Hyper-V Manager update in Windows Server 2016 replete with features

Microsoft developed several improvements to Hyper-V Manager in Windows Server 2016. These new Hyper-V features improve VM management with added security and flexibility options.

The Hyper-V Manager updates in Windows Server 2016 provide Hyper-V with numerous new features that you should study and consider implementing.

Windows Server 2016 added features and updates to Hyper-V Manager that offer a wide variety of options, including added security policies, virtual memory flexibility, a new virtual disk format, and other tweaks and improvements.

New virtual switch extension adds security

Virtual Switch Manager is part of the software-defined network (SDN) stack that's new to Hyper-V Manager. Microsoft also added an additional virtual switch extension to Microsoft Azure called the Virtual Filtering Platform (VFP).

VFP provides a virtual switch extension for Microsoft Azure's network services. VFP is cloud-scale and provides a scalable SDN policy to Microsoft Azure.

The SDN stack increases security when enforcing network policy in virtual switches. This new security policy layer is a step forward for network policy.

Hot add and remove for VM virtual memory

Hyper-V Manager now offers hot add memory to change a VM's virtual memory while it's running. Virtual memory hot add and remove, which Microsoft calls runtime memory resize, is available as an option for both Generation 1 VMs -- which use Hyper-V's original BIOS architecture -- and Generation 2 VMs, which Windows Server 2012 R2 introduced and which are hypervisor aware.

Runtime memory resize for virtual, non-uniform memory access is still supported, but it isn't possible in IT departments that use dynamic memory. If a VM has dynamic memory enabled, the hot add and remove option is disabled.

New VM security options

Microsoft added security and encryption options for VM data to its Hyper-V Manager update. The VM security section has a complex array of options and configurations, but there are a few options worth exploring.

Generation 1 VMs don't have a Trusted Platform Module (TPM), so you'll need a key protector. If a key protector is not already present, you must create one. This option encrypts the VM's saved state when it's written to the Hyper-V disk and during live migration.

To enable this security measure in Generation 1 VMs, click Add Key Storage Drive, as seen in Figure A. This creates a Key Storage Drive in your VM, which makes the Encryption Support option available and ready to use.

VM security settings
Figure A. Click Add Key Storage Drive to enable the Encryption Support option.

For Generation 2 VMs, Microsoft added more security options, such as secure boot, TPM and shielding.

New virtual disk format adds options

Among Hyper-V's new features, there's a new type of virtual disk format called VHD Set, which you can find in Hyper-V Manager's main menu. VHD Set shared virtual disks are new virtual disk models for guest OS clusters in Windows Server 2016 VMs. This new format supports Hyper-V replicas and the online resizing of shared disks. VHD Set also supports checkpoints, snapshots and virtual backups.

VHD Set shared virtual disks are new virtual disk models for guest OS clusters in Windows Server 2016 VMs.

The Hyper-V Manager updates also enable you to resize a shared virtual disk and do live migrations with the new VHD Set disk format. Those tasks weren't possible in previous versions of Hyper-V.

This removes the requirement to use a storage area network. This also removes the need to have a virtual host bus adapter configuration when presetting the same logical unit number -- such as the number of virtual disks -- to more than one VM to create a cluster shared disk.

You can use this new format to create a nested Hyper-V failover cluster for testing. OSes earlier than Windows 10 don't support this format.

Alternate credential support

You can now use a different user profile for remote management with Hyper-V Manager. With these Hyper-V Manager updates, there's no need to use the same user credentials.

To log in to the remote Hyper-V host, use the domain\user credentials. You can save these credentials to make it easier to log in going forward.

Improved version management

Hyper-V Manager updates include snap-in, which enables the management of earlier versions of Hyper-V. Previously supported Hyper-V versions include Windows Server 2012 R2, Windows Server 2012, Windows 8 and Windows 8.1.

All the features and options in Hyper-V Manager are only available in the currently connected version.

Updated management protocol 

Hyper-V Manager communicates with remote Hyper-V hosts using the Web Services-Management (WS-MAN) protocol, which enables the Credential Security Support Provider (CredSSP) protocol, Kerberos protocol and NT LAN Manager authentication.

When using CredSSP to connect to a remote Hyper-V host, you can do a live migration without enabling constrained delegation in Active Directory. The WS-MAN-based infrastructure also makes it easier to enable a host for remote management. WS-MAN connects over port 80, which is open by default.

Hyper-V Manager has become a much more capable tool with the latest Hyper-V Manager update. Try out these new tools and improvements to see how they can add to your deployment.

Dig Deeper on IT systems management and monitoring

Software Quality
App Architecture
Cloud Computing
Data Center