Security at the OS level
Windows Server 2016 includes built-in breach resistance to help thwart attacks on your systems and meet compliance goals. Even if someone finds a way into your environment, the layers of security built into Windows Server 2016 limit the damage they can cause and help detect suspicious activity.
- Protect your virtual machines. Use the unique Shielded Virtual Machines feature to encrypt your VMs with BitLocker and help ensure they can run only on hosts approved by the Host Guardian Service.
- Help secure admin credentials. Protect admin credentials from Passthe-Hash attacks using Credential Guard and Remote Credential Guard, and control administrator privileges with Just-In-Time Administration and Just Enough Administration, which together help minimize the time and capability granted for specific privileges.
- Protect the operating system. Resist breaches with built-in Control Flow
Guard, which helps prevent memory corruption attacks, and Windows Defender, optimized for server roles. Help ensure only trusted software can be run on the server with Device Guard.
- Improve ability to detect attacks. Use advanced auditing capabilities to help detect malicious behavior.
- Meet compliance requirements. Built-in security components help address certification requirements for government and industry data-protection regulations, including SOX, ISO 27001, PCI DSS 3.2, and FedRAMP. Find more information at microsoft.com/en-us/ cloud-platform/windows-server-security#compliance.
Increasingly, organizations use apps to help differentiate themselves from the competition. Apps help win, engage, and support customers. Developers building and updating the apps tend to have little patience for the realities of IT infrastructure. They don’t want to wait long for IT services, and they want apps in production to work the same way the apps work on developers’ machines.
Windows Server 2016 supports application innovation using container technology and microservices. Containers can help speed application deployment and streamline the way IT operations and development teams collaborate to deliver applications. In addition, developers can use microservices architectures to separate app functionality into smaller,
“Most of our application portfolio consists of older legacy applications that are cumbersome to update. By moving these applications into Windows Server containers and embracing a microservices architecture, we can break these big applications apart and update the pieces independently. This will reduce customer downtime and increase business agility.”
– Stephen Tarmey
- Deliver container benefits to existing apps. Containers help you move existing applications into a modern DevOps environment with little or no code changes, while gaining benefits such as continuous application delivery and better security. Containers can help you introduce new architectures, including microservices, which improve application agility and scale. Also, when developers package apps into containers for delivery to IT, they help standardize on a platform that streamlines deployment on-premises, to any cloud, or to a hybrid architecture across clouds. Now developers can use a production-ready, fully-supported version of Docker Engine to build, ship, and run containers in Windows Server 2016
- Build cloud-native and hybrid apps. Create new microservices applications using fewer and compressed resources, and more agile “just enough” technologies. Use containers to build, test, and deploy the apps to any cloud, including Microsoft Azure cloud infrastructure. Developers will appreciate the lightweight Nano Server installation option, which delivers Windows Server 2016 as a quick-start, practical platform optimized for building next-generation applications with containers or microservices.
Customers who choose the Datacenter or Standard editions are able to customize their installation of Windows Server 2016 by choosing from three options:
|Server Core||Small-footprint, headless operating system removes the desktop UI from the server and runs only required components.||• Includes local graphical tools such as Task Manager and PowerShell for local or remote management.
• Does not include MMC or Server Manager.
• Supported as Long Term Servicing Branch (LTSB).
|Nano Server||Extremely small, headless operating system ideal for reducing your datacenter footprint or running applications that use containers and microservices.||• Manage remotely, via PowerShell or the web-based Server management tools, or use existing remote management tools such as MMC or System Center.
• Requires Software Assurance and Current Branch for Business servicing model.
|Server with Desktop Experience
(previously known as
Server with a GUI)
|Provides user experience for those who need to run an app that requires a local user interface or for a Remote Desktop Services Host.||• Experience a full Windows client shell and experience, consistent with Windows 10.
• Use with Microsoft Management Console (MMC) and Server management tools available locally on the server.
• Supported as Long Term Servicing Branch (LTSB).
Take the next step. Learn more at www.microsoft.com/windowsserver