In-Depth

What's New in Hyper-V in Windows Server 1709

Lots of changes are on tap, including upgrades for containers, networking and storage.

• By Paul Schnackenburg
• 11/02/2017

The challenge of new versions of Windows 10 twice a year are known to most businesses by now. But even IT departments that have embraced the cadence for client computers (and face it; there's really no other course of action) will have a tough time swallowing the same tempo for servers.

That's not to say that the new version isn't going to find a home; even risk-averse CIOs might choose the release for new deployments. There's also the small matter that you must have Software Assurance covering the servers in question to deploy the latest release in the Semi-Annual Channel (SAC), as opposed to the Long-Term Servicing Channel (LTSC), which will have releases every 2-3 years. Be prepared to keep on upgrading as well; the SAC releases are only supported for 18 months after each release.

Given that background, let's have a look at what the very first SAC version of Windows Server -- 1709 -- brings for virtualization.

Containers
The headline change is probably the fact that Nano server is now relegated to a container image only. When Windows Server 2016 was released, there was a lot of noise from Microsoft that Nano was the future and should be adopted for Hyper-V and storage hosts. Given that Microsoft has had a hard time nudging customers to use Server Core instead of the full GUI, it was no surprise that Nano, which was even harder to manage, didn't get much traction. To Microsoft's credit, they "failed fast" and dropped the idea of Nano server on physical hardware.

This in turn has led to optimization of the image with all the drivers and software required for it to run on hardware removed, shrinking the image from 390MB to 80MB. So if you're developing new software to run in Windows Containers, Nano is the best platform. On the other hand, if you're lifting and shifting existing applications into containers, you'll probably need the broader compatibility of the Server Core container image. It too has been shrunk by 60 percent in 1709.

Containers can now talk to Clustered Shared Volumes (CSV) on SANs/Storage Spaces Direct (S2D) for persisting data (Windows Server 2016 & 1709). Alternatively, you can map an SMB file share inside containers for persistent storage access (1709 only).

On the networking side, Windows now has parity with Linux for working with containers, including support for Ingress routing mesh for swarms. Named pipes are now supported in Windows Containers, letting applications in one container work easily with applications in another container on the same host.

Shields Up
The Host Guardian Service (HGS) that enables shielding of VMs to stop prying host administrators (or cloud service providers) from accessing your VMs can now run as a VM. In Windows Server 2016 the HGS service needed a three-node, physical server cluster to ensure security, resulting in high costs.

In addition to Windows VMs, Linux VMs can now be shielded.

Networking
While not directly Hyper-V related, several networking stack upgrades will improve performance for virtualization. TCP Fast Open (TFO) optimizes the TCP handshake process after the very first time two hosts connect. CUBIC is a new congestion control algorithm that's been implemented, and Receive Window Auto-Tuning adapts to the different characteristics of varied network connections. Dead Gateway Detection (DGD), as the name suggests, more quickly picks up a failed router and switches over to another gateway faster. The IPv6 stack has been improved with RFC 6106 support, allowing you to supply DNS configuration through router advertisements. Flow labels improve the efficiency of load balancing and flow classification.

If you're using network virtualization (and if you don't, you should; it enables isolation of application services for security in a very easy way), you can now enable virtual network encryption by marking a subnet as Encryption Enabled. This uses Datagram Transport Layer Security (DTLS) to encrypt the packets.

There was an excellent session at Ignite 2017 that covered all these networking improvements, including the ability to use templates to control the flow labels. There's been a spate of attacks against the old SMB v1 over the last year, such as WannaCry, NotPetya and so on. It's a good thing SMB v1 is turned off by default in both Windows Server 1709 and Windows 10, 1709.

Storage
Building on the foundation of Storage Spaces Direct, which supports hard drives, SSD drives and NVMe (SSD drives connected directly to the PCI Express bus) for really fast storage, 1709 supports storage-class memory. These are battery backed-up DIMM sticks as fast as RAM, but they provide persistent storage. These kinds of devices will eat your SSD for breakfast.

To speed up your VMs , use Virtualized Persistent Memory (vPMEM), creating a .vhdpmem disk on this type of storage and adding it to a VM as a virtual disk.

Windows Server 2016 was the first time the Resilient File System (ReFS) really came of age; it's the recommended file system for storing virtual hard disks for VMs. There was one main feature missing when compared to NTFS, however, and that was data deduplication. 1709 adds the ability to use deduplication with ReFS.

VM Load Balancing was introduced in Windows Server 2016; previously, it was only available in System Center Virtual Machine Manager. It looks at the load across Hyper-V hosts in a cluster and Live Migrates VMs from nodes with high load to nodes with lower load. In Windows Server 2016, memory usage and CPU load is taken into account; 1709 adds OS and application awareness, improving the accuracy of the balancing.

The release notes for 1709 (but not the preceding Insider Builds) curiously say that Storage Spaces Direct is not available in this release. There's some explanation on this FAQ; reading between the lines, I suspect they just didn't have time to do the testing to make sure S2D was rock solid in this build. After all, storage isn't something that should be buggy.

It also seems that the battle of whether GUIs belong on servers is going to be moot, as 1709 only comes in a Server Core flavor.

A New Release Paradigm
I see these twice-yearly versions of Windows Server as a way for Microsoft to innovate and test out new features and see what really entices enterprises. Once tested and hardened in the real world, these features will then make it into the next LTSC release of Windows Server. It's an interesting approach and it'll be fascinating to see over the next six months what the uptake of this branch of Windows Server will be.