Windows Server 2019: What's New in Hyper-V
A look at what's new in general and specifically for virtualization and containers in the next LTSC release, Windows Server 2019, due out in the second half of 2018.
In case you haven't kept up with the different Windows Server releases coming from Microsoft (and it is confusing), here's the TLDR:
Since the release of Windows Server 2016 there are now two "tracks" of Windows Server: the Semi-Annual Channel (SAC), which puts out two releases a year (in Server Core -- no GUI flavor only) and the Long-Term Servicing Channel (LTSC), which will come out every two to three years, just like Windows Server has for many years.
You need to have Software Assurance to use SAC releases, and they're only supported for 18 months, whereas the LTSC releases will have the normal five years mainstream support (new features and bug fixes), followed by five years extended support (bug fixes only).
In this article I'll look at what's new in general and specifically for virtualization and containers in the next LTSC release, Windows Server 2019, due out in the second half of 2018 (a good guess is that it'll be released at Ignite in September). This article is written on build 17650, released April 24, 2018.
One of the biggest gripes I hear from cluster administrators is the difficulty of moving a cluster from one domain to another (mergers is a common cause of this); this is being addressed in 2019. Using just two PowerShell cmdlets you can remove the cluster name account from the original Active Directory domain, shut down the cluster functionality, unjoin from the source domain and add all nodes to a workgroup, then join them to the new domain and create new cluster resources in the destination AD domain. This definitely adds flexibility around Hyper-V clusters and their domain status.
Speaking of clusters, most businesses I speak to tend to keep the number of nodes in their clusters relatively low (six, eight, 12 and 16 nodes), even though the max number of nodes is 64, and instead have more clusters. Each of these clusters is totally separate but that's going to change in Windows Server 2019. You'll be able to group several clusters together (Hyper-V, Storage and even Hyper-Converged), with a Master cluster resource running on one cluster, coordinating with a Cluster Set Worker in each cluster. You'll be able to Live Migrate VMs from one cluster to another. I can see this being useful for scaling out Azure Stack (currently limited to 12 nodes) and for bringing the concept of the Software-Defined Datacenter (SDDC) closer to reality.
Another minor but potentially vital detail is using a file share witness stored in DFS. This isn't and has never been supported but not everyone reads the documentation. Imagine a six-node cluster with three nodes in a separate building with a file share witness as the tie breaker for the quorum. You could end up in a situation where the network connection between the two buildings is severed and the three nodes on one side keeps the cluster service (and thus the VMs) running because they can talk to the file share witness. But the other side has a DFS replicated copy of the same file share witness, so they, too, decide to keep the cluster service running (as they also have a majority of votes) and both sides could potentially be writing to back-end storage simultaneously, leading to serious data corruption. In Windows Server 2019 if you try to store a file share witness in DFS you'll get an error message and if it's added to DFS replication at some point in time later, it'll stop working.
You can also create a file share witness that doesn't use an AD account for scenarios where a DC isn't available (DMZ), or in a workgroup/cross-domain cluster.
Storage Replica & Migration
In Windows Server 2016 (Datacenter only) we finally got the missing puzzle piece in Microsoft's assault on SANs -- Storage Replica (SR). This directly competes with (very expensive) SAN replication technologies and lets you replicate from any volume on a single server or a cluster to another volume in another location (synchronously up to 150 km [90 miles for those of you in the United States]), asynchronously anywhere on the planet). This is useful for creating stretched Hyper-V clusters for very high resiliency or for Disaster Recovery (DR) in general.
In Windows Server 2019 Standard we're getting SR "Lite": a single volume per server (unlimited in Datacenter), a single partnership per volume (unlimited in Datacenter) and up to 2TB volumes (unlimited in Datacenters). These are the current limitations in the preview and voting is open to change this.
Hyper-V Replica is a different technology than SR. For instance, you could create a stretched Hyper-V cluster with SR as the transport mechanism for the underlying storage between the two locations and then use Hyper-V Replica for DR, replicating VMs to a third location or to Azure.
A totally new feature, Storage Migration Service is coming in Windows Server 2019. Intended to solve the problem of migrating from older versions of Windows Server to 2019 or Azure, it's not directly related to Hyper-V, although you can of course use it from within VMs or to migrate data to Azure Stack.
Data Deduplication is now available for Storage Spaces Direct (S2D) with the ReFS filesystem, so you could be looking at saving up to 50 percent of disk space. Speaking of S2D, Microsoft now supports Persistent Memory (aka Storage Class Memory) which is essentially battery-backed DDR memory sticks, leading to storage with incredibly low latency. Also new is performance history for S2D, where you can get a history of performance across drives, NICs, servers, VMs, vhd/vhdx files, volumes and the overall cluster. You can either use PowerShell or Windows Admin Center to access the data.
There's a lot of focus on hybrid cloud in this preview, which makes sense, given Microsoft's assertion that most businesses will be in a hybrid state for a long time to come. The focus on containers continues with much smaller images available for both the server core and Nano server images.
But the coolest feature yet is the ability to run Linux containers on Windows Server. This first saw light in one of the SAC releases and it makes a lot of sense. Remember that in Windows (unlike Linux) we have two flavors of containers, Windows Containers and Hyper-V Containers. For a developer they work exactly the same and it's a deployment choice (develop on normal containers and deploy in production in Hyper-V containers). The Hyper-V flavor gives you the security isolation of a VM although they're much smaller than a "real" VM. So, the next logical step was running a different OS in the container, in this case Linux. Following a tutorial, I was able to get a Linux container up and running quickly.
The battle to increase security continues unabated and in this version we get Windows Defender ATP Exploit Guard, which is an umbrella for four new features: Network protection blocks outbound access from processes on the server to untrusted hosts/IP address based on Windows Defender SmartScreen information. Controlled folder access protects specified folders against untrusted process access such as ransomware whereas Exploit protection mitigates vulnerabilities in similar ways to what EMET used to do. Finally, Attack Surface Reduction (ASR) lets you set policies to block malicious files, scripts, lateral movement and so on.
Windows Defender Advanced Threat Protection (ATP) is now available for Windows Server, as well, and can integrate with your current deployment.
These measures will increase the security of your Hyper-V hosts but another feature (also first seen in a SAC release) applies directly to virtualization deployments: Encrypted Networks in SDN. A single click when you create a new virtual network in the SDN stack will ensure that all traffic on that network is encrypted, preventing eavesdropping. Note that this does not protect against malicious administrators but curiously, Microsoft has promised such protection in forthcoming versions, bringing the network protection in line with the host security Shielded Virtual Machines offer.
Windows Admin Center
No discussion of the future of Windows Server is complete without mentioning the free, Web-based Windows Admin Center (WAC), formerly known as "Project Honolulu." It's going to be the GUI for managing Windows Server, including Hyper-V servers, clusters, Storage Spaces Direct and HCI clusters. It's got a lot of benefits over the current mix of Server Manager, Hyper-V Manager and Failover Cluster Manager (along with PowerShell) that we use today, including the simple fact that it's all in the one UI.
As I predicted, the twice-yearly SAC releases of Windows Server enables Microsoft to work at bringing new features on a more rapid cadence than in the past and that shows in this preview, which has several new and improved items to make our lives as virtualization administrators easier.
Paul Schnackenburg has been working in IT for nearly 30 years and has been teaching for over 20 years. He runs Expert IT Solutions, an IT consultancy in Australia. Paul focuses on cloud technologies such as Azure and Microsoft 365 and how to secure IT, whether in the cloud or on-premises. He's a frequent speaker at conferences and writes for several sites, including virtualizationreview.com. Find him at @paulschnack on Twitter or on his blog at TellITasITis.com.au.