Windows Server 2016

What is the Windows Server Network Controller?

Another day, another element of Microsoft Azure makes it way to Windows Server. The latest introduction into Windows Server 2016 is the Windows Server Network Controller, a feature of the next generation Microsoft cloud that will manage networks in a large Hyper-V deployment.

What is Windows Server Network Controller?

Network controller is a concept from the Azure fabric; it is a centrally located and programmable point of automation and orchestration for deploying, managing, configuring, and troubleshooting both the physical and virtual networks of a private r hosted cloud deployment.

Managing physical and virtual networks with a network controller (Image Credit: Microsoft)
Managing physical and virtual networks with a network controller (Image Credit: Microsoft)

Network Controller serves as a critical element of any cloud, so it’s been designed to be scalable and fault tolerant. There are two APIs, referred to as Northbound and Southbound:

  • Southbound API: This is used by Network Controller to communicate with network devices, services, and other elements of the cloud.
  • Northbound API: This is the API that’s used to manage the network via Network Controller. You can use PowerShell, REST API, or a management solution. It appears that System Center 2016 Virtual Machine Manager (SCVMM 2016) and System Center 2016 Operations Manager (SCOM 2016) will be the graphical UI for Network Controller.

What can be managed using Network Controller?

You can manage the following pieces of physical and virtual networks in a cloud:

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

  • Hyper-V virtual machine connections (the ports in a virtual switch)
  • Virtual switches
  • Physical network routers
  • Firewall software
  • VPN gateways, including RRAS
  • Load balancers

Windows Server Network Controller Features and Benefits

Let’s talk about some real tangible features and benefits that Network Controller will offer:

Fabric Management

The Network Controller offers you a single point of management for all physical and virtual networks in the cloud. You can configure IP subnets, VLANs, Layer 2 and Layer 3 switches, and the physical NICs of your Hyper-V hosts.

Distributed Firewall

Windows Server 2012 R2 allows you to deploy Port ACLs to implement 5-tuple firewall rules that are implemented by the virtual switch, but Port ACLs is not a centrally managed solution. The distributed firewall functionality of Network Controller is centrally managed, and it allows you to control both east-west and north-south traffic. Using the Northbound API, you can also manage edge firewall rules.

In other words, you can control:

  • Traffic to/from the Internet to/from virtual machines
  • Traffic between virtual machines
  • Traffic between virtual machines and the compute cluster and the fabric of the cloud

Network Topology and Discovery Management

You can automatically discover elements of the data center network and uncover how physical and virtual devices are interconnected and dependent upon each other. This information is used for network monitoring.

Network Monitoring

You can monitor physical and virtual networks using Network Controller. There are two kinds of monitoring:

  • Active network data: This includes performance metrics, such as network loss and latency. A set of algorithms is used to determine important paths of data, and the nature of that data. If errors are detected, problems can be localized to identify devices that are causing outages or performance degradation.
  • Element data: This is the more traditional method of polling devices using SNMP. For example, link state data restarts and routing information is retrieved using industry standard MIBs.

A useful feature of network monitoring is impact analysis. Any issues in the physical network can be associated with virtual networks, thus the impact on tenants can be quickly determined. Network monitoring will integrate with SCOM, where historical data can be recorded and rolled up health can be displayed to operators.

Service Chaining Management

We can see in Azure how the role of virtual appliances is growing. This should be expected in Azure-consistent clouds that are deployed on-premises by hosting companies. Network Controller allows you to create rules that force traffic to be redirected by virtual network appliances, where that traffic might be inspected, audited, filtered, and so on.

Software Load Balancer Management

A software load balancer for scalable and fault tolerant services will be available in Windows Server 2016, where Network Controller will manage this functionality.

Network Virtualization Management

Network Controller will manage the deployment of virtual networks (VNETs), supporting both NVGRE (as used by WS2012 and WS2012 R2 Hyper-V Network Virtualization) and VXLAN (a creation of VMware, Arista Networks and Cisco that has other industry backers).

Windows Server Gateway Management

You can deploy, manage and reconfigure Hyper-V hosts and virtual machines that are used as a gateway cluster, bridging the gap between network virtualization, the physical network, and the Internet. The gateway connects a tenant in a VNET with the rest of the world. Functionality includes:

  • Adding and removing gateway VMs on a dedicated Hyper-V cluster
  • Site-to-site VPN connectivity using IPsec or GRE
  • Point-to-site VPN connections for tenant administrators
  • Layer 3 forwarding
  • BGP routing between tenant VNETs and remote locations

Final Thoughts on Network Controller

There’s little in the way of documentation on Network Controller, but what little there is indicates that Microsoft’s private and hosted cloud offering is maturing, drawing on Microsoft’s experience with Azure.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: