New features for Windows Server 2016-win Ser 2016

Originally thinking that the entire series is related to Active Directory, the previous section we added to the reader's request that the Windows Server 2016 Standard Edition and the data center version of the difference, in view of the reader's doubts, starting from this chapter to supplement three to five 2016 related content, hope can help the needy readers. PS. It is suggested that readers learn the method of learning, learn to search and digest the relevant knowledge points is the first step of learning technology, can chew, good at understanding and according to their own ideas to summarize relevant content to continue to progress; Learn about Microsoft technologies and learn about docs.microsoft.com ( Docs.microsoft.com is a Microsoft technical document, API Reference, code sample, QuickStart, and tutorial home page for developers and IT professionals looking for what they want to learn. More in 51CTO, CSDN, Blog Park and other sites to turn, learning method is very important, so there will be a great harvest.

This chapter gives you a brief look at what's new in Windows Server 2016, as follows:

Calculation:

General: Physical and virtual computers benefit from higher time accuracy due to improvements in Win32 time and Hyper-V timing Synchronization Services. Windows Server can now host services that are compatible with the upcoming rules that require UTC accuracy of 1 Ms.

Hyper-V

Hyper-V New and changed features (this piece we put in separate chapters);

Windows container support adds performance improvements, simplifies network management, and supports Windows containers on Windows 10.

Nano Server

New features for Nano Server. Nano server has an updated module for building Nano server images, including greater separation of physical host and guest virtual machine capabilities, and support for different versions of Windows server.

There are also improvements to the Recovery Console, including inbound and outbound firewall rule separation and WinRM configuration repair functionality.

Guarded virtual machines

Windows Server 2016 provides a new, Hyper-V-based, protected virtual machine to protect any 2nd generation virtual machines from the damaged fabric. The features introduced in Windows Server 2016 are as follows:

The new "Support Encryption" mode provides more protection than normal virtual machines, but is less protective than protection, while still supporting VTPM, disk encryption, live migration communication encryption, and other features, including direct fabric management facilitation (e.g., virtual machine console connection and Powershell Direct).

fully supports the conversion of existing unprotected 2nd-generation virtual machines to shielded virtual machines, including automatic disk encryption.

Hyper-V Virtual Machine Manager can now view the constructs on the protected virtual machines that are authorized to run, giving the construction administrator a way to open the protected virtual machine's key protector (KP) and see if the construct has permission to run on it.

You can convert the proof mode on the running Host Protector service. Now you can switch between a less secure but simpler, Active Directory-based proof and TPM-based proof.

The Windows PowerShell-based end-to-end diagnostic Tool detects error configurations or errors in the protected Hyper-V host and host protector services.

The recovery environment not only provides a way to safely troubleshoot and repair shielded virtual machines in a fabric that is functioning correctly, but also provides the same level of protection as the protected virtual machine itself.

The Host Protector Service supports existing security active directory– to instruct the host Protector service to use an existing Active Directory forest as its Active Directory instead of creating its own Active Directory instance

Identity and access control:

New features in identity improve the organization's ability to protect Active Directory environments and help them migrate to cloud-only deployments and hybrid deployments where some applications and services are hosted in the cloud, while others are hosted locally.

Active Directory Certificate Services:

Active Directory Certificate Services (AD CS) in Windows Server 2016 adds support for TPM key proofs: You can now use a smart card KSP for key attestation, and non-domain-joined devices can be registered with NDES for proof of TPM The certificate in the key.

Active Directory Domain Services:

Active Directory Domain Services include improvements that help organizations protect Active directory environments and provide a better identity management experience for corporate and personal devices.

Active Directory federated Authentication Service:

New features in the Active Directory Federation Service. The Active Directory Federation Service (AD FS) in Windows Server 2016 includes new features that enable you to configure AD FS to authenticate users who are stored in the Lightweight Directory Access Protocol (LDAP) directory.

Web application proxy:

The latest version of WEB application proxy focuses on new features for publishing and pre-authentication for more applications, as well as an improved user experience. View a complete list of new features, including pre-authentication for rich client apps such as Exchange ActiveSync, and wildcard domains for easier publishing of SharePoint apps.

Management:

Windows PowerShell 5.1 includes important new features, including new security features that enable the use of classes for development, extensibility for their purposes, and increased usability, and allows you to more easily and comprehensively control and manage your Windows-based environment.

New features in Windows Server 2016 include running PowerShell.exe locally on the Nano server (no longer limited to remote), adding a Local Users and Groups cmdlet to replace the GUI, added PowerShell debugging support, and added Support for security logging and scripting in Nano Server and JEA.

Here are some other new management features:

PowerShell expectation State configuration (DSC) in Windows Management Framework (WMF) 5:

Windows Management Framework 5 includes updates to Windows PowerShell expected state configuration (DSC), Windows Remote Management (WinRM), and Windows Management Instrumentation (WMI).

Packagemanagement Unified package Management for software discovery, installation, and inventory:

Windows Server 2016 and Windows 10 introduced a new Packagemanagement feature (formerly known as Oneget) that allows IT pros or developers to make software discovery, installation, inventory (SDII) local or remote automatically Regardless of the installation technology or where the software is located.

PowerShell enhancements to help with digital forensics and reduce security vulnerabilities:

To help teams responsible for investigating compromised systems (sometimes called "Blu Team"), we have added additional PowerShell logging and other digital forensics capabilities, and have added features to help mitigate vulnerabilities in scripting, such as restricted PowerShell and security codegeneration Api.

Internet:

Software-defined networks:

You can now map and transfer traffic to new or existing virtual devices. Used in conjunction with distributed firewalls and network security groups enables you to dynamically segment and protect workloads in a way that is similar to Azure. Second, you can use System Center Virtual Machine Manager to deploy and manage the entire software-defined network (SDN) stack. Finally, you can use Docker to manage Windows Server container networks and associate SDN policies with virtual machines and containers.

TCP Performance Improvements

The default initial Congestion window (ICW) has been increased from 4 to 10 and TCP fast Open (TFO) has been implemented. TFO reduces the time required to establish a TCP connection, and the increased ICW allows large objects to be transferred in the initial burst. This combination can significantly reduce the time required to transfer Internet objects between the client and the cloud.

In order to improve TCP behavior, we implemented TCP tail loss detection (TLP) and the latest acknowledgement (RACK) when recovering from packet loss. The TLP helps convert the forward time-out (RTO) to fast recovery, while RACK reduces the time required for fast recovery to retransmit lost packets.

Safety and Security:

Just Enough administration:

Just enough administration in Windows Server 2016 is a security technology that enables delegated management of any content that can be managed by Windows PowerShell. Features include support for running under Network identities, connecting through PowerShell Direct, securely copying files to a JEA endpoint, or securely copying files from a JEA endpoint, and configuring the PowerShell console to start by default in the JEA context.

Credential Guard:

Credential protection uses virtualization-based security to isolate keys so that only privileged system software can access them.

Remote credential Guard:

Credential Guard includes support for RDP sessions so that user credentials can remain on the client and not exposed on the server side. It also provides a single sign-on experience for remote desktops.

Device Guard (Code Integrity):

Device Guard provides kernel-mode code integrity (KMCI) and user-mode code integrity (UMCI) by creating policies that specify which code can run on the server.

Windows Defender:

By default, Windows Server Antimalware is installed and enabled in Windows Server 2016, but the user interface for Windows Server Antimalware is not already installed. However, Windows Server antimalware updates the antimalware definition and protects the computer without a user interface. If you need the user interface for Windows Server antimalware, you can use the Add Roles and Features wizard to install it after the operating system is installed.

Control Flow Protection:

Control flow Protection (CFG) is a platform security feature designed to prevent memory corruption vulnerabilities.

Store:

Storage in Windows server 2016 includes software-defined storage and new features and enhancements for legacy file servers.

Storage Spaces Direct:

Storage Spaces Direct allows you to build high-availability and scalable storage by using servers that have local storage. This feature simplifies the deployment and management of software-defined storage systems and allows new disk devices, such as SATA SSDs and NVMe disk devices, to be used without the use of shared disks in the previously clustered storage space.

Storage copy:

Storage replicas Enable storage-agnostic block-level replication between individual servers or clusters for disaster recovery and failover cluster expansion across sites. Synchronous replication supports mirrored data in physical sites and volumes that are consistent at crash time to ensure that data loss at the file system level is zero. Asynchronous replication allows site extensions that are beyond the metropolitan range and that may have data loss.

Service Storage Quality (QoS):

You can now use storage quality of service (QoS) to centrally monitor end-to-end storage performance and create policies using Hyper-V and CSV clusters in Windows Server 2016.

Failover cluster:

Windows Server 2016 includes new features and enhancements for multiple servers that use the Failover Clustering feature to combine into a single fault-tolerant cluster.

Cluster operating system rolling upgrade:

Cluster operating system rolling upgrade allows an administrator to upgrade a cluster node's operating system from Windows Server R2 to Windows Server 2016 without disrupting the hyper-V or scale-out file server workloads. Use this feature to avoid loss of downtime for service level agreements (SLAs).

Cloud Witness:

Cloud Witness is a new type of failover cluster quorum witness in Windows Server 2016 that takes Microsoft Azure as the quorum point. Like any other quorum witness, the cloud witness gets a vote and can participate in the arbitration calculation. You can use the Configure Cluster Quorum wizard to configure a cloud witness as a quorum witness.

Health Service

The health service improves the daily monitoring, operations, and cluster resource maintenance experience on storage spaces direct clusters.

Application development:

Internet Information Services (IIS) 10.0

The HTTP/2 protocol is supported in the network stack and is integrated with IIS 10, which allows the IIS 10.0 Web site to automatically provide services for HTTP/2 requests for supported configurations. This has a lot of enhancements compared to http/1.1, such as more efficient reuse of connections and reduced latency, and faster loading of web pages.

The functionality of IIS 10.0 is run and managed in the Nano Server.

Wildcard host headers are supported, enabling administrators to set up a Web server for a domain and then have the Web server serve requests from any subdomain.

A new PowerShell module (iisadministration) for managing IIS.

Distributed Transaction Coordinator (MSDTC):

The resource manager can use the new interface that is re-joined by the Explorer to determine the results of pending transactions after the database restarts due to an error restart. For more information, see Iresourcemanagerrejoinable::rejoin.

The DSN name limit is extended from 256 bytes to 3072 bytes. For more information, see Idtctoxahelperfactory::create, Idtctoxahelpersinglepipe::xarmcreate, or idtctoxamapper:: Requestnewresourcemanager.

With improved tracking, you can set a registry key to include the image file path in the trace log file name so that you can tell the trace log file that you want to check.

New features for Windows Server 2016-win Ser 2016