
Managing networks in Windows Server vNext
Virtually Switched
The Windows Server Network Controller enables centralized management, monitoring, and configuration of network devices on Windows Server. Network Controller is designed to offer the same functions for network devices that IP address management does for managing IP addresses – with the difference that Network Controller also can centrally manage devices from third-party manufacturers. You can also manage systems in the cloud.
In addition to hardware devices, you can also manage software-based network services with the Network Controller, which runs on both Windows Server vNext and Windows Server 2012 R2. Currently, it is not clear whether older versions are supported, too. The expectation is that all Network Controller functions will be available only through collaboration between Windows Server vNext and System Center vNext.
Managing Virtual and Physical Networks
Network Controller gives you the ability to manage physical network components and virtual networks centrally in Windows Server vNext and to operate them together. Automated configuration is the focus. Other features include options for accessing individual devices via PowerShell, if supported by the device manufacturer.
Network Controller provides two APIs through the interface function: an API that communicates with the end devices and an API that acts as an administrator for management tasks. Therefore, all devices are managed through only one interface on the network. You can manage the following devices:
- Hyper-V virtual machines and virtual switches
- Physical network switches
- Firewalls
- VPN gateways
- Routing and Remote Access Service (RRAS) multitenant gateways
- Load balancers
Network Controller also supports configuration and management of IP subnets, VLANs, Layer 2 and Layer 3 switches, and network adapters in hosts.
Automatically Distributing the Configuration
The southbound API is the interface between Network Controller and network devices, and it can automatically detect and connect network devices and their configurations. The API also transfers configuration changes to the devices. The northbound API is the interface between the administrator and Network Controller. Network Controller accepts your configuration settings via this API and displays the monitoring data. Additionally, the interface is used for troubleshooting network devices and for tasks such as connecting new devices.
The northbound API is a Representational State Transfer (REST) API. Connections are possible via a GUI, in the PowerShell, and of course, with system management tools such as System Center. The new version, System Center vNext, can be connected seamlessly to the Windows Server vNext Network Controller, which essentially means System Center Virtual Machine Manager vNext. Monitoring takes place with System Center Operations Manager vNext.
Managing Virtual Switches and Network Adapters
Network Controller allows you to create firewall rules for virtual machines on Hyper-V hosts. The controller also has access to the associated virtual switches. In this way, you can manage, monitor, and distribute firewall rules that concern a specific virtual machine or a workload on a VM, as well as various appliances. In addition to providing centralized management, Network Controller also manages logfiles and makes them available. From the logfiles, you will see which traffic is allowed or denied by a firewall rule.
Network Controller also takes over control of all virtual switches on all Hyper-V hosts on the network, and it creates new virtual switches. You can even manage virtual network cards in the individual VMs in this way. Network adapters in the Hyper-V VMs can be added and removed on the fly in Windows Server vNext. Network Controller also supports Network Virtualization Generic Routing Encapsulation (NVGRE) and Virtual Extensible Local Area Network (VXLAN) functions.
Managing Physical Cluster Servers
Network Controller's functionality is not restricted to VMs. Physical servers that are part of a Windows Server Gateway cluster can also be managed and configured so that you can link data centers and disconnect or connect the networks of various clients in hosted environments. You can also provision VMs on the network that are part of a Windows Server Gateway cluster – referred to as the RRAS Multitenant Gateway.
In addition to provisioning VMs, you can manage, monitor, and create VPNs and IPsec connections between networks, which lets you configure the system for remote management by an external administrator. Border Gateway Protocol (BGP) routing allows managing of network traffic from hosted VMs to a company's corporate network – including in hosted environments. Microsoft provides some instructions on how to create such gateways and networks [1]-[3].
Of course you can do more than just integrate servers with Windows Server vNext; you can also integrate servers running Windows Server 2012 R2 (Figures 1 and 2).


Cluster Migration between vNext and 2012 R2
With Windows Server vNext, you can add cluster nodes from the new version to clusters with Windows Server 2012 R2 without interrupting operations. Of course, this hugely facilitates migration tasks and collaboration with Network Controller. As with VMs, it is again the case that the new functions in Hyper-V are only available if you have upgraded all cluster nodes to vNext (as is the case for Windows Server vNext). To do this, you need to update the cluster configuration with Update-ClusterFunctionalLevel. Keep in mind, however, that you cannot undo this process.
If you are running a cluster with vNext and 2012 R2, you can easily move VMs between nodes. However, you should only manage the cluster from vNext servers. For the VMs in the cluster, you can also only configure the new version for VMs with Update-VmConfigurationVersion VM if you have upgraded the cluster to the new version. Only then will the cluster work optimally with Network Controller.
Thanks to the Cluster Cloud Witness function, you can also use Azure VMs as witness servers in vNext clusters, which is especially important for cross-data center clusters. You can also manage your Azure VMs and associated networks with Network Controller. If a cluster node ever has any difficulties, the nodes are isolated, and all resources from problematic nodes are migrated, courtesy of Cluster Compute Resiliency and Cluster Quarantine. Network Controller also detects faulty physical and virtual networks and can intervene accordingly.
Network Monitoring with Network Controller
Microsoft's focus in Network Controller is on network monitoring. You can also expect the new service to cooperate closely with Microsoft Message Analyzer, the successor to Microsoft Network Monitor. You can use Microsoft Message Analyzer to monitor latency and package losses, and Message Analyzer also includes a tool for troubleshooting. Network Controller detects problems regarding latency and package loss and also keeps you informed about where losses occur and which devices on the network are causing problems.
Network Controller collects SNMP data and identifies the status of connections, restarts, and individual devices. You have the option of grouping devices (e.g., switches at a certain data center).
Another monitoring feature is detecting network overload attributable to certain services, servers, or VMs. If a specific server rack, for example, loses the connection to the network or can only communicate to a limited extent, Network Controller marks all VMs that are on Hyper-V hosts in this rack, as well as the connected virtual switches, as faulty. The controller also identifies provides information about other problems. If you want more detailed monitoring, you can integrate Network Controller with System Center Operations Manager (SCOM) vNext.
Actively Managing Network Traffic
Network Controller lets you view, manage, and redirect network traffic. If certain VM appliances are used on the network for security purposes (e.g., as antivirus, firewall, intrusion, or detection VMs), you can create rules in Network Controller that automatically redirect network traffic to the appropriate appliances.
This capability is important both in terms of security and for interaction with load balancers. Network Controller detects servers with identical workloads and their load balancers. The server role can actively intervene and direct network traffic to the right places. This translates to benefits for high availability and scalability in the enterprise. (See also the "Virtualizing Network Controller" box.)
Network Controller and PowerShell 5.0
Together with Network Controller, the new PowerShell 5.0 is finding its way into Windows Server vNext and Windows 10, providing options that interact with Network Controller for managing the network, as well as for independent use. The Data Center Abstraction Layer (DAL) is the interface in PowerShell. DAL allows data centers and compatible network components to be managed remotely through PowerShell and with compatible tools that provide a graphical interface for scripts. Microsoft maintains a list of certified compatible network components. Certified manufacturers include Cisco and Huawei. Other manufacturers are expected to appear after the release of Windows Server vNext. Network Controller on Windows Server vNext will also be accessible through PowerShell, in parallel with the cmdlets that are already available for the service.
If you use compatible devices, they can be managed through PowerShell, either with or without Network Controller. Microsoft goes into more detail about the functions and options of compatible devices [4] and provides examples of script management for compatible devices [5].
Network Administration with SCVMM
Network Controller collaborates particularly closely with Hyper-V hosts and VMs that are managed with System Center Virtual Machine Manager (SCVMM) vNext. Anyone with access to a Microsoft Developer Network subscription can download the technical preview for System Center vNext [6]. Microsoft also provides virtual disks with SCVMM vNext [7]. Keep in mind that you can only install the new SCVMM version on servers with Windows 10 Server; you will need SQL Server 2014 as a database server. SCVMM vNext can centrally manage the updates for all connected Hyper-V hosts. You will need to provide Windows Server Update Services on the network.
You can create logical switches in SCVMM vNext and assign these switches to servers with Windows Server vNext. You can also use profiles and classifications. However, only the bandwidth settings play a role in the pre-release version. As soon as more test versions are available, it should be possible to manage and monitor them using, Network Controller.
Virtual network adapter configuration is now improved in SCVMM vNext. Later, this should also work with the Network Controller service. You can now, for example, make multiple virtual network adapters available when deploying virtual servers. Network adapters can also be renamed in the templates for virtual servers. This works in a similar way to Consistent Device Naming (CDN) for physical network adapters. To do this, you need to have created the virtual server as a generation 2 VM and have installed it with Windows Server vNext.
To create network configurations for VMs and manage them centrally, you can use logical networks, MAC address pools, VM networks, and IP address pools in SCVMM vNext. Network Controller also plays an important role, because it can take over the management and monitoring (Figure 3).

Conclusions
Network Controller on Windows Server vNext promises to become a powerful service for centralized management of networks. However, Network Controller only makes sense if you put the network entirely on Windows Server vNext. Setting up and connecting the devices will not be a simple task, and it is not currently clear whether the system will support VMware in the long term.
