In the previous article, Mike went over the most exciting new features of Hyper-V 2016 TP4 at the time. However, since its Technical Preview stages it went through some changes and not every feature made it to the GA in its initial form or intended way. Windows Server 2016 has been fully available since the end of 2016 and there were some features left out in the article that are still interesting and quite important.
Networking is perhaps the most extensively updated and extended technology of Windows Server 2016. It has so many aspects improved that it would take another article to go over all of them! In this overview, I would like to point out one of the most helpful features that should improve performance, save money and ease up the work for admins at the same time — Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET).
Previously, you couldn’t use NICs that were already in Hyper-V Virtual Switch or NIC team to implement RDMA, so you’d have to add an additional physical NIC into the host configuration to allow for RDMA-enabled storage. Now, it can all be done through the same network adapter thanks to the improved Hyper-V Virtual Switch technology. Additionally (but not necessary for RDMA), a Switch Embedded Teaming is also integrated into Hyper-V Virtual Switch and is a variant of NIC teaming, allowing you to group your host’s physical NICs into one or several vNICs, thus improving the Availability of network resources in case one of the physical adapters malfunctions.
Check out the full list of network improvements.
Encryption support for the operating system disk in generation 1 machines
There are still plenty of generation 1 VMs out there that don’t support the newest integration with virtualized Trusted Platform Module (TPM), used for encrypting your valuable data. To avoid leaving anyone behind, Microsoft has added an ability to still have BitLocker encryption on old gen machines by using Key Storage drive. It is a small 42 MB drive attached to an IDE controller on the virtual machine, acting as a substitute for the vTPM chip or storing a key on a USB stick. After you prepare the drive in the OS, it is ready to store BitLocker’s info. Although this is not the same level of protection as with generation 2 machines, it could still help to encrypt valuable information from offline attacks.
Virtualization-based security for generation 2 virtual machines
Starting with Hyper-V on Windows Server 2016, virtualization-based security or VBS is available for generation 2 machines. It is one of the founding blocks of the Device Guard feature — a new line of defense against more advanced malware attacks. Despite the name, VBS is a hardware-based security feature that helps your guest VMs to be protected on the deepest level of OS — its kernel. It works in tandem with code integrity policies set via Device Guard, so even if malware tries to get to the system’s core or access memory, the hypervisor will make its mission incredibly hard. But, before rushing into this wonder you need to make sure your hardware, firmware and software is up for the task, so go ahead and check the requirements.
Also, get a deeper look into the Device Guard features.
Host resource protection
This feature’s name pretty much says it all — you are now able to set an additional resource threshold on a host-wide level. If any VM starts going out of the set resource consumption bounds, the Hyper-V host will limit its share of resources so that other VMs can continue to function without the disruption. This feature will come in handy in situations where you don’t have a lot of resource overhead and need to make sure each VM has enough resources to properly function. Also, cloud hosting environments can benefit from it since they only need to worry about the resources and not the VM role.
As of now, host resource protection allows you to manage only the vCPU department, but it might extend to other hardware resources in the future. It is disabled by default, but you can enable it with a single PowerShell command:
Set-VMProcessor -EnableHostResourceProtection $true
The “Set-VMProcessor” cmdlet itself is not new for Hyper-V — it allows you to apply similar vCPU limitations but only to a particular VM instead of the whole host. See the full list of parameters.
Storage quality of service (QOS)
This is another regulatory feature that lets you monitor, measure and limit the storage IOPS of the VMs. It is applicable to Scale-Out file servers or your regular Cluster Shared Volumes, requires Failover Cluster to work and is also handy in cloud environments. The reasoning behind this is that it is presented as another resource of the Failover Cluster, giving it all the power to automatically monitor the performance and enforce storage policies to lawbreaking VMs. Admins can deal with the “noisy neighbor” problem when one VM/tenant would consume more resources that it needs, thus literally affecting his neighboring VMs/tenants to the point where they start to struggle with basic operations. That way everyone can get their minimum IOPS for optimal performance but won’t go crazy on the storage if something happens.
Shared virtual hard disks is a feature that allows you to share a disk between VMs grouped in the guest cluster to achieve better redundancy with applications like SQL Server or server roles like File Server. It had rather inconvenient restrictions that required a good portion of planning before you’d go on and deploy this solution. You couldn’t resize the disk after its creation or migrate it and no native backup and replication options were available either. Now you should be able to change the size of such shared disks on-the-fly and use native Hyper-V Replication tools! You get a dedicated option when creating shared disks in Hyper-V 2016 (see Figure 1).
Although as of now it looks like there might be a bug regarding the replication portion, Microsoft is currently working on the fix. You can check the progress in this forum thread where Veeam specialists and customers are working together on getting the solution from Microsoft.
Start order priority for clustered virtual machines
Startup Priority GUI option was first added in Hyper-V 2012 and allowed you to set a value for the startup procedure of each VM in the Failover Cluster (see Figure 2). It had four levels with which you could balance out the startup load in case of a failover event.
However, you couldn’t set up any sort of dependencies between the roles with this option and that’s the functionality this update brings. Now, you can create sets of VMs that would depend on other sets to start first, rather than start on their own. The most common example is SQL server set waiting for DC set to start up first. Even if all servers are offline and you try to launch SQL server manually, the associated DC set would be triggered to start first.
Be advised, that no GUI option is available and to set this up, you would need to do this through the PowerShell only.
Compatibility with Connected Standby
Connected Standby was first introduced in Windows 8 and took an inspiration from mobile devices with their outstanding ability to stay always connected to the internet to update apps in the background while keeping energy levels close to a sleeping state. The main benefit is that it allows the device to wake up instantly and continue working on whatever it is you’ve been doing with no delay whatsoever. And now, you can also get this with Hyper-V running on Windows Server 2016 — you just need to check that your computer has required hardware that supports an Always On/Always Connected power model.
To quickly check what power models your system supports, type “powercfg /a” in PowerShell or Command Prompt and you will get a list of all available modes.
After going GA in October 2016, some of the features have changed. For example, Nano Server was decided to be stripped of all infrastructure-related features and shifted its application towards containers only. Despite any deviations and changes, these features make Hyper-V ever more powerful and flexible in its implementation and Microsoft will continue to improve this platform to ensure its foothold on a virtual market.