In the sister article to this piece, we talked about choosing Hyper-V Server over Windows Server as the management operating system. In this one, we’re going to go down the other road and make the case for Windows Server instead.
A Clear Definition of Hyper-V Terms
The earlier article had a section devoted to clearing up the terminology around Hyper-V. For your convenience, here’s that chart again:
|Hyper-V||“Hyper-V” is Microsoft’s hypervisor technology. There is no way to get Hyper-V all by itself. You must choose one of three possible delivery methods. When using the term “Hyper-V”, you are referring specifically to the hypervisor.|
|Hyper-V Server||“Hyper-V Server” is a standalone product available as a direct download from Microsoft. Despite the awkward placement of the download, it is not an evaluation product download. This is one of the three delivery methods for Hyper-V. It is based on Windows Server, but has almost no roles or features except those that would be useful in a hypervisor management operating system.|
|Core||“Core” is a mode for Windows Server that does not activate any of Explorer’s GUI components. It has no special relevance to Hyper-V as just about every Windows Server component and most non-WPF and non-Explorer-based applications can run on it.|
|Windows Server with Hyper-V||In the 2008 product series, this was actually one way you could buy Windows Server. Naturally, there was also a SKU that didn’t have Hyper-V. Nowadays, this phrase is just used to indicate that the management operating system is Windows Server and that it has the Hyper-V role enabled. This is another of the three delivery methods for Hyper-V.|
|Client Hyper-V||This is the trimmed-down edition of Hyper-V that ships with the desktop editions of Windows. These desktop editions represent the third delivery method for Hyper-V.|
|Hyper-V Core||This term is nonsense. Please stop using it. It leads to a great deal of confusion in which we have people asking things like, “How do I install the full GUI on Hyper-V Core?” and people who are trying to help wasting a bunch of cycles trying to figure out what product is actually being used.It would help if Microsoft would stop using “HYPERSERVERCORE” and things like that in the text strings related to Hyper-V Server. <wink wink nudge nudge>|
Reasons to Use Windows Server as the Management Operating System
- The GUI isn’t a bad thing. Sure, you need PowerShell, and sure, you need to protect your systems, but you need to get your job done, too. The GUI is often the quickest and most familiar way. You need to take appropriate steps to lock down your host anyway, so why not take advantage of everything the GUI has to offer?
- Windows Server can do more. Hyper-V Server isn’t just missing the GUI. It’s stripped down to the bare bones to the point that it can’t do much besides host virtual machines. Sure, most of those extra features aren’t supported with Hyper-V, but some of them are. One big one is file deduplication. So far, that’s only recommended for use with desktop virtual machines, but it does work with server guests as well if that’s what you want. I’ve seen some claims that Microsoft won’t support deduplication with server guests, but there’s no official publication that supports that claim. Of course, dedupe comes at the expense of compute and I/O speeds, but if your organization is small enough that you’re running Hyper-V guests from internal storage, it’s also probably not running so many virtual machines that trading a bit of a performance hit in favor of potentially major disk savings is beyond the pale. Even if dedupe isn’t the feature you’re interested in, there might be some other acceptable role or feature that you want in your management operating system that Hyper-V Server can’t provide.
- Windows Server has wider support. At far too many hardware and software vendors, the support teams just love to say, “No”. That’s because they try to incentivize their staff on the basis of the speed in which they close trouble tickets. What’s faster than saying, “Sorry, you’re in an unsupported configuration. Call back when you’ve fixed that.”? One way to fix that is by running your actual applications inside a Windows Server guest, but that’s not always an option. You still need to run your host on hardware, and hardware needs drivers. Sure, any driver pack that works with Windows Server should run just as well with Hyper-V Server, but support teams often don’t know that and there’s rarely anything to encourage them to learn otherwise. You can save yourself a lot of headaches by just installing Windows Server as the management operating system and be done with it.
- On-demand GUI. No one can really argue against the point that Hyper-V Server’s lack of a GUI makes it less of a target for attackers. But, Windows Server’s GUI can be disabled on command with only a reboot. You can configure the management operating system as needed, then switch to Core mode. If any situation arises in which the GUI would make life substantially easier, all it takes is a command and a reboot to reinstate it. Then, once the crisis has passed, reversion to Core mode is just as simple.
- Datacenter gives you Automatic Virtual Machine Activation. If you install Windows Server Datacenter Edition 2012 R2 (and presumably, all later versions), then you can use the special AVMA keys while installing Windows Server 2012 R2 (and again presumably, later versions) guests and they’ll never need to activate.
Responding to the Reasons Against Using Windows Server
There are some pretty good reasons to use Hyper-V Server, but how well do they really stack up?
- The lack of a GUI makes Hyper-V Server more secure. We talked about this a little bit above, but it’s worth revisiting. You’ve probably been told not to run antimalware on your management operating system, which means you’ve probably locked it away very tightly. How real is the risk at that point?
- Patches for Windows Server are more dangerous due to poor quality control. Patches for Windows Server outnumber those for Hyper-V Server, but as I recall, the really dangerous ones were fairly deep into the system such that they impacted Windows Server and Hyper-V Server equally. The difference between Hyper-V Server and Windows Server is all about the available roles and features; those bits that make them operating systems are exactly the same.
- More patches for Windows Server means more reboots for Windows Server. So, let’s say that in one particular month, there are twelve patches for Windows Server and three for Hyper-V Server. If one of those three patches requires a reboot, is that substantially less impacting than the twelve patches? Probably not. Besides, you’re not actually letting any of your hypervisors run their patch cycles on a true set-and-forget cycle, are you? I mean, you may not sit there and hold its hand while it does it, but you have some sort of maintenance calendar and follow-up process, don’t you? That “fewer patches” thing looks good on paper, but what does it really get you?
- Smaller attack surface means more secure. This is another argument that looks really good on paper, but what net benefit will you realize? So, there are extra bits on the management operating system because it’s Windows Server. Let’s say some attacker releases a really clever assault on IIS that infects the bits of your Windows Server installation that’s running Hyper-V. What’s the impact? Well, if you never enable IIS, which you shouldn’t on a Hyper-V host, there will probably never be any impact. I guess if you’re in the business of repurposing hosts without cleaning their operating systems, you might have a problem. For most people, though, this is a threat without any real teeth.
- Activation is a pain. Activation in Windows has been a pain ever since Microsoft first starting doing it, and it will be a pain until that mythical day in which they stop doing it (that day will never come, stop asking). But you know, a lot of us talk about isolating our hosts but very few of us really do it. We lock it away behind firewalls and we’re very judicious about how they connect to the network, but most of us let them have enough outbound access to keep their activation status current. If your organization is of any size, you’re probably using KMS and WSUS anyway, so it’s not like they need to get all the way out to the Internet. Why give up the convenience of Windows Server if it’s not going to get you anything?
What’s Not a Good Reason
I know that this post is supposed to be all about the reasons to use Windows Server, but there’s a really bad reason floating around out there. I talked about it in the last post and I’m going to talk about it in this one, and I’m going to keep talking about it in every context where it applies until we get this myth flushed off the Internet: there is never any positive reason to use Windows Server instead of Hyper-V Server from a licensing standpoint. There is AVMA with the Datacenter edition, but that is a technical reason, not a licensing reason. You always have access to the virtualization rights granted to a host by its license no matter what hypervisor and management operating system you’ve chosen to install. You never get a pass on the requirement to license guests based on the hypervisor and management operating system you’ve chosen to install. If you have questions on licensing, you can start with our post on the matter. As always, I recommend you consult with Microsoft or a credentialed licensing expert at an authorized reseller.
The only time licensing ever matters when choosing between Windows Server and Hyper-V Server as the management operating system is in the case of VDI and Linux guests with no Windows Server guests. As for VDI, I am highly skeptical that any organization with the funds to shoulder the exorbitant costs of VDI with Windows desktop operating systems would have any problems coming up with another $800 (or less, with volume licensing) to pay for Windows Server as the management operating system. So really, Linux is the question. If all your guests are Linux, then Hyper-V Server should get the nod if licensing is the deciding factor. But, I’m also highly skeptical that there are many organizations out there that are exclusively virtualizing Linux on Hyper-V. Overall, I suspect that choosing Hyper-V Server instead of Windows Server based on guest licensing is an extremely rare occurrence.
Well, there’s my case for using Windows Server as the management operating system.
I’ve now argued both sides of the same debate, and hope I did a fair job presenting both sides. I feel that my arguments more or less cancel each other out, and that’s exactly how I want it. I have no intention of ever disclosing my own preference.
If you’re faced with making the decision and you’re stuck, what I want you to do is read both articles carefully. Look for an argument that’s especially appealing to you. The reason I’m not telling you what to do is because I’ve seen such a wide breadth of installations that I’m certain that there is no one-size-fits-all answer. Sure, I could be like other tech writers and wrap up my personal habits as a “best practice” and try to shame you into agreeing with me, but that’s just not how I operate. You have to do what makes the most sense for your situation in your time and in your space, and you need to have the flexibility to be able to shift positions as conditions change. These articles aren’t meant to tell you what to do, but to give you the information you need to make up your own mind (and hopefully start to dispel that ridiculous licensing myth).
If you’ve read all the material and you still just can’t decide, then do whatever is most comfortable for you. The nice thing about the newer versions of Hyper-V is that the guests can readily be imported into a new installation, should you decide that you made the wrong choice and need to quickly swap out your management operating system.
Is Your Office 365 Data Secure?
Did you know Microsoft does not back up Office 365 data? Most people assume their emails, contacts and calendar events are saved somewhere but they're not. Secure your Office 365 data today using Altaro Office 365 Backup - the reliable and cost-effective mailbox backup, recovery and backup storage solution for companies and MSPs
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!