Oleksandr - Fotolia
The Windows Server 2016 Network Controller brings the agility of Azure to the server, giving it the ability to abstract certain workloads such as switching and routing, load balancing, firewalls and edge gateways. This means IT teams can manage each part of the network in distributed pieces, instead of individually. And dictating the configuration of physical and virtual components on the network can be useful in complex environments.
The Windows Server 2016 Network Controller is a central point of automation within the software-defined network. It consists of a few parts. A management plane enables the admin to define policies. The Network Controller sends those policies to a control plane, which distributes them to the necessary endpoints. Finally, a data plane, which is the operating system on the endpoints, transfers the policies from the management plane to the control plane.
Think of the Windows Server 2016 Network Controller as the brain of the software-defined network. It pushes the desired network state to the network for enforcement. With this architecture, the Network Controller does not sit in the middle of the data path, which means VMs can communicate with one another unassisted. Policies also enforce on the end nodes without the need for a third party to ensure compliance. Admins use the System Center Manager from the command line with PowerShell or RESTful API calls to control the Windows Server 2016 Network Controller.
Network Controller features and functionality
The Network Controller enables several capabilities in Windows Server 2016 related to software-defined networking, including:
- Distributed firewalls. The feature lets IT distribute firewall rules and access control lists for individual ports from a central location, rather than from individual instances of the firewall. Admins can use the Windows Server 2016 Network Controller to regulate traffic between the internet and VMs; VMs on the network; and a hosted VM and the hypervisor fabric. This functionality makes it easier to execute a defense in depth strategy.
- Centralized fabric management. The Network Controller provides a single point to configure and create IP subnets, new virtual LANs, new virtual switches that operate at both layer 2 and layer 3 of the OSI model, and the silicon network interface cards that comprise the compute and virtualization fabric of the Hyper-V infrastructure. VMware support isn't available yet.
This structure is similar to the way in which System Center enables admins to manage individual OSes on the network from a single view. Admins also can determine how physical and virtual networks -- and connected endpoints -- interact.
- Network monitoring. The Network Controller fosters a deeper understanding of network activity. It gives performance metrics of certain links and automatic discovery of what it deems "important routes" to speed up troubleshooting. Part of the network monitoring feature turns on port mirroring to reflect tenant traffic -- any inbound and outbound packets on a port -- and sends a copy of those packets to a virtual appliance. A single appliance can serve multiple ports. The Windows Server 2016 Network Controller and SDN engineering within the product is efficient up to about 40 GbE to give line-level performance into either Linux or Windows VMs.
- Virtual versions of physical appliances. In addition to firewall capabilities, administrators can deploy appliances -- virtual load balancers (including a new advanced load balancer), virtual switches, web application gateways and reverse proxies -- from the Network Controller. From a security aspect, SDN capabilities let admins react quickly to an attack and route all traffic through a virtual appliance placed between the machines and tiers. According to Microsoft, all appliances that work in Azure will work on premises in Windows Server 2016.
Windows Server 2016 networking embraces SDN
In this podcast, Zeus Kerravala, principal at ZK Research, discusses Windows Server 2016 networking updates, and explores features that support evolving networking requirements.
Features only available in Datacenter edition
The Windows Server 2016 Network Controller is only available in the Windows Server 2016 Datacenter edition, so access to these advanced features and functionality requires some steep licensing costs. But organizations that want network flexibility or have a large Hyper-V implementation might find it worth the price.
Microsoft saturates Windows Server 2016 with software-defined features
Will virtual routing software replace hardware devices?
Everything you need to know about Windows Server 2016