Windows Server 2016 includes built-in breach resistance to help thwart attacks on your systems and meet compliance goals. Even if someone finds a way into your environment, the layers of security built into Windows Server 2016 limit the damage they can cause and help detect suspicious activity. • Protect your virtual machines. Use the unique Shielded Virtual Machines feature to encrypt your VMs with BitLocker and help ensure they can run only on hosts approved by the Host Guardian Service. • Help secure admin credentials. Protect admin credentials from Passthe-Hash attacks using Credential Guard and Remote Credential Guard, and control administrator privileges with Just-In-Time Administration and Just Enough Administration, which together help minimize the time and capability granted for specific privileges. • Protect the operating system. Resist breaches with built-in Control Flow Guard, which helps prevent memory corruption attacks, and Windows Defender, optimized for server roles. Help ensure only trusted software can be run on the server with Device Guard. • Improve ability to detect attacks. Use advanced auditing capabilities to help detect malicious behavior. • Meet compliance requirements. Built-in security components help address certification requirements for government and industry data-protection regulations, including SOX, ISO 27001, PCI DSS 3.2, and FedRAMP. Find more information at www.microsoft.com/en-us/ cloud-platform/windows-server-security#compliance
Evolve your infrastructure Datacenter admins are struggling to reduce costs while handling more data. Meanwhile applications stretch the operational fabric and create infrastructure backlogs that can slow business. As organizations push the boundaries of highly virtualized environments, they can use Windows Server 2016 capabilities to gain cloud-like efficiencies in their datacenters. Advanced software-defined compute, storage, and networking features can help meet operational and security challenges. Resilient compute Run your datacenter with a highly automated, resilient server operating system. • Trust your workloads to an enterprise-class hypervisor. You can be confident your workloads will perform on Hyper-V, which Microsoft uses to run hyper-scale datacenters around the globe. When needed, you also can easily migrate a Hyper-V workload from on-premises to a Windows Server VM in Azure. • Reduce datacenter footprint. Increase availability and reduce resource usage with “just enough OS” using the Nano Server installation option, with an image that is 25x smaller than Windows Server 2016. • Upgrade efficiently. Upgrade infrastructure clusters to Windows Server 2016 with zero downtime for your Hyper-V or Scale-out file server workloads, and without requiring new hardware, using Mixed OS Mode cluster upgrades. • Stay open. Deploy applications on multiple operating systems with best-in-class support for Linux on Hyper-V. • Automate server management. Use PowerShell and Desired State Configuration to automate routine operations. • Manage remotely. Control Windows servers from anywhere using Server management tools, a new Azure-based GUI—especially useful for managing headless installation options such as Nano Server. Affordable high-performance storage Storage systems are critical to the performance of most business applications. But traditional, expensive, manually configured storage systems can prevent organizations from realizing the efficiency benefits of a software-defined datacenter. In contrast, the Azure-inspired, software-defined storage capabilities in Windows Server 2016 use policies and automation to reduce costs and add scale. • Reduce storage cost. Build highly available, scalable hyper-converged storage solutions at a fraction of the price of SAN or NAS. With Storage Spaces Direct, use industry-standard servers with local storage, including high speed solid-state drives. • Create affordable business continuity. Prepare for the worst using Storage Replica synchronous storage replication for disaster recovery among datacenters. • Prioritize storage resources. Ensure critical applications receive priority access to storage resources using storage Quality of Service (QoS) policies.
Azure-inspired networking Traditional network infrastructures are rigid and complex. Organizations can respond faster to market changes by moving the network control layer from hardware to software to create a software-defined network. This enables them to centrally configure and manage physical and virtual network devices such as routers, switches, and gateways, resulting in automatic load balancing and the ability to shift workloads without setting switches. IT can continue to use existing physical switches, routers, and other hardware devices with the virtual controllers, while achieving deeper integration between the virtual network and the physical network. • Manage by policy. Deploy and manage workloads across their entire lifecycle with hundreds of networking policies (isolation, QoS, security, load balancing, switching, routing, gateway, DNS, etc.) in a matter of seconds using a scalable Network Controller. • Enhance network security. Dynamically segment your network based on workload needs using a distributed firewall and network security groups to apply rich policies within and across segments. Layer enforcement by routing traffic to virtualized firewall appliances for even greater levels of security. • Gain workload mobility. Take control of your hybrid workloads, including running them in containers, and move them across servers, racks, and clouds using standards-based VXLAN and NVGRE overlay networks and multitenanted hybrid gateways. Application innovation Increasingly, organizations use apps to help differentiate themselves from the competition. Apps help win, engage, and support customers. Developers building and updating the apps tend to have little patience for the realities of IT infrastructure. They don’t want to wait long for IT services, and they want apps in production to work the same way the apps work on developers’ machines. Windows Server 2016 supports application innovation using container technology and microservices. Containers can help speed application deployment and streamline the way IT operations and development teams collaborate to deliver applications. In addition, developers can use microservices architectures to separate app functionality into smaller, independently deployable services, which make it easier to upgrade part of the app without affecting the rest. Windows Server 2016 helps organizations update and innovate with their apps in three ways: • Secure fabric for existing applications. Give your hard-working client-server applications some assistance. You can run existing apps on Windows Server 2016 without modifying them, which enables them to take advantage of enhanced security and efficiency features.