Skip to main content

Windows Server 2016 – DevOps tools and features



I needed to dedicate a full blog post about Windows Server 2016 and the way it will impact you going forward. At some point some of these features will apply to you too, as your infrastructure start to run the new server bits. Here are the highlights from MSignite.

> Highlights


  • Installation
  • Development
  • Packaging and deployment
  • Configuration
  • Containers
  • Operation Validation and Pester Testing
  • Operating security

> Installation


Server 2016 comes in three flavors. You have the “Desktop experience” server intended for management of other flavors of 2016 or as a terminal server. Next is Server Core which is just the same full server without the desktop and is headless, intended to be managed from Powershell or from a server using the desktop experience. Then there is the new kid on the block, Nano Server. It is the new Cloud OS, born in the cloud and the workhorse for everyone serious about creating modern, lean, super-fast and easy to manage applications. 

Installation of the Desktop Experience and Server Core is just like installing like you are familiar with. For Nano server you need to use a new GUI tool that guide you through the process of creating an image or you can just use Powershell. The GUI tool is currently not in the Evaluation version of Server 2016, however it will be available when it reaches general availability in mid October. 

Nano-Server


It is really small compared to the Core Server and not to mention the full Desktop Experience server. Here are some key metrics for you to think about:









How do you mange Nano server and/or Core Server?


There are a quite a few options for you. The Nano Server is headless and only have a very simplistic local GUI which is text based. To manage your server, you need to use one of the following:

  1. Install a remote management Gateway and use the Web-GUI in the Azure Portal
  2. Install a Desktop Experience 2016 server and use all your regular tools like:
  • MMC in general
  • Event Viewer MMC
  • Registry
  • Services MMC
  • Server Manager MMC
  • Powershell ISE (remote file editing)
  3. Powershell and Powershell Remoting
  4. Local textbased GUI (very rough and few settings available)

You can still have System Center VMM agents on your Nano Server and System Center Operations Management Agent. Those are packages you will have to install during image creation or add with Powershell and PackageManager.

The intended workloads for Nano Server are:

  • Clustering
  • Hyper-V
  • Storage – Scale out File system (SoFS)
  • DNS server
  • IIS (.net Core and ASP.Net Core)
  • Containers, both Windows Containers and Hyper-V containers

Nano Server is a first class Powershell citizen with support for Desired State Configuration and Classes in Management Framework 5. The Nano server runs Powershell Core which is a subset of the full Powershell version you have in Server Core and Desktop Experience servers. 


> Development


Nano server has a full developer experience, server core is not. You have support for the Windows SDK and Visual Studio 2015 can target the Nano server. You even have full remote debugging capabilities from Visual Studio.


> Packaging and Deployment


Nano server do not support MSI-installers. Reason for that is custom actions that are allowed in MSI. Instead Microsoft has created a new app installer built upon AppX which is called WSA (Windows Server App) installer. The WSA extends the AppX schema and becomes a declarative server installer. You still have support for server specific extensions in WSA like NT service, Perf counters, WMI-providers and ETW events. Of course the WSA does not support custom actions!

Package management architecture:




This might look a little complex, however it is quite simple. You have some core Package management cmdlets which relies upon Package Management Providers who are responsible for sourcing packages from Package Sources. This is really great because for the End User you use the same cmdlets against all Package sources (NuGet, Powershell Gallery, Chocolaty etc). The middle ware is handled by the Package Management providers. So the End User just need these cmdlets to work with packages:




So to install a new package provider, you just use the PackageManagement module:




Here are some of the Providers you can install. Notice that you have a separate Provider for Nano server which you can use to install the VMM/SCOM agent:




> Configuration


Since the Nano server is small and have a cloud friendly footprint, you most likely will have a lot of them running. To configure them and make sure the configuration does not drift and to make it easy to update their configuration, you use something called Desired State Configuration (DSC). This was introduced in WMF 4 and is declarative way of specifying the configuration of a server or a collection of servers.

There are tools out there you can use to leverage management of your configuration. Lookup Chef or Puppet or even Azure Automation for how to do that. This is a big concept and would require a separate blog post to get into details. Please also contact me if you have any further questions about DSC.


> Containers


This is also a big topic and something that has been around for ages in the Linux part of the world. Basically it is just another form of virtualization of the operating system into a single package that is small and runs super-fast. If you have ever heard about Docker, you have heard about containers. Docker is containers. Docker is supported in the new Windows Server 2016, hence you can run Docker containers on it.

One of the core concepts of containers, is that you may have many of them running in the same container at the same time. This is possible because the containers share the same kernel/operating system.




In Windows we will have to flavors of containers:
  • Windows Containers
  • Hyper-V Containers



So with Hyper-V containers we get isolation with performance since the containers do not share the kernel but have their own copy of it. This is important for multi-tenant scenarios and for regulatory requirements. Auditors usually do not like systems that have shared kernel in the sentence, someone told me.


> Operation Validation Testing


This is one of my babies and the coolest thing about how we embrace the future. Microsoft have created a small framework on top of the Pester Unit Testing framework/Module shipped with Windows 10 and Windows Server 2016. The concept is very simple and very powerfull; Create Unit Tests that verify your infrastructure. These tests can be very simple or extremely detailed. You will have to figure out what you are comfortable with and what suits your environment. 

The Pester Module enables us to write declarative statements and executing those tests to verify that the infrastructure is operating according to our needs. 




When you invoke the test, you will see something like this:




This is something I have been working with the last 2 years and I can tell you that it has saved my bacon quite a few times. It has also enabled me to notify my clients about issues with their infrastructure which they were not aware of until I told them. This could be something as simple as a SQL service account that have an expired password or that has been locked out somehow. 

I have created a GitHub repro which contains Pester or Operation Validation Tests for Identity Manager, VMM, Active Directory among other things. This is a community repro which accept pull requests from people who have created tests for other applications and services. Please contact me if you need further information or want to discuss this in detail.


> Operating Security


Just after Snowden shared his knowledge with the world, Microsoft launched a new concept called JEA – Just Enough Administration. It is a new Powershell framework that secures administrative privileges by only issuing Admin Privileges in a constrained way and for a limited amount of time.
You can find more information about JEA here:

https://github.com/PowerShell/JEA
https://gallery.technet.microsoft.com/Just-Enough-Administration-6b5ad370


> Other things


There are a couple of things you should be aware of. First off, if you plan to use Containers in your infrastructure, you must run them on Server Core or Nano Server. Containers are not supported on Servers installed with the Desktop Experience. This implies that you should probably consider installing your Hyper-V servers with the Nano server OS or the Server Core option. Also all the new cool features like SoFS and Storage Replicas with Storage Direct requires the Datacenter licensing option.

Cheers

Tore













































































Comments

Popular posts from this blog

Build your local powershell module repository - ProGet

So Windows Powershell Blog released a blog a couple of days ago (link). Not too long after, a discussion emerged about it being to complicated to setup. Even though the required software is open source (nugetgalleryserver), it looks like you need to have Visual Studio Installed to compile it. I looked into doing it without visual stuidio, however I have been unable to come up with a solution. I even tweeted about it since I am not an developer. Maybe someone how is familiar with “msbuild” could do a post on how to do it without VS.

Anyhow one of my twitter-friends (@sstranger) came to the rescue and pointed me in the direction of ProGet, hence the title of this post. ProGet comes in 2 different licensing modes
Free (reduced functionality)Enterprise (paid version with extra features)The good news is that the free version supports hosting a local PowershellGet repository which was my intention anyway. So off we go and create a Configration that can install ProGet for us. This is the conf…

Serialize data with PowerShell

Currently I am working on a big new module. In this module, I need to persist data to disk and reprocess them at some point even if the module/PowerShell session was closed. I needed to serialize objects and save them to disk. It needed to be very efficient to be able to support a high volume of objects. Hence I decided to turn this serializer into a module called HashData.



Other Serializing methods

In PowerShell we have several possibilities to serialize objects. There are two cmdlets you can use which are built in:
Export-CliXmlConvertTo-JSON
Both are excellent options if you do not care about the size of the file. In my case I needed something lean and mean in terms of the size on disk for the serialized object. Lets do some tests to compare the different types:


(Hashdata.Object.ps1)

You might be curious why I do not use the Export-CliXML cmdlet and just use the [System.Management.Automation.PSSerializer]::Serialize static method. The static method will generate the same xml, however we …

Monitoring Orchestrator runbook events from Operations Manager

Today I will follow up on my colleague’s post Mr ITblog (Knut Huglen) about monitoring Orchestrator Runbook events.  He has build a nice double up SNMP loopback feature that does self monitoring in Orchestrator resulting in entries written to a special Windows Eventlog. Now we need to raise alerts in SCOM when one of his runbooks fails or sends a platform event, who knows there could be trouble lurking in his paradise.

We are not going to do anything fancy, however these are the steps we will be focusing on today:
Create a Management Pack for our customizations Create rules that collects the events from the orchestrator serverOff we go then and fire up the SCOM console and a powershell window. First we create a MP, I am going to use powershell to do this, however you may use the SCOM console as well (Administration – ManagementPacks – Action: Create Management Pack):



Import the Management Pack into SCOM and move on to the Authoring section in the SCOM console. Create a new rule:



Give the…