Microsoft is continuing its steady progress on Windows Server 2016, and Technical Preview 4 (TP4) introduces more significant features. The headline addition in TP4 is Hyper-V Containers. Think of these as mid-way between the Docker-style Windows Server Containers introduced in TP3 and familiar virtual machines; they’re lightweight containers but they run inside a lightweight virtual machine, so they have kernel isolation rather than just namespace and process isolation. That’s useful for isolating potentially malicious code if you’re a hoster running code for customers that you may or may not be able to trust. It could also prove useful for compatibility on systems where you don’t need the full isolation of VMs, but you also need a different version of the kernel for different containers that you’re running.
The difference isn’t in the containers themselves, but in how Windows Server runs them. You can load the same container as either a Windows Server container or a Hyper-V container — you just specify in your PowerShell command that you want ‘-RuntimeType Hyper-V’. If you already have a Windows Server container running Nano Server, you can convert that to a Hyper-V container with the Set-Container command. You can create Hyper-V containers with the Docker command line as well.
You’ll see VM Worker processes for each Hyper-V container you run, but the containers don’t show up in the Hyper-V Manager, because you can’t work with them as VMs. The experience is little changed from working with Windows Server containers in TP3; you’re using PowerShell or Docker commands at the command line.
To make Hyper-V containers work, Microsoft had to finally deliver nested virtualisation, which is hugely useful for more traditional virtualisation as well — you can finally run Hyper-V inside Hyper-V. That’s ideal for devtest, but it will also make it easier for anyone developing training materials for a virtualised environment.
TP4 also includes Discrete Device Assignment (DDA), which lets you pass PCI Express devices directly to a guest VM. That’s how SR-IOV (Single-Root Input/Output Virtualization) already works in Windows Server 2012, but DDA makes this available more broadly — in particular for NVMe-connected SSDs and for GPUs, and possibly for USB 3.0 and RAID controllers. This is still an emerging area and the number of devices that will be officially supported looks to be quite low (it’s not particularly easy to find out which devices even work and older BIOSes are unlikely to support this). And you have to work entirely in PowerShell, rather than in the Hyper-V Manager. But DDA looks ideal if you want to give a VM direct access to fast storage and GPUs — for running Photoshop or video-editing software, or CUDA-based software in a VM, for example. Initially it’s for Windows VMs, but Microsoft is contributing support to the Linux kernel, so it will appear in Linux distributions in due course.
With TP4, Nano Server goes from a technology demonstration to something you can actually start evaluating. It’s far easier to install as well, with PowerShell scripts for creating Nano Server images included in the TP4 ISO. Nano Server images are very small, so they’re fast to copy around your network, and they boot very quickly.
If you try and log in to Nano Server you’ll still see the minimal recovery console, but as well as using PowerShell remoting to work with Nano Server, you can use WMI and Windows Remote Management, or the Emergency Management Services (in an emergency). The new web-based Remote Server Management Toolkit, which runs on Azure and replaces Server Manager, Event Viewer and the other tools you normally use when you’re logged into a server directly, is still in private preview. So is the management gateway you’ll use to connect to your own servers if they’re behind a firewall or NAT. RSMT will manage servers on your own network or in AWS, Rackspace or any other hosting provider, and you’ll be able to run that on the Azure Stack — but as you need Windows Server 2016 to run Azure Stack, you’ll have to wait to try it out.
There are a lot more PowerShell commands for working with Nano Server now — instead of a couple of hundred, there are over a thousand. Those include options for installing the IIS or DNS roles on Nano Server (although be aware that you can’t use Nano Server as a domain controller in TP4), in addition to the existing Hyper-V, file server and failover clustering roles. You can also use Desired State Configuration to control Nano Server setup and PowerShell package management, to get scripts, container images and other components. If you’re working on software to run on Nano Server, you can also target the Nano Server SDK in Visual Studio, so you know what features are supported.
Cloud-inspired storage and networking
We don’t yet know about the editions of Windows Server 2016 beyond Standard and Datacentre, but we do know that those editions both shift to a per-core rather than per-CPU licensing model, which will affect the number of licences you need if you have more than eight cores per processor or more than four CPUs per server.
As expected, the features that are designed for running a private cloud or hosting service using software-defined network, storage and compute — shielded virtual machines, the host guardian service (both of which are easier to work with in this preview) and the network fabric — will only be in the Datacentre Edition. The same goes for the Azure-style storage features: Storage Replica, which we’ve seen in previous technical previews, and Storage Spaces Direct, which lets you use NVMe and SATA SSDs to build scale-out file server using an Azure-style storage pool that should be fast, reliable and cheaper than the equivalent SAN because you use direct-attached disks in JBOD enclosures. These features are most useful for large environments where Datacentre is the obvious choice, and they’re easiest to work with in System Center 2016 (which is also at TP4 stage). You can try them out in TP4, but remember that you’re experimenting with features you won’t see in the Standard edition.
There are other storage improvements in TP4, including Storage Health Service, which now lets you see the state of a whole cluster at once. And when you set Storage Quality of Service you now have more controls, like setting the maximum bandwidth for a VHD/X.
As with previous technical previews, TP4 is for evaluating the next Windows Server and seeing how you’ll be able to take advantage of the new features. Along with plenty of ‘quick win’ improvements — like limiting access with the Just Enough Administration option, which can now also limit admin rights on domain controllers and server maintenance roles in TP4 — there are some significant new capabilities that you’ll want to plan for in Windows Server 2016.
Microsoft hasn’t really started on tuning the performance of the OS, but we have noticed that boot times, especially for Nano Server, are significantly improved. You’ll see some of that with gen 1 VMs, but especially if you use gen 2 VMs instead. Look for the real performance improvements to come between now and when Windows Server 2016 ships (which Microsoft says is “expected in Q3 of 2016”).
Read more about Windows Server 2016