maxkabakov - Fotolia

Tip

Get to know Hyper-V 2019 new features and functionality

Window Server 2019 showed fewer new features than first expected, but Hyper-V admins can benefit from improved support for shielded VMs and the new Admin Center feature.

Unlike some of the more recent Hyper-V releases, such as Windows Server 2016 and Windows Server 2012 R2, Hyper-V 2019 includes relatively few new features. Even so, some of the new functionality that Microsoft introduced in the Windows Server 2019 OS will still prove beneficial to IT administrators.

Hyper-V 2019 new features mainly relate to the hypervisor's ability to host shielded VMs. Admins running Hyper-V 2016 who aren't shielding their VMs will find little reason to upgrade. That is, unless they want to take advantage of some of the OS-level features, such as Resilient File System, which now supports native deduplication. But Hyper-V 2019 is a must-have for admins who host shielded VMs.

Shielded VMs, which were originally introduced in Windows Server 2016 Hyper-V, enable admins to encrypt Hyper-V virtual hard disks in a way that prevents unauthorized users from accessing their contents. And the only way for admins to access the contents is from designated Hyper-V hosts. This prevents rogue admins from gaining access to a VM's contents.

Improvements to shielded VMs

The biggest improvement that Microsoft made to shielded VMs in Windows Server 2019 is the ability to shield Linux VMs. Admins can use the feature in conjunction with Ubuntu, Red Hat Enterprise Linux and SUSE Linux Enterprise Server. Prior to the new release, Hyper-V could only shield Windows VMs.

Prior to the release of Windows Server 2019, one of the biggest risks associated with the use of shielded VMs was loss of connectivity to Host Guardian Service.

One of the biggest risks associated with the use of shielded VMs was loss of connectivity to Host Guardian Service (HGS). However, in Hyper-V 2019, Microsoft attempted to mitigate this risk by introducing a new feature called Fallback HGS. This enables Hyper-V to attempt to connect to a different URL in the event that an admin's primary HGS server becomes inaccessible.

Microsoft also made it possible to boot a shielded VM, even if HGS is inaccessible. This is achievable because of a new feature called Remote Mode. Remote Mode essentially ignores the loss of connectivity, enabling a shielded VM to boot normally so long as two conditions are met. First, the VM must have been successfully booted at least once prior to loss of connectivity. Second, the host's security configuration must have remained unchanged since the HGS server was last accessed.

VMConnect and PS Direct

Microsoft additionally enabled Virtual Machine Connect (VMConnect) and PowerShell Direct (PS Direct) for shielded VMs. This makes it easier for admins to troubleshoot a shielded VM that is suffering from a loss of network connectivity.

Admins must be aware that these features were originally disabled for shielded VMs, and the ability to use VMConnect and PS Direct depends on the version of Hyper-V that is running on the host. If admins host a VM on a server that's running Windows Server version 1803 or later, then they can enable VMConnect and PS Direct.

When admins move a VM to a host that's running an older version than Windows Server 1803, these features are automatically disabled. According to Microsoft, admins can manually disable PS Direct in a shielded VM by running these commands:

Stop-Service vmicvmsession
Set-Service vmicvmsession -StartupType Disabled

Admins are only able to disable VMConnect Enhanced Session Mode if the VM is running Windows Server version 1809 or later or Windows 10. The process requires admins to add a registry key to the VM with this command:

reg add "HKLM\Software\Microsoft\Virtual Machine\Guest" /v DisableEnhancedSessionConsoleConnection /t REG_DWORD /d 1

Windows Admin Center

Another new feature available for Hyper-V 2019 is Windows Admin Center. Windows Admin Center is a web-based management tool that enables admins to manage Windows Servers with little to no Azure or cloud dependency.

Windows Admin Center has a limited ability to manage Windows Server 2008 R2, but it fully supports Windows Server 2012 and later. Admins can use Windows Admin Center to manage Hyper-V, including the free version of Hyper-V Server 2019. Windows Admin Center is well suited to lightweight VM management tasks such as starting and stopping VMs. Hyper-V Manager and System Center Virtual Machine Manager are better suited to performing more involved tasks such as creating new VMs.

Although Windows Admin Center is associated with Windows Server 2019, admins don't have to have Windows Server 2019 to obtain Windows Admin Center. Admins can download Windows Admin Center from Microsoft docs and install it locally on their management PC rather than on a Windows Server. Admins can even install Admin Center on Windows 10 version 1709 or later.

Dig Deeper on IT systems management and monitoring