Windows Server 2019 Features
This is a guide on the Windows Admin Center.
Windows Admin Center
In this video, we'll introduce the Windows Admin Center, which is a new feature with Windows Server 2019 that is locally-deployed, but it's a browser based tool. Now in terms of its implementation, it's similar in concept to tools like Server Manager and the Microsoft management console. In that it centralizes everything so that you don't need several tools open at the same time.
But it effectively gives you full control over all aspects of your server infrastructure and even some of your clients as well. Now it's not really designed as a replacement for some of your existing tools, rather it complements them. So features such as Azure security and management, System Center, Remote Server Administration tools. And Remote Desktop certainly will still be used and certainly can still be used.
[Video description begins] Remote Server Administration Tools is abbreviated as RSAT. [Video description ends]
So again, it's not really a single replacement for all of these management solutions, but certainly should act as a compliment to them. Now in terms of the management itself, again, it's browser based. But it allows you to manage Windows Server 2019, 2016, 2012 R2, and even 2008 R2 servers. And in fact, it also allows you to manage your Windows 10 devices as well. So as mentioned earlier, it's not just server management.
And this is extensible also in that you can implement it through a Windows Admin Center gateway, which allows for remote management of your systems from anywhere. With no agents required because it uses PowerShell over WMI or WinRM to implement its configuration. So no agent is required on any kind of a system that is being accessed through the Windows Admin Center Gateway. And looking at some of its features, it offers familiar functionality with respect to many of the tools.
That many administrators are already comfortable with managing their servers and their clients. And of course, it offers ease of use because it's a simplified management interface using nothing but a web browser. It also offers easy integration with your existing tools. It works with System Center and Azure management tools. It offers remote management capabilities to be able to securely manage your servers over the Internet.
And it offers enhanced security in terms of authentication. Allowing for local domain-based Active Directory groups and/or cloud based Azure Active Directory groups to be able to gain access. With the proper authentication. And you can also configure role-based access control to determine which administrators will have access to which features. And finally, it offers tight integration with Azure.
It does support Azure Active Directory, Azure Backup and Azure Site Recovery configurations, among others. And in terms of extensibility, it has been designed to be extended so that developers can build their own tools for the Windows Admin Center. So that they can then be integrated, so that you can support additional applications and/or services in the future. So overall with the new Windows Server 2019 Windows Admin Center. You should find a very familiar environment that easily integrates and is easy to deploy and use.
Desktop Experience
In this presentation we'll take a look at one of the more basic installation options, which is to install either the server core only or the desktop experience. Now, this is nothing new for Windows Server 2019. Server core has been around for quite some time and quite simply, does not have a graphic interface, whereas the desktop experience does.
Now, we'll come to the server core in a little while, so for this presentation we'll focus more on just the desktop experience. But there is one significant difference that we'll get to in a moment. So with respect to installing the server with the desktop experience. As mentioned, this gives you the full graphical user interface and a full suite of tools.
[Video description begins] Graphical user interface is abbreviated as GUI. [Video description ends]
Now just quickly, with respect to server core, you can use any of these tools in the desktop experience to connect remotely to a server core. And thus manage a server core based system with a graphic interface, okay? But they are not locally installed on any system running core. But with the desktop experience, all of these tools are locally installed on that server.
Now in terms of availability. You can install the desktop experience with Windows Server 2019 Standard, Windows Server 2019 Datacenter. And Windows Server 2019 Essentials. But take note in fact you can only install the desktop experience with Essentials. In other words, there is no core version for Essentials. Conversely, Hyper-V Server is the other way around.
The desktop experience is not available, core is the only option there. Now, if you are running a system that supports both, so again either Standard or Datacenter, this is the change I was referring to earlier. The choice is permanent, for the lifetime of the installation. So you make this choice during install, and that's it.
It cannot be changed, and you used to be able to do that with earlier versions. You could install core, then you could add the desktop experience. So again, with 2019 Standard or Datacenter, where you can go either way. Once you make that choice, it remains permanent. The only way to change it after the fact would be to completely reinstall the operating system. So, it's something that you'll want to put a little extra thought into before you make that choice.
Systems insights
In this video, we'll introduce System Insights, which is an analytics feature available for Windows Server 2019. That is designed to give you a certain amount of predictive capability. To hopefully warn you if there could be some kind of potential problem that might otherwise go unnoticed. Now, any kind of insights service is something that these days is commonly available in cloud-based services or applications. But with System Insights in Windows Server 2019, you don't need any kind of cloud connectivity. All data is processed locally from sources such as performance counters and event logs.
And then it uses various machine learning models to hopefully reduce the overall cost of managing Windows Server. By allowing you to adjust accordingly so that you aren't competing for resources. Now, it will ultimately provide you with forecasting values. Now, I say ultimately because it does take some time to gather the information. And I'll come back to that in a moment, but it gives you these forecasts on four basic capabilities. CPU capacity, networking, volume consumption for any individual storage volume, and total storage consumption for all volumes.
So again, the idea behind a capability, which by the way is an actual thing, it's not just a term, a capability is packaged as a DLL. And there are these four capabilities included with System Insights, but you can absolutely add more. And in fact, you can develop your own to make System Insights more extensible. But again, the idea is that all of these capabilities just gather up data over time. And then ultimately, will report the status.
Now, this does depend on how much data has been gathered. For example, if it has only been running for a few days, you won't get any kind of forecasting. There will be no prediction, because it has not been running long enough. Anywhere between 6 days and 180 days or 6 months. You will get predictions that are approximately equal to one-third times the size of whatever the input data is. If it runs for more than 6 months, up to a year, then you can expect forecast lengths of about 60 days.
So again, that is based on past usage. It will present to you a forecast that says, here's what you can expect over the next 60 days. So that's where you start to see some very useful information. Now, with those capabilities, they will report various states. Clearly, OK is what you're looking for. Warning, needs some attention and Critical certainly needs to be addressed as quickly as possible. But you might also encounter None or Error. Now, None usually is not indicative of a problem.
It's more so that there just is not enough information yet to report anything. But an error means that the capability itself has caused a problem. So it might not be an issue with something like the CPU, for example, it's the actual DLL. It's the capability itself that has caused an error and that's what it reports as the state Now, this is something that could be enabled on any Windows Server 2019 system. It is available by default, but it's not necessarily installed by default.
So all you need to do is open the Windows Admin Center. Connect to the appropriate server. Click System Insights on the left hand side in the navigation pane. And then simply click on Install. It will install in just a few minutes. But really there's not much to do after the installation completes. Because, again, you need to give it time to gather and process all of the data. So install it, walk away and forget about it for a while. And then come back after an appropriate amount of time to determine any status and of course, see any predictions that may have been made.
Server Core
In this presentation, we'll take a look at the Server Core installation option for Windows Server 2019. And this certainly isn't anything new. Server Core has been around for quite some time. But the general idea is that there are no graphic interface components at all.
[Video description begins] Graphic user interface is abbreviated as GUI. [Video description ends]
You just don't get a desktop. Similarly, you do not have any accessibility tools. There is no audio support, and there's no out-of-box experience. So essentially when you just boot the system for the first time, really about all you get is a command prompt. Now, that certainly doesn't mean that you can't interact with that system locally. It does have applications such as command prompt, PowerShell, Regedit, Diskpart, Fsutil or file system util.
And Remote Desktop Services so that you can connect to it remotely. But the general idea behind administering a Server Core system is that you manage it remotely. So, you go to any other system that does have a desktop and you use tools such as the Windows Admin Center, Server Manager. Microsoft Management Console and any of its associated tools, or Remote Desktop Services and you simply connect to it remotely.
So as long as you have that physical connectivity, you can use the exact same graphic interfaces to administer that system. You're just doing it remotely. So I can have any of these tools or all of them, even on a client system such as Windows 10. And just establish that connection remotely back to the Server Core.
And you can perform that exact same type of graphic management just using that remote tool. Now, that said, there are still some incompatibility issues with systems that are running Core. For example, you cannot have a Server Core system that also runs System Center Virtual Machine Manager.
[Video description begins] System Center Virtual Machine Manager is abbreviated as SCVMM. [Video description ends]
System Center Data Protection Manager 2019, Project Server 2019 or SharePoint Server 2019. These features and applications simply require more than what is available on a Server Core system. So generally, you're going to find a mix of both in any given environment. So, even though there are some incompatibilities, there are absolutely advantages to running Server Core. For example, it has a smaller footprint.
There is lower consumption of CPU, RAM, and disk space because of the smaller operating system. There are fewer services running, so it has a smaller attack surface. And there's less updating and patching to do, again because it just has less on it to begin with. Now, there are still some disadvantages as well. And they include the certain limitations of the roles and/or functionality that the system can perform.
Again, we just saw certain applications that cannot be installed, but there are also certain roles that a system running Core cannot perform. And in general, it's not considered to be particularly user friendly, because of the fact that there is no GUI. This can be a little more complex in terms of navigation. But I would say that really this is up to the user. There are a lot of administrators who really prefer this.
So, user friendly certainly is something that is up to the user. But at the end of the day there is no GUI, so if you feel that that makes it a little more complex than that certainly is the case. But as mentioned, what you will likely find in most environments is a mix of the two. You will have the Server Core systems when you want that stripped down, bare bone system, if you will. Something that is perhaps dedicated to performing a particular task.
And then when you need the more user-friendly type of system that may have to support some of those more demanding applications. Then they might be running on the systems with the graphic interface installed. Ultimately, it's up to you. But if you do install Server Core, again, just be mindful that you do typically administer it remotely. So make sure you've got connectivity to those systems.
Nano Server
In this presentation, we'll take a look at Nano Server. And quite simply, this is a stripped down version of Windows Server. But that statement in and of itself sounds an awful lot like Server Core. So to put it in a little bit of context, if Server Core is what we might consider to be a stripped down version of the full graphic installation. Then Nano Server might be thought of as a stripped down installation of Server Core. In other words, it's stripped down even further. Now why do we even bother striping it down more than it already is? Well, for one reason it's the purpose, they are typically implemented so that you can run containerized cloud applications. So what does all that mean?
I'm going to back up a little bit here and let's think back to quite some time ago. Maybe around the early 2000s, back before even virtualization was particularly common. Back then you might still have the need to implement a dedicated server for a single application or a single service. So again, without virtualization, you had to assemble a physical computer and install Windows Server on that system. So you have a fully functional server that could do everything that any other server could do, depending on its resources.
But it was only performing a particular task. Okay, but again, you wanted it that way because you wanted it to be isolated from other applications and services. Maybe so that it wasn't competing for resources. But you still had to assemble a full chunk of hardware, if you will, and again, install the full operating system. So effectively, there was a tremendous waste of resources. All of the things that Server could do weren't being done. So that was one problem, if you will. Now, virtualization certainly made that easier.
We could just fire up a new virtual machine for a dedicated server. But the other issue is this whole concept of stripping down something. And this effectively involves having fewer resources to begin with. And having fewer possibilities in terms of attack avenues and exploits available, because there simply is not as much stuff running. And that also will help to perform a little bit better because again, there's less contention on that system. So stripping down a server helps it to perform better and helps it to be a little more geared towards this dedicated task.
Virtualization, of course, made it easier to have dedicated systems. So Nano Server takes all of that yet one step further, if you will. Let's take a look at the containerized cloud application. The idea here is similar to virtualization. With virtualization, you have a single chunk of hardware. And there are multiple virtual machines that all believe that they have dedicated access to this hardware, even though it's being shared. Containerized applications use the same approach but at the operating system level to the application.
In other words, there is a single operating system there running these applications. But any one containerized application believes that it has full access to the operating system. It also makes for very easy portability. And again, just like virtualization. I could take a virtual machine off of one physical host and move it to another physical host and it really doesn't care. The same thing happens with containerized applications, everything to run the application is in the container. So you can drop it on any kind of containerization host and it will run exactly as well as it did on the other host. So you get these very portable applications.
So with all that said, this is the idea of Nano Server, it's very stripped down so that it can be easily dedicated to a task. So that goes all the way back to that dedicated server, but I don't want to assemble an entire server just to run this dedicated task. I want this very stripped down, compact server that will then act as the host for all of these containerized applications. So again, it takes that concept of stripping things down and adds to it the concept of virtualization and you get a Nano Server, okay?
Now in terms of some of the scenarios, again the roles and/or the applications or services that you want to run clearly are up to you. But it's not uncommon to want a dedicated DNS server, a dedicated web server running IIS. Some kind of computer host that is dedicated to just running Hyper-V virtual machines. Maybe some kind of storage host acting as a Scale-Out File Server. Or again just any kind of host for applications that is designed to run in a container of some kind. Okay, but again, the idea is that you want the dedication of this system so that it's not doing anything else.
But you also want the portability and the ability to support these applications in a very isolated and dedicated fashion as well. So the benefits of a nano system, certainly speed, stability and security. There is very little running on them, so you get very good performance. And because there is very little running on them, that immediately translates into greater stability as well. Because you aren't competing with all these other applications and services. And then the same goes for security.
The less there is running on any given system will immediately translate inherently into greater speed, greater stability, and greater security. Now as for management, it's often referred to as a headless system meaning that there's no local logon or Remote Desktop access. So management is performed using WMI and/or PowerShell. And for some final considerations again, because it is even further stripped down than something like Core.
There is certainly still no graphic user interface at all. There is only support for 64-bit applications. And it does not support management through Group Policy, System Center Configuration Manager, or System Center Data Protection Manager. Nor does it support virtual host bus adapters.
[Video description begins] Host bus adapters are abbreviated as HBAs. [Video description ends]
It cannot be used with a proxy server for Internet access. And it also cannot be configured as an Active Directory domain controller. And in fact, that's only a partial list. There are many other things that are not supported with Nano Server. But the general idea is that it's a very stripped down and very dedicated type of server. So when you have that need, they are very good candidates because they are so isolated from other systems. And they do have that inherent performance, stability and security.
App Compatibility Feature on Demand
In this video, we'll take a look at the app compatibility feature on demand. And this is something that can be added to Windows Server 2019 Core installations at any time. And I'm stressing that because in an earlier presentation, it was mentioned that when you install any version of Windows Server 2019, in either core or in the full desktop installation, then it is set for life and that is true. If you decide that it's going to be core then it's core forever.
But this feature on demand option can be installed anytime afterward. And the primary value of doing so is to actually increase the compatibility of Server Core for various other server based applications, or possibly for when you need to do more advanced troubleshooting and debugging. So the idea is that it introduces new features into a Server Core installation but it doesn't quite go so far as adding the entire desktop experience.
[Video description begins] Screen title: Operating System Components. [Video description ends]
So specifically what you get are the Microsoft Management Console, Performance Monitor, Resource Monitor, Device Manager, File Explorer, Disk Management, and Failover Cluster Manager applications. So these typically are not available on Server Core, but they certainly are on a full desktop installation. So if you will, this is a halfway point between core and the desktop installation, whereby you can now run these applications graphically, just like you can on a full graphic installation.
[Video description begins] Screen title: Installing App Compatibility FOD. [Video description ends]
Now you can install this as long as you have Internet connectivity on the Server Core system, simply from the Windows Update Service using PowerShell. Now it's a little bit of a strange syntax but the commandlet is Add Windows Capability with the parameter of Online rather than the parameter of Name. And the value there is ServerCore.AppCompatibility and then that tilde character is there four times, then 0.0.1.0.
I'm not really sure why the tilde character is there four times but that is the syntax. If the system does not have Internet connectivity, then you can download an ISO file either from the Volume Licensing Service Center where you got the source files from in the first place. Or optionally, you can obtain this from the Microsoft Evaluation Center or the Visual Studio portal.
So again, the idea is to just somewhat enhance the capability of a Server Core system so that it can generally run these administrative interfaces in a graphic type of environment. Typically as mentioned for troubleshooting and debugging purposes. But without this you can’t run them at all, at least not in any kind of graphic fashion. Recall that you can still use those tools on other systems to connect remotely to the Server Core and essentially obtain the same information, but this allows them to run locally.
Windows Defender Advanced Threat Protection
In this video, we'll overview several features of Windows Defender Advanced Threat Protection or ATP, which is not just a single application or service, but rather more of a platform that includes multiple technologies, designed to help your organization prevent, detect, and respond to advanced threats. It's also not just something that you install locally on each client system like a standalone or even a managed security application. It uses a combination of endpoint behavioral sensors that are built into Windows 10, which gather and process data locally but then it will send that data to an isolated cloud instance of ATP for advanced security analytics.
And the cloud instance leverages big data and machine learning algorithms to translate that data into valuable insights, including recommendations and responses to any detected threat. From that point the data is further analysed by Microsoft hunters, security teams, and even threat protection partners. To produce threat intelligence that not only can detect the threat itself, but the tools and techniques that were used by the attacker, so that future alerts can be generated when those patterns are found again, in the future.
Now, the threat and vulnerability aspect of ATP is designed to detect vulnerabilities and misconfigurations of your endpoint systems that could represent a possible avenue of attack. Real-time discovery uses the same agent list built in sensors to produce the overhead of network scans and also performs real time device inventories. And provides greater visibility into the software inventory of your organization, including any new installations, patches, or updates or uninstalls that may have taken place.
As well as the overall security stance of your organization with respect to all software configurations or perhaps more to the point, misconfigurations. Intelligence-driven prioritization helps your organization to focus on areas that pose the greatest vulnerability by aligning responses to the attacks that are most prevalent at the time. Highlighting any active breaches and ensuring the protection of your highest value assets and seamless remediation uses integration with Microsoft Intune and System Center Configuration Manager to deploy remediation tasks.
Including configuration changes that can help to address a threat before it happens again, as well as real time remediation status so that you can monitor the progress of your actions. Now oftentimes, addressing a threat is accomplished by reducing the chance that it can happen in the first place by reducing your attack surface, also known as hardening, which includes methods such as hardware-based isolation to protect and maintain the integrity of the system particularly while it boots. Application control, whereby applications must be trusted to run, network protection which involves extending your protection features to your network connectivity devices.
Controlled folder access, which is a feature of Windows Defender antivirus, reduces the chance of ransomware or other malware gaining access to your key system folders. Exploit protection uses a combination of system and program settings to help protect your operating system and applications from known exploits. And of course, a network firewall should be implemented to help prevent unauthorized traffic from accessing your network in the first place.
And Windows Defender Antivirus, of course, continues to play a key role in threat protection and delivers next generation protection through the combination of traditional security measures along with cloud-based intelligence to keep your system safe. Cloud-delivered protection ensures that you have near instant detection and blocking of new and emerging threats. Always on scanning or real time protection continually monitors your key files and processes. And dedicated protection updates continually provide protection and resistance to new threats through big data analysis and machine learning techniques to always stay on top of new and emerging threats.
ATP endpoint detection and response also provides a centralized security operations dashboard, which offers a high-level overview of active detections, and highlights where responses are needed. Including an incidents queue where threats that show some kind of commonality either in type, technique, or attacker are aggregated. An alerts queue that organizes alerts by machine, a machines list that aggregates the machines that have generated alerts over time to help search for specific events.
And a response actions list to display which actions are available and how to apply them to your machines or files. And due to the sheer number of systems that can be monitored by Defender ATP, it also implements automated investigation and even remediation when possible, to reduce the number of investigations that need to be addressed manually. It can take advantage of known processes such as playbooks that examine alerts as they happen. And then take immediate action to resolve the issue, which of course, can dramatically reduce the amount of time spent investigating alerts manually, particularly in very large organizations.
Threat analytics provides you with a dashboard to help stay on top of the latest threats and the number of active threats that have been resolved or remain unresolved. And it also highlights the threats that have had the highest impact on your organization in terms of the number of systems affected. And an overall threat summary that aggregates all threats that have generated alerts. Now, advanced hunting allows you to quite literally hunt for threats that you feel may be present using a powerful query language with IntelliSense.
To create advanced searches against telemetry data that is gathered and stored in tables and in some query results direct links to machine names or file names are returned. To allow for immediate access to anything that may be in question or concern. And it also provides you with several query examples to help get you started with using the query language. And finally, in terms of integration, Defender ATP is designed to integrate into many facets of your security solution. And offers many other components designed to complete your implementation including Advanced Threat Protection in Azure to provide protection of all your cloud-based services.
The Azure Security Center for a centralized configuration of endpoint detection and response capabilities for your Windows Servers. Azure Information Protection to classify and protect your most sensitive data. Conditional Access to ensure that only authorized devices can gain access. Cloud App Security which provides enhanced visibility into cloud app usage and the use of any unsupported apps or services.
Office 365 ATP to protect against email-based malware, unsafe attachments, or maybe phishing scams. And Skype for Business, which can allow security personnel to interact with a potentially compromised user or even a device through a simple button in the portal. So with all that it's clear that Defender ATP is more than just a single standalone application or service. And as always, there is still no such thing as 100% security, but with its implementation, you can at least be confident that your protection level is as high as possible.
Windows Defender ATP Exploit Guard
In this video we'll examine the Windows Defender Advanced Threat Protection Exploit Guard feature, which in and of itself, again is not really a singular application or service. But rather it is a collection of host intrusion prevention capabilities designed to lock down your devices against the variety of known attack vectors. And block the behaviors that are most commonly used in malware attacks. Now it's a collection of four main components beginning with Attack Surface Reduction, which again, is really just about hardening your systems so that you can prevent malicious files and block scripts from running in the first place.
You can block lateral movement attempts if certain files are accessed. Protect against ransomware and email-based threats simply by disabling features that aren't necessary. Or by enabling features designed to detect these types of threats. Network protection involves protecting your endpoint devices against web-based threats by using features such as Windows Defender SmartScreen, which blocks outbound processes to untrusted hosts or IP addresses.
And then controlled folder access is perhaps one of the most valuable tools in terms of protecting your sensitive data from ransomware. Because it blocks untrusted processes from accessing folders that are protected. So you can simply enable this feature for specific folders. Then you can state which processes are allowed to access that folder.
Anything other than specifically listed processes will not be able to gain access to the folder. So this dramatically helps to protect against ransomware. An exploit protection is a replacement for Microsoft's Enhanced Mitigation Experience Toolkit, which just offers a simplified configuration in terms of protecting your system and applications against known vulnerability exploits.
[Video description begins] Enhanced Mitigation Experience Toolkit is abbreviated as EMET. [Video description ends]
So that you can simply determine which applications are in any kind of state that might present a vulnerability so it can then be addressed. So again, it's the combination of these features and services that collectively make up Defender ATP Exploit Guard. But most of these are designed to stop something before it happens. They aren't really responses to something that has happened. So ideally, you certainly need responses configured as well. But really, this is a case where the solution is to try your best to ensure that the attack never happens in the first place.
Software Defined Networking
In this presentation, we'll take a look at Software Defined Networking, which allows you to abstract and virtualize your physical networking devices such as routers, switches, and gateways to create a much more dynamic networking environment.
[Video description begins] Software Defined Networking is abbreviated as SDN. [Video description ends]
Among the key features, it allows you to speed up the deployment of your workloads in a very non-disruptive manner, particularly to meet the ever changing needs of your applications. And you can contain security vulnerabilities if they are detected from spreading throughout your network a little more easily. You can define and control policies that govern both the physical and the virtual networks, and implement those policies in a much more consistent environment, because of course everything is software implemented.
Now, they also support features such as encrypted networks, whereby any kind of virtual network is simply enabled for encryption, and then all of the devices on that network use the encryption to prevent eavesdropping, tampering, and forgery. Firewall Auditing, which is a new capability for Software Defined Networking in Windows Server 2019, whereby all data that flows through the software defined firewall rules are processed and recorded, provided logging is enabled. And Virtual Network Peering, which for all intents and purposes allows you to connect Virtual network 1 and Virtual network 2, so that from a connectivity standpoint, they appear as a single network.
And all traffic between virtual machines on the peer network is routed through a backbone infrastructure through private IP addresses only, so there is no public Internet or gateway connectivity required. And finally, Egress Metering, which is also a new feature that offers usage meters for outbound data transfers, and your network controller can implement IP addresses that are whitelisted. And anything that falls outside of those approved IP address ranges can be blocked. Or perhaps it's just built if you have a situation where you pay by usage.
Shielded Virtual Machines
Now in this video, we'll take a look at using Shielded Virtual Machines, which is something that you might want to implement for any virtual machine that simply requires a little bit of extra protection. Now, once again, this is not a singular application or feature. Rather it uses a combination of technologies including Secure boot, Bitlocker, a Virtual Trusted Platform Module or TPM, and the Host Guardian Service to provide enhanced protection for any virtual machine. Now, it also offers some branch improvements in Windows Server 2019.
Because in some cases you might have, let's say, less than reliable Internet connectivity. So what you can do for the Host Guardian Service is to configure additional URLs as a fallback in case you cannot contact the primary URLs. And if you don't have connectivity at all, maybe even for just a short amount of time you can enable an offline mode. Whereby you can continue to start up your shielded virtual machines even if the Host Guardian Service can't be reached at all. As long as it has started at least one time successfully, and the configuration has not changed, then it will continue to start successfully in offline mode.
In terms of troubleshooting, this has been made easier by enabling support for what's known as VM Connect Enhanced Session Mode and PowerShell Direct. Now, these are useful if you've lost network connectivity to the virtual machine, but you need to update the configuration to restore access. Now, they do not need to be configured as long as the Shielded Virtual Machine is running on a Hyper-V host that is Windows Server Version 1803 or later. But again, the idea of course is that you've lost connectivity. So you can use enhanced session mode and PowerShell Direct locally on the Hyper-V host system to configure the virtual machine.
[Video description begins] Screen title: Linux. [Video description ends]
And finally, if you are in a mixed environment there is also support on Windows Server 19 for running Ubuntu, Red Hat Enterprise Server. And/or SUSE Linux Enterprise Server inside shielded virtual machines, for that enhanced security for your mixed environment as well.
HTTP/2
In our final presentation for this course, we'll introduce support for HTTP/2, in Windows Server 2019, which of course is just the successor to the original Hyper Text Transfer Protocol, which for a very long time has been providing a very fast, secure and rich experience when using any kind of web-based service. So HTTP/2 offers simplicity, performance and robustness, all within the protocol itself.
Meaning that in terms of upgrades, you don't have to do anything. You don't need any new equipment.You don't need to swap out any kind of hardware or introduce really anything new into your configuration, because all of these enhancements are simply built into the protocol. So those improvements include improved coalescing of connections to deliver an uninterrupted and much more securely encrypted browsing experience.
Upgrades to the server-side cipher suite negotiation for automatic mitigation of connection failures.And more throughput by changing the default TCP congestion provider. So again with these enhancements and without needing to do anything in your organization, you can hopefully achieve a much more secure and a much richer experience when using any kind of service that supports the HTTP/2 protocol.