Originally posted 24 January 2016
On Tuesday and Wednesday last week I spent two days at Microsoft’s 2016 Cloud Roadshow.
Through a series of sessions, Microsoft shared their vision of Cloud and Windows Server 2016 (as well as Windows 10, Office 365 etc). And I must say I left with a fantastic impression of both the latest improvements either live today or coming soon to Azure, and a real desire to start playing with Server 2016.
I’d like to share some of my thoughts from some of the sessions (and if you happen to follow me on Twitter you will have had a live blog of some of the sessions almost!)
For those in Europe, the roadshow will be coming to London on the 29th February, and more details can be found online: https://www.microsoftcloudroadshow.com/cities
Azure:
- Azure is running from over 100 data centers worldwide, supported by almost 2 million servers
- 20% of Azure’s VMs are Linux
- An Azure data center has a minimum of 30 racks of storage
- 1,400,000 SQL databases running in Azure
- 425,000,000 AD users in Azure
Microsoft Azure Stack:
Coming with Server 2016 is ‘Azure Stack’. Instead of just Hyper-V and SCVMM, it will be possible to run the same software stack as runs Azure. This will bring the same web based management tools that you use on Azure to your own private cloud, as well as what looks to be very seemless integration for a Hybrid Cloud environment.
Microsoft Operations Server Manager:
The new OSM web based server management tool definitely looks to have aspirations to replace your SIEM to me – it pulls in event data from all Windows servers as well as firewalls and can present a view of all potential performance, operations and security issues.
Microsoft Advanced Threat Analytics:
Another Security Tool, focused specifically on combining data from Windows Servers (via your existing SIEM tool) and providing out the box correlation of Windows events looking for suspicious behaviour. In a demo shown at the event it detected a potential hack via stolen credentials and un-authorised escalation of privileges. It can then feed this data back in to your SIEM – effectively providing an in depth level of intelligence behind your event logs more than your average SIEM can do.
Advancements in Active Directory:
AD (at least Azure AD for now) will be able to provide built in two factor authentication, in theory making it easier to bring two factor authentication to your own applications, directly via AD.
‘JEA’ – Just Enough Administrator rights. Based through Powershell only, a way to provide highly granular restricted administration rights to users. MS presented a clear vision of not having people log in to servers, with only remote management. Right now JEA just applies to Powershell, but could scale out to graphical tools in the future. Linked with this, but with wider scope is Just in Time rights, based on a web portal that will allow users to request their limited admin rights to a server, that then has an approval workflow and grants the user rights for a specific time-frame only.
Server 2016:
A big topic here! There’s a lot of new stuff coming here, but here are some of my highlights:
Nano Server: Nano Server is a new highly cut down version, that can run in a footprint of around 400MB. This smaller surface has resulted in internal MS testing of far less patches required, and considerably less reboots.
Nano Server has limited scope, and isn’t designed to be able to run all your legacy apps. However, it does partner very well with Microsoft’s new Containers, or running infrastructure features such as Hyper-V, DNS Servers, and hopefully by release time AD servers.
It is a 100% remote management only, via Powershell, Server Manager, or most interestingly the new (currently in internal release only in MS) Remote Server Management Tool. Indeed, to look locally, there is only a basic diagnostic system to look at configured IP addresses in an almost Linux appliance like shell.
Containers: Microsoft does containers now! Now running in 2016 TP4, MS Containers are supported on all versions from Nano to Full (although really targetting Nano-Server as the ideal platform). Docker is supported for management and deployment as well. There is also something that will be coming to Azure (currently in technical preview only as well) that to me looked like ‘Containers as a Service’ – in Azure you can deploy a fixed set of servers to run your Containers, currently based on Ubuntu Linux but with Windows 2016 planned, that deploys a stepping stone server, three servers running management tools, and a dynamic number of container host VMs.
Micro-Services: linked to a clear MS vision here with Nano Server and Containers are a drive towards Micro-Services. MS has a new management platform / framework, Azure Service Fabric for managing and deploying Micro Service based applications. They have some great plans here, including zero down-time rolling updates for stateless and stateful Micro Service applications.
RSMT: a new web based management tool that can manage all your servers from Azure to internal, Nano Server to full GUI versions. Through the tool users can access all the normal sort of features they would expect, opening a Powershell window, Services, Cluster Manager, AD etc.
Software Defined Network: this is an area where it looks like a lot of improvements have been made to the network stack, but it still has a way to go I would say – it didn’t strike me as mature as NSX for instance, and even now still doesn’t provide the functionality we have in our own environment with the Cisco Nexus 1000v virtual distributed switch add in for 2012 R2.
Azure Load Balancing is now available in 2016, although this is limited to L3 load balancing still and doesn’t offer any L7 or even L4 features. Interesting MS themselves are using the A10 virtual load balancer for all Microsoft Live ID authentications.
The new software defined FW is a big step forwards though, and although MS say it won’t replace a HW edge firewall all together for big enterprises, I can see it actually doing this for some internal private clouds – a comprehensive set of features were presented, along with some impressive performance figures.
VM Security: a few new features are now introduced, including Shielded Virtual Machines. This is mainly applicable in a multi-tenant environment, and allows a tenant admin to prevent access to the VMs, or the data on them, from the overall environment administrator. It utilises a new Azure Key Store to store key material, Bit Locker for encrypted disks, and a new Host feature to also allow VMs to be restricted to specific hosts only. This should be supported in both Azure, Azure Stack and Hyper-V in Server 2016.
Software Defined Storage: Some noticeable improvements here, some features were appearing in 2012 R2 but far more mature in 2016. Storage Spaces already exists in 2012 R2, but has a lot of improvements in Azure Stack. It allows you to use local disks in each server to build your CSVs and distribute your VMs across, removing a SAN or NAS. And the performance figures shown are very impressive – a 4 node cluster with each node having 2 SSDs and 4 HDDs was returning 650,000 IOPs, split 70/30 reads and writes. 2016 brings improved Storage QoS as well.
There are also improvements in SMB Security, Deduplication, ReFS performance (I haven’t used ReFS in 2012 R2, but now I’m definitely tempted with some drastic performance increases on some operations).
Storage Replica is another interesting technology introduced, with block-wise replication of volumes, with a demonstrating showing the automated recovery of VMs on to a different host, with the underlying VHD volume having a Storage Replica replication to a different server.
StorSimple is also an interesting product, allowing an easily deployable Hybrid Cloud storage approach, with a local appliance with replication to cloud storage. Based on iSCSI on your local private cloud, with internet or ExpressRoute (the dedicated link to Azure data centres) connectivity to replicate all traffic to the cloud for backup, or indeed a full DR environment cloud based. They demonstrated some compelling price comparisons based on a 60TB array. The devices themselves are being made by Seagate.
I’ve spent my weekend playing with some VMs, getting a nano server working etc and having fun being a bit geeky! And I’m left with a very positive impression, especially considering this is still only TP4 with months to go before the production release!
Adam's Thoughts 
Leave a comment