What is New in Windows Server 2016: Hyper-V
Windows Server 2016 power-packed with lots of new features and also many of the enhanced features. In this article we will see what is new in Hyper-V theoretically and will cover practically how does it works in upcoming articles.
In Server 2016, Hyper-V has many new features and many other updated features
New Features of Server 2016 Hyper-V:
1. Nested Virtulaization:
Nested Virtulaization means running Hyper-V inside Hyper-V. You can install and run Hyper-V in the VM which is running on the Server 2016 Hyper-V Host. It is really great feature for the testing and deployment scenarios.
Below are the prerequisites to have Nested Virtulaization,
- To run at least Windows Server 2016 or Windows 10 on both the physical Hyper-V host and the virtualized host.
- A processor with Intel VT-x. This Feature is currently enabled only for Intel Processors.
2. Discrete Device Assignment
This Feature allows VMs to directly connect to the Physical PCI Hardware Devices. By Directly connecting the Phsical Devices to VMs will give you more faster results and efficient access.
3. Encryption Support for Generation 1 VMs
Now Operating systems Drives which are created with Generation 1 VMs can have Bit-locker Encryption.A new feature, key storage, creates a small, dedicated drive to store the system drive’s BitLocker key. This is done instead of using a virtual Trusted Platform Module (TPM), which is available only in generation 2 virtual machines. To decrypt the disk and start the virtual machine, the Hyper-V host must either be part of an authorized guarded fabric or have the private key from one of the virtual machine’s guardians. Key storage requires a version 8 virtual machine.
4. Adding and removing Network Adapters and Memory made simple
In previous versions, for adding and removing NICs, Memory upgrades required VM shutdown. it is required downtime from the application hosted in the VMs. In Server 2016, it made easier and not required any downtime. You can do that while VM is in running state.
This works for generation 2 virtual machines that run either Windows or Linux operating systems.This works for both generation 1 and generation 2 virtual machines, running Windows Server 2016 or Windows 10.
5. Networking Features
- Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET).
SET is an alternative NIC Teaming solution that you can use in environments that include Hyper-V and the Software Defined Networking (SDN) stack in Windows Server 2016. SET integrates some of the NIC Teaming functionality into the Hyper-V Virtual Switch.
SET allows you to group between one and eight physical Ethernet network adapters into one or more software-based virtual network adapters. These virtual network adapters provide fast performance and fault tolerance in the event of a network adapter failure.
SET member network adapters must all be installed in the same physical Hyper-V host to be placed in a team.
you can use Windows PowerShell commands to enable Data Center Bridging (DCB), create a Hyper-V Virtual Switch with an RDMA virtual NIC (vNIC), and create a Hyper-V Virtual Switch with SET and RDMA vNICs
Refer the article for more details
- Virtual machine multi queues (VMMQ).
It Improves on VMQ throughput by allocating multiple hardware queues per virtual machine. The default queue becomes a set of queues for a virtual machine, and traffic is spread between the queues.
- Quality of service (QoS) for software-defined networks
Manages the default class of traffic through the virtual switch within the default class bandwidth.
6. Compatible with Connected Standby
When the Hyper-V role is installed on a computer that uses the Always On/Always Connected (AOAC) power model, the Connected Standby power state is now available.
7. Host Resource Protection
This feature prevents VM to use more than it is assigned. It is very helpful for the Host Server for preventing the performance of the Host or other virtual machines.
By default, this feature is disabled. Run the below command to enable the feature.
Set-VmProcessor -EnableHostResourceProtection $true
For details about the cmdlet, see Set-VMProcessor.
8. Linux Secure Boot
Linux operating systems running on generation 2 virtual machines can now boot with the Secure Boot option enabled. Ubuntu 14.04 and later, SUSE Linux Enterprise Server 12 and later, Red Hat Enterprise Linux 7.0 and later, and CentOS 7.0 and later are enabled for Secure Boot on hosts that run Windows Server 2016. Before you boot the virtual machine for the first time, you must configure the virtual machine to use the Microsoft UEFI Certificate Authority. You can do this from Hyper-V Manager, Virtual Machine Manager, or an elevated Windows Powershell session
Set-VMFirmware VirtualMachineName -SecureBootTemplate MicrosoftUEFICertificateAuthority
9. Production Checkpoint
Production checkpoints are “point-in-time” images of a virtual machine. These give you a way to apply a checkpoint that complies with support policies when a virtual machine runs a production workload.
For Windows virtual machines, the Volume Snapshot Service (VSS) is used. For Linux virtual machines, the file system buffers are flushed to create a checkpoint that’s consistent with the file system.
For the more details, Please refer the Article
10. Hyper-V Cluster upgrade from Server 2012.
Upgrading cluster from previous versions has made simple.. You can add Server 2016 Hyper-V node in the existing Server 2012 Cluster and remove the server 2012 Hyper-V nodes one by one posting adding the Server 2016 Hyper-V nodes.
Till you have server 2012 Nodes in the cluster, Cluster will behave with Server 2012 Functionalities and you need to upgrade the cluster Funcationlelvel using the command Update-ClusterFunctionalLevel.
Note: Once you updated the cluster functional level to Server 2016, You can not add Server 2012 Hyperr-V nodes again in the cluster.
For a Hyper-V cluster with a functional level of Windows Server 2012 R2 with nodes running Windows Server 2012 R2 and Windows Server 2016, note the following:
- Manage the cluster, Hyper-V, and virtual machines from a node running Windows Server 2016.
- You can move virtual machines between all of the nodes in the Hyper-V cluster.
- To use new Hyper-V features, all nodes must run Windows Server 2016 and the cluster functional level must be updated.
- The virtual machine configuration version for existing virtual machines isn’t upgraded. You can upgrade the configuration version only after you upgrade the cluster functional level.
- Virtual machines that you create are compatible with Windows Server 2012 R2, virtual machine configuration level 5.
After you update the cluster functional level:
- You will get enabled with new Server 2016 Hyper-V features.
- To make new virtual machine features available, use the Update-VmConfigurationVersion cmdlet to manually update the virtual machine configuration level. For instructions, see Upgrade virtual machine version.
- You can’t add a node to the Hyper-V Cluster that runs Windows Server 2012 R2.
For more details, Please refer Hyper-V Cluster Upgrade
11. Start order priority for Clustered Virtual Machines
This feature gives you more control over which clustered virtual machines are started or restarted first. This makes it easier to start virtual machines that provide services before virtual machines that use those services. Define sets, place virtual machines in sets, and specify dependencies. Use Windows PowerShell cmdlets to manage the sets, such as New-ClusterGroupSet, Get-ClusterGroupSet, and Add-ClusterGroupSetDependency.
12. Shielded Virtual Machines
Shielded virtual machines use several features to make it harder for Hyper-V administrators and malware on the host to inspect, tamper with, or steal data from the state of a shielded virtual machine. Data and state is encrypted, Hyper-V administrators can’t see the video output and disks, and the virtual machines can be restricted to run only on known, healthy hosts, as determined by a Host Guardian Server.
For more details, please refer Guarded Fabric and Shielded VMs.
13. Virtualization-based security for generation 2 Virtual Machines
Virtualization-based security powers features such as Device Guard and Credential Guard, offering increased protection of the operating system against exploits from malware. Virtualization based-security is available in generation 2 guest virtual machines starting with version 8.
14. Windows Containers
Windows Containers allow many isolated applications to run on one computer system. They’re fast to build and are highly scalable and portable. Two types of container runtime are available, namely Windows Container and Hyper-V Container. Windows Server Containers use namespace and process isolation. Hyper-V Containers use a light-weight virtual machine for each container.
Key features include:
- Support for web sites and applications using HTTPS
- Nano server can host both Windows Server and Hyper-V Containers
- Ability to manage data through container shared folders
- Ability to restrict container resources
Refer the Windows Container Documentation for more details.
15. Windows PowerShell Direct
Now using server 2016, You can run the PowerShell commands from the Host to Virtual machines directly. Which means that it doesn’t required any Firewall ports and remote management configurations. Windows PowerShell Direct addresses this by providing a powerful scripting and automation experience
Refer the Windows PowerShell Direct for more details.
Addition to the above new features, it has few updates for the existing Server 2012 Hyper-V features.
1. Hyper-V Manager Improvements
- Alternate credentials support
Hyper-V 2016 allows you to key alternative credentials to connect to different Hyper-V 2016 Hosts and that can be saved for next time connect which is easier for administrators to connect again later on without keying it again.
- Manage earlier versions
Using Hyper-V 2016 Hosts, You can manage earlier versions of Hyper-V Hosts like server 2012,Windows 8 and windows 8.1 and windows 10
- Updated management protocol
Hyper-V Manager now communicates with remote Hyper-V hosts using the WS-MAN protocol, which permits CredSSP, Kerberos or NTLM authentication. When you use CredSSP to connect to a remote Hyper-V host, you can do a live migration without enabling constrained delegation in Active Directory. The WS-MAN-based infrastructure also makes it easier to enable a host for remote management. WS-MAN connects over port 80, which is open by default.
2. Integrated services tools getting delivered through Windows Update
It is another pain area for the Hyper-V Administrators.Installing Integrated Services for guests required down time and we need to install manually. Wherein Server 2016 Hyper-V enables to deliver the tools using Windows Update. So manual installation is not required.
3. Shared Virtual Hard Disks
You can now resize shared virtual hard disks (.vhdx files) used for guest clustering, without downtime. Shared virtual hard disks can be grown or shrunk while the virtual machine is online.
Guest clusters can now also protect shared virtual hard disks by using Hyper-V Replica for disaster recovery.