Last November, our most innovative, secure, and performant release to date was made generally available: Windows Server 2025. Incorporating input and feedback from customers, our Windows Server engineering team delivered a release that can enable customers to safeguard their data and infrastructure, handle their most demanding workloads, and help enhance their operational flexibility and connectivity, all with advanced security, cloud agility, and improved performance. As we continue to build and innovate, our team looks forward to engaging and learning from you at every opportunity to help ensure Windows Server continues to enable customers to accelerate innovation in their businesses.

As we reflect on over 30 years of innovation and our most recent release, we are thrilled to invite you to the Windows Server Summit 2025, held on April 29th and 30th on Microsoft Tech Community. This is a premier event for Windows Server professionals eager to stay involved and ahead of the curve. This year’s summit features a lineup of sessions designed to provide deep insight into the latest innovations and best practices in Microsoft Windows Server and Azure.

How to sign up

This event does not require registration, but you should be a member of Microsoft Tech Community to join us live and ask questions via chat during the sessions. We have tons of great content spanning two days, April 29—30th, each day starting at 7 AM PST. Visit this page for details on how to join and add the event to your calendar

Microsoft Tech Community

Meet the experts

You will have the opportunity to meet Windows Server engineering leaders, including Ian LeGrow, CVP PM. Ian leads the Operating Systems Division product management team, responsible for Windows Server and all Windows-based OS at Microsoft. Throughout the event, product managers will share how they have taken your feedback to deliver improved features and one of our most innovative and secure releases of Windows Server yet. They will also provide an exclusive look behind the scenes at what’s coming next in Windows Server, Azure, and hybrid cloud innovations.

Session highlights

After the keynote, you can listen or watch all the way through or pick and choose from mostly 30-minute sessions according to your interests. Here is a small sample of the sessions we have planned:

• Upgrades made easy with Windows Server 2025: Discover why Windows Server 2025 is the easiest version to upgrade ever. Join Rob Hindman and Jeff Woolsey as they delve into media upgrades and feature updates.
• Securing Active Directory: Join Active Directory Program Manager Cliff Fisher for a deep dive into new security features, policies, and defaults for Windows Server 2025. Learn about the new Windows Local Administrator Password Solution (LAPS) features, Delegated Managed Service Accounts, and more.
• Windows Server Hyper-V Architecture, features, GPUs, and more! Explore the new GPU partitioning innovation in Windows Server 2025 Hyper-V. This session will cover use cases and hardware considerations.
• Modernize server management and connectivity with Azure Arc: Connect Windows Servers across hybrid, multicloud, and edge environments to Azure. This session will showcase connectivity options and highlight Azure capabilities focused on SCCM modernization.
• What’s next for advanced storage: Discover the major improvements to storage in Windows Server 2025 and get a sneak peek at innovations like Native NVMe (nonvolatile memory express) and rack-aware clustering.
• Fine-tuned host networking for Windows Server 2025: Transform your network setup and management for Windows Server 2025 clusters with Network ATC and Network HUD. Learn how to achieve peak network performance for your workloads with AccelNet.
• SDN magic—Windows Server 2025 innovations: Uncover the power of software-defined networking on Windows Server 2025, including effortless deployments with native SDN (Software-defined networking) and enhanced security posture for your applications.
• Harden security and build resiliency with Windows Server 2025: Stay up-to-date with the latest security features and best practices for securing Windows Server. Learn about Microsoft Defender for Cloud and more.
• Hotpatching and update management for Windows Server with Azure Arc: Learn about the popular new hotpatching feature in Windows Server 2025 and watch demos on managing updates with Azure Arc.
• The Support Case Files—Windows Server troubleshooting tips: Join our Windows Server support engineers as they break down your most requested support cases.
• From on-premises to cloud with Azure File Sync: Learn how to use Azure File Sync to employ hybrid topologies and migrate seamlessly from on-premises to cloud.

Don’t miss out!

Windows Server Summit is a special virtual event with a community-driven, educational focus, and Microsoft engineers as featured speakers. While most of the sessions are advanced and assume good Windows Server experience, you will get something out of this event, whether you are a seasoned IT professional or just starting your journey. We hope you will join us live so you can participate in the Q&A, but if you cannot, sessions will be available on demand a few days after the event. Sign up now and join us for two days of learning together.

Microsoft Windows Server

Protect, adapt, and innovate with Windows Server

Try today

The post Join us at Windows Server Summit 2025 and learn more about our latest innovations! appeared first on Microsoft Windows Server Blog.

Stay ahead of the curve and learn about the latest innovations and best practices in the world of Windows Server. Session recordings from the Windows Server Summit 2024 virtual event sponsored by Intel^® are available on-demand.

Designed for experienced IT professionals and IT leaders, the event will help deepen knowledge and skills of Windows Server and managing Windows Server workloads in hybrid cloud environments. The event includes talks by Microsoft product engineers, Intel® experts, and Microsoft Most Valuable Professionals (MVPs) sharing insights and tips to get the most out of Windows Server. You won’t want to miss the sneak peek of exciting features and enhancements coming in Windows Server 2025, the next major release of Microsoft’s server operating system!

Windows Server Summit

Recorded presentations available on-demand

View sessions today

Windows Server Summit has been an annual virtual event for the past three years. This year we responded to feedback on this popular event by including more demos and deeper technical content. All sessions are presented by Microsoft engineering teams and technical leaders from Intel® as well as our highly skilled Microsoft MVPs. Here are some examples of our expert content:

Windows Server 2025 preview

Did you catch the Microsoft Ignite 2023 session with Jeff Woolsey and Elden Christensen in matching purple shirts? That was still early days—there is more to share! In his Windows Server Summit session, Elden will provide an overview of all the new features and improvements to expect in Windows Server 2025 when released in late 2024.

Did you know that while you are playing Xbox at home, the team supporting the backend services uses Hotpatch? Find out how they do it in our session with Vishal Baja and Viraj Desai from Windows engineering and Tim Dreyling from Xbox networking teams.

Is software defined networking (SDN) your thing? You won’t want to miss Cindy Wan, Anirban Paul, Kyle Bisnett, and Samuel Liu of the SDN team for their demo bash session—including how to use upcoming Azure Kubernetes Services (AKS) and network security enhancements.

Are you looking for ways to prepare for AI? Afia Boakye and Nicole Bourain from the core operating system (OS) virtualization team will dive into new features in the Windows Server and Azure Stack HCI covering GPU failover clustering and new GPU partitioning (GPU-P) for GPU virtualization.

Security and hardening Windows Server

What are your thoughts on NTLM? Join Ned Pyle as he walks you through the evolution of Windows Authentication with Windows Server 2025 updates to NTLM and Kerberos improvement.

Eric Woodruff, Security MVP, is sharing his expertise with sessions on taking steps to secure Windows Server Active Directory with the Security Compliance Toolkit and Center for Internet Security (CIS) Benchmarks as well as a session specific to protecting your server from management plane attacks.

Microsoft understands not every server is running the latest version of Windows Server. Still, keeping your servers secure is vital. Join Principal Product Managers Poornima Priyadarshini and Jason Leznek to learn how Azure Arc extends the Azure control plane to on-premises servers and take advantage of Extended Security Updates (ESUs) on a flexible monthly billing model with keyless activation.

Windows Server hybrid and cloud

Are you running Windows Server on-premises or at the edge? Learn how you can leverage Azure automation, PowerShell, run command, and many other Azure management solutions for your on-premises Windows Servers. Thomas Maurer, Senior Program Manager and Chief Evangelist Azure Hybrid, and Ryan Willis, Product Manager for Azure Arc, will share how to automate your on-premises Windows Server from the cloud using Azure Arc.

Upgrades and migrations

Want to understand the details of Windows Server upgrade and update processes? We have the core team responsible front and center to walk you through the “how” and “when” of updates—including the upgrade path from Windows Server 2018 to Windows Server 2025.

Gregor Reimling is a rare, dual category MVP in Azure and Security. He will share his best practices for a successful Azure migration starting with the Cloud Adoption Framework (CAF) and look at the Azure Migrate and Modernize program.

Windows Server best practices

Fady Azmy, Program Manager for Windows Server will share practical strategies and best practices for using containers to boost efficiency and simplify deployment while maximizing resource utilization for Windows Server applications.

Interested in host networking on the edge? Join Basel Kablawi, Product Manager for network data plane, and Anirban Paul, Principal Product Manager, as they share what’s new and exciting in networking for Windows Server, highlighting Network ATC, Network HUD, and Accelerated Networking.

Be sure to watch these and other great sessions from our expert speakers!

The post Check out Microsoft Windows Server Summit 2024 appeared first on Microsoft Windows Server Blog.

Would you like to avoid spending your weekends patching servers? The new Hotpatch feature in Windows Server 2022 Datacenter: Azure Edition addresses this pain point—it can reduce many IT teams’ headaches including reboot failures and coordinating multitier workloads. It increases productivity and end-user uptime and can reduce the vulnerability window that would result if an update is delayed.

To demonstrate how Hotpatching works, we’ve brought in an example from our very own Xbox team. In this article you’ll learn how Microsoft has been using Hotpatch with Windows Server 2022 Azure Edition to substantially reduce downtime for SQL Server databases running on Windows Server Azure virtual machines on an important set of backend services for the Xbox network.

Windows Server 2022

Run business critical workloads in Azure, on-premises and at the edge.

Discover more

What is Hotpatch?

Hotpatch for Windows Server 2022 Datacenter: Azure Edition allows you to apply every month’s “patch Tuesday” security updates, but does not require the server operating system to restart two out of three months.

While Hotpatch has been available on the Server Core option of Windows Server 2022 Azure Edition for some time, it has just become available in summer 2023 for the more widely used Desktop Experience option. You can see a demo of it in this on-demand session from Ignite.

Here’s what’s great about it:

• Higher availability and fewer restarts.
• Faster deployment of updates because the packages are smaller, install faster, and have easier patch orchestration using Azure Update Management.
• Better protection because the Hotpatch update packages are scoped to Windows security updates that install faster without restarting.

 When you enable Hotpatch, a baseline Cumulative Update is applied to the server. This update does require a reboot. After this point, your team can update easily, with fewer restarts, which can greatly reduce any vulnerability window. Check out this release documentation for details on the Hotpatch calendar.

How the Xbox network team uses Hotpatch

The Xbox network relies on several critical backend services hosted in SQL Server databases running on Windows Server Azure virtual machines. There are 18 different services hosted in this manner, with some services handled by two SQL Servers and others up to 120 SQL Servers. Some of these workloads have been in production for 15 years.

Of course, when you’re running backend services for a group of passionate gamers like Xbox network customers, it’s imperative to patch and restore services with as little downtime as possible.

Approximately 1,000 servers hosting these services started their journey on physical hardware when the services were first deployed, and more than 15 years later, through a process of rolling upgrades and migration, are now running in Azure hosted as infrastructure as a service (IaaS) Virtual Machines (VMs). According to senior service engineer Tim Dreyling, the team has found it “magnitudes easier to manage Windows Server on Azure VMs, over relying on data center support to address ‘machine’ issues.”

After migrating the backend Xbox network services from the earlier version of Windows Server 2022 Azure Edition to the version that supported Hotpatch, the team that supported these specific backend services went from an update cycle every month that could take weeks of careful orchestration to being able to apply Hotpatch updates across a fleet of nearly 1,000 servers in less than 48 hours two months out of every three.

“As a database administrator (DBA) this is the biggest thing to increase our service reliability and uptime since SQL Server Availability Groups were introduced with SQL Server 2012,” says Tim.

Hotpatch with Windows Server 2022 Datacenter Azure Edition isn’t just used with SQL Server with Xbox network backend services, but is also used on IaaS VMs running Active Directory DS Domain Controllers and VMs hosting web services roles.

While your services might not have the complexity and scale of the Xbox network, we think you’ll quickly see the Hotpatch advantage of minimizing reboot downtimes while ensuring the services you host are reliable, protected, and available.

Hotpatch is currently available on Azure Edition (see below for details), but the team has more innovations in the works, and many ways to access cloud innovation in your hybrid cloud environment by connecting your servers to Azure Arc.

In case you weren’t able to join us at Ignite, you can watch two Windows Server-focused sessions on-demand. These talks cover Hotpatching and the Xbox example discussed above, along with a number of new and upcoming features for our Windows Server and SQL Server customers:

1. Do More with Windows Server and SQL Server on Azure—Bob Ward, Principal Architect in the Azure Data team, and Jeff Woolsey Principal PM Manager in Windows Server, do a quick-fire session with descriptions of the latest innovations across these technologies.
2. What’s New in Windows Server v.Next—Elden Christensen, Principal Group PM Manager, joins Jeff Woolsey to explain and demo the features that our engineering team is working on for the next Windows Server.

If you’re interested in being hands-on and trying what’s coming next for Windows Server, you can get early access to the latest features in the works by joining the Windows Insider program.

Learn more about Windows Server and Hotpatch

• Try the latest versions of SQL Server and Windows Server 2022 on Azure.
• You can find out more about Hotpatch for Windows Server 2022 Datacenter: Azure Edition in the documentation and in this blog post.
• Download the image here to get the new edition with Hotpatch (Azure account required).

The post How Hotpatching on Windows Server is changing the game for Xbox appeared first on Microsoft Windows Server Blog.

That’s right, you’ve guessed it, aside from all the great product and feature updates at the conference, we’re also going to have an awesome customer appreciation party on Tuesday evening, November 5, 2019. Visit the Windows Server booths to find out how to register.

So, what else is going on with Windows Server at Ignite? It’s all about modernization. We want to make sure you’re equipped to modernize your server management with Windows Admin Center, your re-imagined server management option that centralizes and simplifies previous Windows Server management tools. We also want to arm you with the information you need to migrate off of Windows Server 2008 before the end of support on January 14, 2020. Our unbeatable offers like Extended Security Updates and Azure Hybrid Benefit will get you to Azure at no additional charge above the cost of running Azure Virtual Machines. Check out the full list of sessions below!

Don’t miss speakers like Jeff Woolsey, Ned Pyle, Bernardo Caldas, and Cosmos Darwin as they take the stage and dive deep on Windows Server 2019, Windows Admin Center, Windows Server 2008 End of Support, and Azure Stack HCI.

You can begin creating your personalized Windows Server schedule at Ignite this year by copy and pasting the event code (starting with BRK, THR or WRK) into the session scheduler. The Windows Server team is very excited to meet you there. See you soon!

Windows Server Schedule for Ignite 2019 – Breakout (BRK), Theater (THR), and Workshop (WRK) sessions

The post All you need to know about Windows Server at Ignite 2019 appeared first on Microsoft Windows Server Blog.

Containers have become synonymous with application modernization, and Kubernetes has become the leading solution for orchestrating containerized applications. With Windows Server version 1709, Windows now has parity with Linux for Kubernetes networking from a platform perspective. At the same time, we are looking to expand the Kubernetes ecosystem so that Windows worker nodes and services running .NET, ASP.NET, IIS, and other Windows apps can be orchestrated by Kubernetes.

Today, I’m excited to announce our partnership with Tigera to contribute towards Project Calico for Kubernetes. Calico is a community based, free and open source solution, maintained by Tigera, that is designed to simplify, scale and secure networks and services managed by Kubernetes. It solves a major pain point for developers and DevOps teams by enabling them to manage the complexity of defining, configuring and securing networking topologies for applications and mapping those policies to the underlying fabric. Microsoft is extending Calico’s functionality to support Windows Server version 1709 by contributing code for the Calico data plane driver (Felix) so that it can manage network policy on Windows Server worker nodes.

The Felix data plane driver runs on every K8s node and is responsible for programming ACLs, and routes, to provide the desired connectivity and security to container endpoints and services. An orchestrator plugin for Kubernetes enables users to specify their policy using Kubernetes network policy syntax with Calico, completed through the Felix data plane driver. A richer set of policy is available through Calico directly.

On Windows, the Felix data plane driver interfaces with the Windows Host Networking Service (HNS) and takes the network policy received from Calico/Kubernetes and invokes the HNS APIs to add them as ACL policies. HNS then programs the Virtual Filtering Platform (VFP) Hyper-V switch extension, roughly analogous to iptables in Linux, which enforces these policies in the Windows data path.

The result of this work is that users running mixed OS (Linux and Windows) Kubernetes clusters can now define and manage network policy in a consistent manner to secure their containerized applications and microservices. Previously, network policy enforcement for container endpoints could not be managed on Windows nodes even though the platform itself (VFP) included this capability. DevOps and admins can now associate security policies with specific endpoints and services on these mixed clusters.

Support for Calico network policy on Windows is currently at ‘beta’ level, and Microsoft and Tigera are working with a limited number of joint customers to conduct trials over the coming months, with the goal of reaching general availability in the first half of 2018.

Calico for Windows will work for both on-premises and cloud-based deployments including Microsoft’s Azure Container Service through ACS-Engine. It will also enable interoperability of Windows nodes with Tigera’s commercial secure application connectivity solution, CNX, with the limitation that hierarchical policies will not be supported by this initial release of Calico for Windows.

At this time, the Felix data plane driver on Windows is used for network policy (ACL) enforcement and not interface management or route programming. However, these features are on our product roadmap as many customers find that static route configuration or overlay-based networks are difficult to configure correctly and have performance limitations. To provide a networking solution which works for both Linux and Windows K8s cluster nodes, Microsoft has brought support for Flannel to Windows and created two CNI plugins for host-gateway and overlay networking modes, and is working with the community to upstream these contributions.

Special thanks to Nick Wood from Microsoft for writing the code for the Calico/Felix data plane driver on Windows, and Shaun Crampton from Tigera for providing consulting and assistance.

The post Securing modernized apps and simplified networking on Windows with Calico appeared first on Microsoft Windows Server Blog.

Greetings!

We’re watching the calendar and counting down to Microsoft Ignite September 25-29 in Orlando, Florida. Ignite is a great way to see the latest and greatest products and technologies with hundreds of hours of content, meet with your peers and partners, and get firsthand experience with hands-on labs. If you’re already registered for Ignite, be sure to check the event catalog and start selecting your sessions. If you haven’t grabbed a ticket yet, there are limited passes remaining, so get one while you still can!

As we countdown to Ignite, we want to begin a blog series that provides a sneak peek of the next release of Windows Server: Windows Server, version 1709. We’ll be launching Windows Server, version 1709 at Ignite, which builds on the innovation in Windows Server 2016, so let’s begin with a brief recap of some of the areas we focused on in Windows Server 2016.

Application innovation

One area of great interest to customers around the world is application modernization. While a large percentage of applications have moved from physical machines to virtual machines, you’ve told us that you want more. You’ve told us:

1. You have existing business critical applications that you would like to modernize by moving to a modern platform with better security and better resource usage with minimal/no development effort. Think of this as “lift and shift.”
2. You are building new applications and you want to build these apps with the cloud as a design point and with the flexibility to run on-premises, in the cloud, or as a hybrid service that takes advantage of the best of both worlds.

In Windows Server 2016, we delivered on both these areas in a major way and we’re just getting started with our investments in Cloud App Platform to:

1. Provide a way for IT Pros to lift and shift traditional apps to Docker containers with Server Core.
2. Enable cloud developers to write new cloud apps with Nano Server, .NET Core and Docker.

From a platform standpoint, Windows Server 2016 is the first version of Windows Server to include container technology. Windows Server containers provide application isolation through process and namespace isolation. You can realize the benefits of using containers for applications—with little or no code changes with Windows Server Core. We then added Hyper-V isolation to Windows Server Containers to expand on the isolation by running each container in a highly-optimized virtual machine making it ideal for running in a hostile multitenant environment. Containers, Nano Server, Azure Container Service, and Windows Server provide a rich set of cloud enabling building blocks for true business agility in building always-on, scalable, and distributed applications to run in Azure, on-premises, or hybrid.

Security

Windows Server 2016 is designed with security in mind throughout development as part of our SDL, and reduces risk with multiple layers of security deeply integrated in the operating system for on-premises and cloud protection such as Secure Boot, Code Integrity, Virtualization Based Security, Control Flow Guard, Windows Defender, Just in Time Administration, Just Enough Administration, and much more…

One of the most innovative solutions delivered in Windows Server 2016 was the coupling of security and our hypervisor, Hyper-V, to create Shielded VMs. Shielded VMs are a groundbreaking new technology that makes a virtual machine running Windows a “black box” to protect against a rogue administrator or a virtual machine getting into the wild. Nothing in the industry compares to Shielded VMs.

Software Defined Datacenter that’s ready for the cloud

Windows Server provides the same Hyper-V hypervisor that we run in Azure, so you get the benefits of Azure’s requirements too. A great example of an Azure requirement being delivered to you is industry-leading scale. Windows Server 2016 supports the largest physical servers (24 TB RAM, 512 logical processors) and the largest virtual machines (12 TB RAM, 240 virtual processors). Those massive scalability requirements were driven by Azure, and we are happy to share the same technology with you in Windows Server.

In terms of Software-defined Networking, we took our learnings from Azure and brought them to Windows Server with technologies such as the Azure Data plane, software load balancer, distributed firewall and more. With Windows Server 2016 we delivered Azure inspired, Software-defined Networking to be used on-premises, and these same technologies are also used by Microsoft Azure Stack.

In terms of storage, we took the best performing Software-defined Storage stack and enabled new flexible hyper-converged deployment capabilities to build highly available, scalable software-defined storage solutions at a fraction of the cost of a storage area network (SAN) or network-attached storage (NAS). The Storage Spaces Direct feature lets you use industry-standard servers with local storage. We then added Storage Replica which provides both synchronous and asynchronous options to meet your business requirements.

Long-Term Servicing Channel and Semi-Annual Channel Releases

As we prepare for the Windows Server, version 1709 release, we also want to make sure that folks clearly understand the new release models, including the Long-Term Servicing Channel and the Semi-annual Channel.

Before we discuss these two release models, let’s provide some context. Going all the way back to Windows Server 2003, Microsoft regularly delivered Windows Server releases every two to three years. Over the years, we heard feedback that Microsoft was “too slow.” Customers wanted us to go faster. Customers told us that they felt that being on the leading edge of a technology gave them a competitive advantage. So, we changed. Following the release of Windows Server 2012, we released Windows Server 2012 R2 less than a year later. The feedback we then received, and from some quite loudly, was “Microsoft you’re going too fast. Slow down.”

The pushback on a faster release was an interesting data point. It indicated we had two tracks of customers. One who wanted slow consistency and another who wanted continuous innovation. So, we tried another approach to better test this hypothesis.

In Windows Server 2016 development, we began by releasing frequent Technology Previews (TP). We released a total of five technology previews throughout development. Each TP included additional features, and we partnered with users to help us make changes through development. There were many organizations who were so pleased with a particular TP release that they asked us if we would support them in production.

The Windows Server 2016 development cycle only reinforced the notion that we needed two tracks, which is what we are now delivering with the Long-Term Servicing Channel (LTSC) and the Semi-Annual Channel. So moving forward, Windows Server is evolving to deliver innovation through two channels: The Long-Term Servicing Channel and the Semi-Annual Channel.

• Long-Term Servicing Channel (LTSC) – this is business as usual with 5 years of mainstream support and 5 years of extended support. You’ll have the option to upgrade to the next LTSC release every 2-3 years the same way folks have for the last 20 years.
• For those of you who want to innovate faster and take advantage of new features sooner, we are adding the Semi-annual Channel. The Semi-Annual Channel is a Software Assurance benefit and is fully supported in production. The difference is that it is supported for 18 months and there will be a new version every six months.

Keep in mind that both the Long-Term Servicing Channel and the Semi-Annual Channel are both fully supported in production, and that you can mix and match. For example:

• If you have a legacy application that you rarely touch running in a VM, then maybe the LTSC release makes sense.
• If you have a new, cloud application that your dev team is building using containers and they want the latest and greatest container features in Nano Server/Server Core, then likely the Semi-Annual Channel is the right choice.

The point is, we’re providing both options, and you get to choose which makes the most sense for you. Finally, whether you choose LTSC or Semi-annual Channel, you are in full control of patching your servers. To make the Windows Server versions easy to identify, we are taking a cue from the Windows team and refer to this release by the year and the month. In this case, 1709 refers to the year 2017, and the ninth month, September. Very straightforward. The way that we are delivering Windows Server moving forward offers more opportunity than ever to influence product direction, so please sign up to the Windows Server Insider Program if you haven’t already!

In the next few blogs, we’re going to introduce areas of investments for the Windows Server, version 1709 for developers, security, Software-defined datacenter and management.

The post Sneak peek #1: Windows Server, version 1709 appeared first on Microsoft Windows Server Blog.

Network complexity is largely driven by the number of nodes connected to it and the number of paths between them. The situation is compounded when multiple protocols operate over the shared resource. Windows Server 2016 simplifies the network by decreasing the number of connected nodes and increases storage performance because Remote Direct Memory Access (RDMA) and the Hyper-V switch can share the same network interface card (NIC) ports. Network architects can consolidate the physical networking without giving up the higher level benefits that traditional approaches afford, when storage traffic is segregated in Ethernet topologies. Combining these capabilities into a single NIC enables power savings, switch port count reduction, NIC cost savings and cabling management reduction. The network operator can also make high quality service guarantees for the many users of the network.

In Windows Server 2012 R2, customers who wanted to use RDMA for their storage traffic had to use separate NIC ports that were used by the Hyper-V switch. The architecture looked like the figure below:

Along the bottom of the diagram you can see that there are four ports required for this solution, per server.

The equivalent deployment in Windows Server 2016 requires half the ports and maintains the high availability required for enterprise networking.

The new deployment scenario uses Datacenter Bridging (DCB) on both the NICs and the physical switch. You can learn more about the physical switch configuration here.

Information about how to configure this scenario in Windows Server 2016 can be found at this link.

The new Windows Server 2016 Technical Preview NIC and Switch Embedded Teaming User Guide covers the details you need to know about NIC and SET.

To try this solution for yourself, you will need to download the latest Windows Server 2016 Technical Preview and have an RDMA compatible network card, currently available from Broadcom ECG, Chelsio and Mellanox. Drivers that support these capabilities and information about the NICs are available via vendor support websites or from server OEMs. Check with your vendor on their RDMA plans if you don’t see your preferred manufacturer on the list.

The post Cut your network port count per server by 50% with Windows Server 2016 appeared first on Microsoft Windows Server Blog.

You might have seen this blog post recently published on common data center challenges. In that article, Ravi talked about the challenges surrounding deployment, flexibility, resiliency, and security, and how our Software Defined Networking (SDN) helps you solves those challenges.

In this blog post series we will go deeper so you’ll know how you can use Microsoft SDN with Hyper-V to deploy a classic application network topology. Think about how long it takes you to deploy a three-tier web application in your current infrastructure. Ok, do you have a figure for it? How long, and how many other people did you need to contact?

This series focuses on a deployment for a lab or POC environment. If you decide to follow along with your own lab setup you’ll interact with the Microsoft network controller, build an overlay software defined network, define security policy, and work with the Software Load Balancer.

• In Part 1 you’ll be introduced to the SDN stack and the three-tier workload app
• In Part 2 you’ll learn about the front end web tier and tenant configuration
• In Part 3 you’ll get into the application tier and the back end data tier

Here’s what you’ll need in your lab environment:

• Download and Install Windows Server Technical Preview 4
• Review the Planning Software Defined Networking TechNet article
• Download scripts from the Microsoft SDN GitHub repository
• Follow the Deploy Software Defined Networks using Scripts guide on TechNet

The first step in deploying the cloud application is to install and configure the servers and infrastructure. You will need to install Windows Server 2016 Technical Preview 4 on a minimum of three physical servers. Use the Planning Software Defined Networking TechNet article for guidance in configuring the underlay networking and host networking. The environment I used while writing this post and deploying the three-tier app has the following configuration:

• Three physical servers each with Dual 2.26 GHz CPUs, 24 GB of memory, 550 GB of storage, two 10Gb Ethernet cards
• Each host uses a Hyper-V Virtual Switch in a Switch-Embedded Team configuration
• All hosts are connected to an Active Directory domain named “SDNCloud”
• Each server is attached to a Management VLAN, and the default gateway is an SVI on a switch
• The upstream physical switch is configured with the same VLAN tags as the Hyper-V virtual switch, and uses trunk mode so that management and host network traffic can share the same switch ports

Introduction

Enterprise and hosting providers use their IT tool kits to address similar and reoccurring problems:

• Deploy new services quickly with enough flexibility to accommodate incremental demand for capacity and performance
• Maintain availability despite multiple failure modes
• Ensure security

Windows Server 2016 helps you address these challenges in the application platform itself, and for the networking technology we’ll cover in this blog it’s the same technology that services the 1.5 million+ network requests per second average in Microsoft Azure.

The scenario for the series is for a new product that our fictitious firm “Fabrikam” is launching to meet the demands for convenience and self-service in requesting a new passport, renewing an expired passport, or updating a citizen’s personal information. The application is called “Passport Expeditor” and it removes the need for a citizen to go to the passport agency and execute a paper-based process that uses awkward government-speak.

Passport Expeditor is based on a three-tier architecture, which consists of a front-end web tier to present the interface to the user, the application tier to validate inputs and contains the application logic, and a back-end database tier to store passport information. The software in each tier runs in the in a virtual machine, and is connected to one or more networks with associated security policies.

Figure 1: Passport Expeditor application architecture

External users will access Fabrikam’s Passport Expeditor cloud application through a hostname registered to an IP address that is routable on the public Internet. In order to handle the thousands of requests Fabrikam expects to see at launch, load balancing services are required and will be provided in the network fabric using Microsoft’s in-box Server Load Balancer (SLB). The SLB will distribute incoming TCP connections among the web-tier nodes providing both performance and resiliency. To do this the SLB will monitor the health probes installed on each VM and take any VMs which are “down” out of rotation until they become healthy again. The SLB can also increase the number of  VMs servicing the application during periods of peak load and then scale back down when load decreases.

Core concepts

Before we dive in, let’s spend a moment talking about some core concepts and technologies we will be using:

• PowerShell scripting: We will use PowerShell scripts to create the network policy and resources and use the HTTP verbs PUT and GET to inform the Network Controller of this policy
• Network Controller: The Microsoft Network Controller is the “brains” of the SDN Stack. Network policy is defined through a set of resources modeled using JSON objects and given to the Network Controller through a RESTful API. The Network Controller will then send this policy to the SDN Host Agent running on each Hyper-V Host (server)
• SDN Host Agent: The Network Controller communicates directly with the SDN Host Agent running on each server. The Host Agent then programs this policy in the Hyper-V Virtual switch.
• Hyper-V Virtual Switch: Microsoft’s vSwitch is responsible for enforcing network policy (such as VXLAN based overlay networks, access control lists, address translation rules, etc) provisioned by the network controller.
• Software Load Balancer: The SLB consists of a multiplexer which advertises a Virtual IP (VIP) address to external clients (using BGP) and distributes connections across a set of Dynamic IP (DIP) addresses assigned to VMs attached to a network.
• North/South and East/West traffic: These terms refer to where network traffic originates and is destined. North/South indicates the network traffic is going outside of the virtual network or data center. East/West indicates the network traffic is coming from inside the virtual network or within the data center.

Figure 2: Windows Server 2016 SDN stack

Perform the following steps to configure Windows Server Technical Preview 4 for the scenario:

1. Install the operating system on the physical server
2. Enable the Hyper-V Role on each host
3. Create a Hyper-V Virtual Switch on each host. Be sure to use the same name for each virtual switch on each host and bind it to a network interface
4. Ensure the virtual switch’s Management virtual network interface (vNIC) is connected to the Management VLAN and has an IP address assigned to it
5. Verify connectivity via the Management IP address between all servers
6. Join each host to an active directory domain

The system is now ready to receive the SDN Stack components, software infrastructure, and inform the Network Controller about the fabric resources. If you haven’t already retrieved the scripts from GitHub, download them now. All scripts are available on the Microsoft SDN GitHub repository and can be downloaded as a zip file from the link referenced (for more details on Git, please reference this link).

Fabric resource deployment

The Network Controller must be informed of the environment it is responsible for managing by specifying the set of servers, VLANs, and service credentials. These fabric resources will also be the endpoints on which the controller enforces network policies. The resource hierarchy and dependency graph for these fabric resources is shown in Figure 3.

Figure 3: Network controller northbound API fabric resource hierarchy

The variables in the FabricConfig.psd1 file configuration file must be populated with the correct values to match your environment. Insert the appropriate configuration parameter anywhere you see the mark “<<Replace>>”. You will do this for credentials, VLANs, Border Gateway Protocol Autonomous System Numbers (BGP ASNs) and peers, and locations for SDN service VMs.

When customizing the FabricConfig.psd1 file:

• Ensure the directory specified by the InstallSrcDir variable is shared with Everyone and has Read/Write access.
• The value of the NetworkControllerRestName variable must be registered in DNS with the value of the floating IP address of the Network Controller specified by the NetworkControllerRestIP parameter.
• The value of the vSwitchName variable must be the same for all Hyper-V Virtual Switches in each server.
• The LogicalNetworksarraycontains the fabric resources which correspond to specific VLANs and IP prefixes in the underlay network. In this post series, we will only be configuring and using:
  • Hyper-V Network Virtualization Provider Address (HNVPA): Used as the underlay network for hosting HNV overlay virtual networks.
  • Management: Used for communication between Network Controller and Hyper-V Hosts (and SDN Host Agent)
  • Virtual IP (VIP): Used as the public (routable) IP prefix through which external users will access the HNV overlay virtual network (e.g. Web-Tier). Routes to the VIPs will be advertised using internal BGP peering between the SLB Multiplexer and BGP Router.
  • The Transit and GREVIP networks are used by the Gateways (not covered in this post series). In the future, the SLB Multiplexer will also connect to the Transit logical network.
• The Hyper-V host section is an array of NodeNameswhich must correspond to the physical hosts registered in DNS. This section determines where to place the infrastructure VMs (Network Controller, SLB Multiplexer, etc.).
  • The IP Addresses for the Network Controller VMs (e.g. NC-01) must come from the Management logical network’s IP prefix.
  • The IP Addresses for the Software Load Balancer VMs (e.g. MUX-01) must come from the HNVPA logical network’s IP prefix.
• The Management and HNVPA logical network prefixes must be routable between each other.

Figure 4: Deployment environment

After customizing this file and running the SDNExpress.ps1 script documented in the TechNet article, validate your configuration by testing that the requisite fabric resources, e.g. logical networks, servers, and SLB Multiplexer, are correctly provisioned in the Network Controller by following the steps in the TechNet article. As a first step, you should be able to ping the Network Controller (NetworkControllerRestIP) from any host. You should also verify that you can query resources on the Network Controller using the REST Wrappers Get-NC<ResourceName> (e.g. PS > Get-NCServer) and validate that the output includes provisioningState = succeeded.

Note: The deployment script creates multi-tenant Gateway VMs. These will not be used in this blog series.

Figure 5: Network controller provisioning 

The final check is to ensure that the load balancers are successfully peering with the BGP router (either a VM with Routing and Remote Access Server (RRAS) role installed or Top of Rack (ToR) Switch. Border Gateway Protocol (BGP) is used by SLB to advertise the VIP addresses to external clients and then route the client requests to the correct SLB Multiplexer. In my lab I am using the BGP router in the ToR and the switch validation output is shown below:

Figure 6: Successful BGP peering

Summary and validation

In this blog post, we introduced the Passport Expeditor service which can be installed as a cloud application using the new Microsoft Software Defined Networking (SDN) Stack. We walked through the host and network pre-requisites and deployed the underlying SDN infrastructure, including the Network Controller and SLB. The fabric resources deployed will be used as the basis to instantiate and deploy the tenant resources in part II of this blog series. The Network Controller REST Wrapper scripts can be used to query the fabric resources as shown in the TechNet article here.

In the next blog post: Front-end Web Tier Deployment and Tenant Resources

The SDN fabric is now ready to instantiate and deploy tenant resources. In the next part in this blog series, we will be creating the following tenant resources for the front-end web tier of the three-tier application shown in Figure 1 above:

1. Access Control Lists
2. Virtual Subnets
3. VM Network Interfaces
4. Public IP

We’d love to hear from you. Please let us know if you have any questions in the comments!

The post Zero to SDN in under five minutes appeared first on Microsoft Windows Server Blog.

The Cloud OS vision combines Microsoft knowledge and experiences with today’s trends and technology innovations to deliver a modern platform of products and services that helps organizations transform their current server environment into a highly elastic, scalable, and reliable cloud infrastructure. Utilizing the software that powers the Cloud OS vision, organizations can quickly and flexibly build and manage modern applications across platforms, locations, and devices, unlock insights from volumes of existing and new data, and support end-user productivity wherever and on whatever device they choose.

At the heart of Cloud OS is Windows Server 2012 R2. Delivering on the promise of a modern datacenter, modern applications, and people-centric IT, Windows Server 2012 R2 provides a best-in-class server experience that cost-effectively cloud-optimizes your business. When you optimize your business for the cloud with Windows Server 2012 R2, you take advantage of your existing skillsets and technology investments. You also gain all the Microsoft experience behind building and operating private and public clouds – right in the box. Delivered as an enterprise-class, the simple and cost-effective server and cloud platform Windows Server 2012 R2 delivers significant value around seven key capabilities:

Server virtualization. Windows Server Hyper-V offers a scalable and feature-rich virtualization platform that helps organizations of all sizes realize considerable cost savings and operational efficiencies. With Windows Server 2012 R2, server virtualization with Hyper-V pulls ahead of the competition by offering industry-leading size and scale that makes it the platform of choice for running your mission critical workloads. Using Windows Server 2012 R2, you can take advantage of new hardware technology, while still utilizing the servers you already have. This functionality enables you to virtualize today and be ready for the future tomorrow.

Whether you are looking to expand virtual machine mobility, increase virtual machine availability, handle multi-tenant environments, gain bigger scale, or gain more flexibility, Windows Server 2012 R2 with Hyper-V gives you the platform and tools you need to increase business agility with confidence. Plus, you can also benefit from workload portability as you extend your on-premises datacenter into a service provider cloud or Windows Azure.

Storage. With the increase in new applications, the explosion of data, and growing end-user expectations for continuous services, there has come a significant increase in storage demands. Windows Server 2012 R2 offers a wide variety of storage features and capabilities to address the storage challenges faced by organizations. Whether you intend to use cost-effective, industry-standard hardware for the bulk of your workloads or Storage Area Networks for the most demanding ones, Windows Server 2012 R2 provides you with a rich set of features that can help you maximize the returns from all of your storage investments.

Microsoft designed Windows Server 2012 R2 with a strong focus on storage capabilities, including improvements in the provisioning, accessing, and managing of storage and the transfer of data across the network that resides on that storage. The end result is a storage solution that delivers the efficiency, performance, resiliency, availability, and versatility you need at every level.

Networking. New technologies, such as private- and public-cloud computing, mobile workforces, and widely dispersed assets have transformed the business landscape and altered how we manage networking and network assets. Still, the main goal remains the same: keep all networking components connected to ensure smooth data transmission and reliable access by users and customers to the services they need when they need them.

Windows Server 2012 R2 makes it as straightforward to manage an entire network as a single server, giving you the reliability and scalability of multiple servers at a lower cost. Automatic rerouting around storage, server, and network failures enables file services to remain online with minimal noticeable downtime. In addition, Windows Server 2012 R2 provides the foundation for software-defined networking, out-of-the box, enabling seamless connectivity across public, private, and hybrid cloud implementations.

Whatever your organization’s needs, from administering network assets to managing an extensive private and public cloud network infrastructure, Windows Server 2012 R2 offers you solutions to today’s changing business landscape. These capabilities help reduce networking complexity while lowering costs, simplifying management tasks, and delivering services reliably and efficiently. With Windows Server 2012 R2 you can automate and consolidate networking processes and resources, more easily connect private clouds with public cloud services, and more easily connect users to IT resources and services across physical boundaries.

Server management and automation. Datacenter infrastructure has become more and more complex. Multiple industry standards are confusing hardware vendors. Customers are looking for guidance on how to best automate their datacenter while adopting a standards-based management approach supporting their multi-vendor investments. Windows Server 2012 R2 enables IT professionals to offer an integrated platform to automate and manage the increasing datacenter ecosystem. Features within Windows Server 2012 R2 enable you to manage many servers and the devices connecting them, whether they are physical or virtual, on-premises or in the cloud.

Web and application platform. Chances are your organization already uses or is planning to use a combination of on-premises and off-premises IT resources and tools for building a hybrid environment. To protect your existing investment in on-premises applications as you begin to migrate to the cloud, you need a scalable application and web platform that enables you to manage your applications and websites in a unified way.

Windows Server 2012 R2 builds on the tradition of the Windows Server family as a proven application platform, with thousands of applications already built and deployed and a community of millions of knowledgeable and skilled developers already in place. The capabilities included in Windows Server 2012 R2 offer your organization even greater application flexibility, helping you build and deploy applications either on-premises, in the cloud, or both at once, with hybrid solutions that can work in both environments.

As your organization plans for and moves to a hybrid or cloud-based environment, Windows Server 2012 R2 provides the tools you need to build, provision, and manage multi-tenant environments while still supporting your large enterprise or the many customers hosted within your service provider infrastructure.

Access and information protection. Information exists almost everywhere in your organization: on servers, laptops, desktops, removable devices, and in emails. Users need to be able to access this information from anywhere, share it where appropriate, and achieve maximum productivity with the assets they have. To further complicate matters, the move to cloud computing necessitates being able to secure enterprise applications that no longer live in your datacenter.

Microsoft assists you in supporting consumerization of IT and in retaining effective management, security, and compliance capabilities. The enterprise tools and technologies that Microsoft provides can help with key enterprise tasks such as identifying non-corporate devices, delivering applications and data to those devices with the best possible user experience, and establishing and enforcing policies on devices based on the end user’s role within the organization. Microsoft enterprise tools and technologies can help IT staff to maintain a high level of security across all device types, whether the devices are corporate or personal assets, and establish security measures that protect their organization’s systems, data, and network.

To address these information needs and challenges, organizations have to make fundamental shifts in how they approach identity and security. Windows Server 2012 R2 helps you accommodate these changes through exciting new remote access options, significant improvements to Active Directory and Active Directory Federation Services, and the introduction of policy-based information access and audits with Dynamic Access Control, and new scenarios to help customers provide access to corporate resources for users from their own devices. With these new capabilities, you can better manage and protect data access, simplify deployment and management of your identity infrastructure, and provide more secure access to data from virtually anywhere across both on-premises well managed devices and new consumer orientated form factors.

Virtual Desktop Infrastructure. Most IT departments currently face the challenge of enabling worker productivity on a growing number of mobile devices in the workplace. Virtual Desktop Infrastructure (VDI) helps you accommodate these new devices by enabling them to access a centralized instance of the Windows desktop in the datacenter. By virtualizing these desktop resources, you can alleviate device compatibility and security issues while still delivering a consistent, familiar experience that enhances end-user productivity. With Windows Server 2012 R2, Microsoft makes it easier and more cost-effective to deploy and deliver virtual desktop resources across workers’ devices.

VDI technologies in Windows Server 2012 R2 offer easy access to a rich, full-fidelity Windows environment running in the datacenter, from virtually any device. Through Hyper-V and Remote Desktop Services (RDS), Microsoft offers three flexible VDI deployment options in a single solution: Pooled Desktops, Personal Desktops, and Remote Desktop Sessions (formerly Terminal Services). With Windows Server 2012 R2, you get a complete VDI toolset for delivering flexible access to data and applications from virtually anywhere on popular devices, while also helping to maintain security and compliance.

To compete in the global economy and keep up with the pace of innovation, IT organizations must improve their agility, their efficiency, and their ability to better manage costs while enabling their business and end users to stay continuously productive.

Microsoft has gained expertise from years of building and operating some of the largest cloud applications in the world. We’ve combined this expertise with our experiences in delivering market-leading enterprise operating systems, platforms, and applications to develop a platform for infrastructure, applications, and data: the Cloud OS.

The Microsoft Cloud OS delivers a modern platform of products and services that helps enterprise IT teams transform their current environment to a highly elastic, scalable, and reliable infrastructure. With Cloud OS, organizations can quickly and flexibly build and manage modern applications across platforms, locations, and devices, unlock insights from volumes of existing and new data, and support user productivity wherever and on whatever device they choose. Microsoft uniquely delivers the Cloud OS as a consistent and comprehensive set of capabilities that span on-premises, service provider, and Windows Azure datacenters, enabling enterprises to improve scale, elasticity, and availability of IT services.

At the heart of Cloud OS is Windows Server 2012 R2, which delivers upon the promises of a modern datacenter, modern applications, and people-centric IT. Whether you are an enterprise building out your own private cloud environment or a service provider offering large-scale cloud services, Windows Server 2012 R2 offers an enterprise-class, simple and cost-effective solution that’s application-focused and user centric. With Windows Server 2012 R2, you can utilize the capacity of your datacenter, deliver best-in-class performance for your Microsoft workloads, and receive affordable, multi-node business continuity scenarios with high service uptime and at-scale disaster recovery.

We hope that you are as excited as we are to get started today!

• Download an evaluation of System Center 2012 R2
• Download an evaluation of Windows Server 2012 R2
• Sign up for a free trial of Windows Intune

The post Announcing the General Availability of Windows Server 2012 R2: The Heart of Cloud OS appeared first on Microsoft Windows Server Blog.

Windows Server 2012 R2 and System Center 2012 R2 provide a wealth of new advancements to help IT organizations build and deliver private and hybrid cloud infrastructure for their businesses.  Some of the highlights include:

• Enabling hybrid cloud – Windows Server Hyper-V and System Center enable virtual machine portability across customer, service provider and Windows Azure clouds, while a new System Center Management Pack for Windows Azure enhances cross-cloud management of virtual machine and storage resources.  Windows Azure Backup and Hyper-V Recovery Manager provide offsite backup and disaster recovery options.
• Windows Azure Pack provides Windows Azure technology that enterprises and services providers can run on their Windows Server infrastructure for multi-tenant web and virtual machine cloud services.
• Built-in software-defined networking – Site-to-Site VPN Gateway helps customers seamlessly bridge physical and virtual networks and extend them from their datacenter to service provider datacenters.
• High performance, cost effective storage –Features such as Storage Spaces Tiering, VHDX resizing and de-duplication for virtual desktop infrastructure provide high performance for critical on-premises workloads (like SQL and Hyper-V) using lower-cost, industry-standard hardware.
• Empowering employee productivity – Windows Server Work Folders, Web App Proxy, improvements to Active Directory Federation Services and other technologies will help companies give their employees consistent access to company resources on the device of their choice.

This and a number of other announcements are highlighted on the Server and Cloud Blog post, “TechEd Europe Launches with Cloud OS Product Previews, Partner Announcements and Customer Case Studies”.  Be sure to take a look at it.  There is a wealth of information on the products, Brad Anderson’s keynote and blog post links, press release links and more!

For those of you interested in the TechEd sessions for Windows Server, be sure and review the Modern Datacenter track in the catalog. Additional filtering can be applied with the tagging to get right at the Windows Server sessions you might be interested in.  There are sessions on virtualization, storage, manage, security, etc. Enjoy!

The post Microsoft Windows Server 2012 R2 Preview is Now Available for Download appeared first on Microsoft Windows Server Blog.