Whether you are a small- to mid-size business, a large enterprise, or a cloud service provider, the demand on what IT must deliver is a rapidly changing landscape. Customers want to access their applications in a variety of ways and be confident that they can complete their daily tasks in a secure and efficient manner. They simply are not concerned about how IT infrastructures are made up and the challenges that team’s supporting these environments experience a day-to-day basis.
Introduction If you run an IT environment today, how do you meet the aforementioned challenges? Can your applications and infrastructure meet the demands placed on it? Can you meet the rate of innovation the cloud offers or the agility and speed of delivery? In these respects, there are an increasing number of challenges facing the on-premises infrastructure. However, not everyone is ready to move to the cloud, and there will be many cases in which you can’t because of a multitude of reasons; for example, contractual commitments that stipulate data can’t move to the cloud.
2 CHAPTER 1 | Introduction to Microsoft Windows Server 2016
Even if you can’t or don’t want to move to the cloud today, it is still important that you begin the journey to modernize your infrastructure so that you can take advantage of all the developments and advances that Microsoft has made gleaned from its cloud experience and incorporated into Windows Server 2016. Cloud ready with Windows Server 2016 Simply put, Windows Server 2016 is the cloud-ready operating system (OS) that delivers new layers of security and Microsoft Azure-inspired innovation for the applications and infrastructure that power your business. For this release, Microsoft has spent a considerable amount of time reaching out to customers and gathering feedback of what is important and how it can meet the future needs for customer’s infrastructures. In this light, Microsoft categorized the feedback into three main pillars, which you can see listed in Figure 1-1. The figure also shows the core recurring topics customers wanted to address that has essentially driven the innovative features that appear in Windows Server 2016 today.
Figure 1-1: Categories of feedback for Windows Server 2016 In response to this, Microsoft focused on these three pillars and provided a mission statement for each one, as shown in Figure 1-2.
Figure 1-2: Key pillars and Microsoft’s corresponding mission statement for Windows Server 2016 Microsoft has used these pillars to drive innovative features backed up by what it’s learned from building and operating Azure and incorporate them directly into Windows Server 2016. These pillars have defined promises built in to ensure that customers are clear about Microsoft’s commitment that Windows Server 2016 is the platform of choice when considering security, softwaredefined datacenter features that can were born in Microsoft Azure and now exist on-premises, and as an application platform that can not only run traditional applications, but also provide the necessary frameworks to allow customers to prepare their applications for migration to the cloud.
3 CHAPTER 1 | Introduction to Microsoft Windows Server 2016
The following subsections dive deeper into the pillars and what Microsoft promises to deliver and, more important, how it will deliver on these promises. Security Windows Server 2016 gives you the power to prevent attacks and detect suspicious activity with new features to control privileged access, protect virtual machines (VMs), and harden the platform against emerging threats. Here’s what Windows Server 2016 can do for you: Prevent the risk associated with compromised administrative credentials Using the new privileged identity management features, you can limit access to Just Enough and Just-in-Time 1. And, using Credential Guard, you can prevent administrative credentials from being stolen by Pass-the-Hash attacks. Protect your VMs from compromised fabric administrators by using shielded VMs A shielded VM is a Generation 2 VM that has a virtual Trusted Platform Module (TPM), is encrypted by using BitLocker, and can run only on approved hosts in the fabric. Reduce your datacenter footprint and increase availability with just-enough OS. The new Nano Server deployment option is 25 times smaller than Windows Server, while still offering a desktop experience. This minimizes the attack surface, increases availability, and reduces deployment time, resource usage, and startup time. Add even more protection to every deployment of Windows Server 2016. Whether you’re running in any cloud or on-premises, you can take advantage of additional security features such as Code Integrity and Control Flow Guard to ensure that only permitted binaries are run and protect against unknown vulnerabilities. Detect malicious behavior through enhanced security auditing optimized for threat detection. Using new audit categories for group membership and PNP to identify and add additional information to audit events, administrators can dive deeper than ever to discover new threats Defend against malware attacks by using the built-in antimalware Windows Defender is now included in Windows Server 2016 and optimized to support the various server roles and integrate with Windows PowerShell for malware scanning. Limit exposure in case of a security intrusion If you were to suffer a security breach, Windows Server 2016 can limit the exposure by segmenting your network based on workload or business needs using a distributed firewall and network security groups. You can apply rich policies within and across segments. Use Hyper-V Containers for a unique additional level of isolation for containerized applications without any changes to the container image. Hyper-V containers provide isolation at the hardware level, giving administrators the peace of mind that they have come to appreciate with hardware-based virtualization protection as it incorporates the same isolation methods. Software-defined datacenter Windows Server 2016 delivers a more flexible and cost-efficient OS for your datacenter, using software-defined compute, storage, and network virtualization features inspired by Azure.