With the third technical preview (TP3), Microsoft continues the slow and steady evolution of Windows Server 2016, adding more functionality in Nano Server and Docker container support (plus a host of other features), along with more management tools for working with the other new server features.

Nano Server

Not only can you run Nano on Hyper-V for testing (which is useful to gain familiarity), but you can also now run the Hyper-V role on Nano Server. That’s a minimal, far more secure and far less resource-hungry base on which to run virtualised workloads, and it makes Nano a mainstream option. You can also use Nano server for the File Server role, for failover clustering, and for hosting ASP.NET 5 (using CoreCLR). In TP3, Nano has the same set of drivers for network adapters and storage controllers as Server Core, plus Windows Defender Antimalware and reverse forwarders for frameworks like Ruby and Node.js, to improve application compatibility.

The much-improved data deduplication (with volume sizes up to 64TB, file sizes up to 1TB and with support for deduplicating backups, which should save you a considerable amount of space and money) now works with Nano Server, although currently not for clusters. That’s yet another sign that Nano will be a deployment option you’ll be able to use for familiar workloads, not just for building new cloud services.

It’s much easier to install Nano Server with TP3, as Microsoft has included both the WIM and a PowerShell script for converting that into a VHD in the ISO (note that you have to create it as a Gen1 VM, possibly to ensure compatibility with Azure). Nano remains a minimal OS that you manage remotely, using PowerShell and System Center 2016, designed for servers you’re never going to see in person. But if you do have a keyboard and monitor plugged into a Nano Server, you can now use the Emergency Management Console to view some settings and do some very basic management. In TP3 that’s just viewing network settings, and even when it expands it’s never going to do more than the basics, but it’s useful to have it there for emergencies.

The TP3 release of System Center 2016 adds support for Nano Server as both a host and file server to Virtual Machine Manager (which can also now manage the rolling cluster upgrades, end-to-end Storage Quality of Service and storage tiers introduced in earlier technical previews of Windows Server 2016).

Docker containers

Nano Server will support containers, but that’s not working in TP3, which is also our first glimpse of Microsoft’s Docker container compatibility. Again, this is something of a work in progress: you can create and manage Docker containers that are fully compatible with the Docker engine, although that doesn’t mean Windows can run Linux containers — it means you get Docker containers running Windows Server that you manage and orchestrate in the same way as Docker containers running Linux. This keeps Windows Server competitive with the latest developments in building and running cloud-scale systems, and brings the concepts of containers to the wider business market that relies on Windows Server.

But things are still a little rough at the edges. You can create a Docker container using the Docker client (including the command-line syntax) or using PowerShell; but if you create the container with PowerShell you have to manage it with PowerShell and if you create it with Docker you have to continue to manage it with Docker. That’s going to change, but it’s worth knowing to save yourself some headaches. There’s also a preview of the Visual Studio Tools for Docker plugin for Visual Studio 2015 that lets you build a container image that includes the app you’re developing and deploy it straight to your Windows Server 2016 container host.

Shielded VMs

TP3 doesn’t yet have the alternative container option, Hyper-V containers, but it does give admins the tools to work with the new shielded VMs and the new Host Guardian Service role that protects them, in the OS itself or in System Center 2016 TP3.

Shielded VMs are virtual machines that you use BitLocker to protect from administrators, who need to run them but don’t need to see the information inside them, which may be company confidential information above their pay grade — or belong to a customer, in the case of a hoster. The shielded data includes the admin credentials for operating the VM workload, and it’s stored in an encrypted package protected by a virtual secure module (which moves credentials into an isolated, virtualised, high integrity area that even software running with admin privileges can’t access). These features were in TP2, but without the management tools, you couldn’t try them out; now you can test features like creating shielded VMs from signed templates. Working with shielded VMs is slightly harder because, by design, you can’t connect to them from Hyper-V Manager. So if you’re planning to adopt them you’ll want to start testing now to understand the impact on your support team.

Other TP3 enhancements

There are also improvements and new features in many other key areas of Windows Server in TP3. Storage and network virtualisation continue to improve. Storage Replica now works with site-aware stretch clusters while the scalable network controller, L4 load balancer and underlying network fabric bring some key technologies from Azure to your own data centre. Although you can expect to need new network adapters to get the most from them, Microsoft doesn’t expect those to be priced beyond the reach of most large companies.

DNS policies now include response rate limiting, so your DNS server can’t be used for denial-of-service attacks, and DNS-based Authentication of Names Entities (DANE) to prevent man-in-the-middle attacks by telling DNS clients what certificate authority you use.

The GPU virtualisation in Remote Desktop that uses RemoteFX for GPU hardware acceleration in programs like Photoshop now supports OpenGL applications as well. Remote Desktop also gets little features, like using a pen on-screen in remote applications, as well as long-standing requests, like support for Gen2 VMs, plus an interesting new option: Personal Session desktops. That lets you run a specific desktop remote session in the cloud for each user — where they have admin rights, so they can install software or run programs that need admin rights (which developers will require). This uses PowerShell scripts in TP3 for adding admin rights and associating users with a specific session; we’ll get a graphical interface in Server Manager by launch.

That’s the same progression we’ve seen with other features in Windows Server previews, where they’re introduced as PowerShell features and supported later by the management tools. That makes sense given the scope of what Microsoft will introduce in the next version of Windows Server: this is a major release for every area of the OS, that will also offer businesses new ways of working with their servers.

If you’re only looking for cost savings and improvements to what you already do, TP3 is most interesting for the tooling, the improved deduplication, and the new networking features. If you’re considering the more ambitious features like containers and Nano Server, TP3 lets you try out some of that while you wait for the next preview with more new features and increasing maturity of what you see here.