Windows Server 2019 is the operating system that bridges on-premises environments with Azure, adding additional layers of security while helping you modernize your applications and infrastructure.
Hybrid capabilities with Azure
Extend your datacenter to Azure to maximize your investments and gain new hybrid capabilities.
Advanced multilayer security
Elevate your security posture by protecting the datacenter, starting with the operating system.
Faster innovation for applications
Enable the creation of cloud-native apps, and modernize traditional apps using containers and microservices.
Unprecedented hyperconverged infrastructure
Evolve your datacenter infrastructure to achieve greater efficiency and security.
This topic describes some of the new features in Windows Server 2019. Windows Server 2019 is built on the strong foundation of Windows Server 2016 and brings numerous innovations on four key themes: Hybrid Cloud, Security, Application Platform, and Hyper-Converged Infrastructure (HCI). To find out What's New in Windows Server, version 1809, see What's New in Windows Server, version 1809.
Because Windows Server 2019 is a Long-Term Servicing Channel (LTSC) release, it includes the Desktop Experience. (It's not included in Windows Server, version 1709, Windows Server, version 1803, or Windows Server, version 1809, because Semi-Annual Channel (SAC) releases don't include the Desktop Experience by design; they are strictly Server Core and Nano Server container image releases.) As with Windows Server 2016, during setup of the operating system you can choose between Server Core installations or Server with Desktop Experience installations.
System Insights is a new feature available in Windows Server 2019 that brings local predictive analytics capabilities natively to Windows Server. These predictive capabilities, each backed by a machine-learning model, locally analyze Windows Server system data, such as performance counters and events, providing insight into the functioning of your servers and helping you reduce the operational expenses associated with reactively managing issues in your Windows Server deployments.
The Server Core App Compatibility feature on demand (FOD) significantly improves the app compatibility of the Windows Server Core installation option by including a subset of binaries and components from Windows Server with the Desktop Experience, without adding the Windows Server Desktop Experience graphical environment itself. This is done to increase the functionality and compatibility of Server Core while keeping it as lean as possible.
This optional feature on demand is available on a separate ISO and can be added to Windows Server Core installations and images only, using DISM.
ATP's deep platform sensors and response actions expose memory and kernel level attacks and respond by suppressing malicious files and terminating malicious processes.
For more information about Windows Defender ATP, see Overview of Windows Defender ATP capabilities.
For more information on onboarding servers, see Onboard servers to Windows Defender ATP service.
Windows Defender ATP Exploit Guard is a new set of host-intrusion prevention capabilities. The four components of Windows Defender Exploit Guard are designed to lock down the device against a wide variety of attack vectors and block behaviors commonly used in malware attacks, while enabling you to balance security risk and productivity requirements.
Attack Surface Reduction(ASR) is set of controls that enterprises can enable to prevent malware from getting on the machine by blocking suspicious malicious files (for example, Office files), scripts, lateral movement, ransomware behavior, and email-based threats.
Network protection protects the endpoint against web-based threats by blocking any outbound process on the device to untrusted hosts/IP addresses through Windows Defender SmartScreen.
Controlled folder access protects sensitive data from ransomware by blocking untrusted processes from accessing your protected folders.
Exploit protection is a set of mitigations for vulnerability exploits (replacing EMET)that can be easily configured to protect your system and applications.
Windows Defender Application Control (also known as Code Integrity (CI) policy) was released in Windows Server 2016. Customer feedback has suggested that it is a great concept, but hard to deploy. To address this, we have built default CI policies, which allows all Windows in-box files and Microsoft applications, such as SQL Server, and block known executables that can bypass CI.
Security with SDN delivers many features to increase customer confidence in running workloads, either on-premises, or as a service provider in the cloud.
These security enhancements are integrated into the comprehensive SDN platform introduced in Windows Server 2016.
For a complete list of what’s new in SDN see, What’s New in SDN for Windows Server 2019.
Branch office improvements
You can now run shielded virtual machines on machines with intermittent connectivity to the Host Guardian Service by leveraging the new fallback HGS and offline mode features. Fallback HGS allows you to configure a second set of URLs for Hyper-V to try if it can't reach your primary HGS server.
Offline mode allows you to continue to start up your shielded VMs, even if HGS can't be reached, as long as the VM has started successfully once, and the host's security configuration has not changed.
We've also made it easier to troubleshoot your shielded virtual machines by enabling support for VMConnect Enhanced Session Mode and PowerShell Direct. These tools are particularly useful if you've lost network connectivity to your VM and need to update its configuration to restore access.
These features do not need to be configured, and they become available automatically when a shielded VM is placed on a Hyper-V host running Windows Server version 1803 or later.
If you run mixed-OS environments, Windows Server 2019 now supports running Ubuntu, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server inside shielded virtual machines.
Improved coalescing of connections to deliver an uninterrupted and properly encrypted browsing experience.
Upgraded HTTP/2’s server-side cipher suite negotiation for automatic mitigation of connection failures and ease of deployment.
Changed our default TCP congestion provider to Cubic to give you more throughput!
Here are some of the changes we've made to storage in Windows Server 2019. For details, see What's new in Storage.
Storage Migration Service is a new technology that makes it easier to migrate servers to a newer version of Windows Server. It provides a graphical tool that inventories data on servers, transfers the data and configuration to newer servers, and then optionally moves the identities of the old servers to the new servers so that apps and users don't have to change anything. For more info, see Storage Migration Service.
Here's a list of what's new in Storage Spaces Direct. For details, see What's new in Storage Spaces Direct.
Here's what's new in Storage Replica. For details, see What's new in Storage Replica.
Here's a list of what's new in Failover Clustering. For details, see What's new in Failover Clustering.
It is now possible to run Windows and Linux-based containers on the same container host, using the same docker daemon. This enables you to have a heterogenous container host environment while providing flexibility to application developers.
Windows Server 2019 continues the improvements to compute, networking and storage from the semi-annual channel releases needed to support Kubernetes on Windows. More details are available in upcoming Kubernetes releases.
Container Networking in Windows Server 2019 greatly improves usability of Kubernetes on Windows by enhancing platform networking resiliency and support of container networking plugins.
Deployed workloads on Kubernetes are able to use network security to protect both Linux and Windows services using embedded tooling.
Improved integrated identity
We've made integrated Windows authentication in containers easier and more reliable, addressing several limitations from prior versions of Windows Server.
Better application compatibility
Containerizing Windows-based applications just got easier: The app compatibility for the existing windowsservercore image has been increased. For applications with additional API dependencies, there is now a third base image: windows.
Reduced size and higher performance
The base container image download sizes, size on disk and startup times have been improved. This speeds up container workflows
Management experience using Windows Admin Center (preview)
We've made it easier than ever to see which containers are running on your computer and manage individual containers with a new extension for Windows Admin Center. Look for the "Containers" extension in the Windows Admin Center public feed.
Encrypted Networks - Virtual network encryption allows encryption of virtual network traffic between virtual machines that communicate with each other within subnets marked as Encryption Enabled. It also utilizes Datagram Transport Layer Security (DTLS) on the virtual subnet to encrypt packets. DTLS protects against eavesdropping, tampering, and forgery by anyone with access to the physical network.
Network performance improvements for virtual workloads maximizes the network throughput to virtual machines without requiring you to constantly tune or over-provision your host. This lowers the operations and maintenance cost while increasing the available density of your hosts. These new features are:
Receive Segment Coalescing in the vSwitch
Dynamic Virtual Machine Multi-Queue (d.VMMQ)
Low Extra Delay Background Transport (LEDBAT) is a latency optimized, network congestion control provider designed to automatically yield bandwidth to users and applications, while consuming the entire bandwidth available when the network is not in use.
This technology is intended for use in deploying large, critical updates across an IT environment without impacting customer facing services and associated bandwidth.
The Windows Time Service includes true UTC-compliant leap second support, a new time protocol called Precision Time Protocol, and end-to-end traceability.
High performance SDN gateways in Windows Server 2019 greatly improves the performance for IPsec and GRE connections, providing ultra-high-performance throughput with much less CPU utilization.
Now, with Windows Server 2019, it’s easy to deploy and manage through a new deployment UI and Windows Admin Center extension that enable anyone to harness the power of SDN.
To leverage the high throughput and low latency of persistent memory (a.k.a. storage class memory) in virtual machines, it can now be projected directly into VMs. This can help to drastically reduce database transaction latency or reduce recovery times for low latency in-memory databases on failure.
The following are estimated system requirements Windows Server 2019. If your computer has less than the "minimum" requirements, you will not be able to install this product correctly. Actual requirements will vary based on your system configuration and the applications and features you install.
Unless otherwise specified, these minimum system requirements apply to all installation options (Server Core, Server with Desktop Experience, and Nano Server) and both Standard and Datacenter editions.
The highly diverse scope of potential deployments makes it unrealistic to state "recommended" system requirements that would be generally applicable. Consult documentation for each of the server roles you intend to deploy for more details about the resource needs of particular server roles. For the best results, conduct test deployments to determine appropriate system requirements for your particular deployment scenarios.
Processor performance depends not only on the clock frequency of the processor, but also on the number of processor cores and the size of the processor cache. The following are the processor requirements for this product:
Coreinfo is a tool you can use to confirm which of these capabilities your CPU has.
The following are the estimated RAM requirements for this product:
If you create a virtual machine with the minimum supported hardware parameters (1 processor core and 512 MB RAM) and then attempt to install this release on the virtual machine, Setup will fail.
To avoid this, do one of the following:
Computers that run Windows Server 2019 must include a storage adapter that is compliant with the PCI Express architecture specification. Persistent storage devices on servers classified as hard disk drives must not be PATA. Windows Server 2019 does not allow ATA/PATA/IDE/EIDE for boot, page, or data drives.
The following are the estimated minimum disk space requirements for the system partition.
Minimum: 32 GB
Be aware that 32 GB should be considered an absolute minimum value for successful installation. This minimum should allow you to install Windows Server 2019 in Server Core mode, with the Web Services (IIS) server role. A server in Server Core mode is about 4 GB smaller than the same server in Server with a GUI mode.
The system partition will need extra space for any of the following circumstances:
Network adapters used with this release should include these features:
A network adapter that supports network debugging (KDNet) is useful, but not a minimum requirement.
A network adapter that supports the Pre-boot Execution Environment (PXE) is useful, but not a minimum requirement.
Computers running this release also must have the following:
The following items are not strictly required, but are necessary for certain features:
Trusted Platform Module
Graphics device and monitor capable of Super VGA (1024 x 768) or higher-resolution
Keyboard and Microsoft® mouse (or other compatible pointing device)
Internet access (fees may apply)
A Trusted Platform Module (TPM) chip is not strictly required to install this release, though it is necessary in order to use certain features such as BitLocker Drive Encryption. If your computer uses TPM, it must meet these requirements: