As a Hyper-V MVP, I definitely had to visit Ben Armstrong’s presentation on the novelties of Hyper-V in Windows Server 2016. I already had the pleasure of having dinner with Ben on Monday night, so I had every opportunity to discuss Hyper-V related things.
I quickly discovered that Ben had crammed in a truckload of interesting new features directly or indirectly related to Hyper-V. Because of the amount of topics, the pace was high and could not go deeper than level 200, which is about right for the majority of attendees I suppose.
Here is a list of topics that were discussed.
Shielded Virtual Machines
The end to end solution comprises three things:
- Virtual TPM in a Generation 2 VM to support BitLocker
- Shielding a VM, take and make it so that the host admin cannot access it
- Host Guardian Service, an external service to guarantee that a host is safe and not tampered with before a shielded VM is placed on that host.
Key Storage Drive is an alternative for Generation 1 VM.
Guest Virtual Secure Mode
Allows Credential Guard and Device Guard to work in a virtual machine. It is very easy to turn on and everyone interested in a secure platform should turn it on.
Linux Secure Boot
Protects against rootkits and currently works with Ubuntu 14.04 and later. Also works with Suse Linux Enterprise Server 12
Host Resource Protection
Can dynamically identify virtual machines that are not “playing well” and reduce their resource allocation. It was pioneered in Azure and enabled by default. Ben told an anecdote that they tested this and got a call from Mark Russinovich who wondered why his VM worked so slowly in Azure. In fact he was testing effects of malware in his VMs. Rogue activity was discovered and acted upon by Host Resource Protection.
Every day people try to hack Azure and until now no one has succeeded yet. This feature can detect hacking activity and hackers will notice that their resources have become minimized.
Cluster OS rolling upgrades allows upgrading a cluster from 2012 R2 to 2016 without downtime to key workloads and without resorting to building a totally new cluster and migrating workloads between clusters.
Streamlined upgrades: Upgrade the OS of the cluster nodes from Windows Server 2012 R2 to Windows Server 2016 without stopping the Hyper-V or SOFS workloads. Infrastructure can keep pace with innovation, without impacting running workloads.
Phased upgrade approach:
- A Cluster node is paused and drained of workloads by using available migration capabilities
- The node is evicted, and the operating system is replaced with a clean install of Windows Server 2016
- The new node is added back into active cluster. The cluster is now in mixed-mode. The process is repeated for other nodes.
- The cluster functional level stays at Windows Server 2012 R2 until all nodes have been upgraded. Upon completion and the admins have verified that the applications run fine for some time, the administrator executes Update-ClusterFunctionalLevel
VM compute resiliency: Provides resiliency to transient failures such as a temporary network outage or a non-responding node.
In the event of node isolation, VMs will continue to run, even if a node fails out of cluster membership.
This is configurable based on your requirements. By default it is set to 4 minutes.
VM storage resiliency: Preserves tenant virtual machine session state in the event of transient storage disruption.
- VM stack is quickly and intelligently notified on failure of the underlying block or file based storage infrastructure.
- VM is quickly moved to a PausedCritical State.
- VM waits for storage to recover and session state retained on recovery.
- Admins have then 24 hours to recover or repair storage.
Node quarantine: Unhealthy nodes are quarantined and are no longer allowed to join the cluster.
This capability prevents unhealthy nodes from negatively impacting other nodes and the overall cluster.
Node is quarantined if it unexpectedly leaves the cluster three times within an hour.
Once a node is placed in quarantine, VMs are live migrated from the cluster node, without downtime to the VMs.
Guest clustering with Shared VHDX
Flexible and secure: Shared VHDX removes need to present the physical underlying storage to a guest OS
NEW: Shared VHDX supports online resize
Streamlined VM shared storage: Shared VHDX files can be presented to multiple VMs simultaneously, as shared storage. The VM sees shared virtual SAS disk that it can use for clustering at the guest OS and application level.
Utilizes SCSI-persistent reservations.
Shared VHDX can reside on a Cluster Shared Volume (CSV) on block storage, or on SMB file-based storage
NEW: Shared VHDX supports Hyper-V Replica and host-level backup.
One drawback: Storage Migration still does not work with Shared VHDX.
Virtualization and virtual network adapter enhancements
NEW: Administrators now have the ability to add or remove virtual NICs (vNICs) from a VM without downtime. This is enabled by default and works with Gen 2 VMs only.
vNICs can be added using Hyper-V Manager GUI or PowerShell.
Full support: Any supported Windows or Linux guest operating system can use the hot-add/remove vNIC functionality.
New memory management features offer more flexibility for optimal host utilization.
Static memory: Startup RAM represents memory that will be allocated regardless of VM Memory demand.
NEW: Runtime resize: Administrators can now increase, or decrease VM memory without VM downtime. Memory cannot be decreased lower than current demand or increased higher than physical memory.
Dynamic Memory: Enables automatic reallocation of memory between running VMs. This results in increased utilization of resources, improved consolidation ratios and reliability for restart operations.
Full support for key workloads: Easily create “point in time” images of a virtual machine, which can be restored later on in a way that is completely supported for all production workloads.
VSS: Volume Snapshot Service (VSS) is used inside Windows virtual machines to create the production checkpoint instead of using saved state technology.
Familiar: No change to user experience for taking/restoring a checkpoint. Restoring a checkpoint is like restoring a clean backup of the server.
Linux: Linux virtual machines flush their file system buffers to create a file system consistent checkpoint.
Production as default: New virtual machines will use production checkpoints with a fallback to standard checkpoints.