What’s New Windows Server 2019
Windows Server 2019 General Availability
Microsoft has announced general availability of Windows Server 2019 on 2 October 2018. Latest version of Windows Server comes with cool features that I want to review those features in this post. It was announced on March 20, 2018, and the first Windows Insider preview version was released on the same day. Windows Server 2019 is built on the strong foundation of Windows Server 2016 and brings numerous innovations on four key themes: Hybrid, Security, Application Platform, and Hyper-Converged Infrastructure (HCI).
What’s New in Windows Server 2019
Windows Server 2019 has the following new features:
- Windows Subsystem for Linux (WSL)
- Support for Kubernetes (Beta)
- Other GUI new features from Windows 10 version 1809.
- Storage Spaces Direct
- Storage Migration Service
- Storage Replica
- System Insights
- Improved Windows Defender
The Desktop Experience is back in Windows Server 2019! It is not included in Windows Server, version 1709, Windows Server, version 1803, or Windows Server, version 1809.
As with Windows Server 2016, during setup of the operating system it is possible to choose between Server Core installations or Server with Desktop Experience installations.
System Insights is a new feature available in Windows Server 2019 that brings local predictive analytics capabilities natively to Windows Server. These predictive capabilities, each backed by a machine-learning model, locally analyze Windows Server system data, such as performance counters and events, providing insight into the functioning of your servers and helping you reduce the operational expenses associated with reactively managing issues in your Windows Server deployments.
- Test failover is a new feature that allows mounting of destination storage in order to validate replication or backup data.
- Log Performance improvements v1.1
- Storage Replica is available in Standard Edition and can create 1 Partnership with 1 Resource Group with single 2TB volumes. The feature can replicate between clusters, asynchronously and synchronously.
Windows Admin Center
Windows Admin Center is an evolution of Windows Server in-box management tools; it’s a single pane of glass that consolidates all aspects of local and remote server management. As a locally deployed, browser-based management experience, an Internet connection and Azure aren’t required. Windows Admin Center gives you full control of all aspects of your deployment, including private networks that aren’t Internet-connected.
- Windows Admin Center is a free download, separate from the Windows Server 2019 download, for enhanced flexibility and remote management strategies.
Storage Migration Service
Storage Migration Service (SMS) is a new role included in Windows Server Standard and Datacenter editions. SMS is a job-based orchestration and proxy that:
- Allows you to inventory existing servers for their data, security, and network settings.
- Migrates that data, security, and network settings to a new, modern target by using the SMB protocol.
- Takes over the identity of the old server completely, while decommissioning the original source, in such a way that your applications are unaffected and unaware that migration has taken place.
The Server Core App Compatibility feature on demand (FOD) significantly improves the app compatibility of the Windows Server Core installation option by including a subset of binaries and components from Windows Server with the Desktop Experience, without adding the Windows Server Desktop Experience graphical environment itself. This is done to increase the functionality and compatibility of Server Core while keeping it as lean as possible.
This optional feature on demand is available on a separate ISO and can be added to Windows Server Core installations and images only, using DISM.
Azure Network Adapter
Now with Windows Server 2019, Windows Admin Center enables a one-click experience to configure a point-to-site VPN connection between an on-premises Windows Server and an Azure Virtual Network. This automates the configuration for the Azure Virtual Network gateway as well as the on-premises VPN client.
Windows Defender Advanced Threat Protection (ATP)
ATP’s deep platform sensors and response actions expose memory and kernel level attacks and respond by suppressing malicious files and terminating malicious processes.
Windows Defender ATP Exploit Guard is a new set of host-intrusion prevention capabilities. The four components of Windows Defender Exploit Guard are designed to lock down the device against a wide variety of attack vectors and block behaviors commonly used in malware attacks, while enabling you to balance security risk and productivity requirements.
- Attack Surface Reduction(ASR) is set of controls that enterprises can enable to prevent malware from getting on the machine by blocking suspicious malicious files (for example, Office files), scripts, lateral movement, ransomware behavior, and email-based threats.
- Network protection protects the endpoint against web-based threats by blocking any outbound process on the device to untrusted hosts/IP addresses through Windows Defender SmartScreen.
- Controlled folder access protects sensitive data from ransomware by blocking untrusted processes from accessing your protected folders.
- Exploit protection is a set of mitigations for vulnerability exploits (replacing EMET)that can be easily configured to protect your system and applications.
Windows Defender Application Control (also known as Code Integrity (CI) policy) was released in Windows Server 2016. Customer feedback has suggested that it is a great concept, but hard to deploy. To address this, we have built default CI policies, which will allow all Windows in-box files and Microsoft applications, such as SQL Server, and block known executables that can bypass CI.
Security with Software Defined Networking (SDN)
Security with SDN delivers many features to increase customer confidence in running workloads, either on-premises, or as a service provider in the cloud.
Shielded Virtual Machines
- Branch office improvements: You can now run shielded virtual machines on machines with intermittent connectivity to the Host Guardian Service by leveraging the new fallback HGS and offline modefeatures. Fallback HGS allows you to configure a second set of URLs for Hyper-V to try if it can’t reach your primary HGS server. Offline mode allows you to continue to start up your shielded VMs, even if HGS can’t be reached, as long as the VM has started successfully once, and the host’s security configuration has not changed.
- Troubleshooting improvements: We’ve also made it easier to troubleshoot your shielded virtual machines by enabling support for VMConnect Enhanced Session Mode and PowerShell Direct. These tools are particularly useful if you’ve lost network connectivity to your VM and need to update its configuration to restore access.These features do not need to be configured, and they will automatically become available when a shielded VM is placed on a Hyper-V host running Windows Server version 1803 or later.
- Linux support: If you run mixed-OS environments, Windows Server 2019 now supports running Ubuntu, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server inside shielded virtual machines.
Linux containers on Windows
It is now possible to run Windows and Linux-based containers on the same container host, using the same docker daemon. This enables you to have a heterogenous container host environment while providing flexibility to application developers.
Building Support for Kubernetes
Windows Server 2019 continues the improvements to compute, networking and storage from the semi-annual channel releases needed to support Kubernetes on Windows. More details will be available in upcoming Kubernetes releases.
Storage Spaces Direct
- Deduplication and compression: Get up to 10X more storage for free with deduplication and compression for the ReFS filesystem. (It’s just one click to turn on with Windows Admin Center.) The variable-size chunk store with optional compression maximizes savings rates, while the multi-threaded post-processing architecture keeps performance impact minimal. Supports volumes up to 64 TB and files up to 1 TB each.
- Native support for persistent memory: Unlock unprecedented performance with native Storage Spaces Direct support for persistent memory modules, including Intel® Optane™ DC PM and NVDIMM-N. Use persistent memory as cache to accelerate the active working set, or as capacity to guarantee consistent low latency on the order of microseconds. Manage persistent memory just as you would any other drive in PowerShell or Windows Admin Center.
- Nested resiliency for two-node HCI at the edge: Survive two hardware failures at once with an all-new software resiliency option inspired by RAID 5+1. With nested resiliency, a two-node Storage Spaces Direct cluster can provide continuously accessible storage for apps and virtual machines even if one server node goes down and a drive fails in the other server node.
- Windows Admin Center: Manage and monitor Storage Spaces Direct with the new purpose-built Dashboard and experience in Windows Admin Center. Create, open, expand, or delete volumes with just a few clicks. Monitor performance like IOPS and IO latency from the overall cluster down to the individual SSD or HDD. Available at no additional cost for Windows Server 2016 and Windows Server 2019.
- Performance history: Get effortless visibility into resource utilization and performance with built-in history. Over 50 essential counters spanning compute, memory, network, and storage are automatically collected and stored on the cluster for up to one year. Best of all, there’s nothing to install, configure, or start – it just works. Visualize in Windows Admin Center or query and process in PowerShell.
- Scale up to 4 PB per cluster: Achieve multi-petabyte scale – great for media, backup, and archival use cases. In Windows Server 2019, Storage Spaces Direct supports up to 4 petabytes (PB) = 4,000 terabytes of raw capacity per storage pool. Related capacity guidelines are increased as well: for example, you can create twice as many volumes (64 instead of 32), each twice as large as before (64 TB instead of 32 TB). Stitch multiple clusters together into a cluster set for even greater scale within one storage namespace.
- Mirror-accelerated parity is 2X faster: With mirror-accelerated parity you can create Storage Spaces Direct volumes that are part mirror and part parity, like mixing RAID-1 and RAID-5/6 to get the best of both. (It’s easier than you think in Windows Admin Center.) In Windows Server 2019, the performance of mirror-accelerated parity is more than doubled relative to Windows Server 2016 thanks to important architectural optimizations.
- Drive latency outlier detection: Easily identify drives with abnormal latency with proactive monitoring and built-in outlier detection, inspired by Microsoft Azure’s long-standing and successful approach. Whether it’s average latency or something more subtle like 99th percentile latency that stands out, slow drives are automatically labeled in PowerShell and Windows Admin Center with ‘Abnormal Latency’ status.
- Cluster Sets: Hyperscale a hyper-converged infrastructure by federating multiple Failover Clusters into a Cluster Set. Virtual Machines achieve fluidity across loosely coupled grouping of clusters for balancing and maintenance.
- Azure Enlightened Clusters: Failover Clusters automatically detect and optimize the configuration when running in Azure IaaS virtual machines. Proactive failover and logging of Azure planned maintenance events to achieve the highest levels of availability. Simplified deployment by removing the need to configure the load balancer with Dynamic Network Name for Cluster Name.
- Cross-domain Cluster Migration: Failover Clusters can now dynamically move from one Active Directory domain to another. Simplifying domain consolidation and allowing clusters to be pre-built and then shipped and domain joined onsite.
- Cluster Hardening: Intra-cluster communication over Server Message Block (SMB) for Cluster Shared Volumes and Storage Spaces Direct now leverages certificates to provide the most secure platform. This allows Failover Clusters to operate with no dependencies on NTLM and enable security baselines.
- USB Witness: A simple USB drive in a switch or device can now be used as a witness in determining quorum for a cluster. This extends the File Share Witness to support any SMB2 compliant device.
- Cluster Infrastructure: The CSV Cache is now enabled by default to turbo boost virtual machine performance. MSDTC now supports Cluster Shared Volumes, to allow deploying MSDTC workloads on Storage Spaces Direct such as with SQL Server. Enhanced logic to detect partitioned nodes with self-healing to return nodes to cluster membership. Enhanced cluster network route detection and self-healing.
- Cluster Aware Updating: Cluster Aware Updating (CAU) is now integrated and aware of Storage Spaces Direct, validating and ensuring data resynchronization completes on each node. Inspects updates to intelligently patch by only rebooting if necessary. Enables orchestrating restarts of all nodes in the cluster for planned maintenance, even when not patching.
Encrypted Networks – Virtual network encryption allows encryption of virtual network traffic between virtual machines that communicate with each other within subnets marked as Encryption Enabled. It also utilizes Datagram Transport Layer Security (DTLS) on the virtual subnet to encrypt packets. DTLS protects against eavesdropping, tampering, and forgery by anyone with access to the physical network.
Network performance improvements for virtual workloads
Network performance improvements for virtual workloads will maximize the network throughput to virtual machines without requiring you to constantly tune or over-provision your host. This lowers the operations and maintenance cost while increasing the available density of your hosts. These new features are:
- Receive Segment Coalescing in the vSwitch
- Dynamic Virtual Machine Multi-Queue (d.VMMQ)
Low Extra Delay Background Transport
Low Extra Delay Background Transport (LEDBAT) is a latency optimized, network congestion control provider designed to automatically yield bandwidth to users and applications, while consuming the entire bandwidth available when the network is not in use.
This technology is intended for use in deploying large, critical updates across an IT environment without impacting customer facing services and associated bandwidth.
Windows Time Service
The Windows Time Service includes true UTC-compliant leap second support, a new time protocol called Precision Time Protocol, and end-to-end traceability.
High performance SDN gateways
High performance SDN gateways in Windows Server 2019 greatly improves the performance for IPsec and GRE connections, providing ultra-high-performance throughput with much less CPU utilization.
New Deployment UI and Windows Admin Center extension for SDN
Now, with Windows Server 2019, it’s easy to deploy and manage through a new deployment UI and Windows Admin Center extension that will enable anyone to harness the power of SDN.
Persistent Memory support for Hyper-V VMs
To leverage the high throughput and low latency of persistent memory (a.k.a. storage class memory) in virtual machines, it can now be projected directly into VMs. This can help to drastically reduce database transaction latency or reduce recovery times for low latency in-memory databases on failure.
Windows Server 2019 System Requirements
The following are estimated system requirements Windows Server 2019. If your computer has less than the “minimum” requirements, you will not be able to install this product correctly. Actual requirements will vary based on your system configuration and the applications and features you install.
Unless otherwise specified, these minimum system requirements apply to all installation options (Server Core, Server with Desktop Experience, and Nano Server) and both Standard and Datacenter editions.
Processor performance depends not only on the clock frequency of the processor, but also on the number of processor cores and the size of the processor cache. The following are the processor requirements for this product:
- 1.4 GHz 64-bit processor
- Compatible with x64 instruction set
- Supports NX and DEP
- Supports CMPXCHG16b, LAHF/SAHF, and PrefetchW
- Supports Second Level Address Translation (EPT or NPT)
The following are the estimated RAM requirements for this product:
- 512 MB (2 GB for Server with Desktop Experience installation option)
- ECC (Error Correcting Code) type or similar technology
Storage controller and disk space requirements
Computers that run Windows Server 2019 must include a storage adapter that is compliant with the PCI Express architecture specification. Persistent storage devices on servers classified as hard disk drives must not be PATA. Windows Server 2019 does not allow ATA/PATA/IDE/EIDE for boot, page, or data drives.
The following are the estimated minimum disk space requirements for the system partition.
Minimum: 32 GB
|Locks and Limits||Windows Server 2019 Standard||Windows Server 2019 Datacenter|
|Maximum number of users||Based on CALs||Based on CALs|
|Maximum SMB connections||16777216||16777216|
|Maximum RRAS connections||unlimited||unlimited|
|Maximum IAS connections||2147483647||2147483647|
|Maximum RDS connections||65535||65535|
|Maximum number of 64-bit sockets||64||64|
|Maximum number of cores||unlimited||unlimited|
|Maximum RAM||24 TB||24 TB|
|Can be used as virtualization guest||Yes; 2 virtual machines, plus one Hyper-V host per license||Yes; unlimited virtual machines, plus one Hyper-V host per license|
|Server can join a domain||yes||yes|
|Edge network protection/firewall||no||no|
|DLNA codecs and web media streaming||Yes, if installed as Server with Desktop Experience||Yes, if installed as Server with Desktop Experience|
|Windows Server roles available||Role services||Windows Server 2019 Standard||Windows Server 2019 Datacenter|
|Active Directory Certificate Services||Yes||Yes|
|Active Directory Domain Services||Yes||Yes|
|Active Directory Federation Services||Yes||Yes|
|AD Lightweight Directory Services||Yes||Yes|
|AD Rights Management Services||Yes||Yes|
|Device Health Attestation||Yes||Yes|
|File and Storage Services||File Server||Yes||Yes|
|File and Storage Services||BranchCache for Network Files||Yes||Yes|
|File and Storage Services||Data Deduplication||Yes||Yes|
|File and Storage Services||DFS Namespaces||Yes||Yes|
|File and Storage Services||DFS Replication||Yes||Yes|
|File and Storage Services||File Server Resource Manager||Yes||Yes|
|File and Storage Services||File Server VSS Agent Service||Yes||Yes|
|File and Storage Services||iSCSI Target Server||Yes||Yes|
|File and Storage Services||iSCSI Target Storage Provider||Yes||Yes|
|File and Storage Services||Server for NFS||Yes||Yes|
|File and Storage Services||Work Folders||Yes||Yes|
|File and Storage Services||Storage Services||Yes||Yes|
|Host Guardian Service||Yes||Yes|
|Hyper-V||Yes||Yes; including Shielded Virtual Machines|
|Network Policy and Access Services||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Print and Document Services||Yes||Yes|
|Remote Desktop Services||Yes||Yes|
|Volume Activation Services||Yes||Yes|
|Web Services (IIS)||Yes||Yes|
|Windows Deployment Services||Yes||Yes|
|Windows Server Essentials Experience||Yes||Yes|
|Windows Server Update Services||Yes||Yes|
|Windows Server Features installable with Server Manager (or PowerShell)||Windows Server 2019 Standard||Windows Server 2019 Datacenter|
|.NET Framework 3.5||Yes||Yes|
|.NET Framework 4.6||Yes||Yes|
|Background Intelligent Transfer Service (BITS)||Yes||Yes|
|BitLocker Drive Encryption||Yes||Yes|
|BitLocker Network Unlock||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Client for NFS||Yes||Yes|
|Containers||Yes (Windows containers unlimited; Hyper-V containers up to 2)||Yes (all container types unlimited)|
|Data Center Bridging||Yes||Yes|
|Direct Play||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Group Policy Management||Yes||Yes|
|Host Guardian Hyper-V Support||No||Yes|
|I/O Quality of Service||Yes||Yes|
|IIS Hostable Web Core||Yes||Yes|
|Internet Printing Client||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|iSNS Server service||Yes||Yes|
|LPR Port Monitor||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Management OData IIS Extension||Yes||Yes|
|Network Load Balancing||Yes||Yes|
|Peer Name Resolution Protocol||Yes||Yes|
|Quality Windows Audio Video Experience||Yes||Yes|
|RAS Connection Manager Administration Kit||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Remote Assistance||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Remote Differential Compression||Yes||Yes|
|RPC over HTTP Proxy||Yes||Yes|
|Setup and Boot Event Collection||Yes||Yes|
|Simple TCP/IP Services||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|SMB 1.0/CIFS File Sharing Support||Installed||Installed|
|SMB Bandwidth Limit||Yes||Yes|
|Software Load Balancer||Yes||Yes|
|TFTP Client||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|VM Shielding Tools for Fabric Management||Yes||Yes|
|Windows Biometric Framework||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Windows Defender features||Installed||Installed|
|Windows Identity Foundation 3.5||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Windows Internal Database||Yes||Yes|
|Windows Process Activation Service||Yes||Yes|
|Windows Search Service||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Windows Server Backup||Yes||Yes|
|Windows Server Migration Tools||Yes||Yes|
|Windows Standards-Based Storage Management||Yes||Yes|
|Windows TIFF IFilter||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|WinRM IIS Extension||Yes||Yes|
|Wireless LAN Service||Yes||Yes|
|XPS Viewer||Yes, when installed as Server with Desktop Experience||Yes, when installed as Server with Desktop Experience|
|Features available generally||Windows Server 2019 Standard||Windows Server 2019 Datacenter|
|Best Practices Analyzer||Yes||Yes|
|Constrained Storage Replica||Yes, (1 Partnership and 1 Resource Group with Single 2TB volume)||Yes, unlimited|
|Dynamic Memory (in virtualization)||Yes||Yes|
|Hot Add/Replace RAM||Yes||Yes|
|Microsoft Management Console||Yes||Yes|
|Minimal Server Interface||Yes||Yes|
|Network Load Balancing||Yes||Yes|
|Server Core installation option||Yes||Yes|
|Nano Server installation option||Yes||Yes|
|SMB Direct and SMB over RDMA||Yes||Yes|
|Storage Management Service||Yes||Yes|
|Storage Spaces Direct||No||Yes|
|Volume Activation Services||Yes||Yes|
|VSS (Volume Shadow Copy Service) integration||Yes||Yes|
|Windows Server Update Services||Yes||Yes|
|Windows System Resource Manager||Yes||Yes|
|Server license logging||Yes||Yes|
|Inherited activation||As guest if hosted on Datacenter||Can be host or guest|