Microsoft Windows Server 2016 is the seventh release of the Windows Server operating system developed by Microsoft. It was developed concurrently with Windows 10 and is the successor to Windows Server 2012 R2. The first early preview version (Technical Preview) became available on October 1, 2014.  Windows Server 2016 was released on September 26, 2016, at Microsoft’s Ignite conference. It broadly released for retail sale on October 12, 2016.
Microsoft Windows Server 2016 is now generally available for use. Its release mirrors contemporary information technology trends of containerization and hybrid connectivity with cloud services. The list of new features in Windows Server 2016 is staggering, but 10 stand out.
Microsoft Windows Nano Server
Nano Server boasts a 92 per-cent smaller installation footprint than the Windows Server graphical user interface. Beyond just that, these compelling reasons may make you start running Nano of your Windows Server workloads:
- Bare-metal OS means far fewer updates, and reboots are necessary.
- The server has a much-reduced attack surface when compared to GUI Windows Server.
- Nano is so small that it can be ported easily across servers, data centres and physical sites.
- It hosts the most common Windows Server workloads, including Hyper-V host.
Microsoft Windows Nano Server is intended to be managed completely remotely. However, Nano does include a minimal local management UI called “Nano Server Recovery Console.
Microsoft is working closely with the Docker development team to bring Docker-based containers to Microsoft Windows Server. Until now, containers have existed almost entirely in the Linux/UNIX open-source world. They allow you to isolate applications and services in an agile, easy-to-administer way. Windows Server 2016 offers two different types of “containerized” Windows Server instances:
- Windows Server Container. This container type is intended for low-trust workloads. Where you don’t mind that container instances running on the same server may share some common resources.
- Hyper-V Container. This isn’t a Hyper-V host or VM. Instead, its a “super isolated” containerized Windows Server. Which t is completely isolated from other containers and potentially from the host server. Hyper-V containers are appropriate for high-trust workloads.
Windows Server Linux Secure Boot
Secure Boot is part of the Unified Extensible Firmware Interface (UEFI) specification. It protects a server’s startup environment against the injection of rootkits or other assorted boot-time malware.
The problem with Windows Server-based Secure Boot is that your server would blow up (figuratively speaking) if you tried to create a Linux-based Generation 2 Hyper-V VM because the Linux kernel drivers weren’t part of the trusted device store. Technically, the VM’s UEFI firmware presents a “Failed Secure Boot Verification” error and stops startup.
Nowadays, the Microsoft Windows Server and Azure engineering teams seemingly love Linux. Therefore, we can now deploy Linux VMs under Windows Server 2016 Hyper-V with no trouble.
The Resilient File System (ReFS) has been a long time coming in Microsoft Windows Server. In Windows Server 2016, we finally get a stable version. ReFS is intended as a high-performance, high-resiliency file system.
Microsoft Windows Server Storage Spaces Direct
Both Windows 8 and Windows Server 2012 shipped with Storage Spaces. Which provides similar functionality to RAID but in software. Windows Server 2012 R2 added the ability to build a highly available storage cluster based on the same Storage Spaces. The one big requirement for this high-availability cluster is making all storage accessible. The JBOD array must also contain SAS drives for their multi-initiator support.
Windows Server 2016 Technical Preview 2 takes Storage Spaces. A step further, with the ability to build a highly available storage system using only directly attached disks on each node. Resiliency across nodes uses the network and the SMB3 protocol. This new feature, called Storage Spaces Direct, also takes advantage of new hardware like NVMe SSDs. While supporting older SATA-based hardware. A minimum of four nodes must be available to create a cluster with Storage Spaces Direct.
Active Directory Federation Services (ADFS) is a Windows Server role that supports claims (token)-based identity. Claims-based identity is a crucial need for single-sign-on (SSO).
ADFS v4 in Windows Server 2016 finally supports OpenID Connect-based authentication, multi-factor authentication (MFA). Microsoft calls it “hybrid conditional access.” This latter technology allows ADFS to respond when a user or device attributes fall out of compliance with security policies.
Windows Server 2016 Nested Virtualization
Nested virtualization refers to the capability of a virtual machine to itself host virtual machines. This has historically been a “no go” in Windows Server Hyper-V. But we finally have that ability in Windows Server 2016.
Nested virtualization makes sense when a business wants to deploy additional Hyper-V hosts.
Hyper-V Hot-Add Virtual Hardware
Hyper-V Server has allowed us to add virtual hardware or adjust the allocated RAM to a virtual machine. However, those changes historically required that we first power down the VM. In Windows Server 2016, we can now “hot add” virtual hardware while VMs are online and running. I was able to add an additional virtual network interface card (NIC).
In Windows Server 2012 R2, Hyper-V administrators ordinarily performed Windows PowerShell-based. In Windows Server 2016, PowerShell remoting commands now have -VM* parameters. Which allows us to send PowerShell directly into the Hyper-V host’s VMs!
The new Host Guardian Service server role, which hosts the shielded VM feature. Which is far too complex to discuss in this limited space. For now, Windows Server 2016 shielded VMs allow for much deeper, fine-grained control.
For example, your Hyper-V host may have VMs from more than one tenant. And you need to ensure that different Hyper-V admin groups can access only their designated VMs. Using BitLocker Drive Encryption to encrypt the VM’s virtual hard disks, shielded VMs can solve that problem.
Now we can conclude that the Windows Server engineering team put huge focus on the following OS subsystems:
Those previous three feature areas also fit hand-in-glove with the Microsoft Azure cloud, not surprisingly. If you haven’t already done so, go ahead and download Microsoft Windows Server 2016.