Guide to Windows Server 2016 Hyper-V Hypervisor: New Virtualization Features, Limitations, Backup, Checkpoints, Storage, Networking and more
One of Windows Server 2016 highlights is the newer Hyper-V server that not only extends the hypervisor’s features and capabilities but also introduces a number of new enhancements and concepts that take virtualization to a new level.
There’s a lot of new exciting features we are covering so without any further delay, let’s take a look at what we have in hand for you:
- Hyper-V Hypervisor Technology Overview
- Hyper-V in Windows Server 2016
- Hyper-V Containers
- Hyper-V Security Features
- Generation2 VMs Performance and Features
- Hyper-V Requirements on Windows Server 2016
- Hyper-V Shielded Virtual Machines
- Discrete Device Management
- Hyper-V Supported Windows Guest O/S
- Linux Support
- Hyper-V Scalability
Users new to Hyper-V can also read our Introduction to Hyper-V Concepts article
Hyper-V Hypervisor Technology Overview
Hyper-V was first released in 2008 as a re-brand of Microsoft’s Virtual PC. It lets users create a virtual machine (VM), a complete, software version of a computer. Users don’t have to install an OS through the normal route, and instead run a program on top of their current one.
This is made possible by a hypervisor – a layer between the physical and virtual environments that can manage the system’s hardware between VMs. It isolates the host machine from its underlying hardware.
This opens some natural benefits. Firstly, a virtual machine is in a separate environment to the host computer. As a result, any problems that occur do not affect the regular operating system. This makes virtual machines ideal testing environments.
This is furthered by the ability to run multiple operating systems at once. Most modern computers have more hardware than needed for day to day tasks, and users can run, for example, a Windows, Windows Server, and Linux operating system simultaneously. Instead of requiring three different servers, only one is required. This cuts down on hardware, power, maintenance, and cooling costs.
It also allows for more flexible deployment. At a hefty fee, admins can purchase a Windows Datacenter license and create infinite virtual machines without having to pay any extra. In testing or production environments, this cuts out vital slowdown while employees check licenses. With virtualization, new servers can be deployed in minutes.
Another flexibility is hardware resources. Users can configure Hyper-V to utilize different amounts of resources, including the processor, storage, and memory. This is particularly useful if an organization uses a Virtual Desktop Infrastructure (VDI). A Windows operating system is hosted on a central server, and users are given virtual desktops over the network. Not only does this save on licensing costs, it means admins can scale the amount of resources users have depending on various factors.
Hyper-V also lets admins make easy backups. It’s simple to copy a VM and restore it later if anything goes wrong. With Hyper-V, there are two options – saved states, and Volume Shadow Copy Service (VSS). VSS lets admins make backups even when files are in use, meaning the process can be completed on demand.
This ease of movement can be useful in other scenarios. Built-in features like live and storage migration make virtual machines much more portable. Users can access the exact same environment on a different machine, without the need for complex procedures. That combines with security features like Secure Boot to protect the host OS from viruses, malware, and attacks.
Hyper-V in Windows Server 2016
One of the most popular hosts for a virtual machine is Microsoft’s Windows Server OS. For the past few years, admins have been running Windows Server 2012 R2, a Windows 8.1-based platform. However, the release of Windows 10 has prompted a Windows Server 2016 variant, and it comes with plenty of new functionality.
A big example is the introduction of Microsoft’s Nano Server. A purpose-built OS, Nano Server is a lightweight version of Windows Server Core that’s designed to run born-in-the-cloud applications and containers. It’s
complementary to Windows Server 2016, has no GUI, and is optimized for Hyper-V. The service provides an environment with a low overhead and fewer avenues of attack.
Windows Server 2016 also introduces nested virtualization. Essentially, this lets you run a VM inside another VM. Though it’s a strange concept, the usage scenarios are more common than you may think. Many companies now use the virtual infrastructure we mentioned earlier, and this means those systems can still use Hyper-V. It also makes for a good test environment, letting trainees try out different Oss and situations without the need for separate hardware.
Other big improvements come to the Hyper-V manager. An updated WS-MAN management protocol lets admins do a live migration without having to enable extra settings in Azure Active Directory. This also enables CredSSP, Kerbos or NTLM authentication, and makes it easy to enable a host for remote management.
This is furthered by support for alternate credentials when connecting to another Windows 10 or 2016 remote host. This ncludes a save functionality so that you don’t have to type it every time. Though earlier versions don’t support this functionality, you can still use the Hyper-V manager in Windows Server 2016 to control earlier versions. The new manager supports Windows Server 2012, 2012 R2, Windows 8, and 8.1.
The next major change is PowerShell Direct. The process runs between the host and virtual machine, meaning there’s less need to configure firewalls and networks. It lets users remotely run cmdlets in multiple VMs without complex setup. PowerShell functionality extends to NanoServers, where it can run directly.
It’s no secret that containers are on the rise, and are becoming increasingly common in production scenarios. With Windows Server 2016, Microsoft has introduced Windows and Hyper-V Containers for the first time.
For those unfamiliar, containers let users create an isolated environment in which to run an application. The environment lets an app run without affecting the rest of the system, and vice versa. In comparison to a VM, they’re more lightweight and don’t emulate hardware in the same way.
Traditionally, containers were limited to Linux Oss. Through a collaboration with Docker, Windows Server 2016 now offers two type of containers.
- A Windows Server Container uses namespace and isolation technology, but shares a kernel with the container host and all other running containers.
- A Hyper-V container instead runs each container in an optimized VM. In this case, the kernel isn’t shared with the host, or other containers.
Windows Containers have several important features, including HTTPS support, data management through container shared folders, and the ability to restrict container resources.
Hyper-V Security Features
Hyper-V on Windows Server 2016 also comes with new security features. The first is the ability to use Secure Boot with Linux VMs. This feature was previously restricted to Windows 8 and Server 2012, and checks the signature of boot software on launch to prevent malware and unauthorized OSs launching during start up.
Host resource protection also has some security and stability improvements. It stops VMs from hogging system resources by monitoring activity and downgrading VMs with excessive usage. It can be enabled through PowerShell and prevents performance degradation with the host or other machines.
Shielded virtual machines provide further protection. In essence, they provide a stronger barrier against spying by administrators and malware. Encryption is applied to the state and data, meaning admins can’t see the activities or intercept information. This combines with further encryption options for operating system disks on generation 1 virtual machines. Users can utilize BitLocker to do this, creating a small drive that contains the encryption key. To start the machine, hosts need either access to the private key or to be part of an authorized guarded fabric.
Generation 2 Virtual Machines, Performance and Features
Generation 2 VMs have some new features, too. Namely, they can use a lot more memory and virtual processors. Gen 2 supports up to 12 TB of virtual memory versus the previous 1 TB, and up to 24 TB per physical host server. It also supports 240 Virtual Processors instead of 64, and 512 logical processors rather than 320.
The result is a huge increase in performance, suitable for large-scale online transaction processing and data warehousing. Microsoft benchmarks reveal up to 343,000 transactions per second with a 4 TB in-memory database and 128 virtual processors. That’s 95% of a physical server’s performance.
Figure 2. Physical server vs. Hyper-V performance
Generation 2 VMs also offer new, virtualization-based security. Microsoft’s Device Guard and Credential Guard offers protection against malware and operating systems in guest VMs that are version 8 or higher.
Further functionality comes with the ability to hot add and remove network adapters and memory. In simple terms, this lets users add or remove network adapters while a machine is still running. While that feature is exclusive to Gen 2, both generations can now adjust the amount of memory utilised on-the-fly, even with the “dynamic memory” option disabled.
Backups and Checkpoints
Though Hyper-V offers significantly easier backups, the VSS system can be a little unreliable. In 2016, Microsoft has built change tracking into Hyper-V, which makes it easier for third-party software vendors to create backup solutions.
However, a backup system isn’t much use if you have faulty checkpoints and snapshots. In Windows Server 2012, snapshots could cause serious problems in a production environment. Restoring a VM from a snapshot could put the database server out of sync, creating problems down the line.
Thankfully, this is remedied in Windows Server 2016. It introduces “production checkpoints”, which complies with support policies. The new checkpoints use VSS rather than saved states, greatly reducing the risks. The feature is enabled by default in Hyper-V.
Rolling Cluster Upgrades
An efficient, reliable upgrade system is equally important. Microsoft has made upgrading from 2012 R2 to 2016 far easier than previous versions. Rather than requiring a separate cluster to start the migration process, 2016 introduces rolling cluster upgrades.
This lets admins upgrade a cluster without any downtime. Clusters run at the feature level of 2012 R2 until all the nodes are upgraded, at which point the user can either reverse it or enable the 2016 features with a PowerShell cmdlet.
Further functionality is introduced to Hyper-V networking. Microsoft has enabled Remote direct memory access for switch embedded teaming (SET). This lets admins group up to eight network adapters into a single virtual one, whilst still able to use RMDA. For those unfamiliar, RDMA allows you to read and write memory without the use of a remote CPU, leading to less CPU utilization and latency.
Another new feature is Virtual machine multi queues, or VMMQ. This builds on the previous VMQ by allowing multiple hardware queues for each VM. Thus, default queues are actually a set, with traffic spread between them.
Windows Server 2016 also makes changes to storage options for a more manageable experience. Shared virtual hard disks can now be resized while the machine is still online. New functionality also extends to guest clusters, which can protect virtual hard disks with Hyper-V replica.
Microsoft has updated its storage Quality of Service policies. QoS lets admins manage and monitor storage performance using scale-out file server roles. Windows Server 2016 makes several tweaks to that system.
Storage QoS now makes sure a VM can’t take all the storage resources, cutting out other machines’ options. This combines with the ability to define performance minimum
’s and maximums for individual VMs, providing a more reliable experience.
Finally, the storage of virtual machines can be monitored as soon as they start. These details are all viewable from a new, single location.
There are other options available for those struggling with storage space. Data Deduplication searches for redundant data by looking for duplicate files. The data is then sorted and compressed, optimizing the drive without compromising data integrity. Further improvements come in the form of a new VM configuration format. Vmcx files make data reading and writing more efficient, and lessen the chance of corruptions.
Miscellaneous Hyper-V Improvements
Though Windows Server 2016 introduces some major improvements, there are also smaller ones that are very interesting. One is the ability to connect PCIe hardware directly to a VM. Microsoft calls it Discrete Device Assignment and currently supports NVMe storage, allowing for fast SSD speeds.
However, more exciting is the future of PCIe in Windows Server. Microsoft is working with GPU vendors to add support for specific GPUs, which could be useful for graphic intensive programs like rendering software and Photoshop.
There’s also a minor but important feature for Always On computers. A Connected Standby power state is now available, even with the Hyper-V role installed. Connected Standby is available with select CPUs, and lets the PC listen for notifications in a similar way to phones. If a message appears, the screen will light up, notifying the user.
Hyper-V System Requirements on Windows Server 2016
Naturally, some of these new features come with hardware requirements. Though those prerequisites haven’t changed dramatically since 2012 R2, Hyper-V still won’t work with every system. This is especially true if you want to utilize new features such as shielded VM and discrete device assignment.
First off, the general Hyper-V requirements. You’ll need the following specifications as a base, regardless of any extra features you want:
- A processor that’s 64-bit and supports Second-Level Address Translation (SLAT). This is required for virtualization, but not for Hyper-V management tools.
- At least 4 GB of RAM, preferably more, and higher amounts for multiple VMs.
- VM Monitor Mode extensions
- Virtualization turned on in BIOS of UEFI, including hardware-assisted virtualization and hardware-enforced Data Execution prevention (DEP).
There are several ways to tell if you meet these requirements, but the easiest is through command prompt or PowerShell. You can follow these steps:
- Press Windows + R
- Type cmd.exe (powershell.exe alternatively)
- In the command line, enter Systeminfo.exe and press Enter
- View your report under Hyper-V Requirements
Hyper-V Shielded Virtual Machines
As mentioned earlier, Shielded Virtual Machines have further requirements. The host needs the following:
- UEFI 2.3.1c for secure and measured booting
- TMP v2.0 if you want platform security asset protection
- IOMMU (Intel VT – D) for direct memory access protection
In addition, VMs need to be Generation 2, and the guest operating system must be Windows Server 2016, 2012 R2, or 2012.
Discrete Device Management
The feature with the most requirements is Discrete Device Management. Hosts need supported processors, chipsets and firmware table, as follows:
- Processor: Support for Intel Extended Page Table (EPT) or AMD Nested Page Table (NPT)
- Chipset: Interrupt Remapping support, either Intel VT-d2, or AMD I/O memory management. It must also support DMA remapping and Access control services for PCI-e root ports.
- Firmware tables: I/O MMU exposure to the Windows hypervisor is a must, and needs to be enabled in UEFI or BIOS.
Hyper-V Supported Guest Operating Systems
The availability of guest operating systems also varies slightly with Windows Server 2016. While Windows Server has the best virtual processor support, other systems still provide great functionality. Here’s the full list of Windows guest operating systems and their differences:
- Windows Server 2016: 240 virtual processors (gen 2), 64 (gen 1)
- Windows Server 2012 R2: 64 virtual processors
- Windows Server 2012: 64 virtual processors
- Windows Server 2008 R2 with SP 1: 64 virtual processors
- Windows Server 2008 with SP 2: 4 virtual processors
- Windows Small Business Server 2011: 4 virtual processors (standard edition) 2 (essentials edition)
- Windows 10: 32 virtual processors
- Windows 8.1: 32 virtual processors
- Windows 7 with SP 1: 4 virtual processors (must be Professional, Enterprise, or Ultimate)
- Windows Vista with Service Pack 2 (SP2): 2 virtual processors (must be Business, Enterprise, or Ultimate)
Guest OSs also vary in the support for Integration Services. In general, Windows 8.1 (Windows Server 2012) or higher has Integration Services built-in. Other versions usually require an upgrade or install after the guest operating system is set up.
Hyper-V Linux Support
Hyper-V support for Linux is a little more complex. Microsoft provides both emulated and Hyper-V specific devices, but the performance and features of emulated devices is limited. As a result, the software giant recommends using Hyper-V specific devices for Linux, alongside its Linux Integration Services (LIS) drivers.
LIS is integrated into the Linux kernel and is regularly updated, but this may not extend to users on older distributions. Thus, some users must download LIS manually.
That said, support for Linux in Windows Server 2016 is good, and builds on previous versions. Microsoft has LIS support for the following distributions:
- RHEL/CentOS 7.x, 64-bit
- RHEL/CentOS 6.x, 64-bit (No built-in LIS for 6.0-6.3)
- RHEL/CentOS 5.x, 32-bit (No built-in LIS before 5.9
It’s worth noting that CentOS has some feature limitations, though these can vary depending on version. There are issues with StaticIP injection across the board when Network Manager is configured for a synthetic network adapter. In addition, VLAN trunking only works in 7.x, PCI pass through and SR-IOV only work on 7.3 and higher. Live virtual machine backups aren’t possible in 5.2, 5.3, or 5.4.
- Jessie [8.0-8.5]
- Wheezy [7.0-7.11]
Debian also has some restrictions. The main one is the inability to create file systems on VHD’s larger than 2TB. There are live virtual machine backup problems here too, not working with ext2 filesystems.
- Red Hat (No built-in LIS for 6.0-6.3)
- 6.x - 32-bit, 32-bit PAE, 64-bit
- 7.x - 64-bit
- Unbreakable Enterprise Kernel
With RedHat, VLAN trunking only works on versions 7.0-7.2. It also has issues with virtual fibre channels, where the machine may not be able to mount correctly if LUN 0 has not been populated. Both RedHat and UEK may have to undergo a filesystem check if there are open file handles during backup and may fail silently if there is an iSCSI or pass-through disk attached.
- SLES SP2
- SLES SP1 – 64-bit only
- SLES 12 – 64-bit only
- SLES 11 SP4
- SLES 11 SP3
- SLES 11 SP2
- Open SUSE 12.3
SUSE has the same Static IP injection limitations as CentOS, so Network Manager must be turned off or configured correctly. Similarly, live backup issues mirror that of Oracle VMs. Finally, Windows Server 2016 users must type memory parameters in multiples of 128 MB or there will be Hot-Add failures and lack of a memory increase.
Ubuntu suffers from some of the limitations mentioned earlier. Specifically, there are static IP injection problems with Network Manager, virtual fibre channel issues if LUN 0 isn’t populated (except for 12.04), and similar problems with live backups in 14.04+.
It’s worth noting that most of these problems can be solved by proper configuration. It’s worth checking the TechNet documentation for a full list of issues and solutions for each version. Microsoft also has some best practices for running Linux on Hyper-V.
Other than OS and feature support, Hyper-V varies in its scalability. While we have mentioned some of the virtual hardware increases in Gen 2 VMs, there are other factors to consider too. Here are the maximum numbers for each virtual machine component:
- Checkpoints: 50
- Memory: 12 TB for Gen 2, 1 TB for Gen 1
- Serial ports: 2
- Virtual Fibre Channel adapters: 4
- Virtual Floppy devices: 1
- Virtual hard disk capacity: 64 TB VHDX, 2040 GB VHD
- Virtual IDE disks: 4
- Virtual processors: 240 for Gen 2, 64 for Gen 1, 320 for host OS
- Virtual SCSI controllers: 4
- Virtual SCSI disks: 256
- Virtual network adapters: 12 (8 Hyper-V specific, 4 legacy)
There are also some limitations for each Hyper-V host, though many components are uncapped:
- Logical processors: 512 (320 for host OS partition)
- Memory: 24 TB
- Virtual machines per server: 1024
- Virtual processors per server: 2048
Finally, Hyper-V has some Failover Clustering maximums. There’s a maximum of 64 nodes per cluster, so admins need to be aware of that when planning. There’s also an 8,000 per cluster limit for running virtual machines. However, this can vary significantly depending on the use of physical memory by each VM, number of disk spindles, and networking and storage bandwidth.
Windows Server 2016 takes many of the traditional advantages of virtualization and extends them. With its latest release, Microsoft has managed to provide major increases in performance, security, and management without complex system requirements or lack of OS support.
The Redmond giant’s latest server OS brings huge improvements in the form of Nano Servers, Containers, Shielded VMs, and hardware virtualization. The result is an undeniably better operating system for hosting Hyper-V machines.
However, there are still some possible issues admins should be aware of. Windows Server 2016 collects telemetry data by default, and there’s no option to turn it off entirely. It consists of security information, basic device information, how apps are used, and more. Naturally, all this data is anonymised and is used to create significant improvements. Still, some users may not be happy with this change from 2012 R2.
Microsoft is moving to a different update model with 2016, which can be positive in some cases but negative in others. The company rolls out two updates per month, one with security fixes and another with quality fixes. Each falls on a different day of the month.
On the plus side, this removes the issue of security updates being unnecessary once the quality update rolls out. The annoyance comes from the automatic updates and restarts that are enabled by default. Naturally, admins don’t want their server restarting without their express permission, and it’s not uncommon for updates to cause an issue with certain applications. Though this can be configured in 2016, it’s not as simple as previous versions.
Despite this, Windows Server 2016 remains a huge step forward for Hyper-V virtualization. It introduces some great new virtualization features, and its fleshed out free version makes it a natural choice for small businesses.