Daxdi now accepts payments with Bitcoin

Microsoft Windows Server 2019 Review

Microsoft Windows Server 2019 is the latest iteration of Microsoft's venerable operating system (OS), and it brings to the table a laundry list of new and improved capabilities and features.

This release of Windows Server should especially appeal to IT professionals because of the huge number of functional scenarios it can address.

While Windows Server isn't seen on customer premises as much anymore, it's still the most popular server OS, and that's across both on-premises data centers as well as in public clouds where it's widely used in Infrastructure-as-a-Service (IaaS) implementations.

That's why it makes sense that Microsoft is focusing on deepening the relationship between Windows Server and its Microsoft Azure cloud service, evident in this iteration through what's called the "Azure Hybrid Benefit."

To qualify for this benefit, you must be a Microsoft Software Assurance customer with a current contract in place.

The goal of this benefit is to make it financially attractive to move your virtual machine (VM) workloads up to Microsoft Azure.

We'll look at some of the other features added in this release that address the hybrid cloud model as well.

Windows Server 2019 comes in several different flavors to include the most recently released Microsoft Hyper-V Server 2019.

This SKU was released on June 19, 2019 and provides a bare-bones OS specifically tailored to host VMs.

The two primary offerings are Standard and Datacenter.

Windows Server 2019 Essentials rounds out the current SKU list targeted at small businesses with up to 25 users and 50 devices.

Pricing differences are significant between the Datacenter version at $6,155 and the other two SKUs.

Standard retails for $927 per license while Essentials will cost you $501.

What you don't see here is the surcharge for each CPU core required for both Datacenter and Standard editions.

If you plan on hosting more than two VMs on a Standard edition license, then you will need additional Operating System Environment (OSE) licenses.

The Datacenter edition supports an unlimited number of VMs, meaning you pay a larger fee upfront but you can provision as many Windows Server VMs as the system will support.

Installation and Configuration

The installation process for Windows Server hasn't changed in quite some time.

You boot from either a network image or Universal Serial Bus (USB) device and walk through a few installation steps.

Most server vendors have tools to help make this process even easier.

HPE offers its Rapid Setup Software tool delivered on a USB key to help automate and simplify the process as well.

However, most IT operations these days deploy more instances of Windows Server in the cloud than they do onto on-premises hardware.

For this purpose, Microsoft's Azure lets you create a VM from one of their base templates, which is quick once you know what you're doing and what you need the VM to do.

Amazon Web Services ($6,415.00 at Amazon) (AWS) is likely the second most popular destination for Windows Server instances and, while it's not quite as easy to deploy an instance there, it's generally done by creating a VM from an ISO, so it's still fast.

Additionally, with Windows 10 version 1809 as well as Windows Server 2019, Microsoft has introduced the ability to download an ISO containing all Features on Demand (FOD) to make it easier to install for disconnected systems.

This would include most server systems sitting in a data center and not directly connected to the internet.

These are typically installed by using the DISM command from either a command prompt or PowerShell.

OpenSSH is an example of a self-contained FOD, which is distributed in a single .CAB file.

Configuring servers for specific roles can be accomplished by using either the Server Manager tool or PowerShell.

For example, to install the containers feature by using PowerShell, you would issue the following command:

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force

Followed by this command to actually install Docker:

Install-Package -Name docker -ProviderName DockerMsftProvider

This will require a reboot of the server when the installations finish.

Containers

Speaking of containers, they remain one of the most talked about features in both Windows Server and in the cloud.

Microsoft has established a close working relationship with Docker and continues to innovate around the container ecosystem.

One of those innovations coming to future versions of Windows 10, and presumably Windows Server, will use the Windows Subsystem for Linux (WSL) to run Linux containers as opposed to a Hyper-V VM.

Currently, you will need to install the full Docker Enterprise Edition to run Linux VMs.

If you already installed the Community Edition with the commands mentioned earlier, then you will need to remove it and install the Enterprise Edition.

The following commands will do the trick:


First, uninstall Docker CE:

Uninstall-Package -Name docker -ProviderName DockerMSFTProvider

Enable nested virtualization with this command:

Get-VM WinContainerHost ' Set-VMProcessor -ExposeVirtualizationExtensions $true

Finally, install Docker EE, enable the LinuxKit system, and restart the service:

Install-Module DockerProvider
Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview
[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine")
Restart-Service docker


When that finishes, you'll be ready to launch Linux containers.

Don't try to do this on a Windows Server Hyper-V system as the containers role won't work on that SKU.

Group Managed Service Accounts (also known as gMSA) provides a way to give permissions to a container and allow it to run with a prescribed identity on the domain.

Administrators have a plethora of options when it comes to getting their job done.

If you're a command line wizard, then you'll probably turn to PowerShell as it's become the administrative tool of choice for many since its introduction in 2006.

If a graphical user interface (GUI) is more your speed, then rest assured, you still have options.

Server Manager has been around since Windows Server 2012 and has a layout familiar to most IT admins.

It gives you access to both the local server and any other server on your domain, assuming you have the appropriate permissions.

PowerShell has continued to evolve over the years to the point where GitHub now hosts an open-source PowerShell core project for all to see.

It's also cross-platform, meaning you can develop a set of base management tools and run them across Linux, Mac OS, and Windows.

Anyone new to PowerShell will find a plethora of resources available to help get started, plus a wide range of user-contributed scripts to accomplish most any task.

Windows Admin Center (WAC)

Web-based administration is the primary method for managing any Microsoft Azure feature, and it's how Microsoft wants you to manage your on-premises servers as well because, this way, you get the "single pane of glass" experience whether you're managing servers in the closet or in the cloud.

The Windows Admin Center (WAC), formerly known as "Project Honolulu," is a separate download that can be installed on any Windows 10 computer or a Windows Server 2016 or higher server as a gateway device.

You can even make the gateway server publicly accessible, letting you manage from literally anywhere.

Microsoft is actively evolving the WAC with new features and releases are coming at a regular pace.

Much of the new development is focused on building out the higher-end functionality for managing advanced Windows Server features, such as high-availability clusters, Storage Spaces Direct, and more.

The WAC uses an extensibility model for adding new capabilities.

Several original equipment manufacturer (OEM) vendors, such as Lenovo for instance, have taken advantage of the extensibility feature to add management for their systems into the WAC.

Some features, such as the new Domain Name System (DNS) tool, which will make managing DNS properties possible from within the WAC, remain in preview.

OpenSSH

If you're a refugee Linux admin, then it makes sense for you to install a set of familiar tools.

Task one for you then would be to install OpenSSH.

This adoption of this well-known and popular tool is an example of the new Microsoft and its newly inclusive view towards open source.

Unfortunately, that's not without its hurdles.

I went through the steps required to get OpenSSH installed and hit a few snags.

One snag involved a missing feature, which required me to install the .NET 3.5 runtime by using the following command:

DISM /online /enable-feature /featurename:NetFX3 /All /Source:D:sourcessxs /LimitAccess

For this step, I had a USB key loaded with an image of the Windows Server 2019 ISO plugged into a USB port, which the system recognized as Drive D.

Once this was complete, I was able to successfully install OpenSSH and launch the server.

Security Enhancements

Microsoft has been focused on enhancing security across the board in all of their products for quite some time.

Windows Defender Advanced Threat Protection (ATP) has been available for a good while on Windows 10 and other client platforms, and was expanded to cover Windows Server 2016 in version 1803; Windows Server 2019 is also supported.

This service runs in the cloud and continually monitors systems for potential attacks.

Windows Defender ATP Exploit Guard brings to the table a new set of capabilities to directly address specific attack vectors and block known behaviors in malware attacks.

These include Attack Surface Reduction (ASR), network protection, controlled folder access, and exploit protection.

Windows Defender Application Control has been enhanced with default Code Integrity (CI) policies to make implementation easier.

Software-Defined and Hyper-Converged

Microsoft introduced Storage Spaces Direct (S2D) with Windows Server 2016, and it has been enhanced for this release.

S2D can be deployed in two different and distinct ways.

The first way is modeled after a more traditional architecture in which storage and compute reside in different clusters.

This deployment model makes it possible to scale compute and storage separately as the need dictates.

The second way uses the Hyper-Converged model in which each node in a single cluster contributes both CPU or compute and storage to the cluster.

This more closely resembles vSAN from VMware and the Nutanix model.

Each node in a cluster providing storage must have at least two solid-state drives (SSD) plus four additional drives, either SSD or traditional spinning disk.

The interface to these disks can be SATA, SAS, or NVMe drives attached directly to the PCIe bus.

All disk resiliency is accomplished in software plus compression and deduplication.

Management of S2D can be accomplished by using the WAC, PowerShell, or other traditional tools such as Server Manager and Failover Cluster Manager.

New features for Windows Server 2019 include the use of a USB drive attached to a network switch to act as a witness for a quorum.

This makes it possible to create a two-node S2D cluster for smaller deployments.

Several under-the-covers improvements to enhance cluster operations include cross-domain cluster migration, new cluster infrastructure functionality for both storage and networking, cluster aware updating, and cluster hardening for improved security.

Azure Hybrid Services

It's no secret that Microsoft has somewhat repositioned itself as primarily a cloud company.

On-premises servers are no longer what's "in." Therefore, it makes sense that the company would tie Windows Server as tightly to the cloud as it can, especially since the platform is a dominant player there across multiple virtual infrastructure-capable clouds.

Microsoft Azure has established a solid presence and stands on an equal footing with AWS when comparing services offered.

Here's a list of features targeted specifically at on-premises servers to enable a hybrid solution. Be aware that a few of these capabilities, notably storage and metered transfer, can incur additional costs beyond basic licensing:

  • Azure Network Adapter: This feature is key to multiple other capabilities related to Azure connectivity.

    Configuring a connection is much easier than it used to be as you can now use the WAC.

    With the WAC, it takes just one click to create a point-to-site virtual private network (VPN) connection between a local system and Azure.

    Once that connection is up, you'll be able to take advantage of the other hybrid services focusing on file storage and backup.
  • Azure File Sync: This service lets you create a centralized file share in Azure which caches the frequently accessed files on your local file server.

    Microsoft offers a PowerShell-based Azure File Sync evaluation tool to determine if your system is compatible with the service.

    It specifically checks for file names containing unsupported characters to flag those as incompatible.

    Azure File Sync works with Windows Server 2012 R2 and later versions, and it's a good way for IT admins who already have both a local Windows Server and a cloud instance to build a quick-and-dirty tiered storage infrastructure for extra data protection.
  • Azure Backup: Microsoft provides this service to address cost-effective off-site backup for on-premises servers.

    The WAC provides the necessary management interface to completely control your backup scheduling and the management of backup images.

    All backups use the VSS snapshot feature of Windows to create an application-consistent image.

    Off-site backup is even more important due to the threat of ransomware and other malware.
  • Azure Site Recovery: For disaster recovery (DR), you want the ability to move your existing physical and VMs up to a secondary site.

    Azure Site Recovery, which won Microsoft the Editors' Choice award as a DR-as-a-Service (DRaaS) platform, supports a wide range of scenarios and includes support for Windows and Linux VMs running in VMware and Windows instances, including those on Amazon's AWS cloud.

    Support for non-disruptive testing makes it possible to prove out your failover plan before you actually need it.
  • Azure Monitor and Azure Update Management: These two services make it possible to both monitor and update on-premises servers from Azure.

    The Azure Monitor service monitors applications, infrastructure, and networking, providing a single point for admins to track the overall health of your environment.

    The Update Management...

Microsoft Windows Server 2019 is the latest iteration of Microsoft's venerable operating system (OS), and it brings to the table a laundry list of new and improved capabilities and features.

This release of Windows Server should especially appeal to IT professionals because of the huge number of functional scenarios it can address.

While Windows Server isn't seen on customer premises as much anymore, it's still the most popular server OS, and that's across both on-premises data centers as well as in public clouds where it's widely used in Infrastructure-as-a-Service (IaaS) implementations.

That's why it makes sense that Microsoft is focusing on deepening the relationship between Windows Server and its Microsoft Azure cloud service, evident in this iteration through what's called the "Azure Hybrid Benefit."

To qualify for this benefit, you must be a Microsoft Software Assurance customer with a current contract in place.

The goal of this benefit is to make it financially attractive to move your virtual machine (VM) workloads up to Microsoft Azure.

We'll look at some of the other features added in this release that address the hybrid cloud model as well.

Windows Server 2019 comes in several different flavors to include the most recently released Microsoft Hyper-V Server 2019.

This SKU was released on June 19, 2019 and provides a bare-bones OS specifically tailored to host VMs.

The two primary offerings are Standard and Datacenter.

Windows Server 2019 Essentials rounds out the current SKU list targeted at small businesses with up to 25 users and 50 devices.

Pricing differences are significant between the Datacenter version at $6,155 and the other two SKUs.

Standard retails for $927 per license while Essentials will cost you $501.

What you don't see here is the surcharge for each CPU core required for both Datacenter and Standard editions.

If you plan on hosting more than two VMs on a Standard edition license, then you will need additional Operating System Environment (OSE) licenses.

The Datacenter edition supports an unlimited number of VMs, meaning you pay a larger fee upfront but you can provision as many Windows Server VMs as the system will support.

Installation and Configuration

The installation process for Windows Server hasn't changed in quite some time.

You boot from either a network image or Universal Serial Bus (USB) device and walk through a few installation steps.

Most server vendors have tools to help make this process even easier.

HPE offers its Rapid Setup Software tool delivered on a USB key to help automate and simplify the process as well.

However, most IT operations these days deploy more instances of Windows Server in the cloud than they do onto on-premises hardware.

For this purpose, Microsoft's Azure lets you create a VM from one of their base templates, which is quick once you know what you're doing and what you need the VM to do.

Amazon Web Services ($6,415.00 at Amazon) (AWS) is likely the second most popular destination for Windows Server instances and, while it's not quite as easy to deploy an instance there, it's generally done by creating a VM from an ISO, so it's still fast.

Additionally, with Windows 10 version 1809 as well as Windows Server 2019, Microsoft has introduced the ability to download an ISO containing all Features on Demand (FOD) to make it easier to install for disconnected systems.

This would include most server systems sitting in a data center and not directly connected to the internet.

These are typically installed by using the DISM command from either a command prompt or PowerShell.

OpenSSH is an example of a self-contained FOD, which is distributed in a single .CAB file.

Configuring servers for specific roles can be accomplished by using either the Server Manager tool or PowerShell.

For example, to install the containers feature by using PowerShell, you would issue the following command:

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force

Followed by this command to actually install Docker:

Install-Package -Name docker -ProviderName DockerMsftProvider

This will require a reboot of the server when the installations finish.

Containers

Speaking of containers, they remain one of the most talked about features in both Windows Server and in the cloud.

Microsoft has established a close working relationship with Docker and continues to innovate around the container ecosystem.

One of those innovations coming to future versions of Windows 10, and presumably Windows Server, will use the Windows Subsystem for Linux (WSL) to run Linux containers as opposed to a Hyper-V VM.

Currently, you will need to install the full Docker Enterprise Edition to run Linux VMs.

If you already installed the Community Edition with the commands mentioned earlier, then you will need to remove it and install the Enterprise Edition.

The following commands will do the trick:


First, uninstall Docker CE:

Uninstall-Package -Name docker -ProviderName DockerMSFTProvider

Enable nested virtualization with this command:

Get-VM WinContainerHost ' Set-VMProcessor -ExposeVirtualizationExtensions $true

Finally, install Docker EE, enable the LinuxKit system, and restart the service:

Install-Module DockerProvider
Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview
[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine")
Restart-Service docker


When that finishes, you'll be ready to launch Linux containers.

Don't try to do this on a Windows Server Hyper-V system as the containers role won't work on that SKU.

Group Managed Service Accounts (also known as gMSA) provides a way to give permissions to a container and allow it to run with a prescribed identity on the domain.

Administrators have a plethora of options when it comes to getting their job done.

If you're a command line wizard, then you'll probably turn to PowerShell as it's become the administrative tool of choice for many since its introduction in 2006.

If a graphical user interface (GUI) is more your speed, then rest assured, you still have options.

Server Manager has been around since Windows Server 2012 and has a layout familiar to most IT admins.

It gives you access to both the local server and any other server on your domain, assuming you have the appropriate permissions.

PowerShell has continued to evolve over the years to the point where GitHub now hosts an open-source PowerShell core project for all to see.

It's also cross-platform, meaning you can develop a set of base management tools and run them across Linux, Mac OS, and Windows.

Anyone new to PowerShell will find a plethora of resources available to help get started, plus a wide range of user-contributed scripts to accomplish most any task.

Windows Admin Center (WAC)

Web-based administration is the primary method for managing any Microsoft Azure feature, and it's how Microsoft wants you to manage your on-premises servers as well because, this way, you get the "single pane of glass" experience whether you're managing servers in the closet or in the cloud.

The Windows Admin Center (WAC), formerly known as "Project Honolulu," is a separate download that can be installed on any Windows 10 computer or a Windows Server 2016 or higher server as a gateway device.

You can even make the gateway server publicly accessible, letting you manage from literally anywhere.

Microsoft is actively evolving the WAC with new features and releases are coming at a regular pace.

Much of the new development is focused on building out the higher-end functionality for managing advanced Windows Server features, such as high-availability clusters, Storage Spaces Direct, and more.

The WAC uses an extensibility model for adding new capabilities.

Several original equipment manufacturer (OEM) vendors, such as Lenovo for instance, have taken advantage of the extensibility feature to add management for their systems into the WAC.

Some features, such as the new Domain Name System (DNS) tool, which will make managing DNS properties possible from within the WAC, remain in preview.

OpenSSH

If you're a refugee Linux admin, then it makes sense for you to install a set of familiar tools.

Task one for you then would be to install OpenSSH.

This adoption of this well-known and popular tool is an example of the new Microsoft and its newly inclusive view towards open source.

Unfortunately, that's not without its hurdles.

I went through the steps required to get OpenSSH installed and hit a few snags.

One snag involved a missing feature, which required me to install the .NET 3.5 runtime by using the following command:

DISM /online /enable-feature /featurename:NetFX3 /All /Source:D:sourcessxs /LimitAccess

For this step, I had a USB key loaded with an image of the Windows Server 2019 ISO plugged into a USB port, which the system recognized as Drive D.

Once this was complete, I was able to successfully install OpenSSH and launch the server.

Security Enhancements

Microsoft has been focused on enhancing security across the board in all of their products for quite some time.

Windows Defender Advanced Threat Protection (ATP) has been available for a good while on Windows 10 and other client platforms, and was expanded to cover Windows Server 2016 in version 1803; Windows Server 2019 is also supported.

This service runs in the cloud and continually monitors systems for potential attacks.

Windows Defender ATP Exploit Guard brings to the table a new set of capabilities to directly address specific attack vectors and block known behaviors in malware attacks.

These include Attack Surface Reduction (ASR), network protection, controlled folder access, and exploit protection.

Windows Defender Application Control has been enhanced with default Code Integrity (CI) policies to make implementation easier.

Software-Defined and Hyper-Converged

Microsoft introduced Storage Spaces Direct (S2D) with Windows Server 2016, and it has been enhanced for this release.

S2D can be deployed in two different and distinct ways.

The first way is modeled after a more traditional architecture in which storage and compute reside in different clusters.

This deployment model makes it possible to scale compute and storage separately as the need dictates.

The second way uses the Hyper-Converged model in which each node in a single cluster contributes both CPU or compute and storage to the cluster.

This more closely resembles vSAN from VMware and the Nutanix model.

Each node in a cluster providing storage must have at least two solid-state drives (SSD) plus four additional drives, either SSD or traditional spinning disk.

The interface to these disks can be SATA, SAS, or NVMe drives attached directly to the PCIe bus.

All disk resiliency is accomplished in software plus compression and deduplication.

Management of S2D can be accomplished by using the WAC, PowerShell, or other traditional tools such as Server Manager and Failover Cluster Manager.

New features for Windows Server 2019 include the use of a USB drive attached to a network switch to act as a witness for a quorum.

This makes it possible to create a two-node S2D cluster for smaller deployments.

Several under-the-covers improvements to enhance cluster operations include cross-domain cluster migration, new cluster infrastructure functionality for both storage and networking, cluster aware updating, and cluster hardening for improved security.

Azure Hybrid Services

It's no secret that Microsoft has somewhat repositioned itself as primarily a cloud company.

On-premises servers are no longer what's "in." Therefore, it makes sense that the company would tie Windows Server as tightly to the cloud as it can, especially since the platform is a dominant player there across multiple virtual infrastructure-capable clouds.

Microsoft Azure has established a solid presence and stands on an equal footing with AWS when comparing services offered.

Here's a list of features targeted specifically at on-premises servers to enable a hybrid solution. Be aware that a few of these capabilities, notably storage and metered transfer, can incur additional costs beyond basic licensing:

  • Azure Network Adapter: This feature is key to multiple other capabilities related to Azure connectivity.

    Configuring a connection is much easier than it used to be as you can now use the WAC.

    With the WAC, it takes just one click to create a point-to-site virtual private network (VPN) connection between a local system and Azure.

    Once that connection is up, you'll be able to take advantage of the other hybrid services focusing on file storage and backup.
  • Azure File Sync: This service lets you create a centralized file share in Azure which caches the frequently accessed files on your local file server.

    Microsoft offers a PowerShell-based Azure File Sync evaluation tool to determine if your system is compatible with the service.

    It specifically checks for file names containing unsupported characters to flag those as incompatible.

    Azure File Sync works with Windows Server 2012 R2 and later versions, and it's a good way for IT admins who already have both a local Windows Server and a cloud instance to build a quick-and-dirty tiered storage infrastructure for extra data protection.
  • Azure Backup: Microsoft provides this service to address cost-effective off-site backup for on-premises servers.

    The WAC provides the necessary management interface to completely control your backup scheduling and the management of backup images.

    All backups use the VSS snapshot feature of Windows to create an application-consistent image.

    Off-site backup is even more important due to the threat of ransomware and other malware.
  • Azure Site Recovery: For disaster recovery (DR), you want the ability to move your existing physical and VMs up to a secondary site.

    Azure Site Recovery, which won Microsoft the Editors' Choice award as a DR-as-a-Service (DRaaS) platform, supports a wide range of scenarios and includes support for Windows and Linux VMs running in VMware and Windows instances, including those on Amazon's AWS cloud.

    Support for non-disruptive testing makes it possible to prove out your failover plan before you actually need it.
  • Azure Monitor and Azure Update Management: These two services make it possible to both monitor and update on-premises servers from Azure.

    The Azure Monitor service monitors applications, infrastructure, and networking, providing a single point for admins to track the overall health of your environment.

    The Update Management...

PakaPuka

pakapuka.com Cookies

At pakapuka.com we use cookies (technical and profile cookies, both our own and third-party) to provide you with a better online experience and to send you personalized online commercial messages according to your preferences. If you select continue or access any content on our website without customizing your choices, you agree to the use of cookies.

For more information about our cookie policy and how to reject cookies

access here.

Preferences

Continue