Virtualization is a bedrock of modern cloud environments.
Hypervisors manage the virtual machines in a cloud environments, providing six fundamental features, as shown in the table below.
1 Hypervisors provide CPU and Memory to the virtual machines they manage.
2 Hypervisors provide time slices to their virtual machines.
3 Hypervisors provide virtualized networking for their virtual machines.
4 Hypervisors isolate each virtual machine from every other virtual machine, unless the
administrators want to share files among virtual machines.
5 Hypervisors virtualize the peripherals, so that the same virtual machine can run on different
hardware.
6 Hypervisors provide virtual storage to their virtual machines.
When a virtual machine (VM) is built to replace an existing stand-alone machine, the VM may not run well, and sometimes, not at all. Some hypervisors will not allow any VMs to have full access to the CPU
instruction set. Thus, the ability to more fully utilize hardware capabilities while also offering the scalability to avoid performance problems is a desired feature of a hypervisor. Also, being able to cluster virtualization
hosts and migrate their VMs can offer better disaster planning and also reduce downtime that is often caused by maintenance tasks, such as patching. Another desired feature, which can significantly reduce
administrator workload, is to be able to rapidly deploy new VMs, especially using scripting methods.
Microsoft's Virtualization Strategy with Server 2016 Hyper-V
In previous Hyper-V versions, Microsoft has added storage, networking, and compute services to better enable Hyper-V to support a fully-featured software-defined data center. With Server 2012 and 2012 R2, they
introduced IPAM (IP Address Management), Storage Spaces, and multi- tenant site-to-site VPNs.
IPAM is an integrated suite of tools to enable end-to-end planning, deploying, managing and monitoring of your IP address
infrastructure, with a rich user experience. IPAM automatically discovers IP address infrastructure servers on your network and enables you to manage them from a central interface.
Storage Spaces provide RAID-like capabilities, such as fault tolerance, striping, and even storage tiers at the software level.
Server 2016 Hyper-V introduced Storage Replicas, which provide block-level replication between locations. Storage Replicas are intended primarily for disaster prevention, such as the ability to restore service to an alternate data centers with minimal downtime or data loss. Using Storage Replicas, you can shift services to an alternate site prior to a disaster occurrence such as a major storm. Storage Replicas use stretch clusters, which are clusters separated over long distances geographically. By leveraging Storage Replica, the cluster storage can be replicated synchronously between sites in order to minimize downtime due to the loss of a corporate data center. Since Storage Replicas use block
storage, the alternate site must also have the same disk/RAID structure as the primary site.
Storage Replicas are not panaceas, as using existing services, such as Active Directory and Exchange Server are built to handle global
replication, and Hyper-V Replica and SQL Server AlwaysOn Availability Groups are tailored for a specific use case. To use Storage Replicas, you must also enable its required networking ports on your firewall.
Security Improvements
The new 2016 Hyper-V security features are intended to protect your VMs from multiple potential attack vectors, like malware and fellow
administrators overstepping their management roles. A lack of corporate trust has prevented many proposed cloud adoptions. The 2016 Hyper-V efforts hope to show that cloud solutions offer comparable -- if not better -- security to your on-premises data center.
Server 2016 also introduced Shielded VMs, which enable you to protect a guest VM from the administrator of the host server. With Shielded VMs the administrator of the host server can start or stop Shielded VMs, but cannot change the configuration, see inside the virtual disks, or see what processes are running within the guest OS. Shielded VMs are an ideal solution for large hosting environments that don't want their management team to be able to see inside customer VMs. Shielded VMs are also ideal for any industry where separation of duties or need-to-know policies must be strictly enforced.
A Trusted Platform Module (TPM) is a hardware capability in modern computer systems that can enable important security features within supporting OSes. Server 2016 allows a Virtual TPM to be enabled and
configured for your VMs. Using the Virtual TPM, you can enable BitLocker encryption for entire guest VMs. BitLocker encryption can help prevent unauthorized access to the system or files contained within the virtual hard drives.
Management Improvements in Server 2016
Server 2016 can improve resource allocation between VMs, or even a group of VMs belonging to a particular customer. Distributed Storage QoS can improve Storage QoS capabilities to enable monitoring and to enforce performance thresholds on customer VMs rather than individual VMs.
Distributed Storage QoS provides customers with an extra level of freedom so that customers can ramp up the workload of one of its own VMs at the cost of its other VMs without impacting another customer’s VMs hosted on the same Hyper-V server.
Another feature, Host Resource Protection, is a heuristics-based system used to identify abnormal access patterns of access that are abnormal and often seen in malicious activities. Host Resource Protection can identify and throttle these systems in order to protect other VMs on the system.
Improvements in Storage and Cluster resiliency are new tweaks to how certain situations are handled. In previous versions of Windows Server, a VM would likely crash if connectivity to its storage were lost. In Windows Server 2016 the VM is simply suspended after 60 seconds of lost connectivity. Once access to the storage is regained the VM is resumed automatically.
Similarly, cluster nodes will go into an isolated state for four minutes if unable to communicate with the rest of the cluster. If cluster connectivity is unavailable for four minutes, VMs are failed over to another node. If a
node is unable to maintain a connection with the remainder of the cluster, VMs will be failed over and the node will be quarantined.
Many new 2016 Hyper-V features are also tweaks for the day-to-day operation of VMs. Four important new capabilities are:
1. Server 2016 can now adjust VM memory allocations while the VM is running.
2. Network adapters can be added or removed without shutting down the VM.
3. Checkpoints are now fully supported. Checkpoints use Volume Shadow Services instead of a saved state, resulting in many enterprise systems recognizing the action as if it were a traditional backup
operation.
4. PowerShell Direct can now be used to directly reference a guest VM without the need for PowerShell remoting or even network connectivity.
Microsoft has carefully listened to the concerns that many IT professionals have voiced. They have made aggressive improvements to their Windows Server Hyper-V virtualization platform. The changes have been done to protect Microsoft customers even from their own hosting environment, whether that be Microsoft or a third party. It's a good precedent to set, and cloud users, planners, managers, and professionals, hope that Microsoft continues improving its premier virtualization platform for years to come.
