1. Review Windows Server 2016 The Cloud OS optimized for DevOps
Microsoft 2016
5/27/ :57 PM
BRK3198
Review Windows Server 2016 The Cloud OS optimized for DevOps
Jeffrey Snover
Technical Fellow
Andrew Mason
Principal Program Manager
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Windows Server 2016 Built-in layers of security
5/27/ :57 PM
Built-in layers of security
Software-defined datacenter
Cloud-ready application platform
Windows Server 2016
Windows Server + System Center session guide: aka.ms/WS2016Ignite
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. What is DevOps?

4. DevOps is about culture and processes

5. DevOps is NOT about tools and technology

6. But…..

7. This is wrong

8. Tools and technology play a critical role

9. Tools and technology can make DevOps easy or hard

10. Windows Server 2016 is architected to make DevOps easy

11. Windows Server 2016 resolves the interface between devs and ops

12. Windows Server has been silent on the interface between Devs and Ops
No architecture
1,000 blossoms bloomed

13. 1,000 conflicts also bloomed

14. WS2016 resolves that interface
Traditional ops model
Emerging ops model using Containers

15. Why?

16. Evolution of Windows Server
Server for the Masses
Enterprise Servers
Datacenter Servers
Cloud Servers

17. Cloud Competitive Small and fast Minimize attack service
Minimize patches/reboots
Optimized for DevOps

18. Cloud + DevOps
Saving $ => Making $$$$$$$$

19. DevOpsification of Windows
Componentization
Development
Packaging & deployment
Configuration
Containers
Operational Validation Testing
Operating Securely

20. Componentization: The right configuration for the task
5/27/2018
Componentization: The right configuration for the task
Third-party applications
RDS experience
Traditional VM workloads
Containers and next-gen applications
Server And Desktop
Specialized workloads
Server Core
Lower maintenance server environment
Optimized for cloud infrastructure & next-gen distributed applications
Nano Server
Just enough OS
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21. Nano Server: Optimized for the Cloud Era
Zero-footprint model
Server Roles and Optional Features live outside of Nano Server
Standalone packages that install like applications
Key Roles & Features
Clustering, Hyper-V, Storage (SoFS), and DNS Server
IIS, .NET Core, and ASP.NET Core
Full Windows Server driver support
Antimalware optional package
System Center VMM and OM agents available

22. Nano Server – PowerShell Core
PowerShell V5
DSC+++, Security+++, Classes, PowerShell Gallery, VS Code
Refactored to run on .NET Core
Full PowerShell language compatibility & remoting
Cmdlets need to work with .NET Core
OpenSSH support
Open sourced on github with an MIT license
Alpha version available on macOS and Linux

23. Demo: NanoServer

24. DevOpsification of Windows
Componentization
Development
Packaging & deployment
Configuration
Containers
Operational Validation Testing
Operating Securely

25. Nano Server - Developer Experience
Nano Server has a full developer experience, unlike Server Core
Windows SDK & Visual Studio 2015 target Nano Server
Rich design-time experience
Project template, full IntelliSense, error squiggles, etc.
Full remote debugging experience

26. DevOpsification of Windows
Componentization
Development
Packaging & deployment
Configuration
Containers
Operational Validation Testing
Operating Securely

27. First a word about MSI Not supported on Nano Server
MSI has GUI dependencies
Custom Actions are the portal to hell

28. Windows Server App installer (WSA)
New declarative Server installer
Extends the AppX schema
Allows for Server-specific extensions, such as NT Services, Perf Counters, COM Objects, WMI providers, ETW events
No custom actions

29. PackageManagement Architecture
End User
PackageManagement PowerShell cmdlets
PackageManagement Core
Discovery
Install/Uninstall
Inventory
PackageManagement Providers
Windows Server App (WSA)
PowerShellGet
Windows Container
NuGet
NanoServerPackage …
Package Sources
WSA Package Repository…
PowerShell Gallery
Container Gallery, Docker
NuGet Gallery …
WordPress, …

30. PackageManagement Cmdlet ACTION Find-Package Search for a package
Install-Package
Install the package
Save-Package
Download the package but don’t install it
Get-Package
Inventory of installed packages
Uninstall-Package
Uninstall the package

32. Demo: Packaging

33. DevOpsification of Windows
Componentization
Development
Packaging & deployment
Configuration
Containers
Operational Validation Testing
Operating Securely

34. Desired State Configuration
Cloud scale configuration management
Declare the state of a server (e.g User X should exist & be a member of the Adminstrator group )
Apply expert knowledge as common tasks – easier than scripting
DSC is the platform
Works in collaboration with DevOps tool chain (Chef, Puppet, etc.)
Windows 2008R2 and later, and Linux via OMI
Open source DSC Resource Kit (302) resources
DSC Overview

35. DevOpsification of Windows
Componentization
Development
Packaging & deployment
Configuration
Containers
Operational Validation Testing
Operating Securely

36. Windows Server Containers
Microsoft Build 2016
5/27/ :57 PM
Containers
Windows Server Containers
Maximum speed and density
Containers = Operating system virtualization OS
CONTAINER
CONTAINER
CONTAINER
Kernel
CONTAINER
Applications
Kernel
Hardware
Hyper-V Containers
Isolation plus performance
Traditional virtual machines = hardware virtualization
Hyper-V
Kernel
CONTAINER
Application VM OS
Hardware
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37. Demo: Containers

38. DevOpsification of Windows
Componentization
Development
Packaging & deployment
Configuration
Containers
Operational Validation Testing
Operating Securely

42. DevOpsification of Windows
Componentization
Development
Packaging & deployment
Configuration
Containers
Operational Validation Testing
Operating Securely

43. Problem: system admin privileges
Michael Hayden
Four star general
Director of the NSA
Director of the CIA
Director of National Intelligence
Edward Snowden
Age 30
College dropout
You’re an Admin
Thanks, you’re PWND!!
… but admins are often not suspected of criminal activity – they are simply targeted because they control access to networks the attacker wants to infiltrate. “Who better to target than the person that already has the ‘keys to the kingdom’?”

44. From full admin to role based admin
Just Enough Administration (JEA) using PowerShell WMF 5.0
On a Server - almost any administrative action requires a user be an administrator
Once an administrator, a user can do anything on the server with no oversight
A compromised machine or a breached administrator account enables attacker movement to other assets
Just Enough Admin
Allows you to perform administrative tasks without being a full administrator
Safe functions required by role
Dangerous functions attackers could abuse

45. Just Enough Administration (JEA)
HR Server
PS C:\> Enter-JEAsession Server1 –Name Maintenance
Server1> Restart-Service MSSQLSERVER
Server1> Steal-Secrets *
Error: You are not authorized to Steal-Secrets
JEA Resources:

46. DevOpsification of Windows
Componentization
Development
Packaging & deployment
Configuration
Containers
Operational Validation Testing
Operating Securely

47. Windows Server 2016 resolves the interface between devs and ops

48. DevOpsification of Windows
Componentization
Development
Packaging & deployment
Configuration
Containers
Operational Validation Testing
Operating Securely
WS2016
Available Downlevel

49. Cloud Competitive Small and Fast Minimize attack service
Minimize patches/reboots
Optimized for DevOps

50. Security Improvements47 30 98 73 28 12

51. Resource Utilization Improvements26
306
139 21
108 61

52. Deployment Improvements
5.42
6.3
300 35
.46
.48

53. DevOps is about culture and processes

54. Tools and technology can make DevOps easy or hard

55. Windows Server 2016 is architected to make DevOps easy

56. Evolution of Windows Server
Server for the Masses
Enterprise Servers
Datacenter Servers
Cloud Servers

57. In times of change, sometimes the job outgrows good people

58. Related sessions Windows Server 2016 Breakout sessions
5/27/ :57 PM
Related sessions
Breakout sessions
BRK3120 – Deploy, Configure, and remotely manage Nano Server
BRK3119 – Develop, package and deploy your apps for Nano Server
BRK2147 – Manage and troubleshoot your Windows Server environment remotely
BRK3338 – Manage Nano Server and Windows Server 2016 Hyper-V
BRK3073 – Get notes from the field: implementing Nano Server in production around the world
Hands on Lab - Experience Nano Server
Windows Server 2016
Windows Server + System Center session guide: aka.ms/WS2016Ignite
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

59. Q&A

60. Related Sessions Breakout sessions Hands on Lab
BRK3120 – Deploy, Configure, and remotely manage Nano Server
BRK3119 – Develop, package and deploy your apps for Nano Server
BRK2147 – Manage and troubleshoot your Windows Server environment remotely
BRK3198 – Review Windows Server 2016 – the Cloud OS optimized for DevOps
BRK3338 – Manage Nano Server and Windows Server 2016 Hyper-V
BRK3073 – Get notes from the field: implementing Nano Server in production around the world
Hands on Lab
Experience Nano Server

61. Free IT Pro resources To advance your career in cloud technology
Microsoft Ignite 2016
5/27/ :57 PM
Free IT Pro resources To advance your career in cloud technology
Plan your career path
Microsoft IT Pro Career Center
Cloud role mapping
Expert advice on skills needed
Self-paced curriculum by cloud role
$300 Azure credits and extended trials
Pluralsight 3 month subscription (10 courses)
Phone support incident
Weekly short videos and insights from Microsoft’s leaders and engineers
Connect with community of peers and Microsoft experts
Get started with Azure
Microsoft IT Pro Cloud Essentials
Demos and how-to videos
Microsoft Mechanics
Connect with peers and experts
Microsoft Tech Community
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

62. Please evaluate this session
5/27/ :57 PM
Please evaluate this session
Your feedback is important to us!
From your PC or Tablet visit MyIgnite at
From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

63. 5/27/ :57 PM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.