There are a variety of new features in Windows Server 2016 Datacenter and Standard editions. Here are just a few examples:
- Nano Server is a deeply refactored version of Windows Server with a small footprint and remotely managed installation, optimized for the cloud and a DevOps workflow. It is a purpose-built operating system designed to run born-in-thecloud applications and containers. It is designed for fewer patch and update events, faster restarts, better resource utilization and tighter security. Learn more about Nano Server.
- Containers are the next evolution in virtualization and empower software developers to create the next generation of applications experiences. A container is an isolated, resource controlled, and portable operating environment where an application can run without affecting the rest of the system and without the system affecting the application. Other advantages of containers include speed, simplified DevOps, and increased flexibility in application development.
Windows Server containers provide application isolation through process and namespace isolation technology. A Windows Server container shares a kernel with the container host and all containers running on the host. Learn more about Windows Server Containers.
Hyper-V containers expand on the isolation provided by Windows Server Containers by running each container in a highly optimized virtual machine. In this configuration, the kernel of the container host is not shared with the Hyper-V containers.
- Shielded Virtual Machines (Shielded VMs) provide a more secure environment for VMs and extend to virtual machines the same security capabilities (for example, secure boot, TPMs, disk encryption) that physical machines have enjoyed for years. As a result, the data and state of a Shielded VM are protected against inspection, theft and tampering from malware running on a Hyper-V host as well as the fabric admins administering it. Shielded VMs are available with Datacenter edition.
- Host Guardian Service (HGS) is a main component for configuring guarded hosts and running Shielded VMs. HGS provides Attestation and Key Protection services that enable Hyper-V to run Shielded VMs. A Hyper-V host is known as a “guarded host” once the Attestation service affirmatively validates its identity & configuration. Once affirmatively attested, the Key Protection service provides the transport key (TK) needed to unlock & run Shielded VMs. Without HGS, a Hyper-V host cannot power a Shielded VM on because it can’t decrypt it. Why? Because Hyper-V doesn’t have the keys—only HGS does. HGS won’t hand out the keys to a Hyper-V host until that host has been measured and is considered “healthy”—a process known as “attestation.”