Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Morning Coffee - Windows Server 2016

Primend
Primend

Windows Server 2016 on pilve-valmis operatsioonisüsteem, mis toetab ettevõtte praegusi töövooge, samal ajal tutvustades uusi tehnoloogiaid, mis teevad pilve ülemineku sujuvaks, kui aeg õige. Millised on põhilised uuendused ja kuidas need ettevõtteid aitavad - nendele küsimustele leiate vastused esitlusest.

Related slideshows

SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with DockerSCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
 
VMworld 2014: Advanced SQL Server on vSphere Techniques and Best Practices
VMworld 2014: Advanced SQL Server on vSphere Techniques and Best PracticesVMworld 2014: Advanced SQL Server on vSphere Techniques and Best Practices
VMworld 2014: Advanced SQL Server on vSphere Techniques and Best Practices
 
SQL Server in DevOps Town Hall Webinar
SQL Server in DevOps Town Hall WebinarSQL Server in DevOps Town Hall Webinar
SQL Server in DevOps Town Hall Webinar
 
1 of 69
Morning Coffee Windows Server 2016
Security Software-defined Datacenter Application Platform Increasing breaches incidents Identity is target of attacks Complex to secure virtual environments Lack of integration between solutions Hard to deploy and operate Low footprint server No integration between Dev and Ops Fast and lightweight OS Hard to plan for public cloud
The cloud-ready server operating system that delivers new layers of security and Azure- innovation for the applications and infrastructure that power your business. Built-in Security Azure-inspired Infrastructure Hybrid Application Platform Protection to Identity Secure the virtualization platform Built-in layers of security Affordable & Enterprise ready Learnings from hyper-scale datacenter Built-in SDDC capabilities Support for containers Built-purpose OS AHUB eases transition to Cloud
Morning Coffee - Windows Server 2016
Windows Server Installation and Upgrade • Windows Server Installation and Upgrade • Server role upgrade and migration matrix for Windows Server 2016 • Upgrade and conversion options for Windows Server 2016
Installation options
Unlimited Windows Server containers Nano Server as deployment option Unlimited VMs Unlimited Hyper-V containers Storage features including: Storage Replica & Storage Spaces Direct New Networking Stack Shielded VMs and Host Guardian Service 2 VMs 2 Hyper-V containers** Essentials Edition 25 users / 50 devices No server CALs required 1 physical or virtual* Must be root of domain Workgroup / Standard Procs 1 / 2 RAM 32GB / 12TB SMB links 250 / Unlimited Max Users 50 / Unlimited Disk number 6 / Unlimited Enterprise class technology to drive any sized business Basic functionality of Windows Server Core functionality of Windows Server Unlimited, based on CALsUnlimited, based on CALs
Cumulative Updates and Windows • Windows Server 2016 utilizes Cumulative Updates like Windows 10 • Only need the latest Cumulative Update to bring an install to the latest patch version • Removes the challenge of every Customer deploying their own combinations of patches that were not tested • Security updates will still be delivered on an „as needed“ basis
Demo Vaatame Windows Server 2016 sisse
Ready for the cloud Improve IT efficiency & productivity Safeguard your business  Just in Time & Just Enough Administration  Windows Defender for malware protection  Trusted/Secure boot  Shielded Virtual Machines  Host Guardian Services  Enhanced Containers  Stretch Clusters  Rolling Cluster OS upgrades  Storage Spaces Direct  Storage Replica  Storage Quality of Service  Remote Desktop Services  Encrypted Virtual Machines and Containers  Azure Backup, Azure Storage, Azure Site Recovery1  Azure Active Directory1  RSMT Azure Remote Server Management Tools1  Operations Manager Suite1
Nano Server Deploy Nano Server
• • Why do I have to reboot because of a patch to a component I never use? • When a reboot is required, the systems need to be back in service ASAP • • Large images take a long time to install and configure • Transferring images consumes too much network bandwidth • Storing images requires too much disk space • • If the OS consumes fewer resources, I can increase my VM density • Higher VM density lowers my costs and increases my efficiency & margins Voice of the Customer
Nano Server – Just enough OS Nucleus of next-gen cloud infrastructure and applications
Nano Server installation option • Just enough OS • Key roles & features • Full developer experience Containers and next-gen applications Full GUI Specialized workloads Third-party applications RDS experience Server Core Lower maintenance server environment Traditional VM workloads Nano Server Just enough OS
Nano Server Developer experience Nano Server has a full developer experience, unlike Server Core. Windows SDK and Visual Studio 2015 target Nano Server. Rich design-time experience. Project template, full IntelliSense, error squiggles, etc. Full remote debugging experience.
Nano Server • Smallest ever footprint • 93 percent lower VHD size • Very fast deployment and reboots • Focus on two key scenarios • Born-in-the-cloud applications • Cloud platform –Hyper-V and Scale-out File Servers • Not installed in traditional manner • Enables the new cloud era! • Managed through familiar and new ways
DemoDeploy Nano Server
Remotely Managing Nano Server Remote Graphical & Web Tools • Server Manager • Azure Portal tools • Task manager • Registry editor • File explorer • Server configuration • Event viewer • Disk manager • Device & driver management • Performance • Users & groups PowerShell Remoting • Core PowerShell engine, language, and cmdlets • Windows Server cmdlets (network, storage, etc.) • PowerShell DSC • Remote file transfer • Remote script authoring & debugging • PowerShell Web Access VM and Container Management • Hyper-V Manager • Hyper-V cmdlets • PowerShell Direct over PSRP • CimSession support • Docker • SCVMM agent & console • 3rd party agents & consoles Deployment & Monitoring • DISM online & VHD support • Unattended setup • Visual Studio integration • DSC Local Config Manager • Setup & boot eventing • SCOM agent • VSO App Insights • Azure Op Insights Partners & Frameworks • Chef integration • .NET Core and CoreCLR • ASP.NET 5 • Python, PHP, Ruby, Node.js • PowerShell Classes • PS Script Analyzer • PowerShell Gallery • PowerShellGet
Nano Server preliminary results 2 8 23 Critical Patches 3 6 11 Reboots 11 26 34 Ports Open 0.41 6.5 10.4 VHD Size (GB) 40 300 1140 Setup Time (s)
• Top Ten: What You Need to Know about Microsoft Nano Server • Introducing the Nano Server Image Builder • Install Nano Server • Manage Nano Server
Konteinerid
What is a container? Containers Traditional virtual machines = hardware virtualization VM VM VM Applications Kernel = Operating system virtualization Container Container Container Windows Server containers Maximum speed and density Container Container Container Hyper-V containers Isolation plus performance Container Container Container
Container benefits Physical Virtual Physical/ Virtual Key benefits
Windows Server containers Build: Developers will use familiar development tools, such as Visual Studio, to write apps to run within containers. By building modular apps leveraging containers, modules can scale independently, and be updated on independent cadences. Run: Container capabilities built into Windows Server. Manage: Deploy and manage containers using PowerShell, or using Docker. Resources: Define CPU and memory resources per container along with storage and network throughput. Network: Provide NAT or DHCP/static IP for network connectivity. Web tier Container A Container B Container C App tier DB tier
Hyper-V containers Hyper-V container Hyper-V containerConsistency: Hyper-V containers use the same APIs as Windows Server containers ensuring consistency across management and deployment toolsets. Compatibility: Hyper-V containers use the exact same images as Windows Server containers. Strong isolation: Each Hyper-V container has its own dedicated copy of the kernel. Highly trusted: Built with proven Hyper-V virtualization technology. Optimized: The virtualization layer and the operating system have been specifically optimized for containers
Morning Coffee - Windows Server 2016
Windows Server Container HIGHLY AUTOMATED EFFICIENT SCALABLE AND ELASTIC Hyper-V Container HIGHLY AUTOMATED EFFICIENT SCALABLE AND ELASTIC PUBLIC MULTI-TEANCY SHARED HOSTING SECURE SECURE HOSTING TRUSTED MULTI-TENANCY REGULATED WORKLOADS
Where To Run Containers? • Azure • Windows Server 2016 Image In Marketplace • Only Windows Server Containers • Existing Server/Physical or VM • Install Windows Server 2016 • Windows Server and/or Hyper-V Containers • Nested Virtualization on Hyper-V • VM on Windows 10 or Windows Server 2016 • Windows Server and/or Hyper-V Containers
Docker integration Joint strategic investments to drive containers forward Docker: An open source engine that automates the deployment of any application as a portable, self-sufficient container that can run almost anywhere. Partnership: Enable the Docker toolset to manage multi-container applications using both Linux and Windows containers, regardless of the hosting environment or cloud provider. Dockerized app Run anywhere
• The differences between Windows Containers and Hyper-V Containers in Windows Server 2016 • Windows Containers • Hyper-V Containers • Container Host Deployment - Windows Server • Container host deployment - Nano Server • Getting Started with Docker for Windows • Build And Run Your First Docker Windows Server Container • Docker Engine on Windows
Virtualiseerimine / Hyper-V
Windows Server 2016 Hyper-V scale limits Capability Windows Server 2012/2012 R2 Standard and Datacenter Windows Server 2016 Standard and Datacenter VMware vSphere 6 Enterprise Plus Physical (Host) Memory Support Up to 4 TB per physical server Up to 24 TB per physical server (6x) Up to 6 TB per physical server (12 TB for specific OEM certified platform) Physical (Host) Logical Processor Support Up to 320 LPs Up to 512 LPs Up to 480 LPs Virtual Machine Memory Support Up to 1 TB per VM Up to 12 TB per VM (12x) Up to 4TB per VM Virtual Machine Virtual Processor Support Up to 64 VPs per VM Up to 240 VPs per VM (3.75x) Up to 128 VPs per VM Source: http://www.vmware.com/pdf/vsphere6/r60/vsphere-60-configuration-maximums.pdf
Increase reliability with cluster Cluster OS Rolling Upgrades Upgrade your fabric to Windows Server 2016, without downtime to workloads running on Hyper-V virtual machines. Mixed OS Mode cluster Provides ability for Windows Server 2012 R2 cluster nodes to operate with Windows Server 2016 nodes. VM resiliency Designed for cloud-scale environments, this helps preserve VM session state in the event of transient storage or network disruptions. Fault domain-aware clusters Enhances key operations during cluster lifecycle such as failover behavior, placement policies, heartbeating between nodes, and quorum behavior.
Rolling Upgrades Faster time to value
Flexibility: Linux support on Hyper-V Broad support: Run Red Hat, SUSE, OpenSUSE, CentOS, Ubuntu, Debian and Oracle Linux, with full support. Increased utilization: Run Windows and Linux side-by-side, driving up utilization and reducing hardware costs. Enhanced networking: Highest levels of networking performance in Linux guests with virtual Receive Side Scaling (vRSS) support. Storage enhancements: Hot-add and online-resize of storage for enhanced administration flexibility. Better protection: Better-than-physical backup support for virtualized Linux guests on Hyper-V. Simplified management: Single experience for managing, monitoring, and operating the infrastructure. PowerShell support: Use PowerShell Desired State Configuration to declaratively specify the configuration of Linux servers.
Secure Boot Support for Linux • Providing kernel code integrity protections for Linux guest operating systems. • Works with: • Ubuntu 14.04 and later • SUSE Linux Enterprise Server 12
Network Adapter Identification • You can name individual network adapters in the virtual machine settings – and see the same name inside the guest operating system. • PowerShell needed to configure naming
PowerShell Direct to Guest OS • You can now script PowerShell in the Guest OS directly from the Host OS • No need to configure PowerShell Remoting • Or even have network connectivity • Still need to have guest credentials
Hyper-V Manager Improvements • Multiple improvements to make it easier to remotely manage and troubleshoot Hyper-V Servers: • Support for alternate credentials • Connecting via IP address • Able to manage Windows Server 2012, 2012 R2 and Windows Server 2016 Technical Preview from a single console • Connecting via WinRM
Hot Add/Remove • VM Memory • Network Adaptors • VM check checkpoints based on VSS • Dynamically identify VMs that are not “playing well” and reduce their resource allocation
Built-in security • Shielded Virtual Machines • Host Guardian Service • Secure Boot for Windows & Linux • Nano Server Hyper-V Host • Virtualization-based Security (VBS) • Hyper-V Containers • Containers in Shielded VMs Credential Guard Just in Time Administration Just Enough Administration Control Flow Guard Code Integrity Windows Defender Enhanced Threat Detection
Demo Shielded Virtual Machines
Shielded VMs: Security Assurance Goals • Encryption of data, both at-rest & in-flight • Virtual TPM enables the use of disk encryption within a VM (e.g. BitLocker) • Both Live Migration and VM-state are encrypted • Admin-lockout • Host administrators cannot access guest VM secrets (e.g. can’t see disks, video, etc.) • Host administrators cannot run arbitrary kernel-mode code • Attestation of health • VM-workloads can only run on “healthy” hosts
A bit more detail… What is it and who’s it for? As a hoster: As a tenant: As an enterprise: Implementation Spotlights Hardware-rooted security technologies strictly isolate the VM from host administrators A Host Guardian Service that is able to identify legitimate Hyper-V hosts and certify them to run a given shielded VM Virtualized Trusted Platform Module (vTPM) support for Generation 2 virtual machines
Shielded VMs: a bit more detail • Requires a Generation 2 VM • Virtual motherboard exposes UEFI firmware • Enables Secure Boot in the VM, supports TPM v2.0 • Windows Server 2012, Windows Server 2012 R2 guest VMs supported today • Windows Server 2008, Windows Server 2008 R2 support under investigation
Shielded VMs: what’s protected? • vTPM enables protection for VM data at rest • Enables disk encryption within the guest VM (e.g. BitLocker in Transparent mode) • The TPM 2.0 device has been virtualized • vTPM is not backed by a physical TPM – ensures VM mobility scenarios work • Hardened VMWP hosts the vTPM VDEV for protected VMs • The hardened VMWP encrypts other VM artifacts • Live migration egress traffic is encrypted • All other VM state at rest • vTPM state in the VM config file • Runtime state file, saved state, snapshot • Hyper-V Replica file
• What's new in Hyper-V on Windows Server 2016 • Cluster operating system rolling upgrade • Guarded fabric and shielded VMs overview • Deploying the Host Guardian Service for guarded hosts and shielded VMs • Configuration scenarios for shielded VMs in a guarded fabric • A closer look at shielded VMs in Windows Server 2016 • Step by Step – Configuring the Host Guardian Service in Windows Server 2016
Storage Demo
STRETCH CLUSTER AND CLUSTER TO CLUSTER Site 1 Site 2 Storage replica Synchronous replication: Storage agnostic mirroring of data in physical sites with crash-consistent volumes ensuring zero data loss at the volume level. Increase resilience: Unlocks new scenarios for metro- distance cluster to cluster disaster recovery and stretch failover clusters for automated high availability. Complete solution: End-to-end for storage and clustering, including Hyper-V, Storage Replica, Storage Spaces, Cluster, Scale-Out File Server, SMB3, Deduplication, Resilient File System (ReFS), NTFS, and Windows PowerShell. Streamlined management: Graphical management for individual nodes and clusters through Failover Cluster Manager and Azure Site Recovery.
Reliability, scalability, flexibility • Fault tolerance to disk, enclosure, node failures • Scale pools to large number of drives • Simple and fine grained expansion • Fast VM creation and efficient VM snapshots Use cases • Hyper-V IaaS storage • Storage for backup and replication targets • Hyper-converged (compute and storage together) • Converged (compute and storage separate) Cloud design points and management • Standard servers with local storage • New device types such as SATA and NVMe SSD • Prescriptive hardware configurations • Deploy/manage/monitor with SCVMM, SCOM & PowerShell Storage Spaces Direct Software defined storage for private cloud using industry standard servers with local storage
Converged solution On-premises disaggregated solution Scale components separately in this model. Simultaneous scaling is possible when compute (Hyper-V) and storage components (Storage Spaces Direct) reside on the same cluster. Hyper-converged Scale compute, storage simultaneously Storage Software SMB3 Virtual machines on Hyper-V host Scale-out file server Storage Software Virtual Machines Scale-out file server Storage Software
Storage Spaces Direct – Deployment Choice
Lenovo System x3650 M5HP Apollo 2000 System Quanta D51PH Dell PowerEdge R730xdCisco UCS C3260 Rack Server FUJITSU PRIMERGY RX2540 M1 Intel® Server Board S2600WT-Based Systems
Demo Storage Spaces Direct in Windows Server 2016
• Storage Replica overview • Stretch Cluster Replication Using Shared Storage • Server to Server Storage Replication • Frequently Asked Questions about Storage Replica • Storage Quality of Service • Storage Spaces Direct in Windows Server 2016 • Hyper-converged solution using Storage Spaces Direct in Windows Server 2016 • What is Storage Spaces Direct?
Windows Server 2016 Turvalisus
Hard lessons… The network is no longer the security perimeter (it hasn’t been for some time) Identity is the (new) security perimeter Entry—we can’t stop this from happening People will be fooled, bribed, blackmailed, etc. Eliminating human error isn’t possible Phishing works and will continue to do so Insider-attacks are a big problem Anomalous activity monitoring helps in detection; limit access through identity management & isolation Compliance is very important But compliance and security are not the same thing: compliant != secure Prevention methods aren’t always technical or architectural Many will be operational and that will impose some level of additional operational friction—security has a price $$$
Ongoing focus & innovation on preventative measures; block known attacks & known malware 1. Protect Comprehensive monitoring tools to help you spot abnormalities and respond to attacks faster 2. Detect Leading response and recovery technologies plus deep consulting expertise 3. Respond Isolate OS components & secrets; limit admin. privileges; rigorously measure host health 4. Isolate Windows Server Security Posture – Security isn’t a bolt-on;
2. Secure the OS What do we need to secure and how? 1. Managed privileged identities 3. Secure virtualization Protect Respond Detect Isolate
What do we need to secure and how? 1. Managed privileged identities Protect Respond Detect Isolate
What do we need to secure and how? Manage privileged identities Prevent credential theft
2. Secure the OS What do we need to secure and how? 1. Managed privileged identities Protect Respond Detect Isolate
What do we need to secure and how? Secure the OS: host & guest Host Integrity Guest Integrity Manage privileged identities Prevent credential theft
3. Secure virtualization What do we need to secure and how? 1. Managed privileged identities 2. Secure the OS Protect Respond Detect Isolate
Secure the OS: host & guest Host Integrity Guest Integrity Manage privileged identities Prevent credential theft Secure virtualization
Monitoring/detection through enhanced auditing + log & behavioral analysis Secure the OS: host & guest Host Integrity Guest Integrity Manage privileged identities Prevent credential theft Secure virtualization Monitoring/Detection Secure the OS: host & guest Host Integrity Guest Integrity Manage privileged identities Prevent credential theft Secure virtualization
• Privileged Access Management for Active Directory Domain Services • Weekend Scripter: Use PowerShell for JIT Administration and PAM • Just Enough Administration • Just Enough Administration, Step by Step • Windows 10 Device Guard and Credential Guard Demystified
Ready for the cloud Improve IT efficiency & productivity Safeguard your business  Just in Time & Just Enough Administration  Windows Defender for malware protection  Trusted/Secure boot  Shielded Virtual Machines  Host Guardian Services  Enhanced Containers  Stretch Clusters  Rolling Cluster OS upgrades  Storage Spaces Direct  Storage Replica  Storage Quality of Service  Remote Desktop Services  Encrypted Virtual Machines and Containers  Azure Backup, Azure Storage, Azure Site Recovery1  Azure Active Directory1  RSMT Azure Remote Server Management Tools1  Operations Manager Suite1
Aitäh! Primend Morning Coffee – Windows Server 2016

More Related Content

Morning Coffee - Windows Server 2016

  • 2. Security Software-defined Datacenter Application Platform Increasing breaches incidents Identity is target of attacks Complex to secure virtual environments Lack of integration between solutions Hard to deploy and operate Low footprint server No integration between Dev and Ops Fast and lightweight OS Hard to plan for public cloud
  • 3. The cloud-ready server operating system that delivers new layers of security and Azure- innovation for the applications and infrastructure that power your business. Built-in Security Azure-inspired Infrastructure Hybrid Application Platform Protection to Identity Secure the virtualization platform Built-in layers of security Affordable & Enterprise ready Learnings from hyper-scale datacenter Built-in SDDC capabilities Support for containers Built-purpose OS AHUB eases transition to Cloud
  • 5. Windows Server Installation and Upgrade • Windows Server Installation and Upgrade • Server role upgrade and migration matrix for Windows Server 2016 • Upgrade and conversion options for Windows Server 2016
  • 7. Unlimited Windows Server containers Nano Server as deployment option Unlimited VMs Unlimited Hyper-V containers Storage features including: Storage Replica & Storage Spaces Direct New Networking Stack Shielded VMs and Host Guardian Service 2 VMs 2 Hyper-V containers** Essentials Edition 25 users / 50 devices No server CALs required 1 physical or virtual* Must be root of domain Workgroup / Standard Procs 1 / 2 RAM 32GB / 12TB SMB links 250 / Unlimited Max Users 50 / Unlimited Disk number 6 / Unlimited Enterprise class technology to drive any sized business Basic functionality of Windows Server Core functionality of Windows Server Unlimited, based on CALsUnlimited, based on CALs
  • 8. Cumulative Updates and Windows • Windows Server 2016 utilizes Cumulative Updates like Windows 10 • Only need the latest Cumulative Update to bring an install to the latest patch version • Removes the challenge of every Customer deploying their own combinations of patches that were not tested • Security updates will still be delivered on an „as needed“ basis
  • 10. Ready for the cloud Improve IT efficiency & productivity Safeguard your business  Just in Time & Just Enough Administration  Windows Defender for malware protection  Trusted/Secure boot  Shielded Virtual Machines  Host Guardian Services  Enhanced Containers  Stretch Clusters  Rolling Cluster OS upgrades  Storage Spaces Direct  Storage Replica  Storage Quality of Service  Remote Desktop Services  Encrypted Virtual Machines and Containers  Azure Backup, Azure Storage, Azure Site Recovery1  Azure Active Directory1  RSMT Azure Remote Server Management Tools1  Operations Manager Suite1
  • 12. • • Why do I have to reboot because of a patch to a component I never use? • When a reboot is required, the systems need to be back in service ASAP • • Large images take a long time to install and configure • Transferring images consumes too much network bandwidth • Storing images requires too much disk space • • If the OS consumes fewer resources, I can increase my VM density • Higher VM density lowers my costs and increases my efficiency & margins Voice of the Customer
  • 13. Nano Server – Just enough OS Nucleus of next-gen cloud infrastructure and applications
  • 14. Nano Server installation option • Just enough OS • Key roles & features • Full developer experience Containers and next-gen applications Full GUI Specialized workloads Third-party applications RDS experience Server Core Lower maintenance server environment Traditional VM workloads Nano Server Just enough OS
  • 15. Nano Server Developer experience Nano Server has a full developer experience, unlike Server Core. Windows SDK and Visual Studio 2015 target Nano Server. Rich design-time experience. Project template, full IntelliSense, error squiggles, etc. Full remote debugging experience.
  • 16. Nano Server • Smallest ever footprint • 93 percent lower VHD size • Very fast deployment and reboots • Focus on two key scenarios • Born-in-the-cloud applications • Cloud platform –Hyper-V and Scale-out File Servers • Not installed in traditional manner • Enables the new cloud era! • Managed through familiar and new ways
  • 18. Remotely Managing Nano Server Remote Graphical & Web Tools • Server Manager • Azure Portal tools • Task manager • Registry editor • File explorer • Server configuration • Event viewer • Disk manager • Device & driver management • Performance • Users & groups PowerShell Remoting • Core PowerShell engine, language, and cmdlets • Windows Server cmdlets (network, storage, etc.) • PowerShell DSC • Remote file transfer • Remote script authoring & debugging • PowerShell Web Access VM and Container Management • Hyper-V Manager • Hyper-V cmdlets • PowerShell Direct over PSRP • CimSession support • Docker • SCVMM agent & console • 3rd party agents & consoles Deployment & Monitoring • DISM online & VHD support • Unattended setup • Visual Studio integration • DSC Local Config Manager • Setup & boot eventing • SCOM agent • VSO App Insights • Azure Op Insights Partners & Frameworks • Chef integration • .NET Core and CoreCLR • ASP.NET 5 • Python, PHP, Ruby, Node.js • PowerShell Classes • PS Script Analyzer • PowerShell Gallery • PowerShellGet
  • 19. Nano Server preliminary results 2 8 23 Critical Patches 3 6 11 Reboots 11 26 34 Ports Open 0.41 6.5 10.4 VHD Size (GB) 40 300 1140 Setup Time (s)
  • 20. • Top Ten: What You Need to Know about Microsoft Nano Server • Introducing the Nano Server Image Builder • Install Nano Server • Manage Nano Server
  • 22. What is a container? Containers Traditional virtual machines = hardware virtualization VM VM VM Applications Kernel = Operating system virtualization Container Container Container Windows Server containers Maximum speed and density Container Container Container Hyper-V containers Isolation plus performance Container Container Container
  • 24. Windows Server containers Build: Developers will use familiar development tools, such as Visual Studio, to write apps to run within containers. By building modular apps leveraging containers, modules can scale independently, and be updated on independent cadences. Run: Container capabilities built into Windows Server. Manage: Deploy and manage containers using PowerShell, or using Docker. Resources: Define CPU and memory resources per container along with storage and network throughput. Network: Provide NAT or DHCP/static IP for network connectivity. Web tier Container A Container B Container C App tier DB tier
  • 25. Hyper-V containers Hyper-V container Hyper-V containerConsistency: Hyper-V containers use the same APIs as Windows Server containers ensuring consistency across management and deployment toolsets. Compatibility: Hyper-V containers use the exact same images as Windows Server containers. Strong isolation: Each Hyper-V container has its own dedicated copy of the kernel. Highly trusted: Built with proven Hyper-V virtualization technology. Optimized: The virtualization layer and the operating system have been specifically optimized for containers
  • 27. Windows Server Container HIGHLY AUTOMATED EFFICIENT SCALABLE AND ELASTIC Hyper-V Container HIGHLY AUTOMATED EFFICIENT SCALABLE AND ELASTIC PUBLIC MULTI-TEANCY SHARED HOSTING SECURE SECURE HOSTING TRUSTED MULTI-TENANCY REGULATED WORKLOADS
  • 28. Where To Run Containers? • Azure • Windows Server 2016 Image In Marketplace • Only Windows Server Containers • Existing Server/Physical or VM • Install Windows Server 2016 • Windows Server and/or Hyper-V Containers • Nested Virtualization on Hyper-V • VM on Windows 10 or Windows Server 2016 • Windows Server and/or Hyper-V Containers
  • 29. Docker integration Joint strategic investments to drive containers forward Docker: An open source engine that automates the deployment of any application as a portable, self-sufficient container that can run almost anywhere. Partnership: Enable the Docker toolset to manage multi-container applications using both Linux and Windows containers, regardless of the hosting environment or cloud provider. Dockerized app Run anywhere
  • 30. • The differences between Windows Containers and Hyper-V Containers in Windows Server 2016 • Windows Containers • Hyper-V Containers • Container Host Deployment - Windows Server • Container host deployment - Nano Server • Getting Started with Docker for Windows • Build And Run Your First Docker Windows Server Container • Docker Engine on Windows
  • 32. Windows Server 2016 Hyper-V scale limits Capability Windows Server 2012/2012 R2 Standard and Datacenter Windows Server 2016 Standard and Datacenter VMware vSphere 6 Enterprise Plus Physical (Host) Memory Support Up to 4 TB per physical server Up to 24 TB per physical server (6x) Up to 6 TB per physical server (12 TB for specific OEM certified platform) Physical (Host) Logical Processor Support Up to 320 LPs Up to 512 LPs Up to 480 LPs Virtual Machine Memory Support Up to 1 TB per VM Up to 12 TB per VM (12x) Up to 4TB per VM Virtual Machine Virtual Processor Support Up to 64 VPs per VM Up to 240 VPs per VM (3.75x) Up to 128 VPs per VM Source: http://www.vmware.com/pdf/vsphere6/r60/vsphere-60-configuration-maximums.pdf
  • 33. Increase reliability with cluster Cluster OS Rolling Upgrades Upgrade your fabric to Windows Server 2016, without downtime to workloads running on Hyper-V virtual machines. Mixed OS Mode cluster Provides ability for Windows Server 2012 R2 cluster nodes to operate with Windows Server 2016 nodes. VM resiliency Designed for cloud-scale environments, this helps preserve VM session state in the event of transient storage or network disruptions. Fault domain-aware clusters Enhances key operations during cluster lifecycle such as failover behavior, placement policies, heartbeating between nodes, and quorum behavior.
  • 35. Flexibility: Linux support on Hyper-V Broad support: Run Red Hat, SUSE, OpenSUSE, CentOS, Ubuntu, Debian and Oracle Linux, with full support. Increased utilization: Run Windows and Linux side-by-side, driving up utilization and reducing hardware costs. Enhanced networking: Highest levels of networking performance in Linux guests with virtual Receive Side Scaling (vRSS) support. Storage enhancements: Hot-add and online-resize of storage for enhanced administration flexibility. Better protection: Better-than-physical backup support for virtualized Linux guests on Hyper-V. Simplified management: Single experience for managing, monitoring, and operating the infrastructure. PowerShell support: Use PowerShell Desired State Configuration to declaratively specify the configuration of Linux servers.
  • 36. Secure Boot Support for Linux • Providing kernel code integrity protections for Linux guest operating systems. • Works with: • Ubuntu 14.04 and later • SUSE Linux Enterprise Server 12
  • 37. Network Adapter Identification • You can name individual network adapters in the virtual machine settings – and see the same name inside the guest operating system. • PowerShell needed to configure naming
  • 38. PowerShell Direct to Guest OS • You can now script PowerShell in the Guest OS directly from the Host OS • No need to configure PowerShell Remoting • Or even have network connectivity • Still need to have guest credentials
  • 39. Hyper-V Manager Improvements • Multiple improvements to make it easier to remotely manage and troubleshoot Hyper-V Servers: • Support for alternate credentials • Connecting via IP address • Able to manage Windows Server 2012, 2012 R2 and Windows Server 2016 Technical Preview from a single console • Connecting via WinRM
  • 40. Hot Add/Remove • VM Memory • Network Adaptors • VM check checkpoints based on VSS • Dynamically identify VMs that are not “playing well” and reduce their resource allocation
  • 41. Built-in security • Shielded Virtual Machines • Host Guardian Service • Secure Boot for Windows & Linux • Nano Server Hyper-V Host • Virtualization-based Security (VBS) • Hyper-V Containers • Containers in Shielded VMs Credential Guard Just in Time Administration Just Enough Administration Control Flow Guard Code Integrity Windows Defender Enhanced Threat Detection
  • 43. Shielded VMs: Security Assurance Goals • Encryption of data, both at-rest & in-flight • Virtual TPM enables the use of disk encryption within a VM (e.g. BitLocker) • Both Live Migration and VM-state are encrypted • Admin-lockout • Host administrators cannot access guest VM secrets (e.g. can’t see disks, video, etc.) • Host administrators cannot run arbitrary kernel-mode code • Attestation of health • VM-workloads can only run on “healthy” hosts
  • 44. A bit more detail… What is it and who’s it for? As a hoster: As a tenant: As an enterprise: Implementation Spotlights Hardware-rooted security technologies strictly isolate the VM from host administrators A Host Guardian Service that is able to identify legitimate Hyper-V hosts and certify them to run a given shielded VM Virtualized Trusted Platform Module (vTPM) support for Generation 2 virtual machines
  • 45. Shielded VMs: a bit more detail • Requires a Generation 2 VM • Virtual motherboard exposes UEFI firmware • Enables Secure Boot in the VM, supports TPM v2.0 • Windows Server 2012, Windows Server 2012 R2 guest VMs supported today • Windows Server 2008, Windows Server 2008 R2 support under investigation
  • 46. Shielded VMs: what’s protected? • vTPM enables protection for VM data at rest • Enables disk encryption within the guest VM (e.g. BitLocker in Transparent mode) • The TPM 2.0 device has been virtualized • vTPM is not backed by a physical TPM – ensures VM mobility scenarios work • Hardened VMWP hosts the vTPM VDEV for protected VMs • The hardened VMWP encrypts other VM artifacts • Live migration egress traffic is encrypted • All other VM state at rest • vTPM state in the VM config file • Runtime state file, saved state, snapshot • Hyper-V Replica file
  • 47. • What's new in Hyper-V on Windows Server 2016 • Cluster operating system rolling upgrade • Guarded fabric and shielded VMs overview • Deploying the Host Guardian Service for guarded hosts and shielded VMs • Configuration scenarios for shielded VMs in a guarded fabric • A closer look at shielded VMs in Windows Server 2016 • Step by Step – Configuring the Host Guardian Service in Windows Server 2016
  • 49. STRETCH CLUSTER AND CLUSTER TO CLUSTER Site 1 Site 2 Storage replica Synchronous replication: Storage agnostic mirroring of data in physical sites with crash-consistent volumes ensuring zero data loss at the volume level. Increase resilience: Unlocks new scenarios for metro- distance cluster to cluster disaster recovery and stretch failover clusters for automated high availability. Complete solution: End-to-end for storage and clustering, including Hyper-V, Storage Replica, Storage Spaces, Cluster, Scale-Out File Server, SMB3, Deduplication, Resilient File System (ReFS), NTFS, and Windows PowerShell. Streamlined management: Graphical management for individual nodes and clusters through Failover Cluster Manager and Azure Site Recovery.
  • 50. Reliability, scalability, flexibility • Fault tolerance to disk, enclosure, node failures • Scale pools to large number of drives • Simple and fine grained expansion • Fast VM creation and efficient VM snapshots Use cases • Hyper-V IaaS storage • Storage for backup and replication targets • Hyper-converged (compute and storage together) • Converged (compute and storage separate) Cloud design points and management • Standard servers with local storage • New device types such as SATA and NVMe SSD • Prescriptive hardware configurations • Deploy/manage/monitor with SCVMM, SCOM & PowerShell Storage Spaces Direct Software defined storage for private cloud using industry standard servers with local storage
  • 51. Converged solution On-premises disaggregated solution Scale components separately in this model. Simultaneous scaling is possible when compute (Hyper-V) and storage components (Storage Spaces Direct) reside on the same cluster. Hyper-converged Scale compute, storage simultaneously Storage Software SMB3 Virtual machines on Hyper-V host Scale-out file server Storage Software Virtual Machines Scale-out file server Storage Software
  • 52. Storage Spaces Direct – Deployment Choice
  • 53. Lenovo System x3650 M5HP Apollo 2000 System Quanta D51PH Dell PowerEdge R730xdCisco UCS C3260 Rack Server FUJITSU PRIMERGY RX2540 M1 Intel® Server Board S2600WT-Based Systems
  • 54. Demo Storage Spaces Direct in Windows Server 2016
  • 55. • Storage Replica overview • Stretch Cluster Replication Using Shared Storage • Server to Server Storage Replication • Frequently Asked Questions about Storage Replica • Storage Quality of Service • Storage Spaces Direct in Windows Server 2016 • Hyper-converged solution using Storage Spaces Direct in Windows Server 2016 • What is Storage Spaces Direct?
  • 57. Hard lessons… The network is no longer the security perimeter (it hasn’t been for some time) Identity is the (new) security perimeter Entry—we can’t stop this from happening People will be fooled, bribed, blackmailed, etc. Eliminating human error isn’t possible Phishing works and will continue to do so Insider-attacks are a big problem Anomalous activity monitoring helps in detection; limit access through identity management & isolation Compliance is very important But compliance and security are not the same thing: compliant != secure Prevention methods aren’t always technical or architectural Many will be operational and that will impose some level of additional operational friction—security has a price $$$
  • 58. Ongoing focus & innovation on preventative measures; block known attacks & known malware 1. Protect Comprehensive monitoring tools to help you spot abnormalities and respond to attacks faster 2. Detect Leading response and recovery technologies plus deep consulting expertise 3. Respond Isolate OS components & secrets; limit admin. privileges; rigorously measure host health 4. Isolate Windows Server Security Posture – Security isn’t a bolt-on;
  • 59. 2. Secure the OS What do we need to secure and how? 1. Managed privileged identities 3. Secure virtualization Protect Respond Detect Isolate
  • 60. What do we need to secure and how? 1. Managed privileged identities Protect Respond Detect Isolate
  • 61. What do we need to secure and how? Manage privileged identities Prevent credential theft
  • 62. 2. Secure the OS What do we need to secure and how? 1. Managed privileged identities Protect Respond Detect Isolate
  • 63. What do we need to secure and how? Secure the OS: host & guest Host Integrity Guest Integrity Manage privileged identities Prevent credential theft
  • 64. 3. Secure virtualization What do we need to secure and how? 1. Managed privileged identities 2. Secure the OS Protect Respond Detect Isolate
  • 65. Secure the OS: host & guest Host Integrity Guest Integrity Manage privileged identities Prevent credential theft Secure virtualization
  • 66. Monitoring/detection through enhanced auditing + log & behavioral analysis Secure the OS: host & guest Host Integrity Guest Integrity Manage privileged identities Prevent credential theft Secure virtualization Monitoring/Detection Secure the OS: host & guest Host Integrity Guest Integrity Manage privileged identities Prevent credential theft Secure virtualization
  • 67. • Privileged Access Management for Active Directory Domain Services • Weekend Scripter: Use PowerShell for JIT Administration and PAM • Just Enough Administration • Just Enough Administration, Step by Step • Windows 10 Device Guard and Credential Guard Demystified
  • 68. Ready for the cloud Improve IT efficiency & productivity Safeguard your business  Just in Time & Just Enough Administration  Windows Defender for malware protection  Trusted/Secure boot  Shielded Virtual Machines  Host Guardian Services  Enhanced Containers  Stretch Clusters  Rolling Cluster OS upgrades  Storage Spaces Direct  Storage Replica  Storage Quality of Service  Remote Desktop Services  Encrypted Virtual Machines and Containers  Azure Backup, Azure Storage, Azure Site Recovery1  Azure Active Directory1  RSMT Azure Remote Server Management Tools1  Operations Manager Suite1
  • 69. Aitäh! Primend Morning Coffee – Windows Server 2016

Editor's Notes

  1. 10/25/2016