Deep dive on Windows Server 2019 updates


(electronic music) – Coming up, we look at the
upcoming Windows Server 2019, from major advances in managing hyper-converged infrastructure, support for storage class memory, as well as deduplication coming to ReFS, new hybrid integration
between Windows Server data center and Azure with
the Windows Admin Center. The security enhancements including support for Linux, shielded VMs, and more. (electronic music) I’m joined again today
by Jeff Woolsey, welcome. – It’s great to be back. – So each time we have you on the show, things always seem to get better and we’ve seen some important
Windows Server milestones from the work done in Windows Server 2016 followed by the semi-annual
channel releases, version 1709 and 1803. It’s optimized containers
on Windows Server with Nano Server and Server Core. The new Windows subsystem for Linux and of course, Project Honolulu, now officially named
the Windows Admin Center for Local Cloud Remote Server Management. But how do things evolve
further in Windows Server 2019? – Well with Windows Server 2019 we’re continuing our commitment
to hybrid integration based on your feedback. We know that many of you
are focused on integrating your on-premises data
centers with the cloud so whether you’re running
Windows Server in Azure or on-premises in Azure Stack, or using a Windows Server
software defined solution on-premises, we wanna give
you consistency throughout. – Now recently we’ve talked about the long-term servicing channel releases and semi-annual channel release, but what category does
Windows Server 2019 fall into? – Windows Server 2019
is our next big release that uses the long-term
servicing channel or LTSC. Remember, the LTSC is
great for traditional apps like SQL Server, Exchange,
Sharepoint, and SAP. It’s also great for hyper
converged infrastructure and comes with five
years mainstream support and five years of extended support. Windows Server 2019
includes all the innovation we delivered in the
semi-annual channel releases which occurred after Windows Server 2016 and brings it to the LTSC. This means Windows Server
2019 is a great release for both application innovation
and traditional deployments. And, of course, we’re
focused on hyper converged with hybrid integration where
we’re simplifying management with Windows Admin Center and enabling easy integration with Azure. – Now that sounds awesome, lots of improvements across
a number of areas there, especially when it comes
to hyper converged. Which I know, managing
this type of configuration has been a pain point for a lot of people, so what are we doing there? – Well, hyper converged is
a big area of focus for us. If you look back five years or more, you’d start with building a rack and that would start with servers. Then you’d buy a storage
solution and configure iSCSI or fiber channel storage fabric, which also meant purchasing
fiber channel switches. Next, you’d probably buy
some network appliances like gateways, firewalls, load balancers, VPNs, and add a top of rack switch. With hyper converged infrastructure, we create an elegant solution
using mainstream servers, ethernet switches, and software. Here you can see servers
populated with local, fast storage attached
via standard ethernet coupled with the magic of
software defined compute storage and networking which provides those same capabilities
in a smaller footprint, at a lower cost and
delivered as a certified, validated Windows Server
software defined solution. – So, do we have to wait
for Windows Server 2019 to take advantage of this? – Oh, definitely not. WSSD solutions are popular and they’re available today, right now. And if you’re interested, you
can check out the WSSD page and choose a hyper converged solution from the dozens of options available for Windows Server 2016. And of course, our partners
are already working with us on Windows Server 2019 solutions and the new features
we’re introducing there. – Nice, so what are some of
those new features we’ve added? – Well, let’s start with storage. Windows Server has included granular, block-based deduplications in Server 2012. With block based deduplication, a file is divided into smaller blocks and checksummed into chunks. And identical chunks
with the same checksum are stored only once. Because block based
deduplication goes sub-file, it’s very efficient as opposed
to file based deduplication, which generally just looks at
the file name, date, and size. Now previously, Windows
Server deduplication has been limited to
NTFS formatted volumes. Well, no more. Windows Server 2019 brings deduplication to ReFS formatted volumes. So, let me give you a quick demo here with Windows Admin Center. – Sounds good. – Here, we have a setup,
a cluster shared volume, c:ClusterStorage. And you can see there are two folders, one here with deduplication
enabled and one without. Let’s start by taking a
look inside the folder with deduplication. Here you can see, it’s filled
with a variety of data types. Now we know from deep
interactions with our customers that these are all very common and there’s a very good chance your storage looks pretty similar. Here we have SQL databases, websites, and about 20 virtual hard disks. Hyper-V VMs varying in size from seven to 20 gigabytes each. Now, let’s also compare
this with the other folder. Let’s go to the one without deduplication. Again, here we have SQL
databases, websites, and again, 20 virtual hard disk for VMs varying in size from seven
to 20 gigabytes each. You can see, it’s an exact copy. Now, let’s switch from the
single view of server manager to the hyper converged cluster manager where we get a view of
everything in this cluster. Now here we can see in the volume view, let’s take a look at the inventory view. And notice immediately,
the red alert by the volume not using dedup while the
one using dedup is just fine. You’ll notice that both volumes
are formatted with ReFS, both using three-way mirror resiliency, and both volumes are the same size. If you look at the storage usage you can see that the volume
not using dedup is 92% full and the reason for the red alert. Let’s click on the volume
and get further details. Here you see, if I click to view details, there’s further information and a suggestion to resize the volume, delete unwanted files, or
move files to another volume. Now, let’s close this and
let’s take a detailed look at the dedup volume. So again, this volume is exactly
the same as the other one except this one is using
Windows Server’s awesome block-based deduplication. You can see all here is good. Here’s the path and in fact you can see that only 5% of storage is used. Look at all of that free space. Of course for the folks
that wanna take a look at PowerShell for our PowerShell fans, you can type Get-DedupVolume
and see the 94% savings rate. Just like that. – Awesome stuff, Jeff. There’s some incredible savings there. And what I’m seeing is
that Windows Server 2019 really does provide
the best of all worlds: efficiency, resiliency, performance, and deduplication all built in. Which is impressive in itself but is there more with storage? – Oh yes, a lot more. Over the past few years we’ve seen the growth of Flash storage everywhere. In addition, Flash has gotten faster and to do that, the industry
has had to change the way Flash connects to your computer. First, Flash was connected via USB. Then USB got too slow so
Flash was connected via SATA and SaaS and those
interfaces got too slow. Next, PCI was used and
then a whole new connection was created called NVMe. – And NVMe stands for
Non-Volatile Memory Express, which is currently the fastest Flash-based storage available. – That’s right. That’s the current fastest
Flash-based available. Each time we change
the connection, though, and we’re moving the
Flash closer and closer to the processor, we’re
doing this to reduce latency and increase performance. Now, we have memory that
plugs into a a memory socket, a DIM socket sitting right
next to the processor called storage class memory. Storage class memory can be
configured to look like memory, it can be treated like an
insanely fast storage device, or it can even be segmented to do both based on the use case. For hyper-converged infrastructure, storage class memory can be
used as an intelligent cache for storage spaces
direct to reduce latency and drive up performance to new heights. – So using storage class
memory to reduce latency, drive up storage
performance all sounds great but doesn’t that add extra stress to the networking layer to keep up? – You’re absolutely right. In a hyper converged environment, when a write to storage happens, one storage write occurs locally and two writes occur remotely to two other nodes synchronously. This means that the CPU
has to perform these writes which can easily consume two
cores on a 10 gigabit network or eight cores on a 40 gigabit network. That’s why we prepared
for this six years ago by investing in Remote
Direct Memory Access or RDMA. RDMA allows us to perform this operation using RDMA enabled network adapters, thus freeing up CPU cores
for doing actual work. With Flash spreading everywhere
and now to the DIM socket, you need to have RDMA to keep up. Windows Server RDMA leads
the industry supporting 10, 40, 50, and 100
gigabit ethernet today. And we’re already testing, get this Matt, 400 gigabit ethernet and we’re working with
the industry to enable a 1000 gigabit ethernet
or one terabit with RDMA. – Wow, one terabit
networking sounds amazing. Now, let’s switch gears
though to management. How easy is it to manage
a hyper-converged cluster? – I’ve got three words for
you, Windows Admin Center. Windows Admin Center,
formally Project Honolulu, is the future of Windows Server management and we’re investing heavily here. Let’s take a look at Windows
Admin Center in action. Let’s start by taking a look at the hyper-converged
cluster manager dashboard. Here you can see an overall view of the HCI cluster we’ve deployed. I see alerts and the
overall cluster storage. So you can see here
the cluster performance in terms of iOPS, in terms
of latency, and throughput. And again, keep in mind this
is for the entire cluster. Here you can see 670,000 iOPS, 51 microseconds latency, throughput of 2.6 gigabytes per second. Also, notice that we
maintain historical data so I can click on day
to see the last 24 hours and look for any interesting
peaks and valleys. You can also specify the past week, month, even up to a year. Next, if I wanna see the
overall resource utilization for the HCI cluster and see CPU usage, I can see that, I can see memory usage, and storage capacity again
for the entire cluster. Notice how you can quickly ascertain your resource usage at a glance. Next I can see the server
health for all three nodes in this HCI cluster and
that they are healthy, including all 18 drives
in this HCI cluster, six drives per node, a total
of 17 virtual machines, 14 of them are running. And of course I have two volumes here, one of them is critical, one of them is warning with a total of 12. So you can see all of this
very quickly at a glance with the hyper-converged cluster manager. – That’s cool stuff. And what you just showed was
an overall view of the cluster but can we see an overall
view of virtual machine and host resources? – Yes, in fact, let me
show you that as well. So here, let’s switch to
the Hyper-V VM summary view running on this
hyper-converged infrastructure. If we click on virtual
machines and zoom in you can see there are
in fact 26 total VMs, 21 are running, two of them are paused, then three are off. If you want to take a
look at the resource usage you can see a breakdown
of CPU resource usage by host and guest. We also do the same thing for memory. So you can click on over here to memory and we can get the breakdown by host and guest memory as well. And of course we can look
below and we see the overall performance metrics for
iOPS and throughput again for all of the virtual machines below. – What I like there is it’s so easy to see which VMs are consuming the most resources but what about a detailed
virtual machine view and operations like live migration? How can it do those kind of things? – So let’s take a look at
the Hyper-V inventory view along with live migration running on this hyper-converged infrastructure. Here, you can see we
clicked on the inventory and we have a complete list
of all the virtual machines running across the entire
hyper-converged infrastructure. Again, this isn’t a single server view, this is a view of VMs running
across the entire cluster. You can see the current state of the VM, if it’s running, paused, or stopped. You can see the name of the host server. You can see if the VM is
clustered for high availability. You can see memory usage and more. You can perform actions like
starting, stopping, pausing. If you wanna take a checkpoint of a VM, go to the more items and
you can take a checkpoint. If you want to live migrate or move a VM, select the target and click move. It’s just that easy. And just like that,
I’m live migrating a VM from node 24 to node 27. You can see this informational message that the process for moving has begun and if we take a look at
this notification above, you can see the move is happening along with a progress bar for status. And remember this VM is named WEB03, was running on node 24. And if we look over
here and switch on over you can see, in fact, that it’s already, notice that it’s been
submitted to move to 27 and if we look over here
we can see, in fact, it is now running on node 27. So in two clicks we just moved a VM from node 24 to node 27 all using the hyper-converged
cluster manager in Windows Admin Center. – So that was easy management of hyper-converge infrastructure, virtual machines and live migration via the Windows Admin Center, all from a browser which is really cool. What do we doing for
enabling hybrid scenarios. – Again, Windows Admin
Center is the future of Windows Server management and is also key to our hybrid integration. We’ve had virtual machine
replication for many releases so you can replicate between your sites. However, many of you don’t
have a secondary site or would prefer to retire
the costly second site that you currently have and
use Azure as your DR target. With Windows Admin Center, we’ve made business
continuity easier than ever. Let me show you. Here I am in Windows Admin Center in the virtual machines
tool with the list of VMs. I want to replicate this first
VM named Hono17093 to Azure. The first thing I do is select the VM and go to the more option and
select set up VM protection. Since this is the first time I’m configuring Azure replication, I need to associate this VM
with Azure site recovery. So I’m prompted to sign into Azure. After logging in, I set up
ASR in a couple of steps. I choose my subscription
and the Azure location. Next, I choose an existing storage account or create a new one like I’m
doing here and that’s it. You’ll notice in the
upper right hand corner there’s a notification letting me know registration is happening and
when it’s successfully set up. If I go back to the VM and select more, you’ll notice there’s now
an option to protect the VM which I’m gonna select and I get a chance to double check the location
and the storage account and click protect VM. Once again, you see the
notification window appearing telling me it’s enabling
protection for this VM and now it’s replicating. It’s really that easy. – Right, so now you’ve
started that migration, what does it look like in Azure? – That’s a great question. Let’s actually log into Azure. Let’s go to the recovery
services vault and take a look. Here, we can choose the
subscription and in fact here you can see, there
is the VM replicating up into Azure, just like that. – Wow, cool stuff Jeff. And the combination of
Windows Admin Center and Azure really does provide a very
powerful hybrid solution but are there any
limitations around the guest? Does it need to be Windows? Can it be Linux? – There aren’t any
limitations on the guest, Windows, Linux, it doesn’t matter. VM replication is
transparent to the guest. – Great stuff. Now, let’s switch gears
and talk about security. Windows Server 2016
represented a huge investment in security but how are things improving in Windows Server 2019 for security? – You’re right, Matt. Windows Server 2016 introduced a number of security technologies such as virtualization-based
security, credential guard, remote credential guard, control
flow guard, device guard, just in time administration,
just enough administration, and that’s just to name a
few of the security features. However, one big feature
and very popular one is shielded VMs. Shielded VMs literally
turns a virtual machine into a black box to protect
against rogue admins and to protect VMs that accidentally get into the wild from being compromised. In Windows Server 2019, we are now adding shielded VM support for Linux guests. – Cool, can we take a look? – Absolutely. So if you’ve seen shielded VMs before, this should look familiar. Here I’ve got a few VMs
including the SQL server and in fact, you can
see its thumbnail below. By double-clicking on the thumbnail, an admin can bring up a console window to connect directly to it. Notice I also have a Linux VM as well but this one is shielded. You can see when I click on it, no thumbnail appears and
when I double-click on it, it requires me to use an
authenticated connection. Just like that. If I try to access the
virtual hard disk directly, I can’t even mount it even
though I’m a full admin on this server. This Linux VM is protected
because it’s a shielded VM, thus it’s a black box to everyone but the guest who administrator. And in fact you can see, this drive is blocked by
bit locker drive encryption, to open this you need to unlock it first. – So are there any other
security investments we should mention? – Yes, in Windows Server
2016 we included Defender for the first time. The feedback from adding Defender has been so overwhelmingly positive that we’re doing even more
here in Windows Server 2019, which now includes Windows Defender Advanced Threat Protection
and Defender Exploit Guard to prevent against
ransomware attacks and more. – So great overview of the latest updates to Windows Server 2019, thank you so much for joining us, Jeff. Where can folks learn more? – Please join the Windows
Insider Server program. Download the Windows Server 2019 preview and also check out the
free Windows Admin Center for your Windows Server
management at the link shown. – And of course, keep checking
back on Microsoft Mechanics for the latest in tech updates. Thanks for watching. (electronic music)