Windows Server 2019 review: A solid foundation for future data centre developments

ws-2019-header.png
  • Editors' rating
    8.5 Excellent

Pros

  • A generally polished experience with a very strong set of features
  • Provides a firm foundation for future data centre developments, including edge locations

Cons

  • Desktop Experience GUI shares some Windows 10 1809 bugs

The delay to the Windows 10 1809 release caused a hiccup in the Windows Server 2019 launch, which means that the Long Term Support Channel (LTSC) version of Windows Server is becoming available to organizations alongside the first preview of the next Semi Annual Channel (SAC). This shouldn't be confusing to server admins, since the two channels are designed for different roles. The SAC releases preview features that will come to the slower-moving LTSC in the future, and many organizations will run them side by side.

Server 2019 shows the results of this cycle, with improvements to containers (including support for Linux containers on Windows Server) and the Windows Subsystem for Linux, added so that developers and operators alike can run the same Linux scripts and command-line utilities as on their Windows 10 desktop.

But this release is also the kind of major step forward you expect from the version of Windows Server that comes out every two to three years rather than every six months. There are major improvements in security, in hyperconverged infrastructure (especially around storage) and in hybrid cloud, whether that's integrating with Azure services in your own infrastructure or running cloud application platforms with containers.

Moving forward

Microsoft has hugely simplified the adoption of Windows Server 2019 with direct in-place upgrade from Windows Server 2016 and Windows Server 2012 R2. Businesses upgrading from Windows Server 2008 and 2008 R2, which reach the end of extended support in January 2020, will still need to move to Server 2012 and then 2016 first (or migrate to Azure for three more years of free support). However, the switch to in-place upgrades will make it far easier for them to keep moving forward once they're on a supported release.

ws-2019personal-upgrade.png

The in-place upgrade option for Windows Server 2019 is welcome, but the installer needs to refer to server options, not the personal files of Windows 10.

Image: Mary Branscombe/ZDNet

Alternatively, if you're deploying Windows Server 2019 on new hardware (or in Azure), the new Storage Migration Service can inventory and profile file servers on versions as far back as Windows Server 2003, identify hot and cold data, and migrate those servers and file shares to Windows Server 2019 while preserving the identity and networking of the old servers. For older servers, this is likely to be more practical than in-place upgrades, and it promises to minimise disruption.

While the in-place upgrade worked well in our tests, there's still room to improve the installer, which has too much in common with Windows 10. In particular, there's a confusing screen where you have to choose 'Keep personal files and apps' to do the in-place upgrade -- wording that makes sense on a desktop PC but not on a server. The upgrade will also remove any installed applications that are incompatible with Server 2019. In our case, that was an old ISO creator tool that was no longer needed, but it's worth knowing that the installer doesn't have the option to run a compatibility checker for advanced warning about which applications are being removed, so you'll want to run your own audit in advance.

Top ZDNET Reviews

SEE: How to build a successful developer career (free PDF)

If you're upgrading a domain controller you'll also need to upgrade to the new Active Directory schema for Server 2019, or the upgrade will fail without any explanation.

If you run the Desktop Experience and use a Remote Desktop connection to log into the server, opening the Server Manager tool also pops up a suggestion to use the new Windows Admin Center (WAC) instead. This is a key tool for Windows Server, giving you graphical tools for everything from the registry and files to Storage Spaces Direct and Azure integration. It's not limited to Windows Server 2019 and is being rapidly developed, with third-party integrations planned. The installation for WAC has also improved significantly from the previews, simplified by coming with a default certificate so you don't need to roll your own. You can't install it on a domain controller, although it will happily run from a desktop PC.

ws-2019use-wac.png

While the familiar Server Manager and desktop experience are still there, Microsoft is strongly encouraging admins to move to the new Windows Admin Center.

Image: Mary Branscombe/ZDNet

Windows Admin Center is how you work with some of the most important features in Windows Server 2019: it's where the new management and health tools for Storage Spaces Direct and the new System Insights machine learning-driven predictive analytics for storage, compute and network consumption are, as well as the hybrid (Azure) cloud integration. Although the Desktop Experience remains in Windows Server 2019, WAC and PowerShell are the tools that admins should be looking at.

The modern data centre

Windows Server 2019 has the usual wide range of improvements large and small, including better video performance in Remote Desktop Services (including webcam redirection), the built-in OpenSSH server for connecting without remote PowerShell and the ability to move a failover cluster from one domain to another. But the reasons for choosing to upgrade sooner rather than later will be for security, or to modernise your application platform and data centre.

Security improvements are for Windows Server itself, and for guest workloads. Windows Defender Exploit Guard brings the intrusion protection of Windows 10 to the server (blocking outbound connections to untrusted hosts and addresses, blocking changes to protected folders by untrusted processes, blocking suspicious files, scripts and lateral movement and EMET-style exploit mitigations). Default policies that know about workloads like SQL Server make the Application Control app whitelisting simpler to use.

If you use the Windows Defender Advanced Threat Protection service on Azure, it can now track memory and kernel behaviour on servers as well as desktops to expose suspicious behaviour that anti-malware wasn't able to stop, including for key workloads like SQL Server and Exchange. Integrated security like this is important for spotting and handling attacks as they spread through your servers and network.

The new option to encrypt all traffic between VMs inside virtual subnets ensures that even if someone gets access to the physical network, they can't see or tamper with the traffic. This is much less complex than setting up IPsec and doesn't need any changes to your VMs -- or new network cards.

The shielded virtual machines from Windows Server 2016 (encrypted with BitLocker, protected by a virtual TPM and only run on known hosts that pass security checks) can now work without a permanent connection to the Host Guardian Service that vouches for those known hosts (either with a secondary attestation service to use if you're running them in a branch office where the network is unreliable, or a remote site without a network connection as long as the host's security configuration hasn't changed). They also now support Linux VMs (for specific versions of Ubuntu, RHEL and SLES), making Windows Server an even better fabric for running your full range of workloads without exposing the data in them to admins or hosting providers.

That goes hand-in-hand with WSL and the mature support for containers and Kubernetes (along with a partnership with Red Hat to support Windows containers on OpenShift, making Windows Server fit into heterogeneous environments). Remember, Azure runs on Windows Server so it's capable of being a powerful cloud application platform, and Windows Server 2019 is where Microsoft customers can get what the server team has been delivering to Azure for the last two years.

For massive scale like that, Windows Server 2019 includes cluster sets. This effectively creates 'clusters of clusters' by grouping compute, storage and hyperconverged failover clusters together with a unified name space so VMs can migrate between clusters as well as within them, for resiliency and more options for handling fault domains.

The graphical interface of the Windows Admin Center makes it far easier to adopt Server Core -- Microsoft saw Server Core adoption on Server 2016 almost double after the launch of WAC. The new Features on Demand option makes Server Core far more flexible and will help customers who want to make the move to new application platforms but need to run existing applications that need more of the server roles or APIs than are in Server Core by default. Instead of 'lift and shift' to the cloud, where you just swap your own hardware for a VM with the same spec, this way you can gradually refactor over time. Features on Demand is also how Microsoft has shrunk the size of Server Core for customers who are ready for the more minimal API surface (which is still comprehensive enough for Server Core to be the recommended deployment option for Exchange 2019).

Infrastructure goes hybrid

For the more traditional data centre approach, Windows Server 2019 offers significant improvements for software-defined networking and hyperconverged infrastructure, especially in storage.

Storage Spaces Direct is already an appealing alternative to SANs, and in this release it moves both up and down the market. Moving the management from System Center to WAC means far less management overhead on two- or four-node setups. The file share witness for the hyperconverged option can now live on a USB key (an offline alternative to the existing cloud witness) and use switchless back-to-back networking and nested resiliency that keeps VMs running even after failures on both drive pools. That creates a true two-node system with RAID-like protection and fault tolerance without specialised hardware that works for edge deployments with no internet connection.

Useful at both ends of the scale, WAC brings key important analytics like storage trends and health monitoring to Storage Spaces Direct, so you can predict storage needs, diagnose performance issues (including that one drive with poor latency slowing the whole system down) and get ahead of drive failures.

Along with automatic provisioning of new hard drives, mirror-accelerated parity, virtual hard drives that use smart compression to create up to ten times more storage at no extra cost, much bigger scale (up to 4PB in a single cluster), the ability to use data deduplication with ReFS and support for the latest storage-class persistent memory like NVMe and Intel Optane that can deliver nearly 14 million IOPs, this makes it a more mature solution for replacing SANs at large scale. Storage Spaces Direct also integrates with cluster-aware updates to minimise disruption to VMs by avoiding timeouts and restarts.

SEE: Cloud v. data center decision (ZDNet special report) | Download the report as a PDF (TechRepublic)

The Storage Replica feature from Windows Server 2016 Datacenter syncs data between servers so they end up with an identical copy of the same volume. In Server 2019, that's also available in the Standard edition; volume sizes are limited to 2TB, only a single volume replicates at a time and only to one other server, but this still extends an excellent feature to a much wider audience.

Customers looking for the simplest way of using Windows Server 2019 for hyperconverged infrastructure will be waiting for the validated Windows Server Software-Defined solutions from OEM partners, which are due in mid-January 2019. That's more about getting the right networking hardware and drivers for reliability and performance in your private cloud than it is about the complexity of setting systems up, so the warning that's currently displayed when you set up the feature on your own hardware will go away once these systems ship. (Microsoft hasn't yet disclosed the timeline for Azure Stack to move onto Windows Server 2019.)

The hybrid cloud integration in Windows Server is driven through WAC, and it's very firmly Azure integration rather than cloud in general. This covers options like Azure Backup, Azure Site Recovery, the Azure Network Adapter that lets you create Point-to-Site VPNs in a couple of clicks, and (soon) Azure File Sync for disaster recovery and continuity. File Sync effectively makes your servers the fast local cache for storage, with the capacity management handled in the cloud. Microsoft is looking at extending this for server workloads like SQL Server, so you can configure database failover to Azure through WAC. The Azure integration ties you to Microsoft's cloud, but also definitely simplifies things like encrypted cloud backup and sharing data to branch locations.

If you're looking at hybrid scenarios, the significant improvement in software-defined networking gateway performance (up to 15Gbps for GRE tunnels through MPLS connections like Azure ExpressRoute) makes them more practical.

Conclusions

Generally, Windows Server 2019 is a polished experience with a very strong set of features for both familiar and novel workloads, especially for hybrid cloud and cloud-connected workloads. There are some rough edges with setup, and the desktop experience GUI shares some Windows 10 1809 bugs. Smaller organizations relying on the Server Essentials role for on-premises email, backup and remote access will see many of the features go away even though the role remains, because so much of this functionality has moved to the cloud. The fastest moving organizations will pick the Semi Annual Channel where container features move much more quickly for application workloads.

Both for the core Windows Server infrastructure workloads and for those only just starting to move to new development patterns like containers, Windows Server 2019 is a solid release that will address some immediate pain points and provide a firm foundation for future data centre developments, including edge locations with little or no connectivity.

RECENT AND RELATED CONTENT

Microsoft's latest Windows Server 2019 test build includes first preview of Hyper-V 2019
The latest test builds of the next version of Microsoft's Windows Server include a first look at Hyper-V 2019, plus a new analytics feature called System Insights.

Microsoft releases new Windows Server 2019 test build, plus Windows 10 'Redstone 5' ISOs
Microsoft continues to march toward its planned fall 2018 releases of Windows Server 2019, Windows Server 1809 and Windows 10 'Redstone 5' client with new test builds.

Microsoft's Windows Server 2019 never actually RTM'd: Here's why
For the first time in Windows Server history, Microsoft went straight from testing to general availability without RTMing its Windows Server 2019 release.

Microsoft re-releases Windows Server 2019
Microsoft is starting up again its rollout of its Windows 10 1809/Windows Server 2019 feature releases on November 13. Here's what is -- and isn't -- happening starting today.

Best data center upgrades for 2019 (TechRepublic)
The number of choices for upgrading your data center inevitably exceeds your budget. Which data center upgrade(s) should you choose?

Read more reviews


This review supersedes an earlier (April 2018) First Take:

Windows Server 2019 LTSC Build 17623, First Take: Key scenarios await detail

This barebones Insider preview of the next full version of Windows Server gives glimpses of the hybrid, hyperconverged future. However, we'll have to wait for more substantive builds to flesh out key scenarios.

Windows Server is moving to the faster six-month release cycle of the Windows client and staying as a server OS that comes out every two to three years. This split personality is managed through what Microsoft calls 'channels': the Semi Annual Channel (SAC), which includes only the GUI-less Server Core and Nano server; and the Long Term Support Channel (LTSC), which includes Server Core and the full version with Desktop Experience.

Due for release in the second half of 2018 (very possibly at Microsoft's Ignite conference in September), Windows Server 2019 is the first LTSC version that can take advantage of the features that have been incubated through the SAC releases -- for example, a much smaller Server Core image size, or the Windows Subsystem for Linux (WSL). As in Windows 10, WSL means you can install multiple Linux distros and use them to run Linux scripts and (command-line) utilities. Unlike Windows 10, Server 2019 doesn't have the Windows Store, so you need to know the direct download link for the distro you want and the PowerShell commands to download, unzip, and install it.

Windows Server 2019 also brings the Windows 10-style desktop to the server, replacing the Windows 8 GUI from Windows Server 2016. The cascading menus of the Start menu are a better fit for a server than the finger-friendly live tiles that took over the whole screen, but the way the Windows 10 Start menu relegates 'Run as Admin' to the secondary More flyout on context menus makes it far too fiddly for something server admins do so often. As with Windows 10, system settings are divided between the control panel and the modern Settings panel in ways that can make tasks like joining the server to a domain involve more clicks than you're used to -- especially as the handy context menu that appears when you right-click on the Start button no longer includes the control panel.

Settings aren't exactly the same as on Windows 10: adding a local account brings up Users and Groups, for example, while some Windows 10 settings -- like connecting to an Android or iOS phone to sync browser tabs -- seem inappropriate to a server and will likely disappear in later builds. If you were hoping that the server OS would make the transition from the control panel more coherent, it's clearly still a work in progress -- and of course much more of the emphasis for Windows Server management is on PowerShell.

Particularly interesting for companies with servers that haven't been upgraded in a while is support for direct, in-place upgrade from both Windows Server 2016 and Windows Server 2012 R2. This works in the preview but you obviously won't want to try it on your production systems. Annoyingly, the installer offers the upgrade option even on systems that don't have a previous version of Windows Server to upgrade, and if you choose it the installer insists that you exit and start the installation again from scratch.

It's also worth noting that a bug in the preview image means that if you're using DISM or other deployment tools to install Windows Server 2019, rather than using the ISO, the naming of installation options is incorrect so you need to use the index numbering in scripts: 1 for Server Core Standard; 2 for Server Standard w/Desktop; 3 for Server Core Datacenter; and 4 for Server Datacenter with Desktop Experience.

Beyond point and click

In the final release, the ability to upgrade in place will be especially useful for smaller businesses who don't have extra hardware to use for migrating to a new server release. In principle, Project Honolulu offers those customers the option of moving to Server Core, which is a big security advantage because Server Core needs far fewer security updates (and fewer reboots).

For simple server management, Honolulu is a friendly interface that comfortably replaces Server Manager. It runs as a gateway anywhere on your network and offers everything from a file browser to hyperconverged cluster and Storage Spaces Direct management, complete with a detailed new view of SSD performance history right down to individual drives and network adapters. (Because it's under development and works with older versions of Windows Server, Honolulu is a separate install, but it's clearly part of the direction for Windows Server in the long term.)

But once you make the leap to more powerful options in Honolulu (connecting it to Azure Active Directory to use the new hybrid cloud options like setting Azure Backup and File Sync for your server, for example), you still need to get comfortable with installing PowerShell modules and running PowerShell scripts. We'd like to see that become simpler in later versions, to give smaller companies with less expertise access to the advantage of cloud connections. More experienced admins may hope for similar connectivity to other cloud services, but this is Azure only.

The Azure services you can connect to Windows Server 2019 need subscriptions. A particularly interesting option is Windows Defender Advanced Threat Protection. ATP is a 'post-breach' service that detects suspicious behaviour that anti-malware hasn't been able to block, and having that extended to servers is excellent news.

Confusingly, Windows Defender ATP Exploit Guard in Server 2019 is only related to the Azure service because you can use it for reporting on events related to it (the name and many of the features come from Exploit Guard in Windows 10). It's a set of rules, controls and EMET-style vulnerability exploit mitigations you can use to block scripts, suspicious files, lateral movement, outbound connections to untrusted hosts and access to protected folders by untrusted processes.

Shielded VMs can now protect Linux VMs as well (Ubuntu, RHEL and SUSE Enterprise Server are supported), giving them a virtual TPM and BitLocker encryption as well as checking the health of the host Hyper-V system. To make this more robust on less reliable networks you can now create a fallback connection to the Host Guardian Service that runs the health check, and even configure Shielded VMs to run without the ability to connect for the health check as long as the host's security configuration hasn't changed since it was last checked. VMConnect Enhanced Session Mode and PowerShell Direct can connect to shielded VMs if they've lost network connectivity so you can update them and get them back online. The ability to encrypt the virtual subnet on which important VMs run without having to make complex changes to the VMs means they don't leak data from network traffic. This combination of features updates some important security features, making them more robust and more useful for the increasing number of organisations that run both Linux and Windows Server.

The first SAC release of Windows Server caused some confusion because it didn't include Storage Spaces Direct (although if you upgraded a server that had it installed, it carried on working). That didn't indicate anything about the future of the feature, just the emphasis of that release on DevOps scenarios like containers. The performance history isn't the only new option for Storage Spaces Direct in this preview; if you want to improve fault tolerance you can now manually delimit the allocation of volumes. Instead of spreading data out as small 'slabs' that are distributed across every drive in every server for performance, you can limit the slabs to a subset of servers. If three servers fail when the slabs are evenly distributed, it's very likely that at least some of the data will be unavailable until you recover the servers; if three servers fail when the data distribution is limited to fewer servers, it's more likely that the surviving servers have all the data and you can carry on using the volume. So far this is a PowerShell-only option, but it definitely gives you more nuanced choices about performance and availability.

The Remote Desktop Session Host (RDSH) role isn't included in this preview build. Microsoft is clear that Remote Desktop Services isn't going away, but what's unclear is whether it's just that RDSH isn't in this preview, or whether it's going to be replaced (or more likely, supplemented) by a host role that runs on Windows 10 desktops.

Conclusions

This Insider Preview is both a solid release and a frustratingly minimal set of new features for Microsoft's next big server OS release. Clearly, what's included is a subset of what's planned, and it seems likely that releasing this preview was intended to avoid a new SAC release coming out without any news about the full version. Organizations planning their upgrades might prefer to know more about the key scenarios they'll be upgrading for, especially as the cost of Client Access Licences seems set to go up. So far, it's improved security (especially for Linux VMs), container support (especially for Kubernetes), massive hyperconverged-infrastructure-scale with cluster sets, and hybrid cloud options with Azure and Project Honolulu.

Top ZDNET Reviews