Speaker: Jeff Woolsey, Principal Program Manager
- Layered security for emerging threats: Jeff has been affected by 4 of the big, well publicised hacks. CEOs are being fired because of this stuff now.
- Build the software-defined data centre
- Create a cloud-optimized application platform
Security in WS2016
- Long laundry list of features: Defender, Control Flow Guard, Devices Guard, Credential Guard, Remote Credential Guard.
- Shielded VMs – you don’t trust the operators
- vTPM – encrypt the disks
- JIT Administration
- Compute: rolling upgrades with no downtime, hot/add remove, more resilient to transient storage, compute, network issues.
- Network: Azure code brought to Windows Server 2016: SDN scale and simplicity. L4 load balancer, distributed data centre firewall.
He tells a very funny story on RAM support: 24 TB physical, and 12 TB RAM in Hyper-V VMs.
- Storage: Hyper-Converged, Storage Replica, cluster wide QoS
- RDS: Lots there too.
Built into WS2016 Datacenter edition: Storage Spaces Direct (S2D). Uses SATA, SAS, SSD, and NVME, Working with storage industry to add new flash types.
- Cloud design points: used in Azure Stack
- RDMA at the core for performance and latency benefits.
- Simplifying the datacenter: Add servers to add compute and storage capacity. No more SAN network. Storage controller is s/w.
Working on adding NVDIMMS: Intel Persistent Memory. Not as fast as real memory, but you can add lots of it in, e.g. 100 TB of “RAM”. Supported in WS2016 and SQL Server 2017 and later.
SATADOM is supported in WS2016 and later. It’s flash but its attached to a SATA connector (see image below). The idea is to do the “boot from USB” to free up a drive bay. This tiny drive plugs directly onto the SATA controller on the motherboard. Faster than USB/SD boot and more reliable.
Cloud Ready Application Platform
- Windows Server Containers: The next generation of compute, following virtualization. Both are different techs, and going forward, both will probably exist. But containers will be the tech of choice for deploying applications: speed, ease of deployment, better densities, and more performance.
- Nano Server: Ideal for the microkernal in Hyper-V Containers
- Automation: PowerShell 5.0 and DSC
Now on to the new stuff
Azure File Sync
Klaas Langhout comes on stage.
Back to Jeff. He asks Klaas if customers access the shares any differently on prem. Nope – it’s the same old file share and any Azure connectivity/tiering/sync is hidden.
Windows Defender Advanced Threat Protection (WDATP)
Using cloud intelligence to protect Windows.
- Built into Windows Server
- Behaviour-based, cloud-powered breach detection
- Best of breed investigation experience
- And more
You can sign into the Windows Defender Security Center to analyse activity to do forensics on an attack or suspicious activity, and learn how to remediate the attack.
Modern, Remote Management for Windows Server
Honolulu will remain a free download outside of Windows Server – expect updates every month.
FAQ on Honolulu
- Price: Free
- Edge, Chrome, Safari on Mac and more to be tested.
- Installs on WS2012 R2 and later, Windows 10.
- Manages Hyper-V Server 2012 and later and WS2012 and later.
- Azure is not required.
- AD is not required either.
- Security: HTTS LAPS, Delegation
- Configuration: No IIS, Agents not required. SQL not required. If you are pre-2016. you have to install WMF 5.1.
- Positioning: Evolution of “in-box” tools. Does not replace System Center. Complementary to SycCtr, OMS, RSAT. Hopefully will eventually replace MMC-based RSAT.
- Feedback: Via Windows Server UserVoice.
- Extensions: It’s plugable, with alpha SDK today.
On to the next release of Windows Server, coming in October.
- Container-optimized Nano Server image increase container density and performance.
- .NET Core 2.0
- SMB Support for containers
- Linux Containers with hyper-V isolation
- Windows Subsystem for Linux – to manage the above primarily
Where to Start With Containers
- Containerize suitable existing applications. GUI-based apps aren’t suitable.
- Transform monoliths into microservices, with new code and transforming existing code.
- Accelerate new applications with cloud-app development.
Windows Server Insiders is a program to beta test and learn the new stuff in the semi-annual channel.
Post 1709 Improvements
- Honolulu integration
- Shielded Linux VMs
- Guest RDMA
- Honolulu integration
- Encrypted virtual networks
- NTLM no longer required
- SMB1 Disabled by default
- and more
- S2D Support for NVMe
- S2D support for NV-DIMMs
- Dedupe for ReFS
- Cluster Sets to enable large scale HVI
- Storage Replica test failover
- Scoped volumes
- Something on multi-resilient volumes