This content is part of the Essential Guide: Windows Server 2016 release broadens reach across IT spectrum
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Windows Server 2016 networking embraces SDN

Listen to this podcast

Microsoft's new Windows Server 2016 networking capabilities have grown to support SDN, virtual network functions and hybrid cloud.

In this podcast, Zeus Kerravala, principal at ZK Research, talks about Microsoft's Windows Server 2016 networking update and explores the features that support evolving networking requirements.

It's an interesting time for Windows Server 2016 networking components. Substantial networking capabilities haven't been part of Windows Server before, but as the network becomes more important, it makes sense that Microsoft would want to arm its primary server product with features supporting evolving networking requirements.

The driving force? SDN, Kerravala says. To that end, virtual network elements like the Hyper-V virtual switch and gateways are now among Windows Server 2016 networking components. In addition, elements such as System Center 2016 can be orchestrated with leading tools, like Puppet and Chef.

What this all means is that with the new features, Microsoft enables users to dynamically manage workloads through Windows Server 2016 networking. This includes the ability to centrally define and control traffic flow among different network types and abstract applications through an overlay network.

Among the most important capabilities in Windows Server 2016 is the network controller. This lets companies manage, configure and troubleshoot both the virtual and physical networks through a common pane of glass. Administrators can then use Windows PowerShell -- a REST API -- to oversee the controller and manage Hyper-V, physical network switches, virtual private network gateways and firewalls or load balancers.

Hyper-V network virtualization, meantime, allows companies to abstract the apps and workloads with virtual networks, creating multi-tenant zones within a shared fabric. With this approach, a pure, logical network is available to a particular department, but in actuality, it is a shared component within the underlying physical network.

Hyper-V network virtualization is also compatible with VLANs used within traditional networking gear.

Another component, the Hyper-V virtual switch, is a software-based Layer 2 switch that allows virtual workloads to talk to each other. In Windows Server 2016 networking, the Hyper-V virtual switch is equipped with a new feature, switch-embedded teaming, which improves performance.

Other enhancements include internal domain name system; containers; and network functions virtualization support that includes a software load balancer, network address translator and a virtual data center firewall.

All of these virtual network services can also be run in Microsoft Azure for additional flexibility, Kerravala says.

To understand all the features, listen to our podcast about new Windows Server 2016 networking components.

Transcript - Windows Server 2016 networking embraces SDN

(This transcript has been edited for clarity and brevity.)

Hello, and welcome to this podcast on Understanding the Network Components of Windows Server 2016. I'm Zeus Kerravala, principal analyst for ZK Research, and I'll be taking you through what's new in Windows Server 2016 with respect to networking.

Now, this is an interesting topic because real networking capabilities haven't really been part of Windows server loads before. But, when you look at the trends in the industry toward cloud computing, particularly hybrid computing, internet of things and mobilization, the network is becoming more and more important. In fact, one could argue that, computers are now becoming network-centric. So, it makes sense that a company like Microsoft would want to bolster its primary server product with networking capabilities.

The main addition to Windows Server 2016 has been the arrival of software-defined networking. And if you're not familiar with software-defined networking, it's a new way to run networks. And, from a definitional perspective, think of it as a way to centrally configure and manage both a physical network and a virtual network. Things like virtual routers that act as a gateway in a data center from one central point. And this is possible now because the data plane, configuration plane and the physical plane have all been decoupled from one another, and it makes the "software-ization" of the network possible. Virtual network elements, such as the Hyper-V virtual switch, Hyper-V network virtualization and RAS gateway, are now parts of Windows Server 2016, and these are designed to become integral components of a software-defined network within a modernized data center.

Now, while you can still use existing physical switches and routers, so obviously you have to have those and other networking devices, you can achieve much deeper integration between the virtual network and the physical network if these devices have been designed for compatibility with SDN. And most of the primary networking vendors in the data center space are companies like Cisco, Arista, Juniper, Brocade and Extreme Networks, [and they] have all been working on this. So, it's very likely that your favorite network vendor actually is compatible with Windows Server 2016. As I mentioned before, SDN is now possible because the network planes, management control and data are no longer tied to the actual, physical network device itself, but they're extracted up a layer for use by other entities such as data center management software, like System Center 2016, and they can also be orchestrated by the leading orchestration tools like Puppet and Chef.

Now, SDNs allow administrators to dynamically manage the data center network in an automated way that's centralized to meet different requirements of applications and workload, and provides a number of capabilities. First, as I mentioned, is the ability to centrally define and control policies that govern both the physical underlay and the virtual overlay, including the traffic flow between these two network types, and that's important because they have to be aware of one another. They also provide the ability to abstract the application workloads from the underlying physical network, which is accomplished by virtualizing that overlay network.

Think of a good analogy, is the way server virtualization allowed for the abstraction of the server from the underlying physical hardware using something like Hyper-V. This can now be done with the network, for things like IP infrastructure switches and load balancers. And, third, it provides the ability to implement network policies in a very consistent manner at scale. And this is something that's hard to do with physical equipment, because, typically, you have to manage the network one by one on a box-by-box basis. So, even as you deploy new workloads or move workloads around, you're able to keep the policies consistent. And, obviously, in this digital era where companies are trying to move more with speed, that's an important part of SDNs.

Now, to understand all the technologies, I'm going to go through each of the different components of Windows Server 2016 as it relates to software-defined networking. The first component is the network controllers. So, new in Windows Server 2016 is the network controller. And you can think of it as an SDN controller, and it provides the centralized programming at the point of automation, to manage, configure, monitor and troubleshoot both the physical and virtual network from one common pane of glass. And, historically, this has been a challenge for network administrators because they had to manage both the underlay and physical overlay or virtual overlay through two different tools. And so Windows Server 2016 allows you to do it through one place. The network controller is a highly available and scalable component, and it provides one point of interface, one common API point, the southbound API that allows the network to communicate with the underlying physical devices. And then, there's a second API, a northbound API that allows you to communicate with the network controller.

Administrators can use Windows PowerShell, which are rest APIs, or some kind of management application to control the network controller and to be able to manage a number of different elements of the network -- such as the Hyper-V virtual machines and virtual switches; physical network switches; physical routers; firewall software; VPN gateways, including remote access services, the multi-tenant gateways and load balancers.

The second component is Hyper-V network virtualization. And Hyper-V virtualization enables companies to abstract the applications and workloads from the physical network by using virtual networks. These provide the necessary multi-tenant isolation or zones when running on a shared physical fabric. And, therefore, if you're in a departmental type of configuration, every department could have its own virtual network. And it would look like a pure, logical network to that particular department, but in actuality, it would be a shared component with the underlying physical network. And so this is great for companies that want to be able to do any kind of policy-based networking or isolation, you know, maybe a retail organization wants to isolate point of sale, they can do so with this. And, in addition, what's great about the Hyper-V network virtualizations is they're compatible with the VLANs that you'd find with traditional networking gear.

The next component's the Hyper-V Virtual Switch. And the Hyper-V Virtual Switch, think of it as a software-based, Layer 2 Ethernet switch that's available in Hyper-V manager, after you've installed the Hyper-V server role. And the reason you need this is if you have a couple of different Hyper-V virtual workloads and you want to have them connect with one another, you can't actually go to the switch port and back. That's called hair-pinning, and the Hyper-V Virtual Switch runs as a software switch inside and allows virtual workloads to talk to each other. In Windows Server 2016, the Hyper-V Virtual Switch, you can also deploy something called "switch-embedded teaming or set" and remote direct memory access, or RDMA, to help these things perform better.

Next is the internal DNS service, or IDNS. The hosted virtual machines and applications obviously require DNS to communicate with other networks and with external resources on the internet. With IDNS, companies can provide the various tenants or virtual networks with DNS name resolution for their isolated local name space, and also for internet resources.

The next component I want to talk about is the network function virtualization, or NFV. This has been growing in popularity with organizations. Think of NFV as virtual network functions that exist on a physical device and brings a certain level of agility to these functions. And so instead of having to physically deploy a load balancer, I can deploy a software-based one. Or instead of having to physically deploy a firewall, I can deploy a software-based one, and so on and so on. And more and more, we're seeing the hardware appliances being deployed as virtualized instances on virtual appliances. And these network function virtualizations, or NFV, components is really just a natural progression of where server virtualization has gone.

So, just from a high-level perspective, think of a model of a data center. When you have a physical server, you want to surround it with physical assets such as firewall load balancers, routers and switches. Well, it would make sense that if I virtualized that, I would want virtual resources to sit around, and so if I move it, they move along with it. Now, in Windows Server 2016, the virtual network functions that are available are a software load balancer, and a network address translation device, a virtual data center firewall and a virtual RAS gateway.

The next component I want to discuss is Remote Direct Memory Access, RDMA or the switch-embedded teaming. In Windows Server 2016, you can enable RDMA on network adapters that are bound to the Hyper-V Virtual Switch with or without switch-embedded teaming. This enables companies to use fewer network adapters. So, think of these as "virtual NICs," if you will, and it's a way of much more efficiently partitioning that NIC versus having to deploy one NIC per virtual server. So, set as an alternative NIC teaming that you can use in environments that include Hyper-V and SDN Stack within Windows Server 2016 set to integrate some of the NIC teaming functionality into a Hyper-V Virtual Switch. So, that also allows administrators to group up to eight Ethernet network adapters into one or more of the software-based virtual load network adapters. These virtual network adapters provide much faster performance and fault tolerance in the event of a network adapter failure.

Next is the RAS gateway for SDN. The RAS gateway is a software-based multi-tenant BGP-capable router in Windows Server 2016 that's designed for cloud service providers and enterprises that want to host multiple tenants as part of their data center. The RAS gateway also provides pools of gateways that are redundant in nature.

Next is the software load balancer that I mentioned. Cloud service providers and large enterprises that want to use SDN and Windows Server 2016 can also use software load balancers to evenly distribute tenant and tenant-customer network traffic among virtual resources.

And the last component I want to cover are the Windows Server containers, and you can think of them as lightweight operating system virtualization methods to separate applications and services from others. Containers are very popular, they're very lightweight and allow network administrators to have a much more agile data center.

Now, all of these things can also be run in the Azure cloud. And the reason you want to do that is if you want to run some kind of hybrid environment, you can run these virtual network services in Azure. And it lets you do things like build a hybrid infrastructure that can be controlled from the enterprise centrally. You can bring your own IP addresses and DNS servers into Azure; you can secure your connections to Azure with a VPN or IPsec encryption. You get much more granular control over traffic between the subnets to and from the public to the Azure cloud. And you can create sophisticated network topologies using virtual appliances.

And, lastly, you can extricate and isolate a secure environment that spans the data center into the Azure cloud. And this is great for organizations, especially global ones, that want to rely on the global reach that Microsoft has with Azure. Inter-Azure traffic won't flow over the internet, and, for example, within Azure traffic from VM to VM storage and SQL communications, can traverse only the Azure network regardless of the source and destination. And that's one of the great benefits of Windows Server 2016. Also, by using Windows Server 2016, you create better interoperability between infrastructure service and platform service. With the virtual network, you can build services that rely on the Azure cloud service and Azure virtual machines. You can use Azure web roles for your front end and virtual machines for the back-end database. And you can combine platform service with infrastructure services within a virtual network to give more flexibility.

So, those are the key components of Windows Server 2016 as it relates to the network. It's a big, big change, and given the world, my research shows that 90% of companies are looking at deploying the hybrid cloud. And if you're a Microsoft shop, it's likely you're going to be using Azure. So, it's a great time to try and get comfortable with all these new networking capabilities. Windows Server 2016 is loaded with them, and I hope you use them. So, with that being said, I want to thank you for listening to this podcast. I'm Zeus Kerravala with ZK Research. 

+ Show Transcript

Next Steps

Microsoft SDN stack challenges Cisco and VMware

Looking into Microsoft SDN

Windows Server comes with SDN capabilities