Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Windows Server 2016 Feature Highlight: Hyper-V

Windows Server 2016 Feature Highlight: Hyper-V

Microsoft continues to make improvements to Hyper-V and the enhancements in Windows Server 2016 will expand on current functionalities while introducing some new ones, including key security features for both cloud and on-prem environments.

Virtualization has consistently been one of the hot topics in the IT industry over the last decade because of the numerous benefits it offers to IT pros. The ability to more fully utilize hardware capabilities while also offering the scalability to avoid performance problems is a killer feature. The reliability of being able to cluster virtualization hosts and migrate virtual machines (VMs) improves disaster preparedness and reduces downtime due to maintenance. Finally, the convenience of being able to rapidly deploy new VMs -- either manually or with automated tools such as Windows PowerShell -- eases the workload for IT pros reducing monotonous, labor-intensive tasks.

Microsoft's Virtualization Strategy

Microsoft's goal is to do to the data center what Hyper-V has done with server deployment and management. By bringing the entire structure to the software level, you gain the ability to automate more aspects of your data center, and thereby gain efficiencies.

In the last few versions of Windows Server, Microsoft has made a concerted effort to improve Hyper-V and the technologies supporting it into a fully-featured software-defined data center. These features span every aspect of the data center, including storage, networking, and compute. Windows Server 2012 and Windows Server 2012 R2 introduced features like IPAM (IP Address Management), Storage Spaces, and multi-tenant site-to-site VPNs, each of which brings something to the table for hosting environments. Windows Server 2016 expands on these features with Storage Replica and some new networking roles that have yet to be fully documented.

Security Improvements

The security concerns addressed in Hyper-V with Windows Server 2016 are intended to protect your VMs from multiple potential attack vectors, like malware and fellow administrators overstepping their management roles. Microsoft is completely aware that one big reason cloud adoption hasn't taken off the way it could has to do with corporate trust; and now the company is making efforts to show that cloud solutions offer comparable -- if not better -- security to your on-premises data center.

A Trusted Platform Module (TPM) is a critical piece of hardware shipping in modern computer hardware that enables numerous security features within supporting OSes. Windows Server 2016 offers support for a Virtual TPM to be enabled and configured for your VMs. The primary benefit gained by this new functionality is the ability to enable BitLocker encryption for entire guest VMs, preventing unauthorized access to the system or files contained within the virtual hard drives.

The introduction of Shielded VMs in Windows Server 2016 is another feature that enables you to protect a guest VM from the administrator of the host server. With Shielded VMs the administrator of the host server can start or stop Shielded VMs, but cannot change the configuration, see inside the virtual disks, or see what processes are running within the guest OS. This is a perfect solution for large hosting environments that don't want the management team being able to see inside customer VMs, or for any industry where a separation of duties or need-to-know policies must be strictly enforced.

Management Improvements

Microsoft has made efforts in Windows Server 2016 to improve resource allocation between VMs, or even a group of VMs belonging to a particular customer. Distributed Storage QoS improves the existing Storage QoS capabilities to be able to monitor and enforce performance thresholds on customer VMs rather than individual VMs. This allows extra freedom for customers to ramp up the workload of a particular VM at the cost of other customer VMs without impacting other VMs hosted on the server. Additionally, Host Resource Protection is a heuristics-based system used to identify patterns of access that are abnormal to typical workloads and often seen in malicious activities. Host Resource Protection can identify and throttle these systems in order to protect other VMs on the system.

Improvements in Storage and Cluster resiliency aren't new features as much as they are tweaks to how certain situations are handled. In previous versions of Windows Server, a VM would likely crash if connectivity to its storage were lost. In Windows Server 2016 the VM is simply suspended after 60 seconds of lost connectivity. Once access to the storage is regained the VM is resumed automatically. Similarly, cluster nodes will go into an isolated state for four minutes if unable to communicate with the rest of the cluster. If cluster connectivity is unavailable for four minutes, VMs are failed over to another node. If a node is unable to maintain a connection with the remainder of the cluster, VMs will be failed over and the node will be quarantined.

Many of the new features coming to Hyper-V in Windows Server 2016 are simply improvements in the day-to-day operation of VMs. In Windows Server 2016, VM memory allocations can be adjusted while the VM is running, and network adapters can be added or removed without shutting down the VM. Checkpoints, previously only supported in test environments, are now fully supported in production. Checkpoints in Windows Server 2016 use Volume Shadow Services instead of a saved state, resulting in many enterprise systems recognizing the action as if it were a traditional backup operation. PowerShell Direct can now be used to directly reference a guest VM without the need for PowerShell remoting or even network connectivity.

Microsoft continues to make aggressive improvements to one of the premier virtualization platforms in the world. The changes implemented in Windows Server 2016 address problems and concerns felt by many IT pros, and do so with an eye toward protecting their customers even from their own hosting environment, whether that be Microsoft or a third party. It's a good precedent to set, and one we hope Microsoft continues to follow.