Why Nano Server is the most vital change to Windows Server since Windows NT 3.5

Nano server exposure
Nano Server makes Windows Server much smaller – and safer

The most important thing in Windows Server 2016 might just be the smallest – Nano Server. Distinguished Engineer Jeffrey Snover, who has been driving a lot of the architectural changes in Windows Server, calls it "by far the most important, most significant change we've made to Windows Server since Windows NT 3.5."

It's not a new version of Windows Server; it's a new way of using it (based on a lot of internal changes to the code). Snover calls it a "major refactoring" and says the correct way to refer to it is a "headless 64-bit only deployment option. It's not an SKU, it's a deployment option. Nano Server is a subset of Windows Server that is API compatible. It is not a new server, it is Windows Server; it is fully compatible with all the components included – there just aren't as many of them."

Snover has a long string of statistics about Nano Server. "It is incredibly small – 20 times smaller than Server Core. Size on disk goes down to 410MB from 8.3GB for a VHD; that's much smaller. When you want to have lots of instances or you want to move things across the network, that [footprint] goes right down. Setup time was 300 seconds, that goes down to 40 seconds." That's with the preview and he warns "we have not done a performance pass so some of the numbers might go down, but we're not done refactoring so some of the numbers might go up."

Patch heaven

But Microsoft didn't slim down Nano Server just for the sake of it, and it didn't strip out the native GUI just to be fashionable. Snover admits that switching to the minimal Nano Server and remote management will take some effort, even if you're already using PowerShell and automation.

"We require people to make changes to adopt this – why do we do that? The results speak for themselves. We analysed a full year of bugs – we found out what code needed to be changed in each case and we found out where that code was in Nano Server.

"Nano Server would have had only one tenth the number of critical patches; we had 23 but with Nano Server, that goes down to two. Full Server had 11 patches that required reboots; with Nano Server we would have had just three. Plus the number of ports open goes down from 34 to just 12."

The improvement here isn't just that Nano Server needs fewer server resources or fewer reboots – it's that it's far more secure. "Remember, a critical patch is a vulnerability we discovered and fixed. Prior to the patch we had the vulnerability and we didn't know it. So this is not just fewer patches, this is increased security – because you did not have that problem."

TOPICS
Contributor

Mary (Twitter, Google+, website) started her career at Future Publishing, saw the AOL meltdown first hand the first time around when she ran the AOL UK computing channel, and she's been a freelance tech writer for over a decade. She's used every version of Windows and Office released, and every smartphone too, but she's still looking for the perfect tablet. Yes, she really does have USB earrings.