Hyper-V containers with Windows Server 2016

High Demand

More Consistency in Snapshots

Particular emphasis is placed on the hypervisor's reliability functions. Again, the next Hyper-V has something new up its sleeve. The most important feature is production checkpoints, wherein the hypervisor's popular snapshot technique becomes a fully fledged data backup tool (Figure 3). Thus far, VM snapshots have always suffered from a point-in-time problem: This kind of snapshot – Microsoft has referred to them as "checkpoints" for some time – freezes the state of a VM at any given time and stores it on your hard drive. The snapshot contains not only the content of the virtual hard disks in the VM, but also the configuration details and the content of the system memory. If the administrator resets a VM to one of these snapshots, it again has precisely the state it had at the time of the freeze; even the mouse pointer is positioned in the same place.

Figure 3: The new production checkpoints work differently than conventional VM snapshots. They address the VSS interface and thereby ensure consistent applications.

The VM's applications are unaware of this process. Although it is handy in some situations, it can be tricky, too, because complex distributed applications are often unable to deal with one of the participating servers suddenly having a historic state. Other mechanisms, such as automatic changing of computer passwords in Active Directory, can also cause errors with snapshots.

With the help of production checkpoints, Microsoft is looking to free the snapshot technology from these risks. A snapshot of this kind includes far less data than its conventional counterpart: Only the contents of the hard drive and the VM configuration are backed up; the memory remains sidelined. Production checkpoints also work with full Volume Shadow Copy Service (VSS) integration; that is to say, the VM and its applications are aware of the operation and prepare their data accordingly. If the VM is reset to a production checkpoint, a restart occurs after a failure, and distributed applications can resume communication properly, just as after a classic recovery.

Microsoft has also revised the backup process used when working with the built-in Windows Server backup or the System Center Data Protection Manager. Third-party software tools also often address these interfaces. In previous versions, the backup functions had several difficulties and disadvantages. For example, integration was often a problem with professional storage systems, because their backup support for the VSS service with hardware VSS providers too often did not work properly. Providers of modern backup programs also criticized the backup process because Hyper-V, unlike its competitor vSphere, does not have "changed block tracking," which means that the backup only needs to store the changes since the last backup.

In addition to solutions for these two main problems, Microsoft has made some more changes to the backup features, which together lead to higher performance. Now it is possible to back up shared VHDX files on the host, which are virtual cluster disks that a VM cluster can use for data storage. Thus far, agents were needed to back up such data on the VMs, but now you can do this from the host.

Security in the Cloud

The upcoming version of Hyper-V offers many striking features for security in hosting situations; thus, the manufacturer has responded to the concerns often expressed by customers about the cloud. The new security features address the issue from two sides.

The perspective of the hosting service provider that runs VMs for its customers is addressed by host resource protection, which ensures that individual VMs in a hosted environment do not overtax the available resources. With constant monitoring and custom rules, the function ensures that a VM that threatens to slow down other VMs is limited in its consumption. This technique has its origins in Microsoft Azure; it works with access patterns and thus tries to identify abnormal behaviors of the VM itself that indicate a denial of service attack.

The other point of view, that of the customer whose VMs are operated by a cloud service provider, is taken into account by Shielded VMs and is called Hardware-Trusted Attestation. Simply put, the customer's VMs are now always encrypted, so that the service provider's cloud administrators do not see the data or applications. Of course, this requires a lot of infrastructure and cost. For production operation, the service provider's host servers need Trusted Platform Module (TPM) version 2.0 chips, which previously did not exist in servers. They work with a virtual TPM, which ensures BitLocker encryption of virtual disks on the customer's VMs. A Hardware Security Module (HSM) with protected certificate management is also required to allow customers to store certificates securely for encryption.

Because the VMs also need to be encrypted during operations and, for example, during live migrations, the hosts communicate with a separate Host Guardian Service, which runs on a Windows Server in a separate Active Directory environment. This server has details of all the TPM modules on the hosts involved and is thus in a position to allow secure execution of the encrypted VMs on a host.

For laboratory purposes or for companies that only want to use shielded VMs internally, a second, less secure mode exists for this security function that does not require special hardware but works on the basis of Active Directory security groups. The encryption uses the same functions as in the above-outlined Hardware-Trusted Attestation. However, Admin-Trusted Attestation means that the keys and certificates involved are not protected against the administrator of the host environment. This mode is thus only suitable for internal usage, and not for hosting scenarios.

In addition to these two major extensions of the security infrastructure, Microsoft has also added some security function enhancements. For example, secure boot can be enabled for Linux VMs on Windows Server 2016 to ensure the integrity of the operating system.

Storage Connectivity Reliability

Major new features are also included for operational reliability through failover clustering in Windows Server 2016. Two technologies increase the tolerance of the cluster in case of short-term interruptions: Storage Resiliency temporarily suspends a VM, if its storage on the storage area network (SAN) is not accessible. Previously, a VM crashed after 60 seconds at the latest if it could not access its virtual disks. In the new release, the administrator can arbitrarily extend the pause mode or even define a timeout after which a failover to a different host then occurs.

Compute Resiliency works in a similar way for all the hosts in the cluster, but not for individual VMs. A host in the cluster that is not accessible to the other cluster servers does not immediately trigger a failover for the VMs running there. If the function is active, the cluster does not intervene for four minutes by default. If the failed host comes back up in this time, its VMs continue to run during this time. In environments with unstable network connections, this can mean VMs being significantly more accessible to users. If it turns out that the same host repeatedly causes problems, the cluster can quarantine it and migrate all the VMs to other hosts.

Microsoft has invested heavily in storage connectivity for clusters. The already long-announced Storage Replica feature allows a Windows server to replicate its data synchronously or asynchronously to a different server, enabling Stretched Clusters that are distributed across remote data centers.

In recent versions of the preview, Microsoft has extended this to include Storage Spaces Direct (S2D), where data storage is no longer handled by dedicated storage servers but by Hyper-V hosts themselves. Local solid state and conventional hard drives are installed that use caching and tiering for a flexible, high-availability approach. Synchronous replication transfers the data of one host to one or more additional hosts. Hyper-V can thus address the entire memory of all participating hosts as a virtual SAN, which is very resilient, thanks to replication.

The principle is equivalent to the "hyperconverged system," as launched by Nutanix or SimpliVity. Competitor VMware has developed a similar concept with vSAN, but this solution is regarded as complex and expensive. Windows may liven up the market here with S2D.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus