Review Windows Server 2016 The Cloud OS optimized for DevOps Microsoft 2016 5/27/2018 12:57 PM BRK3198 Review Windows Server 2016 The Cloud OS optimized for DevOps Jeffrey Snover Technical Fellow Andrew Mason Principal Program Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Server 2016 Built-in layers of security 5/27/2018 12:57 PM Built-in layers of security Software-defined datacenter Cloud-ready application platform Windows Server 2016 Windows Server + System Center session guide: aka.ms/WS2016Ignite © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What is DevOps?

DevOps is about culture and processes

DevOps is NOT about tools and technology

But…..

This is wrong

Tools and technology play a critical role

Tools and technology can make DevOps easy or hard

Windows Server 2016 is architected to make DevOps easy

Windows Server 2016 resolves the interface between devs and ops

Windows Server has been silent on the interface between Devs and Ops No architecture 1,000 blossoms bloomed

1,000 conflicts also bloomed

WS2016 resolves that interface Traditional ops model Emerging ops model using Containers

Why?

Evolution of Windows Server Server for the Masses Enterprise Servers Datacenter Servers Cloud Servers

Cloud Competitive Small and fast Minimize attack service Minimize patches/reboots Optimized for DevOps

Cloud + DevOps Saving $ => Making $$$$$$$$

DevOpsification of Windows Componentization Development Packaging & deployment Configuration Containers Operational Validation Testing Operating Securely

Componentization: The right configuration for the task 5/27/2018 Componentization: The right configuration for the task Third-party applications RDS experience Traditional VM workloads Containers and next-gen applications Server And Desktop Specialized workloads Server Core Lower maintenance server environment Optimized for cloud infrastructure & next-gen distributed applications Nano Server Just enough OS © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Nano Server: Optimized for the Cloud Era Zero-footprint model Server Roles and Optional Features live outside of Nano Server Standalone packages that install like applications Key Roles & Features Clustering, Hyper-V, Storage (SoFS), and DNS Server IIS, .NET Core, and ASP.NET Core Full Windows Server driver support Antimalware optional package System Center VMM and OM agents available

Nano Server – PowerShell Core PowerShell V5 DSC+++, Security+++, Classes, PowerShell Gallery, VS Code Refactored to run on .NET Core Full PowerShell language compatibility & remoting Cmdlets need to work with .NET Core OpenSSH support Open sourced on github with an MIT license Alpha version available on macOS and Linux

Demo: NanoServer

DevOpsification of Windows Componentization Development Packaging & deployment Configuration Containers Operational Validation Testing Operating Securely

Nano Server - Developer Experience Nano Server has a full developer experience, unlike Server Core Windows SDK & Visual Studio 2015 target Nano Server Rich design-time experience Project template, full IntelliSense, error squiggles, etc. Full remote debugging experience

DevOpsification of Windows Componentization Development Packaging & deployment Configuration Containers Operational Validation Testing Operating Securely

First a word about MSI Not supported on Nano Server MSI has GUI dependencies Custom Actions are the portal to hell

Windows Server App installer (WSA) New declarative Server installer Extends the AppX schema Allows for Server-specific extensions, such as NT Services, Perf Counters, COM Objects, WMI providers, ETW events No custom actions

PackageManagement Architecture End User PackageManagement PowerShell cmdlets PackageManagement Core Discovery Install/Uninstall Inventory PackageManagement Providers Windows Server App (WSA) PowerShellGet Windows Container NuGet NanoServerPackage … Package Sources WSA Package Repository… PowerShell Gallery Container Gallery, Docker NuGet Gallery … www.NPMjs.com WordPress, …

PackageManagement Cmdlet ACTION Find-Package Search for a package Install-Package Install the package Save-Package Download the package but don’t install it Get-Package Inventory of installed packages Uninstall-Package Uninstall the package

Demo: Packaging

DevOpsification of Windows Componentization Development Packaging & deployment Configuration Containers Operational Validation Testing Operating Securely

Desired State Configuration Cloud scale configuration management Declare the state of a server (e.g User X should exist & be a member of the Adminstrator group ) Apply expert knowledge as common tasks – easier than scripting DSC is the platform Works in collaboration with DevOps tool chain (Chef, Puppet, etc.) Windows 2008R2 and later, and Linux via OMI Open source DSC Resource Kit (302) resources https://gallery.technet.microsoft.com/scriptcenter/DSC-Resource-Kit-All-c449312d DSC Overview https://msdn.microsoft.com/en-us/powershell/dsc/overview

DevOpsification of Windows Componentization Development Packaging & deployment Configuration Containers Operational Validation Testing Operating Securely

Windows Server Containers Microsoft Build 2016 5/27/2018 12:57 PM Containers Windows Server Containers Maximum speed and density Containers = Operating system virtualization OS CONTAINER CONTAINER CONTAINER Kernel CONTAINER Applications Kernel Hardware Hyper-V Containers Isolation plus performance Traditional virtual machines = hardware virtualization Hyper-V Kernel CONTAINER Application VM OS Hardware © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo: Containers

DevOpsification of Windows Componentization Development Packaging & deployment Configuration Containers Operational Validation Testing Operating Securely

DevOpsification of Windows Componentization Development Packaging & deployment Configuration Containers Operational Validation Testing Operating Securely

Problem: system admin privileges Michael Hayden Four star general Director of the NSA Director of the CIA Director of National Intelligence Edward Snowden Age 30 College dropout You’re an Admin Thanks, you’re PWND!! … but admins are often not suspected of criminal activity – they are simply targeted because they control access to networks the attacker wants to infiltrate. “Who better to target than the person that already has the ‘keys to the kingdom’?”

From full admin to role based admin Just Enough Administration (JEA) using PowerShell WMF 5.0 On a Server - almost any administrative action requires a user be an administrator Once an administrator, a user can do anything on the server with no oversight A compromised machine or a breached administrator account enables attacker movement to other assets Just Enough Admin Allows you to perform administrative tasks without being a full administrator Safe functions required by role Dangerous functions attackers could abuse

Just Enough Administration (JEA) HR Server PS C:\> Enter-JEAsession Server1 –Name Maintenance Server1> Restart-Service MSSQLSERVER Server1> Steal-Secrets * Error: You are not authorized to Steal-Secrets JEA Resources: https://github.com/PowerShell/JEA https://gallery.technet.microsoft.com/Just-Enough-Administration-6b5ad370

DevOpsification of Windows Componentization Development Packaging & deployment Configuration Containers Operational Validation Testing Operating Securely

Windows Server 2016 resolves the interface between devs and ops

DevOpsification of Windows Componentization Development Packaging & deployment Configuration Containers Operational Validation Testing Operating Securely WS2016 Available Downlevel

Cloud Competitive Small and Fast Minimize attack service Minimize patches/reboots Optimized for DevOps

Security Improvements 47 30 98 73 28 12

Resource Utilization Improvements 26 306 139 21 108 61

Deployment Improvements 5.42 6.3 300 35 .46 .48

DevOps is about culture and processes

Tools and technology can make DevOps easy or hard

Windows Server 2016 is architected to make DevOps easy

Evolution of Windows Server Server for the Masses Enterprise Servers Datacenter Servers Cloud Servers

In times of change, sometimes the job outgrows good people

Related sessions Windows Server 2016 Breakout sessions 5/27/2018 12:57 PM Related sessions Breakout sessions BRK3120 – Deploy, Configure, and remotely manage Nano Server BRK3119 – Develop, package and deploy your apps for Nano Server BRK2147 – Manage and troubleshoot your Windows Server environment remotely BRK3338 – Manage Nano Server and Windows Server 2016 Hyper-V BRK3073 – Get notes from the field: implementing Nano Server in production around the world Hands on Lab - Experience Nano Server Windows Server 2016 Windows Server + System Center session guide: aka.ms/WS2016Ignite © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Q&A

Related Sessions Breakout sessions Hands on Lab BRK3120 – Deploy, Configure, and remotely manage Nano Server BRK3119 – Develop, package and deploy your apps for Nano Server BRK2147 – Manage and troubleshoot your Windows Server environment remotely BRK3198 – Review Windows Server 2016 – the Cloud OS optimized for DevOps BRK3338 – Manage Nano Server and Windows Server 2016 Hyper-V BRK3073 – Get notes from the field: implementing Nano Server in production around the world Hands on Lab Experience Nano Server

Free IT Pro resources To advance your career in cloud technology Microsoft Ignite 2016 5/27/2018 12:57 PM Free IT Pro resources To advance your career in cloud technology Plan your career path Microsoft IT Pro Career Center www.microsoft.com/itprocareercenter Cloud role mapping Expert advice on skills needed Self-paced curriculum by cloud role $300 Azure credits and extended trials Pluralsight 3 month subscription (10 courses) Phone support incident Weekly short videos and insights from Microsoft’s leaders and engineers Connect with community of peers and Microsoft experts Get started with Azure Microsoft IT Pro Cloud Essentials www.microsoft.com/itprocloudessentials Demos and how-to videos Microsoft Mechanics www.microsoft.com/mechanics Connect with peers and experts Microsoft Tech Community https://techcommunity.microsoft.com © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session 5/27/2018 12:57 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/27/2018 12:57 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.