s)
Managed by
r
System Cente
Storage Replica
Synchronous replication: Storage agnostic
mirroring
of data in physical sites with crash-consistent
volumes ensuring zero data loss at the volume
level.
Increase resilience: Unlocks new scenarios for
metro-distance cluster to cluster disaster
recovery and stretch failover clusters for
automated high availability.
Flexible: Server to server, cluster to cluster,
and stretch cluster. Local disks, Storage Spaces
Direct, clustered disks. NTFS, REFS, CSVFS. TCP,
RDMA. Synchronous and asynchronous.
Streamlined management: Graphical
management for individual nodes and clusters
through Failover Cluster Manager and Azure Site
Recovery. Full PowerShell and SMAPI support.
Site 1
Site 2
Remote Desktop
Services (RDS)
vGPU evolution
Server 2008
R2
vGPU
Server 2012
Server 2016
vGPU
Server 2012
R2
vGPU
Hyper-V integration
DX 11.0
DX 11.1 support
DX 9 support
VM connect with
vGPU
GPU management
2560 x 1600
resolutions
HCK conformant
vGPU
Para-virtualized
OpenGL/OpenCL/DX11
~30fps
~60fps
Best scale
Low scale
Host: WS 2016
7 Role Services
8 VMs
RDS 2016+:
4 Role Services
2 VMs
Nano Server
Third-party
applications
RDS
experience
Traditional
VM
workloads
Full GUI
Specialized
workloads
Containers
and modern
applications
Nano Server
Just Enough
OS
Server Core
Lower
maintenance
server
environment
Available as OS everywhere
Host OS for physical hardware
Guest OS in a VM
Windows Server containers
Hyper-V containers
Containers
Containers
Physical
Virtual
Package and
run apps
within
containe
rs
Physical/Virtual
Key Benefits
Further accelerate of app deployment
Reduce effort to deploy apps
Streamline development and testing
Lower costs associated with app
deployment
Increase server consolidation
Why Containers?
Developers
Operations
DevOps
Spotlight capabilities
Build: Developers will use familiar development
tools, such as Visual Studio, to write apps to run
within containers
By building modular apps leveraging containers,
modules can scale independently, and be updated
on independent cadences
Run: Container capabilities built into Windows
Server
Manage: Deploy and manage containers using
PowerShell, or using Docker
Resources: Define CPU and memory resources
per container along with storage and network
throughput
Network: Provide NAT or DHCP/static IP for
networkconnectivity
Container A
Container B Container C
Web tier
App tier
DB tier
LOB app
LOB app
LOB app
(+Binaries)
(+Binaries)
Libraries
Host OS
(+Binaries)
Libraries
w/Container Support
Server
(Physical or Virtual)
Physical/Virtual Servers
3
Containers pushed to
central repository
Operations
automates
deployment and
monitors deployed
apps from central
repository
Hyper-V Containers
Anatomy and key capabilities
Spotlight capabilities
Consistency: Hyper-V containers use the same
APIs as Windows Server containers ensuring
consistency across management and
deployment toolsets.
Compatibility: Hyper-V containers use the
exact same images as Windows Server
containers
Strong isolation: Each Hyper-V container has
its own dedicated copy of the kernel
Highly trusted: Built with proven Hyper-V
virtualization technology
Optimized: The virtualization layer and the
operating system have been specifically
optimized for containers
Hyper-V Container
Hyper-V Container
App A
App B
Bins/Libraries
Bins/Libraries
Windows Guest OS
Windows Guest OS
Hypervisor
Server
Docker integration
Strategic investments
Customer
Datacenter
Dockerized app
Windows
Server
container
Run anywhere
Linux
container
Docker
Microsoft
Azure
Service
Provider
PowerShell
PowerShell is a platform
Partners include Chef, Puppet, Ansible, Octopus
Server
Management
Tools (SMT)
Overview
Nano Server provides Just Enough OS to reduce the
security and servicing footprint of the OS, but removes
the familiar local GUI that many admins use
Server management tools is a free toolset, hosted in
the Azure portal, that ensures that you can manage
any Windows Server 2016 instance remotely, alongside
PowerShell or your other
management tools
Deployment is as simple as installing a software
gateway in your infrastructure, then adding machines
Use cases
Single location to visualize machines on-premises or
hosted within Azure, and accessible no matter where
the admin is
Provides management tools for GUI-less Nano Server,
ensuring that admins can continue to use familiar UX
to manage their machines despite local GUI being
removed
Supports cross-platform management allowing admins
to use their client of choice to manage Windows Server
The service will continue to be updated frequently,
Resources