As you may recall, I wrote an article not too long ago right here on BrianMadden.com that basically showed my appreciation and overall love for the new Nano Server operating system offering that came with Windows Server 2016. Then, a little over a month ago, Microsoft came out publicly with the decision to move their Nano Server offering to be a “Containers-Only” platform, rather than what was originally offered—a stripped-down, limited servicing, small, and compact Windows Server operating system. For me, this was a depressing turn of events for my much-beloved awesome OS. So, let’s talk about it.
A few weeks before the public announcement, the product managers announced the change to the NDA community. It was really big news to those folks, as evidenced by the numerous replies and side discussions that resulted and even poured over into general discussion areas and user groups. I, along with many others, was not only not happy about this decision, but was also very confused by it.
For about a year before Nano’s release in the Tech Preview builds of Server 2016, it was completely embraced by Microsoft as the ultimate small-footprint and low-patch version of their kernel. Jeffrey Snover even remarked that it would be “the future of the Windows Server OS.” (Dude, were you wrong.)
Not only was it great for running Hyper-V and containers, it was every InfoSec person’s dream of the closest thing to a nirvana Windows OS. I mean, what security person likes Windows, really? Monthly Patch Tuesdays aren’t exactly a holiday for them. So, bring in Nano, with its “two to three patch cycles per year” and its incredibly small 200MB base footprint, as well as limited access and management capabilities. That was like giving someone a winning lottery ticket. But then, after listening to “valued key customer feedback”, Microsoft eventually changing their mind, and it came off as ‘Sorry, we were just kidding. Give it back.’ Argh.
So, where is Microsoft going with all this? Well, it’s all about containers for them now with Nano, or so it seems at the moment. You can now only download Nano as a container, meaning you cannot run it from bare-metal. I do understand the need for a minimal OS footprint for this revived interest in a popular technology, and it is very efficient code to run containers, but it begs the question—why are they limiting it to just containers? It is, in fact, trimmed down even more than the original, with the development pulling out PowerShell, WMI, and other core services (although you can add them back).
One other thing that needs mentioning is that there is no servicing model for Nano Server, which basically means you can’t apply updates to bring it up to the next release level. Instead, you must pull (download) a new container image and re-deploy when Microsoft recreates the image in one of their twice per year updates. Hopefully, my inclination that this process will create more work and probably more headaches for administrators will be proven wrong.
It does look like we will get the complete story when the “Ignite” release (perhaps 1709 or RedStone3?) becomes reality in the next few weeks, but I have to say that I am still skeptical, and I’m perplexed that they took this gem away from us. As we move forward, it appears we’re going back in time to before Nano, to a point where the default line from Microsoft is that the smallest, most scalable, and most secure Server edition you can deploy is again Server Core. And, as my inner Lebowski says, “That’s just a bummer, dude.”