Windows Server 2016 has been out for a year now, the “we’ll wait for the first service pack” delay is behind us, and there are clear features in Windows 2016 that enterprises are adopting and integrating into their network environment. Here’s a look at five of those features.
Windows Server 2016 as the base server operating system
This isn’t a specific “feature” in Windows 2016, but there’s an overall general acceptance by enterprises deploying Windows Server applications to install them on the latest Windows Server 2016 operating system.
Enterprises have realized that installing new systems on older builds of operating systems means that a core operating system upgrade will have to be conducted in the next year or two. With the proven reliability, stability and application compatibility support found with Windows Server 2016, the latest OS fully patched and updated has become the standard any time a new server needs to be deployed.
For organizations that have traditionally implemented clustered servers, Hyper-V live migration technologies, and Distributed File System (DFS) file replication, the Hyper-Converged Infrastructure (HCI) built into Windows Server 2016 is an integrated roll-up of all of these solutions intended to provide high availability of Windows Server services.
Instead of having two to three separate services (and even third-party SAN storage replicas) running for high availability, Microsoft has built all of this into Windows Server 2016 so that an organization can have typically four or more servers with internal hard drives all meshed together with integrated redundant services.
HyperV spans all of the servers in the HCI cluster so that workloads automatically failover between servers (either in the event of a system or service failure or during a rolling patch/update process). Storage Spaces Direct (S2D – more on this in the next section) provides RAID-like storage redundancy and recoverability across multiple drives and multiple servers for extremely fast and highly available storage.
And software-defined networking (SDN) provides high-speed networking between HCI cluster nodes for traffic isolation without the need for applications to constantly go “out” of the network to other servers across a LAN, but instead keep the traffic internal to the HCI network for extremely fast application to application communications.
Storage Spaces Direct (S2D)
A key component of the HCI that can be broken out and implemented just as high speed/highly available storage is Storage Spaces Direct. With IT spending on storage area networks (SANs) being one of the top continuously growing expenditures for enterprises, S2D has provided enterprises a way to get high-speed Disk I/O and redundancy without further investment in expensive SANs.
S2D runs off Windows Server 2016 systems with server disks — a typical HP- or Dell-type rack server is all that is needed. Many organizations have found that as they have moved their Exchange email servers to Office 365 over the past year or two, that they have several servers lying around in the data center that are idle. Those servers have been perfect candidates to deploy S2D and extend storage capacity for the enterprise with little to no additional investment — and get SAN-scale capacity and performance.
Privileged Access Management for Active Directory
With heightened awareness on security, the new Privileged Access Management (PAM) for Active Directory provides a built-in solution for organizations to provide “just enough administration” processes to address network administration controls. For many enterprises, PAM replaces expensive third-party solutions purchased to do the very thing that PAM provides or eliminates the need for organizations to go out and buy, implement and integrate a complex third-party solution.
PAM enables enterprises to isolate the use of privileged accounts of various administrators in the enterprise. So instead of giving full Domain Administrator access to dozens of users, an organization can assign specific access to specific users for a specified length of time.
PAM builds off a framework that Microsoft is continuing to extend in rolling updates to Windows Server 2016 and in the Microsoft Azure cloud to provide Privileged Identity Management across all of Microsoft’s on-premises and cloud services.
Better time accuracy to 1ms with Windows Server 2016
Ten years ago when the networking world was focused solely on internal networks and servers, as long as the time on servers was within 5-10 minutes of each other, the network worked fine. And at that, domain server replication didn’t particularly care about the time of the outside world as long as all of the domain controllers inside the network were relatively in sync.
However, these days with stretched networks to cloud services, and with Active Directory being authoritative to SaaS and PaaS applications hosted around the globe, timesync of a LAN with the rest of the world is more critical.
For example, if a user submits a time entry in a SaaS application where the time is off by a few minutes from an on-premises ERP system, the discrepancy can cause automated approval processes to fail. Or when an organization uses Kerberos across multiple realms (cloud-based, data center-based, mobile device-based) and the time is off even by 1 second, a Kerberos authentication ticket can be rejected and cause a user to get logon or authentication errors.
And as organizations create hybrid networks between on-premises Active Directory and cloud-based public networks such as Microsoft Azure, resources running across data centers on extreme time-sensitive applications such as banking systems, GPS-driven transportation or telecommunications systems, even a fraction of a second variance can cause applications to fail.
Windows Server 2016 brings time accuracy down to within 1ms, and upcoming rolling updates to Windows 2016 will bring global time accuracy in Windows Server to even greater levels of accuracy across all Windows domain controllers, servers and applications.
While Windows Server 2016 hasn’t had as big a “splash” as early releases of Windows Server that introduced Active Directory or HyperV virtualization, the deployment of Windows 2016 by enterprises for business workloads has been consistent with broad acceptance to the latest Windows server operating system as “the” reliable, dependable, standard OS for Windows Server application deployments. And as these core new features in Windows Server 2016 add value to what organizations are looking to accomplish in terms of security and cost control of their networks, the new functionality in Windows 2016 have been of great benefit to enterprises.
Additionally, as Microsoft rolls out updates to the server operating system, while there remains hesitance to openly accept the rolling updates, the opportunity to get new functionality rather than having to go out and buy/implement third-party solutions to achieve the same or similar functionality is appealing. I’ll have more on the actual real-world experiences on rolling updates as actual releases of new features are made available in upcoming months.