momius - Fotolia


A first look at the Network Controller role

The Network Controller permits physical and virtual network infrastructure management, as well as configuring and managing firewall rules.

One of the most underrated new features in the Windows Server technical preview is the Network Controller role. This new role offers the potential to greatly improve network management and monitoring capabilities, which is especially important as more organizations move toward a service provider model.

In order to understand the significance of the Network Controller role, you must consider the ways in which networking has changed over the last several years. Prior to the widespread adoption of server virtualization, most networks were entirely physical. Such networks were relatively easy to monitor by using protocol analyzers. SNMP-enabled devices also provided insight into the network.

Server virtualization made network monitoring much more difficult because of the isolation boundaries that can be created in virtualized environments. Some hypervisors, for example, allow for the creation of virtualized network segments that never traverse the physical network. These types of segments are sometimes used as backbone segments between virtual servers. The segment’s isolation from the physical network is good for security, but makes it difficult to monitor the network segment.

Microsoft sought to address this problem early on by making the Hyper-V virtual switch extensible, with the idea that management tools would be able to plug directly into the Hyper-V virtual switch. However, this extensibility did not completely address the lack of visibility into certain network resources.

The reason for this is that network virtualization has become much more complex in recent years. Whereas Hyper-V administrators only had to worry about the physical network and Hyper-V virtual networks a few years ago, there are now other virtual networking structures that are starting to come into play as a result of multi-tenancy and IT’s move to a service provider/ private cloud model. System Center Virtual Machine Manager, for example, makes it possible to create Hyper-V virtual networks, virtual machine networks (which are different from the basic Hyper-V virtual network) and logical networks. When you also consider that these network structures can be layered on top of one another, you can begin to see just how difficult it can be to manage and monitor certain network resources.

This is where the Network Controller comes into play. Network Controller is designed to allow for the management of both physical and virtual network infrastructure. It is worth noting that the Network Controller is not a network management tool, but rather an infrastructure component that is designed to expose an organization’s physical and virtual network infrastructure to a management tool. Naturally, Microsoft is designing System Center products such as Virtual Machine Manager and Operations Manager to work with the Network Controller, but the Network Controller can also be used with PowerShell or with custom or third-party management tools that take advantage of the available APIs.

So far, I have discussed the Network Controller in terms of managing and monitoring the network fabric. The Network Controller does allow you to discover physical and virtual network devices (such as switches) and you can use the Network Controller to configure NICs, switches, subnets, VLANs, etc. However, the Network Controller is not solely a fabric level service. It also offers some other interesting capabilities.

One example of non-fabric level capabilities is that the Network Controller is able to configure and manage firewall rules. What makes this capability worth mentioning is that the firewall rules are applied to the vSwitch port of your virtual machines. This will make it possible to apply firewall rules on a per workload basis and have those rules distributed across your data center. This same mechanism can also perform firewall logging at the data center level.

Another unique capability is service chaining. Service chaining is Microsoft speak for traffic redirection. Service chaining will make it relatively easy to reroute traffic through specific devices or appliances. For instance, you may wish to route a specific traffic stream through a deep packet inspection appliance.

The Network Controller also makes it easy to perform software load balancing. Network rules can be used to distribute network traffic across multiple application servers for the purpose of achieving scalability or high availability.

The Network Controller is a fairly massive new addition to Windows Server. The list of Network Controller features that Microsoft has released so far include:

  • Fabric Network Management
  • Firewall Management
  • Network Monitoring
  • Network Topology and Discovery Management
  • Service Chaining Management
  • Software Load Balancer Management
  • Virtual Network Management
  • Windows Server Gateway Management

You can read more about the Network Controller and its features here.

Next Steps

The evolution of network monitoring and management

The latest network management software, tools and utilities

Dig Deeper on Windows administration tools