'

Windows Server 2019 LTSC Build 17623, First Take: Key scenarios await detail

ws2019-header.png
  • Editors' rating
    Not yet rated

Windows Server is moving to the faster six-month release cycle of the Windows client and staying as a server OS that comes out every two to three years. This split personality is managed through what Microsoft calls 'channels': the Semi Annual Channel (SAC), which includes only the GUI-less Server Core and Nano server; and the Long Term Support Channel (LTSC), which includes Server Core and the full version with Desktop Experience.

Due for release in the second half of 2018 (very possibly at Microsoft's Ignite conference in September), Windows Server 2019 is the first LTSC version that can take advantage of the features that have been incubated through the SAC releases -- for example, a much smaller Server Core image size, or the Windows Subsystem for Linux (WSL). As in Windows 10, WSL means you can install multiple Linux distros and use them to run Linux scripts and (command-line) utilities. Unlike Windows 10, Server 2019 doesn't have the Windows Store, so you need to know the direct download link for the distro you want and the PowerShell commands to download, unzip, and install it.

ws2019-windows-10-flyouts.png

Windows Server 2019 gets the Windows 10 desktop look and feel, but Windows 10-style flyouts can be inconvenient for admin tasks.

Image: Mary Branscombe/ZDNet

Windows Server 2019 also brings the Windows 10-style desktop to the server, replacing the Windows 8 GUI from Windows Server 2016. The cascading menus of the Start menu are a better fit for a server than the finger-friendly live tiles that took over the whole screen, but the way the Windows 10 Start menu relegates 'Run as Admin' to the secondary More flyout on context menus makes it far too fiddly for something server admins do so often. As with Windows 10, system settings are divided between the control panel and the modern Settings panel in ways that can make tasks like joining the server to a domain involve more clicks than you're used to -- especially as the handy context menu that appears when you right-click on the Start button no longer includes the control panel.

ws2019-w10-style-settings.png

As with Windows 10, system settings are divided between the control panel and the modern Settings panel in Windows Server 2019.

Image: Mary Branscombe/ZDNet

Settings aren't exactly the same as on Windows 10: adding a local account brings up Users and Groups, for example, while some Windows 10 settings -- like connecting to an Android or iOS phone to sync browser tabs -- seem inappropriate to a server and will likely disappear in later builds. If you were hoping that the server OS would make the transition from the control panel more coherent, it's clearly still a work in progress -- and of course much more of the emphasis for Windows Server management is on PowerShell.

Particularly interesting for companies with servers that haven't been upgraded in a while is support for direct, in-place upgrade from both Windows Server 2016 and Windows Server 2012 R2. This works in the preview but you obviously won't want to try it on your production systems. Annoyingly, the installer offers the upgrade option even on systems that don't have a previous version of Windows Server to upgrade, and if you choose it the installer insists that you exit and start the installation again from scratch.

ws2019-upgrade-from-previous-versions.png

You can upgrade from previous versions to Windows Server 2019 -- but don't pick that option unless there's an OS to upgrade from.

Image: Mary Branscombe/ZDNet

It's also worth noting that a bug in the preview image means that if you're using DISM or other deployment tools to install Windows Server 2019, rather than using the ISO, the naming of installation options is incorrect so you need to use the index numbering in scripts: 1 for Server Core Standard; 2 for Server Standard w/Desktop; 3 for Server Core Datacenter; and 4 for Server Datacenter with Desktop Experience.

Beyond point and click

Top ZDNET Reviews

In the final release, the ability to upgrade in place will be especially useful for smaller businesses who don't have extra hardware to use for migrating to a new server release. In principle, Project Honolulu offers those customers the option of moving to Server Core, which is a big security advantage because Server Core needs far fewer security updates (and fewer reboots).

ws2019-honolulu.png

You can use Honolulu for simple server management or to work with hyperconverged clusters.

Image: Mary Branscombe/ZDNet

For simple server management, Honolulu is a friendly interface that comfortably replaces Server Manager. It runs as a gateway anywhere on your network and offers everything from a file browser to hyperconverged cluster and Storage Spaces Direct management, complete with a detailed new view of SSD performance history right down to individual drives and network adapters. (Because it's under development and works with older versions of Windows Server, Honolulu is a separate install, but it's clearly part of the direction for Windows Server in the long term.)

But once you make the leap to more powerful options in Honolulu (connecting it to Azure Active Directory to use the new hybrid cloud options like setting Azure Backup and File Sync for your server, for example), you still need to get comfortable with installing PowerShell modules and running PowerShell scripts. We'd like to see that become simpler in later versions, to give smaller companies with less expertise access to the advantage of cloud connections. More experienced admins may hope for similar connectivity to other cloud services, but this is Azure only.

Download now: Server deployment/migration checklist

The Azure services you can connect to Windows Server 2019 need subscriptions. A particularly interesting option is Windows Defender Advanced Threat Protection. ATP is a 'post-breach' service that detects suspicious behaviour that anti-malware hasn't been able to block, and having that extended to servers is excellent news.

Confusingly, Windows Defender ATP Exploit Guard in Server 2019 is only related to the Azure service because you can use it for reporting on events related to it (the name and many of the features come from Exploit Guard in Windows 10). It's a set of rules, controls and EMET-style vulnerability exploit mitigations you can use to block scripts, suspicious files, lateral movement, outbound connections to untrusted hosts and access to protected folders by untrusted processes.

Shielded VMs can now protect Linux VMs as well (Ubuntu, RHEL and SUSE Enterprise Server are supported), giving them a virtual TPM and BitLocker encryption as well as checking the health of the host Hyper-V system. To make this more robust on less reliable networks you can now create a fallback connection to the Host Guardian Service that runs the health check, and even configure Shielded VMs to run without the ability to connect for the health check as long as the host's security configuration hasn't changed since it was last checked. VMConnect Enhanced Session Mode and PowerShell Direct can connect to shielded VMs if they've lost network connectivity so you can update them and get them back online. The ability to encrypt the virtual subnet on which important VMs run without having to make complex changes to the VMs means they don't leak data from network traffic. This combination of features updates some important security features, making them more robust and more useful for the increasing number of organisations that run both Linux and Windows Server.

The first SAC release of Windows Server caused some confusion because it didn't include Storage Spaces Direct (although if you upgraded a server that had it installed, it carried on working). That didn't indicate anything about the future of the feature, just the emphasis of that release on DevOps scenarios like containers. The performance history isn't the only new option for Storage Spaces Direct in this preview; if you want to improve fault tolerance you can now manually delimit the allocation of volumes. Instead of spreading data out as small 'slabs' that are distributed across every drive in every server for performance, you can limit the slabs to a subset of servers. If three servers fail when the slabs are evenly distributed, it's very likely that at least some of the data will be unavailable until you recover the servers; if three servers fail when the data distribution is limited to fewer servers, it's more likely that the surviving servers have all the data and you can carry on using the volume. So far this is a PowerShell-only option, but it definitely gives you more nuanced choices about performance and availability.

ws2019-rds-rdsh.png

Remote Desktop Services is still there, but RDSH is missing in the preview.

Image: Mary Branscombe/ZDNet

The Remote Desktop Session Host (RDSH) role isn't included in this preview build. Microsoft is clear that Remote Desktop Services isn't going away, but what's unclear is whether it's just that RDSH isn't in this preview, or whether it's going to be replaced (or more likely, supplemented) by a host role that runs on Windows 10 desktops.

Conclusions

This Insider Preview is both a solid release and a frustratingly minimal set of new features for Microsoft's next big server OS release. Clearly, what's included is a subset of what's planned, and it seems likely that releasing this preview was intended to avoid a new SAC release coming out without any news about the full version. Organizations planning their upgrades might prefer to know more about the key scenarios they'll be upgrading for, especially as the cost of Client Access Licences seems set to go up. So far, it's improved security (especially for Linux VMs), container support (especially for Kubernetes), massive hyperconverged-infrastructure-scale with cluster sets, and hybrid cloud options with Azure and Project Honolulu.

RECENT AND RELATED CONTENT

Microsoft delivers first test build of Windows Server 2019
Microsoft is releasing to Insider testers its first test build of Windows Server 2019, due later this year, which will be its next Long-Term Servicing Channel release of its OS.

Microsoft releases first test build of Windows Server 1803
Microsoft is releasing to Insiders the first test build of the next Windows Server 'semi annual channel release.' Here's what's inside.

How to protect Windows Server from Meltdown and Spectre
The headlines are all about how the Meltdown and Spectre security vulnerabilities will affect Windows PCs, but the real problems are how these bugs will impact servers and the cloud.

How to fix the WIM mounting error in MDT on Windows Server 2016 VMs (TechRepublic)
Few things can be as frustrating as errors that prevent your deployment server from working properly. For those having trouble with Windows Server 2016 VMs and MDT, here are two solutions.

Windows Server 2016: The smart person's guide (TechRepublic)
This guide covers details about Windows Server 2016, such as new features, minimum requirements, install options, and how Microsoft's virtualized services seamlessly integrate with the cloud.

Read more reviews

Top ZDNET Reviews