Table of Contents

Windows Server
Windows Server Software-Defined Datacenter (SDDC)
Get Started
Manage Windows Server
Failover Clustering
Identity and Access
Networking
Remote
Security and Assurance
Storage
Virtualization
Troubleshooting
Other Windows Server versions
 Windows Server technical content library
11/21/2017 • 3 min to read • Edit Online

This library provides info for IT pros to evaluate, plan, deploy, secure, and manage Windows Server.
What's new in Windows Server? Check out our latest mechanics video:

What's New? Get Started Manage Failover Clustering

Identity and Access

Networking Remote Access Storage Virtualization

Security and
Assurance

NOTE
To experience first-hand new features and functionality available in Windows Server 2016, you can download an evaluation
version by visiting Windows Server Evaluations.

Windows Server, version 1709

Windows Server, version 1709 is the first release in the new Semi-Annual Channel. Semi-Annual Channel releases
such as this one are ideal for customers who are moving at a “cloud cadence," such as those on rapid development
cycles or hosters keeping up with the latest Hyper-V investments.
Windows Server, version 1709 runs in Server Core mode. That means there is no local console or graphical user
interface, so you manage it remotely. However, it offers great advantages such as smaller hardware requirements
and much smaller attack surface. If you're new to working with Server Core, Manage a Server Core server will help
you get used to this environment. Manage Windows Server shows you the various options for managing servers
remotely.
Check out What's New in Windows Server version 1709 for more information about the new features and
functionality added in Windows Server, version 1709.

Windows Server editions

Windows Server, version 1709, is available in Standard and Datacenter editions, while Windows Server 2016 is
available in Standard, Datacenter, and Essentials editions. Windows Server Datacenter includes unlimited
virtualization rights plus new features to build a software-defined datacenter. Windows Server Standard offers
enterprise-class features with limited virtualization rights. Windows Server 2016 Essentials is an ideal cloud-
connected first server. It has its own extensive documentation—the content here focuses on Standard and
Datacenter editions. The following table briefly summarizes the key differences between Standard and Datacenter
editions:

FEATURE DATACENTER STANDARD

Core functionality of Windows Server yes yes

OSEs / Hyper-V containers unlimited 2

Windows Server containers unlimited unlimited

Host Guardian Service yes yes

Storage features including Storage yes no

Replica

Shielded Virtual Machines yes no

Software Defined Networking yes no

Infrastructure (Network Controller,
Software Load Balancer, and Multi-
tenant Gateway)

For more information, see Pricing and licensing for Windows Server 2016 and Compare features in Windows
Server versions.

Installation options
Both Standard and Datacenter editions offer two installation options:
Server Core: reduces the space required on disk, the potential attack surface, and especially the servicing
requirements. This is the recommended option unless you have a particular need for additional user interface
elements and graphical management tools.
Server with Desktop Experience: installs the standard user interface and all tools, including client experience
features that required a separate installation in Windows Server 2012 R2. Server roles and features are installed
with Server Manager or by other methods.
If you are installing Windows Server, version 1709, Server Core is your only installation option, while Windows
Server 2016 offers both the Server Core and Server with Desktop Experience installation options.
 NOTE
Unlike some previous releases of Windows Server, you cannot convert between Server Core and Server with Desktop
Experience after installation. For example, if you install Server Core and later decide to user Server with Desktop Experience,
you should do a fresh installation (and vice versa).

Now that you know which edition and installation option is right for you, click below to get started with Windows
Server.

Server Core - Desktop Experience -

Recommended Full interface

Windows Server Software-Defined Datacenter (SDDC)

Virtualized Storage, Networking, Security and Management technologies are the building blocks of the Windows
Server Software-Defined Datacenter (SDDC).

Windows Server Software-Defined Datacenter (SDDC)

Not finding content you need? Windows 10 users, tell us what you want on Feedback Hub.
 11/3/2017 • 7 min to read • Edit Online

Applies To: Windows Server 2016

Windows Server Software-Defined Datacenter

What is Windows Server Software-Defined Datacenter?

Software-Defined Datacenter (SDDC) is a common industry term that generally refers to a datacenter where all of
the infrastructure is virtualized. Virtualization is the key, and it simply means that the hardware and software in the
datacenter expand beyond a traditional one-to-one ratio. With a software hypervisor emulating hardware,
operating systems and applications can be abstracted away from physical hardware, and multiplied to form elastic
resource pools of processors, memory, I/O and networks.
Microsoft's implementation of the SDDC consists of the Windows Server technologies highlighted in this article. It
starts with the Hyper-V hypervisor that provides the virtualization platform upon which networking and storage are
built. Security technologies, developed for the unique challenges of virtualized infrastructure, mitigate internal and
external threats. With PowerShell built into Windows Server, and the addition of System Center and/or Operations
Management Suite, you can program and automate provisioning, deployment, configuration and management.
The technologies built into Windows Server and System Center are the main building blocks of the Windows
Server SDDC experience. But even though it's a virtualized platform, it still requires the right hardware underneath.
Microsoft partners participating in the Windows Server Software-Defined (WSSD) Solutions program can help
your enterprise acquire the right hardware and get it up and running on day zero.

Watch a video to learn more about Microsoft's SDDC

Download a poster size .pdf file of this page

Windows Server Software-Defined (WSSD) Solutions
Building your Windows Server Software-Defined Datacenter on the right hardware infrastructure is a crucial first
step to success. That's why we've partnered with DataON, Fujitsu, Lenovo, QCT, SuperMicro, Hewlett Packard
Enterprise and Dell EMC, to create Microsoft-validated SDDC designs and best practices for deployment.
Microsoft partners offer an array of Windows Server Software-Defined (WSSD) solutions that work with Window
Server 2016 to deliver high-performance, hyper-converged, storage and networking infrastructure. Hyper-
converged solutions bring together compute, storage, and networking on industry-standard servers and
components for improved datacenter intelligence and control.

Learn more about WSSD Solutions

Windows Server virtualized technologies

The remainder of this topic lists the Windows Server SDDC technologies and provides links to the documentation
for each. The technologies are listed in the table below:

Windows Server, Hyper-converged

Windows Server Virtualization technologies include updates to Hyper-V, Hyper-V Virtual Switch, and Guarded
Fabric and Shielded Virtual Machines (VMs), that improve security, scalability, and reliability. Updates to failover
clustering, networking, and storage make it even easier to deploy and manage these technologies when used with
Hyper-V.
 Learn more about Windows Server, Hyper-converged
Hyper-V Hypervisor
Hyper-V is a hypervisor-based virtualization technology for Windows. The hypervisor is core to virtualization. It is
the processor-specific virtualization platform that allows multiple isolated operating systems to share a single
hardware platform.

Learn more about Hyper-V Hypervisor

Guest Clustering with Shared VHDX

Flexible and secure, and not bound to the underlying storage topology, Shared VHDX removes the need to present
the physical underlying storage to a guest OS. The new Shared VHDX supports online re-size.

Shared VHDX can reside on a Cluster Shared Volume (CSV) on block storage, or on SMB file-based storage.
Protected: Shared VHDX supports Hyper-V Replica and host-level backup.

Learn more about Guest Clustering with Shared VHDX

Hyper-V Replica

Integrated software-based VM replication across the network with certificates. Not bound to server, network or
storage hardware on either site.
No need for other virtual machine replication technologies, reducing costs.
Handles live migration automatically.
Simple configuration and management — either through Hyper-V Manager, PowerShell, or with Azure Site
Recovery.

Learn more about Hyper-V Replica

Network Controller

A centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual and
physical network infrastructure in your datacenter.

Administrators use a Management Tool that interacts directly with Network Controller. Network Controller
provides information about the network infrastructure, including both virtual and physical infrastructure, to the
Management Tool.

Learn more about Network Controller

Datacenter Firewall
When deployed and offered as a service, tenant administrators can install and configure firewall policies to help
protect virtual networks from unwanted traffic from Internet and intranet networks.

The service provider administrator or the tenant administrator can manage the Datacenter Firewall policies via the
network controller.

Learn More about Datacenter Firewall

Switch Embedded Teaming

SET is an alternative NIC Teaming solution that you can use in environments that include Hyper-V and the Software
Defined Networking (SDN) stack.

Learn more about Switch Embedded Teaming

Software Load Balancing

SLB enables multiple servers to host the same workload, providing high availability and scalability. Scale out load
balancing capabilities using SLB VMs on the same Hyper-V servers you use for your other VM workloads. SLB
supports the rapid creation and deletion of load balancing endpoints for Cloud Service Provider operations. SLB
supports tens of gigabytes per cluster, provides a simple provisioning model, and is easy to scale out and in.
 Learn more about Software Load Balancing

Storage Spaces Direct

Using industry-standard servers with local-attached drives, Storage Spaces Direct provides highly available, highly
scalable software-defined storage at a fraction of the cost of traditional SAN or NAS arrays. Its architecture radically
simplifies procurement and deployment.

Storage Spaces Direct introduces the new Software Storage Bus and leverages many of the features you know
today in Windows Server, such as Failover Clustering, Cluster Shared Volumes (CSVs), Server Message Block (SMB)
3, and Storage Spaces.
 Learn more about Storage Spaces Direct
Storage Quality of Service

Centrally monitor and manage storage performance for virtual machines using Hyper-V and the Scale-Out File
Server roles, improving storage resource fairness between multiple virtual machines.

Storage QoS is built into the Microsoft software-defined storage solution provided by Scale-Out File Server and
Hyper-V using SMB3 protocol. A new Policy Manager provides central storage performance monitoring.

Learn more about Storage QoS

Storage Replica

Disaster recovery and preparedness make possible zero data loss, with the ability to synchronously protect data on
different racks, floors, buildings, campuses, cities, and countries with more efficient use of multiple datacenters.

Synchronous Replication
1. Application writes data
2. Log data is written and the data is replicated to the remote site
3. Log data is written at the remote site
4. Acknowledgement from the remote site
5. Application write acknowledged
t & t1 : Data flushed to the volume, logs always write through

Learn more about Storage Replica

Guarded fabric

As a cloud service provider or enterprise private cloud administrator, you can use a guarded fabric to provide a
more secure environment for VMs. A guarded fabric consists of one Host Guardian Service (HGS) - typically, a
cluster of three nodes - plus one or more guarded hosts, and a set of shielded virtual machines (VMs).

Learn more about guarded fabric

Shielded VMs

The data and state of a shielded VM are protected against inspection, theft and tampering, from both malware and
datacenter administrators.
 Shielded VMs will only run in fabrics designated as owners of the VM.
Shielded VMs are encrypted by BitLocker, or other means, so that only designated owners can run them.
Running VMs can be converted to shielded.

Learn more about shielded VMs

Host Guardian Service

Host Guardian Service holds the keys to legitimate fabrics, as well as encrypted virtual machines.

Learn more about the Host Guardian Service

Device Health Attestation

Attestation enables enterprises to raise the security bar of their organization to hardware monitored and attested
security, with minimal or no impact on operation costs.

Hardware trusted mode, shown above, provides the highest level of assurance, with TPM v2.0 hardware rooted
trust and compliance with code-integrity policy for key-release.

Learn more about Device Health Attestation

PowerShell DSC
Windows PowerShell Desired State Configuration is a configuration management platform built into Windows that
is based on open standards. DSC is flexible enough to function reliably and consistently in each stage of the
deployment lifecycle (development, test, pre-production, production), as well as during scale-out.

DSC supports “continuous deployments,” so you can deploy configurations over and over without breaking
anything.
DSC configurations only apply settings that have changed from the original for faster deployments.
DSC can be used on-premise, in a public, or in a private Cloud environment.
You can integrate DSC with any Microsoft or non-Microsoft solution as long as you can execute a PowerShell
script on the target system.

Learn more about PowerShell DSC

System Center VMM

Virtual Machine Manager is part of the System Center suite, used to configure, manage and transform traditional
datacenters to provide a unified management experience across on-premises, service provider, and the Azure
cloud.

Datacenter: Configure and manage datacenter components as a single fabric in VMM.

Virtualization hosts: VMM can add, provision, and manage Hyper-V and VMware virtualization hosts and
clusters.
Networking: VMM provides network virtualization, including support for creating and manage virtual networks
and network gateways.
Storage: VMM can discover, classify, provision, allocate, and assign local and remote storage.
 Learn more about System Center VMM
Microsoft Project Honolulu

Honolulu is a locally deployed, browser-based, management tool set that enables on-premises administration of
Windows Servers with no Azure or cloud dependency. Honolulu gives IT Admins full control over all aspects of their
Server infrastructure, and is particularly useful for management on private networks that are not connected to the
Internet.

Publishing the web server to DNS and setting up the corporate firewall can allow you to access Honolulu from the
public internet, enabling you to connect to, and manage, your servers from anywhere with Microsoft Edge or
Google Chrome.

Learn more about Microsoft Project Honolulu

 Get Started with Windows Server 2016
11/3/2017 • 1 min to read • Edit Online

Applies To: Windows Server 2016

This collection contains detailed information to help you determine if you're ready to move to Windows
Server 2016. Once you've checked the system requirements, upgrade options, and other information
about moving to Windows Server 2016, you're ready to go back to the main Windows Server 2016 hub
and start down the path to installing the best edition and installation option for your needs.

NOTE
To download Windows Server 2016, see Windows Server Evaluations.

System Requirements
Find out the minimum hardware requirements to install and run Windows Server 2016.

Release Notes: Important Issues in Windows Server

Issues that could cause serious problems if you don't avoid or work around them.

Recommendations for moving to Windows Server 2016

Comprehensive table of available approaches for getting to Windows Server 2016 in various scenarios.

Features Removed or Deprecated in Windows Server 2016

Features that have already been removed from Windows Server 2016 or designated for potential future removal.

Upgrade and Conversion Options

Description of all the ways to move to Windows Server 2016 from whatever you're running today.

Server Role Upgrade and Migration Matrix

Information about additional steps needed to bring particular server roles to Windows Server 2016

Server Application Compatibility Table

Does SQL work on Windows Server 2016? What steps are needed to get Exchange running? This topic explains
what you'll need to do.

Server Activation Guide

Basic information on activation of Windows Server 2016 itself and other operating systems by using Windows
Server 2016.
 Manage Windows Server 2016
11/3/2017 • 4 min to read • Edit Online

Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012

Once you have deployed Windows Server into your environment, including the specific roles for the
features and functions you need, the next step is managing those servers. Windows Server includes a
number of tools to help you understand your Windows Server environment, manage specific servers,
fine-tune performance, and eventually automate many management tasks.

Manage Windows Server systems and environments

The tools you use to manage Windows Server instances depend, in large amount, on the types of systems you have
deployed (Windows Server with Desktop Experience vs Server Core), physical versus virtual machines, and where
your servers are located. Use the following information to perform basic management tasks on Windows Server.
Use the following table to determine which tools to use when.

INSTALL & RUN PROJECT RUN SERVER MANAGER ON RUN SERVER MANAGER IN
I AM HONOLULU WINDOWS SERVER RSAT ON WINDOWS 10

Sitting at a Windows 10 PC X X

Sitting at a Windows Server X X X

system running the desktop
experience

Sitting at a Windows Server X (install on Windows 10, X

system running Server Core use to manage Server Core)

Sitting far away from my X X

Windows Server system

Sitting far away from my X Use RDS to remote into the X

Windows Server system but server, then use Server
it DOES have desktop Manager
experience

In addition to the tools mentioned below, you can also use Remote Desktop Services to access on-premises,
remote, and virtual servers. Then you can use Server Manager to perform management tasks.
Manage on-premises systems, remote systems, and systems without UI with Microsoft Project Honolulu
Microsoft Project Honolulu is a browser-based management app that enables on-premises administration of
Windows Servers with no Azure or cloud dependency. Project Honolulu gives you full control over all aspects of
your server infrastructure and is particularly useful for management on private networks that are not connected to
the Internet. You can install Project Honolulu on Windows 10, on a gateway server, or directly on the Windows
Server system that you want to manage.
Manage on-premises systems with Server Manager
Server Manager is a management console included in the full installation of Windows Server. (It is not available for
installs that don't have UI - Server Core doesn't include Server Manager.) Use Server Manager to install and
remove server roles, add and remove remote servers, start and stop services, and view data gathered about your
environment.
Manage remote systems and systems without UI with Remote Server Administration Tools (RSAT )
If your environment includes installations of Server Core or remote servers (either on-premises or virtual
machines), you can use the Remote Server Administration tools (RSAT) to manage those systems. RSAT includes
Server Manager, so you can use it to manage all of your servers.

IMPORTANT
RSAT runs on Windows 10. You can't install RSAT on Windows Server Core.

You can also manage Server Core installations from the command line. See Basic administration tasks in Server
Core.
Manage updates to Windows Server systems
You can use Windows Server Update Services (WSUS) to manage and deploy updates to the systems in your
Windows Server environment.

Gather information about your environment

Many of the decisions you make as an administrator depend on data about the systems and users in your
environment. Use the following information and tools to gather that data.
Start with Configure Windows telemetry in your organization for information about the telemetry that can be
gathered from Windows 10 and Windows Server.
Setup and Boot Event Collection
Setup and Boot Event Collection lets you designate a "collector" computer that can gather a variety of important
events that occur on other computers when they boot or go through the setup process. You can then later analyze
the collected events with Event Viewer, Message Analyzer, Wevtutil, or Windows PowerShell cmdlets.
Software Inventory Logging (SIL )
Software Inventory Logging in Windows Server is a feature with a simple set of PowerShell cmdlets that help
server administrators retrieve a list of the Microsoft software that is installed on their servers. It also provides the
capability to collect and forward this data periodically over the network to a target web server, using the HTTPS
protocol, for aggregation. Managing the feature, primarily for hourly collection and forwarding, is also done with
PowerShell commands.
User Access Logging (UAL )
User Access Logging aggregates unique client device and user request events that are logged on a computer
running Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012 into a local database. These
records are then made available (through a query by a server administrator) to retrieve quantities and instances by
server role, by user, by device, by the local server, and by date. In addition, UAL also enables non-Microsoft
software developers to instrument their UAL events to be aggregated.

Tune your Windows Server environment for performance

Use the following information to help tune your environment for performance.
Performance tuning guidelines
Review a set of guidelines that you can use to tune the server settings in Windows Server 2016 and obtain
incremental performance or energy efficiency gains, especially when the nature of the workload varies little over
time.
Microsoft Server Performance Advisor
With Microsoft Server Performance Advisor (SPA), you can collect metrics to diagnose performance issues on
Windows servers unobtrusively without adding software agents or reconfiguring production servers. SPA
generates comprehensive performance reports and historical charts with recommendations.

Automate Windows Server management

Windows Server includes a set of commands and Windows PowerShell modules that you can use to automate
management tasks.
Windows PowerShell
Winows PowerShell is a command-line shell and scripting language designed to let you rapidly automate
administrative tasks.
Windows Commands
The Windows command-line tools are used to perform administrative tasks in Windows. You can use the
command reference to familiarize yourself with the command-line tools, to learn about the command shell, and to
automate command-line tasks by using batch files or scripting tools.
 Failover Clustering in Windows Server
11/6/2017 • 2 min to read • Edit Online

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

Failover clustering - a Windows Server feature that enables you to group multiple servers together into
a fault-tolerant cluster - provides new and improved features for software-defined datacenter
customers and many other workloads running clusters on physical hardware or in virtual machines.
A failover cluster is a group of independent computers that work together to increase the availability and scalability
of clustered roles (formerly called clustered applications and services). The clustered servers (called nodes) are
connected by physical cables and by software. If one or more of the cluster nodes fail, other nodes begin to provide
service (a process known as failover). In addition, the clustered roles are proactively monitored to verify that they
are working properly. If they are not working, they are restarted or moved to another node.
Failover clusters also provide Cluster Shared Volume (CSV) functionality that provides a consistent, distributed
namespace that clustered roles can use to access shared storage from all nodes. With the Failover Clustering
feature, users experience a minimum of disruptions in service.
Failover Clustering has many practical applications, including:
Highly available or continuously available file share storage for applications such as Microsoft SQL Server and
Hyper-V virtual machines
Highly available clustered roles that run on physical servers or on virtual machines that are installed on servers
running Hyper-V

What's new
Here are some of the new features in Windows Server 2016 - for more details, see What's new in Failover
Clustering:
Cluster operating system rolling upgrades
Enables an administrator to upgrade the operating system of the cluster nodes from without stopping the Hyper-V
or the Scale-Out File Server workloads.
Cloud Witness for a Failover Cluster
A new type of quorum witness that leverages Microsoft Azure to help determine which cluster node should be
considered authoritative if a node goes offline.
Health Service
Improves the day-to-day monitoring, operations, and maintenance experience of Storage Spaces Direct clusters.
Fault Domains
Enables you to define what fault domain to use with a Storage Spaces Direct cluster. A fault domain is a set of
hardware that share a single point of failure, such as a server node, server chassis, or rack.
VM load balancing
Helps load be evenly distributed across nodes in a Failover Cluster by identifying busy nodes and live-migrating
VMs on these nodes to less busy nodes.
Simplified SMB Multichannel and multi-NIC cluster networks
Enables easier configuration of multiple network adapters in a cluster.

Planning
Failover Clustering Hardware Requirements and Storage Options
Validate Hardware for Failover Clustering
Network Recommendations for a Hyper-V Cluster

Deployment
Installing the Failover Clustering Feature and Tools
Validate Hardware for a Failover Cluster
Prestage Cluster Computer Objects in Active Directory Domain Services
Creating a Failover Cluster
Deploy Hyper-V over SMB
Deploy a Scale-Out File Server
iSCSI Target Block Storage, How To
Deploy an Active Directory Detached Cluster
Using Guest Clustering for High Availability
Deploy a Guest Cluster using a Shared Virtual Hard Disk
Building Your Cloud Infrastructure: Scenario Overview

Operations
Configure and Manage the Quorum in a Failover Cluster
Use Cluster Shared Volumes in a Failover Cluster
Cluster-Aware Updating Overview
Windows IT Pro Support

Tools and settings

Failover Clustering PowerShell Cmdlets
Cluster Aware Updating PowerShell Cmdlets

Community resources
High Availability (Clustering) Forum
Failover Clustering and Network Load Balancing Team Blog
 Identity and Access in Windows Server 2016
11/3/2017 • 1 min to read • Edit Online

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012

The following new features in Identity improve the ability for organizations to secure Active Directory
environments and help them migrate to cloud-only deployments and hybrid deployments, where
some applications and services are hosted in the cloud and others are hosted on premises. The
improvements are covered in the following sections.

What's new in Active Directory Federation Services for Windows Server

2016
An overview of all of the new features available for AD FS in Windows Server 2016.

What's new in Active Directory Domain Services for Windows Server

2016
Lists all the new features available for AD DS in Windows Server 2016.

Privileged Access Management for Active Directory Domain Services

(AD DS)
Privileged Access Management (PAM) for Active Directory Domain Services (AD DS) is a solution that is based on
Microsoft Identity Manager (MIM) and Windows Server 2012 R2 and Windows Server 2016.

Windows 10 for the enterprise: Ways to use devices for work

Windows 10 provides you the ability to leverage Azure Active Directory. Windows 10 devices can be connected to
Azure AD, and users can sign in to Windows with Azure AD accounts or add their Azure ID to gain access to
business apps and resources.

Active Directory Domain Services

Detailed documentation on all of the features available for AD DS in Windows Server 2016.

Active Directory Federation Services

Detailed documentation on all of the features available for AD FS in Windows Server 2016.

Solutions and Scenario Guides

Secure access to company resources from any location on any device
Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company
Applications
Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications
Manage Risk with Conditional Access Control
 Networking
11/3/2017 • 8 min to read • Edit Online

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

Networking is a foundational part of the Software Defined Datacenter (SDDC) platform, and Windows
Server 2016 provides new and improved Software Defined Networking (SDN) technologies to help you
move to a fully realized SDDC solution for your organization.
When you manage networks as a software defined resource, you can describe an application’s infrastructure
requirements one time, and then choose where the application runs - on premises or in the cloud.
This consistency means that your applications are now easier to scale, and you can seamlessly run applications -
anywhere - with equal confidence about security, performance, quality of service, and availability.

NOTE
To download Windows Server, see Windows Server Evaluations.

Windows Server 2016 adds the following new networking technologies:

Software Defined Networking: Network Controller provides a centralized, programmable point of
automation to manage, configure, monitor, and troubleshoot virtual and physical network infrastructure in
your datacenter. Network Controller allows you to use Network Function Virtualization to easily deploy
virtual machines (VMs) for Software Load Balancing (SLB) to optimize network traffic loads for your tenants,
and RAS Gateways to provide tenants with the connectivity options they need between Internet, on-prem,
and cloud resources. You can also use Network Controller to manage Datacenter Firewall on VMs and
Hyper-V hosts.
Network Platform: Using new features for existing Network Platform technologies, you can use DNS Policy
to customize your DNS server responses to queries, use a converged NIC that handles combined Remote
Direct Memory Access (RDMA) and Ethernet traffic, use Switch Embedded Teaming (SET) to create Hyper-V
Virtual Switches connected to RDMA NICs, and use IP Address Management (IPAM) to manage DNS zones
and servers as well as DHCP and IP addresses.
For more information, see Windows Server Supported Networking Scenarios.
The following sections provide information about SDN technologies and Network Platform technologies.

Software Defined Networking technologies

Software Defined Networking (SDN )
You can use this topic to learn about the SDN technologies that are provided in Windows Server, System Center,
and Microsoft Azure.

NOTE
For Hyper-V hosts and virtual machines (VMs) that run SDN infrastructure servers, such as Network Controller and Software
Load Balancing nodes, you must install Windows Server 2016 Datacenter edition. For Hyper-V hosts that contain only tenant
workload VMs that are connected to SDN-controlled networks, you can run Windows Server 2016 Standard edition.
Deploy a Software Defined Network infrastructure using scripts
This guide provides instructions on how to deploy Network Controller with virtual networks and gateways in a test
lab environment.
Network Controller
Network Controller provides a centralized, programmable point of automation to manage, configure, monitor, and
troubleshoot virtual and physical network infrastructure in your datacenter.
Software Load Balancing (SLB ) for SDN
Cloud Service Providers (CSPs) and Enterprises that are deploying Software Defined Networking (SDN) in Windows
Server 2016 can use Software Load Balancing (SLB) to evenly distribute tenant and tenant customer network traffic
among virtual network resources. The Windows Server SLB enables multiple servers to host the same workload,
providing high availability and scalability.
RAS Gateway for SDN
RAS Gateway, which is a software-based, multitenant, Border Gateway Protocol (BGP) capable router in Windows
Server 2016, is designed for Cloud Service Providers (CSPs) and Enterprises that host multiple tenant virtual
networks using Hyper-V Network Virtualization.
Network Function Virtualization
In software defined datacenters, network functions that are being performed by hardware appliances (such as load
balancers, firewalls, routers, switches, and so on) are increasingly being virtualized as virtual appliances. This
"network function virtualization" is a natural progression of server virtualization and network virtualization.
Datacenter Firewall Overview
Datacenter Firewall is a network layer, 5-tuple (protocol, source and destination port numbers, source and
destination IP addresses), stateful, multitenant firewall.

Networking Technologies
The following table provides links to some of the networking technologies in Windows Server 2016.
What's New in Networking
You can use the following sections to discover new networking technologies and new features for existing
technologies in Windows Server 2016.
BranchCache
BranchCache is a wide area network (WAN) bandwidth optimization technology. To optimize WAN bandwidth
when users access content on remote servers, BranchCache fetches content from your main office or hosted cloud
content servers and caches the content at branch office locations, allowing client computers at branch offices to
access the content locally rather than over the WAN.
Core Network Guide for Windows Server 2016
Learn how to deploy a Windows Server network with the Core Network Guide, as well as add features to your
network deployment with Core Network Companion Guides.
DirectAccess
DirectAccess allows connectivity for remote users to organization network resources.
DirectAccess documentation is now located in the Remote access and server management section of the Windows
Server 2016 table of contents, under Remote Access. For more information, see DirectAccess.
Domain Name System (DNS )
Domain Name System (DNS) is one of the industry-standard suite of protocols that comprise TCP/IP, and together
the DNS Client and DNS Server provide computer name-to-IP address mapping name resolution services to
computers and users.
Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet
Protocol (IP) host with its IP address and other related configuration information, such as the subnet mask and
default gateway.
Hyper-V Network Virtualization
Hyper-V Network Virtualization (HNV) enables virtualization of customer networks on top of a shared physical
network infrastructure.
Hyper-V Virtual Switch
The Hyper-V Virtual Switch is a software-based layer-2 Ethernet network switch that is available in Hyper-V
Manager when you install the Hyper-V server role. The switch includes programmatically managed and extensible
capabilities to connect virtual machines to both virtual networks and the physical network. In addition, Hyper-V
Virtual Switch provides policy enforcement for security, isolation, and service levels.
Hyper-V Virtual Switch documentation is now located in the Virtualization section of the Windows Server 2016
table of contents. For more information, see Hyper-V Virtual Switch.
IP Address Management (IPAM )
IP Address Management (IPAM) is an integrated suite of tools to enable end-to-end planning, deploying, managing
and monitoring of your IP address infrastructure, with a rich user experience. IPAM automatically discovers IP
address infrastructure servers and Domain Name System (DNS) servers on your network and enables you to
manage them from a central interface.
Network Load Balancing
Network Load Balancing (NLB) distributes traffic across several servers using the TCP/IP networking protocol. For
non-SDN deployments, NLB ensures that stateless applications, such as Web servers running Internet Information
Services (IIS), are scalable by adding more servers as the load increases.
Network Offload and Optimization Technologies
Network offload and optimization technologies in Windows Server 2016 include Software Only (SO) features and
technologies, Software and Hardware (SH) integrated features and technologies, and Hardware Only (HO) features
and technologies.
The following offload and optimization technology documentation is also available.
Converged Network Interface Card (NIC) Configuration Guide
Data Center Bridging (DCB)
Virtual Receive Side Scaling (vRSS)
Network Policy Server
Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for
connection request authentication and authorization.
Network Shell (Netsh)
You can use the Network Shell (netsh) networking utility to manage networking technologies in Windows Server
2016 and Windows 10.
Network Subsystem Performance Tuning
This topic provides information about choosing the right network adapter for your server workload, ordering
network interfaces, network related performance counters, and performance tuning network adapters and related
networking technologies, such as Receive Side Scaling (RSS), Receive Side Coalescing (RSC), and others.
NIC Teaming
NIC Teaming allows you to group physical Ethernet network adapters into one or more software-based virtual
network adapters. These virtual network adapters provide fast performance and fault tolerance in the event of a
network adapter failure.
Quality of Service (QoS ) Policy
You can use QoS Policy as a central point of network bandwidth management across your entire Active Directory
infrastructure by creating QoS profiles, whose settings are distributed with Group Policy.
Remote Access
You can use Remote Access technologies, such as DirectAccess and Virtual Private Networking (VPN) to provide
remote workers with connectivity to internal network resources. In addition, you can use Remote Access for local
area network (LAN) routing, and for Web Application Proxy. which provides reverse proxy functionality for web
applications inside your corporate network to allow users on any device to access them from outside the corporate
network.
Remote Access documentation is now located in the Remote access and server management section of the
Windows Server 2016 table of contents. For more information, see Remote Access.
For more information about Web Application Proxy, which is a role service of the Remote Access server role, see
Web Application Proxy in Windows Server 2016.
Virtual Private Networking (VPN )
In Windows Server 2016, DirectAccess and VPN is a role service of the Remote Access server role.
When you install Remote Access as a VPN server, you can use Virtual Private Networking (VPN) to provide your
remote employees with connections to your organization network across the Internet - while also maintaining
information privacy with encrypted connections.
With Windows Server 2016 Remote Access VPN - and Windows 10 client computers - you can now deploy Always
On VPN. Always On VPN gives you the ability to manage remote VPN clients that are always connected, while also
providing convenience for remote workers, who no longer need to manually connect to and disconnect from VPN
to your organization network.
For more information, see Remote Access Always On VPN Deployment Guide for Windows Server 2016 and
Windows 10.

NOTE
VPN documentation is now located in the Remote access and server management section of the Windows Server 2016 table
of contents, under Remote Access.

For more information about VPN, see Virtual Private Networking (VPN).
Windows Container Networking
Windows Container Networking allows you to create and manage networks for connecting container endpoints on
both Windows 10 and Windows Server hosts by using standard industry tools and workflows. Windows container
networks support multiple topologies, including private, flat-L2, and routed-L3.
Also supported are overlays that you can create locally on the host by using Docker, Kubernetes, or Windows
PowerShell through plugins that communicate with the Windows Host Networking Service (HNS). You can create
and manage multi-node cluster networks through higher level orchestration systems by communicating through a
local agent to each node’s HNS.
Windows Internet Name Service (WINS )
Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps
computer NetBIOS names to IP addresses. Using DNS is recommended over using WINS.
Additional Resources
Networking resources for operating systems earlier than Windows Server 2016 are available at the following
locations.
Windows Server 2012 and Windows Server 2012 R2 Networking Overview
Windows Server 2008 and Windows Server 2008 R2 Networking
Windows Server 2003 Windows Server 2003/2003 R2 Retired Content
 Remote access and server management
11/3/2017 • 1 min to read • Edit Online

Remote Desktop Services

Remote Desktop Services enables users to access Windows-based programs that are installed on a Remote
Desktop Session Host (RD Session Host) server, or to access the full Windows desktop. With Remote Desktop
Services, users can access an RD Session Host server from within a corporate network or from the Internet.

Remote Access
The Remote Access server role includes DirectAccess and virtual private network (VPN), local area network (LAN)
Routing, and Web Application Proxy. RAS allows you to provide network connectivity to remote employees, site-to-
site VPN to connect remote office locations over the Internet, and the RAS Gateway, which has multitenant and
Border Gateway Protocol (BGP) capabilities for Enterprises and Cloud Service Providers (CSPs).

Web Application Proxy

Web Application Proxy provides reverse proxy functionality for web applications inside your corporate network to
allow users on any device to access them from outside the corporate network safely and securely.

Multipoint Services
Use MultiPoint Services to enable multiple users, each with their own independent and familiar Windows
experience, to simultaneously share one computer.

Remote Server Administration Tools

To ease remote server management, you can download and install Remote Server Administration Tools for
Windows 10. Remote Server Administration Tools for Windows 10 includes Server Manager, Microsoft
Management Console (mmc) snap-ins, consoles, Windows PowerShell cmdlets and providers, and some
command-line tools for managing roles and features that run on Windows Server 2016.
 Security and Assurance in Windows Server
11/3/2017 • 5 min to read • Edit Online

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

You can rely on new layers of protection built into the operating system to further safeguard against
security breaches. Help block malicious attacks and enhance the security of your virtual machines,
applications, and data.
Windows Server 2016 Security Blog Post
This blog post from the Windows Server security team highlights many of the improvements in Windows Servers
2016 that increase security for hosting and hybrid cloud environments.
Datacenter and Private Cloud Security Blog
This is the central blog site for technical content from the Microsoft Datacenter and Private Cloud Security team.
Addressing emerging threats and landscape shifts
In this 6-minute video, Anders Vinberg provides an overview of Microsoft's security and assurance strategy, and
discusses industry trends and landscape shifts as they relate to security. He then focuses on Microsoft's key
initiatives to protect workloads from the underlying fabric, and protect against direct attacks from privileged
accounts. Finally, in case of breach, he explains how new detection and forensic capabilities can help better identify
the threat.
Protecting Your Datacenter and Cloud from Emerging Threats blog post
This blog post discusses how you can use Microsoft technologies to protect your datacenter and cloud investments
from emerging threats.
Security and Assurance Overview session at Ignite
This Ignite session addresses persistent threats, insider breaches, organized cybercrime, and securing the Microsoft
Cloud Platform (on-premises and connected services with Azure). It includes scenarios for securing workloads,
large enterprise tenants, and service providers.

Secure virtualization with Shielded VMs

Shielded VM in Channel 9
A walkthrough of Shielded VM technology and benefits
Shielded VM Demo
This 4-minute video describes the value of shielded VMs and the differences between a shielded VM and a non-
shielded VM.
Shielded Virtual Machines in Windows Server video walkthrough
This video walkthrough shows how the Host Guardian Service enables shielded virtual machines so that sensitive
data is protected from unauthorized access by Hyper-V host administrators.
Harden the Fabric: Protecting Tenant Secrets in Hyper-V (Ignite Video )
This Ignite presentation discusses enhancements in Hyper-V, Virtual Machine Manager, and a new Guardian Server
role to enable shielded VMs.
Guarded Fabric Deployment Guide
This guide provides installation and validation information for Windows Server and System Center Virtual Machine
Manager for Guarded Fabric Hosts and Shielded VMs.
Shielded VM and Guarded Fabric Operations Guide
This guide provides best practices and recommendations for how to configure your Shielded VM environment,
including information specific to Guarded Hosts and tenants.
Shielded VM and Guarded Fabric Troubleshooting Guide
This guide provides information about how to resolve issues you may encounter in your Shielded VM environment.
Shielded VM Article
This white paper provides an overview of how shielded VMs provide increased overall security to prevent
tampering.

Privileged Access Management

Securing Privileged Access
A road-map for how you can secure your privileged access. This road-map is built based on the combined expertise
of the server security team, Microsoft IT, Azure team and the Microsoft Consulting Services
Just in Time Administration with Microsoft Identity Manager
This article discusses features and capabilities included in Microsoft Identity Manager, including support for Just In
Time (JIT) Privileged Access Management.
Protecting Windows and Microsoft Azure Active Directory with Privileged Access Management
This Ignite presentation covers Microsoft's strategy and investments in Windows Server, PowerShell, Active
Directory, Identity Manager, and Azure Active Directory for addressing the risks of administrator access through
stronger authentication, and managing access using Just in Time and Just Enough Administration (JEA).
Just Enough Administration Article
This document shares the vision and technical details of Just Enough Administration, a PowerShell toolkit designed
to help organizations reduce risk by restricting operators to the only access required to perform specific tasks.
Just Enough Administration demo video
Just Enough Administration demo walk through

Credential Protection
Protect derived domain credentials with Credential Guard
Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can
access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or
Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket
Granting Tickets.
Protect Remote Desktop credentials with Remote Credential Guard
Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the
Kerberos requests back to the device that's requesting the connection. It also provides single sign on experiences
for Remote Desktop sessions. |
Credential Guard demo video
This 5-minute video demos Credential Guard and Remote Credential Guard

Hardening the OS and applications

Device Guard Deployment Guide
Device Guard is a combination of enterprise-related hardware and software security features that, when configured
together, will lock a device down so that it can only run trusted applications that you define in your code integrity.
Device Guard demo video
This 7-minute video presents Device Guard and its usage on Windows Server 2016
Control Flow Guard
Control Flow Guard provides built-in protection against some classes of memory corruption attacks.
Windows Defender
Windows Defender provides active detection capabilities to block known malware. Windows Defender is turned on
by default and is optimized to support the various server roles in Windows Server 2016.

Detecting and Responding to Threats

Security Threat Analysis Using Microsoft Operations Management Suite
This Ignite presentation discusses how you can use Operational Insights to perform security threat analysis.
Microsoft Operations Management Suite (OMS )
The Microsoft Operations Management Suite (OMS) Security and Audit solution processes security logs and
firewall events from on-premises and cloud environments to analyze and detect malicious behavior.
OMS and Windows Server
This 3-minute video shows how OMS can help detect potential malicious behavior that is blocked by Windows
Server.
Microsoft Advanced Threat Analytics
This blog post discusses Microsoft Advanced Threat Analytics, an on-premises product that uses Active Directory
network traffic and SIEM data to discover and alert on potential threats.
Microsoft Advanced Threat Analytics
This 3-minute video presents an overview of how Microsoft is adding threat analytics capabilities in Windows
Server. |

Network Security
Datacenter Firewall Overview
This overview discusses Datacenter Firewall, a network layer, 5-tuple (protocol, source and destination port
numbers, source and destination IP addresses), stateful, multitenant firewall.
What's New in DNS in Windows Server
This overview topic provides brief descriptions of new capabilities in DNS, along with links for more information.

Mapping security features to compliance regulations

Compliance is an important aspect of security features. We leave the expert advice on how to achieve your
compliance and what compliance looks like to your trusted compliance advisers, but we also want to provide initial
mapping for you to be able to use when evaluating Windows Server.
Hyper-V Shielded VMs compliance mapping whitepaper
JEA and JIT compliance mapping whitepaper
Device Guard compliance mapping whitepaper
Credential Guard compliance mapping whitepaper
Windows Defender compliance mapping whitepaper
 Storage in Windows Server
12/14/2017 • 5 min to read • Edit Online

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

Storage in Windows Server provides new and improved features for software-defined datacenter (SDDC)
customers focusing on virtualized workloads. Windows Server also provides extensive support for
enterprise customers using file servers with existing workloads.
To find out about what's new in storage, see What's new in storage and What's new in Failover Clustering.
For an overview of storage technologies included in Windows Server, see the following list (categorized by
workload).

Software-defined storage for virtualized workloads

Storage Spaces Direct - Storage Spaces now includes support for Storage Spaces Direct - a new architecture
for Storage Spaces clusters that uses directly attached local storage - including SATA and NVME devices.
Other enhancements include the ability to optimize disk usage after adding new physical disks and faster
virtual disk repair times.
Storage Replica - Storage Replica enables storage-agnostic, block-level, synchronous replication between
clusters or servers for disaster preparedness and recovery, as well as stretching of a failover cluster across
sites for high availability. Synchronous replication enables mirroring of data in physical sites with crash-
consistent volumes, ensuring zero data loss at the file system level. Asynchronous replication allows site
extension beyond metropolitan ranges.
Storage QoS - Storage Quality of Service (QoS) provides a way to centrally monitor and manage storage
performance for virtual machines using Hyper-V and the Scale-Out File Server roles. The feature
automatically improves storage resource fairness between multiple virtual machines using the same file
server cluster and allows specific minimum and maximum performance goals to be configured in units of
normalized IOPs.
Data Deduplication - Data Deduplication is a feature of Windows Server 2016 that can help reduce the
impact of redundant data on storage costs. When enabled, Data Deduplication optimizes free space on a
volume by examining the data on the volume for duplication. Once identified, duplicated portions of the
volume's dataset are stored once and are (optionally) compressed for additional savings. Data Deduplication
optimizes redundancies without compromise data fidelity or integrity.

General-purpose file servers

Work Folders - With Work Folders users can store and access work files on personal computers and devices,
often referred to as bring-your-own device (BYOD), in addition to corporate PCs. Users gain a convenient
location to store work files, and they can access them from anywhere. Organizations maintain control over
corporate data by storing the files on centrally managed file servers, and optionally specifying user device
policies such as encryption and lock-screen passwords.
Offline Files, Folder Redirection, and Roaming User Profiles - Folder Redirection and Offline Files are used
together to redirect the path of local folders (such as the Documents folder) to a network location, while
caching the contents locally for increased speed and availability. Roaming User Profiles is used to redirect a
user profile to a network location.
 DFS Namespaces - Enables you to group shared folders that are located on different servers into one or
more logically structured namespaces. Each namespace appears to users as a single shared folder with a
series of subfolders. However, the underlying structure of the namespace can consist of numerous file
shares that are located on different servers and in multiple sites.
DFS Replication - Enables you to efficiently replicate folders (including those referred to by a DFS namespace
path) across multiple servers and sites. DFS Replication uses a compression algorithm known as remote
differential compression (RDC). RDC detects changes to the data in a file, and it enables DFS Replication to
replicate only the changed file blocks instead of the entire file.
File Server Resource Manager - File Server Resource Manager enables you to manage and classify data
stored on file servers.
iSCSI Target Server - iSCSI Target Server provides block storage to other servers and applications on the
network by using the Internet SCSI (iSCSI) standard.
iSCSI Target Boot - iSCSI Target Server in Windows Server can boot hundreds of computers from a single
operating system image that is stored in a centralized location. This improves efficiency, manageability,
availability, and security.

File systems, protocols, etc.

ReFS - ReFS is a resilient file system that maximizes data availability, scales efficiently to very large data sets
across diverse workloads, and provides data integrity by means of resiliency to corruption (regardless of
software or hardware failures).
SMB - The Server Message Block (SMB) protocol is a network file sharing protocol that allows applications
on a computer to read and write to files and to request services from server programs in a computer
network. The SMB protocol can be used on top of its TCP/IP protocol or other network protocols. Using the
SMB protocol, an application (or the user of an application) can access files or other resources at a remote
server. This allows applications to read, create, and update files on the remote server. It can also
communicate with any server program that is set up to receive an SMB client request.
Storage-class memory - Storage-class memory such as NVDIMM-N devices provide performance similar to
computer memory (really fast), but with the data persistence of normal storage drives. Windows treats
storage-class memory similary to normal drives (just faster), but there are some differences in the way
device health is managed.
BitLocker - BitLocker Drive Encryption stores data on volumes in an encrypted format, even if the computer
is tampered with or when the operating system is not running. This helps protect against offline attacks,
attacks made by disabling or circumventing the installed operating system, or made by physically removing
the hard drive to attack the data separately.
NTFS - NTFS—the primary file system for recent versions of Windows and Windows Server—provides a full
set of features including security descriptors, encryption, disk quotas, and rich metadata, and can be used
with Cluster Shared Volumes (CSV) to provide continuously available volumes that can be accessed
simultaneously from multiple nodes of a Failover Cluster.
NFS - Network File System (NFS) provides a file sharing solution for enterprises that have heterogeneous
environments that consist of both Windows and non-Windows computers.

See also
What's new in storage
What's new in Failover Clustering
Windows IT Pro Support
PowerShell cmdlets in Windows Server 2016 and Windows 10
Azure Storage
Azure StorSimple
 Virtualization
11/3/2017 • 3 min to read • Edit Online

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

Virtualization in Windows Server 2016 is one of the foundational technologies required to create
your software defined infrastructure. Along with networking and storage, virtualization features
deliver the flexibility you need to power workloads for your customers.
Windows Server 2016 Virtualization technologies include updates to Hyper-V, Hyper-V Virtual Switch, and Guarded
Fabric and Shielded Virtual Machines (VMs), that improve security, scalability, and reliability. Updates to failover
clustering, networking, and storage make it even easier to deploy and manage these technologies when used with
Hyper-V.
Windows Containers is a new technology that offers you another way to deploy flexible, software-based computing
power.

NOTE
To download Windows Server 2016, see Windows Server Evaluations.

The following sections contain brief technology overviews and links to Virtualization documentation.

Guarded Fabric and Shielded VMs

As a cloud service provider or enterprise private cloud administrator, you can use a guarded fabric to provide a
more secure environment for VMs. A guarded fabric consists of one Host Guardian Service (HGS) - typically, a
cluster of three nodes - plus one or more guarded hosts, and a set of shielded VMs.
For more information, see Guarded Fabric and Shielded VMs.

Hyper-V
The Hyper-V technology provides computing resources through hardware virtualization. Hyper-V creates a
software version of computer, called a virtual machine, which you use to run an operating system and applications.
You can run multiple virtual machines at the same time, and can create and delete them as needed.
Hyper-V requires specific hardware to create the virtualization environment. For details, see System requirements
for Hyper-V on Windows Server 2016.
Hyper-V on Windows Server 2016
Hyper-V is a server role in both Windows Server 2016 Datacenter and Standard editions.
Learn more about Hyper-V, the hardware you need, the operating systems you can run in your virtual machines,
and more. If you're new to Hyper-V, start with the Hyper-V Technology Overview.
For more information, see Hyper-V on Windows Server 2016
Hyper-V on Windows 10
Hyper-V is available in some versions of Windows 10, Windows 8.1, and Windows 8.
Hyper-V on Windows is geared toward development and test activities and gives you a quick and easy way to run
different operating systems without deploying more hardware.
For more information, see Hyper-V on Windows 10.
Microsoft Hyper-V Server 2016
The Hyper-V technology is also available separately from Windows and Windows Server, as a free, standalone
product. Hyper-V Server is commonly used as the host in a virtualized desktop infrastructure (VDI) environment.
For more information, see Microsoft Hyper-V Server 2016.

Hyper-V Virtual Switch

The Hyper-V Virtual Switch is a software-based layer-2 Ethernet network switch that is included in all versions of
Hyper-V.
Hyper-V Virtual Switch is available in Hyper-V Manager after you install the Hyper-V server role.
Included in Hyper-V Virtual Switch are programmatically managed and extensible capabilities that allow you to
connect virtual machines to both virtual networks and the physical network.
In addition, Hyper-V Virtual Switch provides policy enforcement for security, isolation, and service levels.

Additional Virtualization Technologies for Windows Server 2016 and

Windows 10
Following are links to documentation for other Microsoft Windows virtualization technologies.
Windows Containers
You can use Windows Server and Hyper-V containers to provide standardized runtime environments for
development, test, and production teams.
Windows Containers provide operating system-level virtualization that allows multiple isolated applications to be
run on a single system. Two different types of container runtimes are included with the feature, each with a
different degree of application isolation.
Windows Server Containers achieve isolation through namespace and process isolation.
Hyper-V Containers encapsulate each container in a light-weight virtual machine.
For more information, see Windows Containers Documentation on the Microsoft Developer Network (MSDN).
 Top support solutions for Windows Server 2016
10/24/2017 • 2 min to read • Edit Online

Microsoft regularly releases both updates and solutions for Windows Server. To ensure your servers can receive
future updates, including security updates, it's important to keep your servers updated. Check out Windows 10 and
Windows Server 2016 update history for a complete list of released updates.
These are the top Microsoft Support solutions for the most common issues experienced when using Windows
Server 2016. The links below include links to KB articles, updates, and library articles.

Solutions for installing or upgrading Windows Server

Resolve Windows 10 upgrade errors : Technical information for IT Pros
Servicing stack update for Windows 10 Version 1607 and Windows Server 2016: August 8, 2017
Compatibility update for upgrading to Windows 10 Version 1607 and Windows Server 2016: August 3, 2017
An in-place system upgrade is not supported on Windows-based Azure VMs
Upgrade and conversion options for Windows Server 2016
Server role upgrade and migration matrix for Windows Server 2016
Windows Server Installation and Upgrade
Release Notes: Important Issues in Windows Server 2016
Recommendations for moving to Windows Server 2016

Solutions for Volume Activation

Windows Server 2016 Activation
Review and Select Activation Methods
Activation Error Codes for Volume Activation
How to troubleshoot the Key Management Service (KMS)
Volume Activation Troubleshooting
Activation Error Codes
Windows installation may fail with error "The product key entered does not match any of the Windows images
available for installation. Enter a different product key"

Solutions related to DCPromo and installing domain controllers

Active Directory and Active Directory Domain Services Port Requirements
Active Directory Firewall Ports – Let’s Try To Make This Simple
Exchange Server support for Windows Server 2016
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
Troubleshooting Domain Controller Deployment
Troubleshooting Active Directory Installation Wizard Problems
Known Issues for Installing and Removing AD DS

Solutions for Active Directory Federation Services (AD FS)

How to configure automatic registration of Windows domain-joined devices with Azure Active Directory
Setup issuance of claims
 Configure AD FS to authenticate users stored in LDAP directories
AD FS support for alternate hostname binding for certificate authentication
Protect against password attacks
Upgrading to AD FS in Windows Server 2016 using a WID database
Windows 10 Sign on – enabling device authentication with AD FS
Managing SSL Certificates in AD FS and WAP in Windows Server 2016
Access Control Policies in Windows Server 2016 AD FS

Solutions related to Active Directory replication

Troubleshooting Active Directory Replication Problems
Download Active Directory Replication Status Tool from the Microsoft Download Center
e2e: How to troubleshoot common Active Directory replication errors
Troubleshooting AD Replication error 8606: Insufficient attributes were given to create an object
Event ID 2108 and Event ID 1084 occur during inbound replication of Active Directory in Windows 2000 Server
and in Windows Server 2003
Troubleshooting AD Replication error 8451: The replication operation encountered a database error
Troubleshooting AD Replication error 1127: While accessing the hard disk, a disk operation failed even after
retries
Clean Up Server Metadata
 Windows Server - IT administrator content for
current and previous releases
11/3/2017 • 1 min to read • Edit Online

Windows Server is the platform for building an infrastructure of connected applications, networks, and web
services, from the workgroup to the data center.
Use the links below to view technical content for IT professionals for the different versions of Windows Server.

IMPORTANT
Do you have Windows running on your PC? Windows 10, Windows 8 or 8.1? Windows 7? Do you have a problem? Go to
Microsoft Support - just type your problem into the search bar. They have information about Windows, Office, Skype, you
name it.
The information below is only about Windows Server.

Windows Server 2016

Windows Server 2016 technical content

Windows Server 2012 R2 and Windows Server 2012

Windows Server 2012 R2 and Windows Server 2012 Technical Library
Windows Server 2012 R2 Developer Library on MSDN

Windows Server 2008 R2 and Windows Server 2008

Windows Server 2008 R2 and Windows Server 2008 Technical Library
Windows Server 2008 Developer Library on MSDN

Windows Server 2003

Windows Server 2003 Technical Library - download a PDF version of the archived content
Windows Server 2003 Developer Library on MSDN

Product evaluations
Download Windows Server 2016 Evaluation
Download Windows Server 2012 R2 Trial

Related links
Windows Server 2016 product information
 TIP
Are you having a problem? Start with Microsoft Support - just type your problem into the search bar. You can get help with
Windows, Office, Skype, you name it.

Not finding content you need? Windows 10 users, tell us what you want on Feedback Hub.