With Windows Server 2016 expected to ship later this year (likely September), the latest Technical Preview (TP5) is likely to be the last before the RTM build. As such, you can assume it includes all the features that will be in that release.
Instead of finishing all the features and then putting out beta releases, Microsoft has been steadily adding features to each preview (since TP1 in October 2014) and improving them. That means we’ve seen new features in every preview — including very early versions of major new options like containers and the new Nano Server deployment option (both of which get improvements in TP5) — and a steady stream of improvements and refinements to those, as well as interface changes as the technical previews match the changing user interface of Windows 10.
The desktop of TP5 looks like the Current Branch for Business of Windows 10, and the Windows 10 fix that lets you use Connected Standby with Hyper-V installed is also in TP5 (because sometimes you do need to have Windows Server on a laptop).
If you’re using Nano Server, you don’t have a desktop — this is part of the move away from a graphical Windows Server for handling servers at scale, in data centres and in the cloud (public, private or hybrid). Nano Server in Windows Server 2016 is there to host compute and storage clusters (including running DNS), and to run cloud-style applications rather than more traditional server workloads. In TP5 that includes ASP.NET Core with IIS, node.js, Python and Django — which gives you the app frameworks to run a lot of open-source systems designed for cloud. (Microsoft promises more app frameworks for Nano, and we’re hoping that soon includes Ruby, for which compatibility work is still in progress.)
The way you build Nano images has changed, separating the physical host and guest functionality. The recovery console, which is the most basic way to work with Nano Server, now lets you repair Windows Remote Management configuration if you have a problem. PowerShell and WinRM are the main ways to work with Nano, and in TP5 you can run PowerShell directly against Nano Server using PowerShell Direct (so you don’t have to set up PowerShell remoting), including security logging; there are also cmdlets to work with local users and groups. It’s still going to be a jump for admins who are used to graphical interfaces, but the tools to work with this major new piece of Windows Server are definitely evolving.
The Just Enough Administration (JEA) option, which limits what commands you can run, now lets you connect via PowerShell Direct in TP5 (including to Nano Server), securely copy files to and from servers that you’ve locked down and configure the PowerShell console to use JEA by default. This is an evolving toolkit, because not having access to all the admin commands all the time is a new idea. But if you work with confidential data, you’ll want to be experimenting with this.
TP5 specifically adds extra security to protect you from both malicious VMs and malicious (or phished) insiders. We’ve already seen the Shielded VMs that encrypt Generation 2 VMs with a virtual TPM and UEFI so you can use Secure Boot and BootLocker (and dm-crypt for Linux) to stop admins tampering with or extracting information from VMs they host but shouldn’t be looking inside. TP5 lets you convert standard Gen 2 VMs to Shielded VMs and adds a recovery environment so you can troubleshoot them even though they’re encrypted. You can use Shielded VMs with Hyper-V Replica in TP5, as long as the replica server has the right credentials to run the protected VM. You can also switch Attestation between Active Directory and TPM on the host guardian service that protects the VMs, and there are PowerShell Direct diagnostics for finding problems with both the host and the VMs.
If you need a less locked-down option, TP5 includes Encryption Supported VMs that use the virtual TPM for disk encryption and Live Migration encryption. If it’s the VM you don’t trust, host resource protection detects when a VM is trying to attack the host and limits the resource it can use, to stop a malicious VM from taking down your server.
One small but very handy improvement to Hyper-V Manager in TP5: you can enter and save multiple credentials for connecting to remote Hyper-V hosts.
Container support in TP5 improves, from both Windows Server and Docker: with the latest beta of Docker Engine you can share Docker images based on Windows Server through the Docker Hub as well as in private repos. You can also use Docker to manage Windows Server container networking, using software-defined network policies for containers as well as VMs (which is a key part of being able to choose whether to deploy an image as either a container or a VM instead of having to prepare them differently in advance).
Storage Spaces Direct — the software-defined storage system that lets you use commodity disks and SMB3 to provide resilient storage — has been focused on large systems. TP5 makes it easier to use on smaller-scale systems. Cluster Shared Volumes are already isolated from other SMB traffic, but there are now specific workloads for Storage Replica and the Software Storage Bus (which you’ll also see called the Storage Bus Layer, used for Storage Spaces Direct replication traffic). These workloads separate out traffic that uses new features in SMB3 like aggregating bandwidth with SMB multichannel for higher throughput (and to keep the connection up if one network interface fails), and SMB Direct that uses the onboard features of RDMA-enabled network adapters to reduce storage latency without using up server CPU for network I/O.
The software-defined network pieces that we’ve seen arrive in previous previews now give you the tools to dynamically segment and secure workloads using the software load balancer, the distributed firewall and network security groups.
There are more improvements to the Hyper-V switch that’s the basis of software-defined networking in Server 2016: you can now still get RDMA when you use the same NIC for VMs and storage roles (including Storage Replica and live migration), and you can do NIC teaming in a virtual switch, which means you need fewer network cards and the ones you do have you can manage as if they’re part of the switch.
System Center 2016
Along with TP5 comes another technical preview for System Center 2016, focused on hybrid cloud support (and, to a lesser degree, integration with the cloud Operations Management Suite), which you can now use to work with all the data centre virtualisation features in TP5.
This gives you a graphical interface for some of the key Windows Server 2016 features you’ve had to manage using PowerShell up now: deploying, managing, backing up and recovering Shielded VMs and managing the host guardian service that protects the hosts they run on; Storage Replica, managing Storage Spaces Direct clusters and the VMs deployed on them; the entire software-defined networking stack including the network controller, gateway and software load balancer (including gateway pools that use fewer VMs than traditional clusters); rolling upgrades from Server 2012 R2 to 2016 without downtime; managing Nano Server (both hosts and VMs); and taking the new production VM checkpoints for backups, or using the new Resilient Change Tracking to make sure backups and migrations work even if a Hyper-V node crashes.
If you’re working with more than a handful of servers, System Center is likely to be a key tool for managing them — and the emphasis on cloud and Azure Stack in Windows Server 2016 makes that one of the key features. Unlike previous releases, TP5 is a good sign that you’ll be able to use System Center as soon as you want to deploy Windows Server 2016 rather than having to wait a few months for it to catch up after release, because it now covers most of the new features. TP5 is looking stable, with only the occasional rough edges, which puts Microsoft on track for a significant and ambitious version of Windows Server coming out later this year.