Windows Server 版本 1709 的新功能What's New in Windows Server version 1709

適用於:Windows Server (半年度管道)Applies To: Windows Server (Semi-Annual Channel)

Icon showing a newspaper本節內容說明 Windows Server 版本 1709 的新功能和變更。The content in this section describes what's new and changed in Windows Server, version 1709. 此處所列的新功能和變更是您使用這個版本時最可能帶來最大影響的新功能和變更。The new features and changes listed here are the ones most likely to have the greatest impact as you work with this release. 另請參閱 Windows Server 版本 1709Also see Windows Server, version 1709.


新的發行頻率New cadence of releases

從這個版本開始,您有兩個接收 Windows Server 功能更新的選項:Starting with this release, you have two options for receiving Windows Server feature updates:

  • 長期維護管道 (LTSC):這是像往常提供 5 年主流支援和 5 年延伸支援一樣的業務。Long-Term Servicing Channel (LTSC): This is business as usual with 5 years of mainstream support and 5 years of extended support. 您可以選擇升級至下一輪每隔 2-3 年發行一次的 LTSC 版本,使用過去 20 年同樣的支援方式。You have the option to upgrade to the next LTSC release every 2-3 years in the same way that has been supported for the last 20 years.
  • 半年度管道 (SAC):這是「軟體保證」權益,在生產環境中享有完整支援。Semi-Annual Channel (SAC): This is a Software Assurance benefit and is fully supported in production. 不同之處在於,提供 18 個月的支援,並且每 6 個月會有新的版本。The difference is that it is supported for 18 months and there will be a new version every six months.

下表提供發行管道的摘要說明。Release channels are summarized in the following table.

半年度管道Semi-Annual Channel 長期維護管道Long Term Servicing Channel
發行頻率Release cadence 一年兩次 (春季和秋季)Twice a year (spring and fall) 每隔 2-3 年一次Every 2-3 years
支援排程Support schedule 18 個月主流生產環境支援18 months mainstream production support 5 年主流支援 + 5 年延伸支援5 years mainstream support + 5 years extended support
可用性Availability 軟體保證或 Azure (雲端託管)Software Assurance or Azure (cloud hosted) 所有管道All channels
命名慣例Naming convention Windows Server 版本 YYMMWindows Server, version YYMM Windows Server YYYYWindows Server YYYY

如需詳細資訊,請參閱 Windows Server 半年度管道概觀For more information, see Windows Server Semi-annual Channel Overview.

應用程式容器和微服務Application containers and micro-services

  • Server Core 容器映像已進一步針對隨即轉移案例最佳化,您可以在進行最少變更的情況下將現有程式碼基底或應用程式移轉到容器中,而且大小還會縮小 60%。The Server Core container image has been further optimized for lift-and-shift scenarios where you can migrate existing code bases or applications into containers with minimal changes, and it’s also 60% smaller.
  • Nano Server 容器映像將近縮小 80%。The Nano Server container image is nearly 80% smaller.
    • 在 Windows Server 半年度管道中,做為容器基底 OS 映像的 Nano Server 已從 390 MB 減少到 80 MB。In the Windows Server Semi-Annual Channel, Nano Server as a container base OS image is decreased from 390 MB to 80 MB.
  • 使用 Hyper-V 隔離的 Linux 容器Linux containers with Hyper-V isolation

如需詳細資訊,請參閱Nano Server 在 Windows Server 下一個發行版本中的變更適用於開發人員的 Windows Server 版本 1709For more information, see Changes to Nano Server in the next release of Windows Server and Windows Server, version 1709 for developers.

現代化管理Modern management

請查看 Project Honolulu,以了解可協助 IT 系統管理員管理核心疑難排解、設定及維護案例的簡化整合式安全體驗。Check out Project Honolulu for a simplified, integrated, secure experience to help IT administrators manage core troubleshooting, configuration, and maintenance scenarios. Project Honolulu 包含提供簡化整合式安全可延伸介面的新一代工具。Project Honolulu includes next generation tooling with a simplified, integrated, secure, and extensible interface. Project Honolulu 包含直覺式全新管理體驗,適用於管理電腦、Windows 伺服器、容錯移轉叢集,以及以儲存空間直接存取為基礎的超交集基礎結構,並且降低營運成本。Project Honolulu includes an intuitive all-new management experience for managing PCs, Windows servers, Failover Clusters, as well as hyper-converged infrastructure based on Storage Spaces Direct, reducing operational costs.

運算Compute

Nano 容器和 Server Core 容器:首先,這個版本的主要重點在引領應用程式創新。Nano Container and Server Core Container: First and foremost, this release is about driving application innovation. Nano Server 或 Nano as Host 已被取代並更換成 Nano 容器,這是以容器映像方式執行的 Nano。Nano Server, or Nano as Host is deprecated and replaced by Nano Container, which is Nano running as a container image.

如需容器的詳細資訊,請參閱容器網路功能概觀For more information about containers, see Container Networking Overview.

以 Server Core 做為容器 (與基礎結構) 主機,可依據現代化程序為現有應用程式提供更好的彈性、密度和效能,並且為已經使用雲端模型開發的新應用程式建立品牌。Server Core as a container (and infrastructure) host, provides better flexibility, density and performance for existing applications under a modernization process and brands new apps developed already using the cloud model.

VM 負載平衡也透過作業系統及應用程式感知獲得改善,確保最佳負載平衡與應用程式效能。VM Load Balancing is also improved with OS and Application awareness, ensuring optimal load balancing and application performance. 對 VM 的存放裝置類別記憶體支援可讓 NTFS 格式的直接存取磁碟區建立在非揮發性 DIMM 上並公開給 Hyper-V VM。Storage-class memory support for VMs enables NTFS-formatted direct access volumes to be created on non-volatile DIMMs and exposed to Hyper-V VMs. 這樣就能讓 Hyper-V VMs 運用存放裝置類別記憶體裝置的低延遲效能優勢。This enables Hyper-V VMs to leverage the low-latency performance benefits of storage-class memory devices.

對 VM 的存放裝置類別記憶體支援可讓 NTFS 格式的直接存取磁碟區建立在非揮發性 DIMM 上並公開給 Hyper-V VM。Storage-class memory support for VMs enables NTFS-formatted direct access volumes to be created on non-volatile DIMMs and exposed to Hyper-V VMs. 這樣就能讓 Hyper-V VMs 運用存放裝置類別記憶體裝置的低延遲效能優勢。This enables Hyper-V VMs to leverage the low-latency performance benefits of storage-class memory devices. 虛擬化持續性記憶體 (vPMEM) 的啟用方式為,在主機的直接存取磁碟區上建立 VHD 檔案 (.vhdpmem)、將 vPMEM 控制器新增至 VM,然後將建立的裝置 (.vhdpmem) 新增至 VM。Virtualized Persistent Memory (vPMEM) is enabled by creating a VHD file (.vhdpmem) on a direct access volume on a host, adding a vPMEM Controller to a VM, and adding the created device (.vhdpmem) to a VM. 在主機上使用直接存取磁碟區的 vhdpmem 檔案來支援 vPMEM,可啟用配置彈性,並運用熟悉的管理模型,將磁碟新增至 VM。Using vhdpmem files on direct access volumes on a host to back vPMEM enables allocation flexibility and leverages a familiar management model for adding disks to VMs.

虛擬化持續性記憶體 (vPMEM) 的啟用方式為,在主機的直接存取磁碟區上建立 VHD 檔案 (.vhdpmem)、將 vPMEM 控制器新增至 VM,然後將建立的裝置 (.vhdpmem) 新增至 VM。Virtualized Persistent Memory (vPMEM) is enabled by creating a VHD file (.vhdpmem) on a direct access volume on a host, adding a vPMEM Controller to a VM, and adding the created device (.vhdpmem) to a VM. 在主機上使用直接存取磁碟區的 vhdpmem 檔案來支援 vPMEM,可啟用配置彈性,並運用熟悉的管理模型,將磁碟新增至 VM。Using vhdpmem files on direct access volumes on a host to back vPMEM enables allocation flexibility and leverages a familiar management model for adding disks to VMs.

容器儲存空間 – 叢集共用磁碟區 (CSV) 上的持續性資料磁碟區Container storage – persistent data volumes on cluster shared volumes (CSV). 在 Windows Server 版本 1709,以及包含最新更新的 Windows Server 2016 中,我們已新增對容器的支援,以便存取位於 CSV (包括儲存空間直接存取上的 CSV) 的持續性資料磁碟區In Windows Server, version 1709 as well as Windows Server 2016 with the latest updates, we’ve added support for containers to access persistent data volumes located on CSVs, including CSVs on Storage Spaces Direct. 如此一來,不論容器執行個體正在哪一個叢集節點上執行,都能讓應用程式容器持續存取磁碟區。This gives the application container persistent access to the volume no matter which cluster node the container instance is running on. 如需詳細資訊,請參閱叢集共用磁碟區 (CSV)、儲存空間直接存取 (S2D)、SMB 全域對應的相關容器儲存空間支援For more info, see Container Storage Support with Cluster Shared Volumes (CSV), Storage Spaces Direct (S2D), SMB Global Mapping.

容器儲存空間 – SMB 全域對應的持續性資料磁碟區Container storage – persistent data volumes with SMB global mapping. 在 Windows Server 版本 1709,我們已新增對應 SMB 檔案共用至容器內部磁碟機代號的支援,這就稱為 SMB 全域對應。In Windows Server, version 1709 we’ve added support for mapping an SMB file share to a drive letter inside a container – this is called SMB global mapping. 這個對應的磁碟機接著便可供本機伺服器上的所有使用者存取,使資料磁碟區上的容器 I/O 可以透過掛接磁碟機到達基礎檔案共用。This mapped drive is then accessible to all users on the local server so that container I/O on the data volume can go through the mounted drive to the underlying file share. 如需詳細資訊,請參閱叢集共用磁碟區 (CSV)、儲存空間直接存取 (S2D)、SMB 全域對應的相關容器儲存空間支援For more info, see Container Storage Support with Cluster Shared Volumes (CSV), Storage Spaces Direct (S2D), SMB Global Mapping.

安全性和保證Security and Assurance

Windows 安全性基準已針對 Windows Server 及 Windows 10 進行更新。Windows security baselines have been updated for Windows Server and Windows 10. 安全性基準是 Microsoft 建議的設定群組,說明其安全性影響。A security baseline is a group of Microsoft-recommended configuration settings and explains their security impact. 如需詳細資訊並下載原則分析程式工具,請參閱 Microsoft Security Compliance Toolkit 1.0For more information, and to download the Policy Analyzer tool, see Microsoft Security Compliance Toolkit 1.0.

網路加密可讓您快速加密軟體定義網路基礎結構上的網路區段,以符合安全性與合規性需求。Network encryption enables you to quickly encrypt network segments on software-defined networking infrastructure to meet security and compliance needs.

做為受防護 VM 的主機守護者服務 (HGS) 已啟用。Host Guardian Service (HGS) as a shielded VM is enabled. 在此版本之前,建議的是部署 3 節點實體叢集。Prior to this release, the recommendation was to deploy a 3-node physical cluster. 雖然這樣可確保 HGS 環境不會遭到系統管理員盜用,但是成本高到令人卻步。While this ensures the HGS environment is not compromised by an administrator, it was often cost prohibitive.

現在支援做為受防護 VM 的 LinuxLinux as a shielded VM is now supported.

如需詳細資訊,請參閱受防護網狀架構與受防護的 VM 概觀For more information, see Guarded fabric and shielded VMs overview.

儲存空間Storage

儲存體複本:儲存體複本在 Windows Server 2016 中新增的災害復原保護現已擴充到包含:Storage Replica: The disaster recovery protection added by Storage Replica in Windows Server 2016 is now expanded to include:

  • 測試容錯移轉:掛接目的地存放裝置的選項現在可以透過測試容錯移轉功能來使用。Test failover: the option to mount the destination storage is now possible through the test failover feature. 您可以在目的地節點上暫時掛接已複寫存放裝置的快照集以作測試或備份之用。You can mount a snapshot of the replicated storage on destination nodes temporarily for testing or backup purposes. 如需詳細資訊,請參閱儲存體複本的常見問題集For more information, see Frequently Asked Questions about Storage Replica.
  • Project Honolulu 支援:Project Honolulu 現已提供伺服器對伺服器複寫的圖形化管理支援。Project Honolulu support: Support for graphical management of server to server replication is now available in Project Honolulu. 這樣就不再需要使用 PowerShell 來管理常見的嚴重損壞狀況保護工作負載。This removes the requirement to use PowerShell to manage a common disaster protection workload.

SMBSMB:

  • SMB1 與客體驗證移除:Windows Server 版本 1709 不再預設安裝 SMB1 用戶端及伺服器。SMB1 and guest authentication removal: Windows Server, version 1709 no longer installs the SMB1 client and server by default. 此外,在 SMB2 和更新版本中以客體身分驗證的功能也預設為關閉。Additionally, the ability to authenticate as a guest in SMB2 and later is off by default. 如需詳細資訊,請檢閱 在 Windows 10 版本 1709 及 Windows Server 版本 1709 中,預設不安裝 SMBv1For more information, review SMBv1 is not installed by default in Windows 10, version 1709 and Windows Server, version 1709.

  • SMB2/SMB3 安全性與相容性:已新增安全性及應用程式相容性的額外選項,包括可在 SMB2+ 中停用舊版應用程式 Oplocks 的功能,以及向用戶端要求對每一連線的簽署或加密。SMB2/SMB3 security and compatibility: Additional options for security and application compatibility were added, including the ability to disable oplocks in SMB2+ for legacy applications, as well as require signing or encryption on per-connection basis from a client. 如需詳細資訊,請檢閱 SMBShare PowerShell 模組說明。For more information, review the SMBShare PowerShell module help.

重複資料刪除Data Deduplication:

  • 重複資料刪除現在支援 ReFS:再也不必權衡新式檔案系統在 ReFS 和重複資料刪除方面的優勢,從兩者之間做出選擇:您現在只要可以啟用 ReFS,也就可以啟用重複資料刪除。Data Deduplication now supports ReFS: You no longer must choose between the advantages of a modern file system with ReFS and the Data Deduplication: now, you can enable Data Deduplication wherever you can enable ReFS. 透過 ReFS 提升儲存效率,增加 95% 以上。Increase storage efficiency by upwards of 95% with ReFS.
  • 適用於重複資料刪除磁碟區最佳化輸入/輸出的 DataPort API:開發人員現在可以利用重複資料刪除功能關於有效率儲存資料方面的優勢,在磁碟區、伺服器和叢集之間有效率地移動資料。DataPort API for optimized ingress/egress to deduplicated volumes: Developers can now take advantage of the knowledge Data Deduplication has about how to store data efficiently to move data between volumes, servers, and clusters efficiently.

遠端桌面服務 (RDS)Remote Desktop Services (RDS)

RDS 已與 Azure AD 整合,因此客戶可以搭配其他使用 Azure AD 的 SaaS 應用程式運用條件式存取原則、多重要素驗證、整合式驗證,以及更多其他功能。RDS is integrated with Azure AD, so customers can leverage Conditional Access policies, Multifactor Authentication, Integrated authentication with other SaaS Apps using Azure AD, and many more. 如需詳細資訊,請參閱將 Azure AD 網域服務與 RDS 部署整合For more information, see Integrate Azure AD Domain Services with your RDS deployment.

提示

若要一窺 RDS 即將推出的其他精彩變更,請參閱遠端桌面服務:更新與即將推出創新功能For a sneak peek at other exciting changes coming to RDS, see Remote Desktop Services: Updates & upcoming innovations

網路功能Networking

支援 Docker 的路由網格Docker's Routing Mesh is supported. 輸入路由網格屬於群集模式的一部分,Docker 內建的容器協調流程解決方案。Ingress routing mesh is part of swarm mode, Docker’s built-in orchestration solution for containers. 如需詳細資訊,請參閱 Windows Server 版本 1709 隨附的 Docker 路由網格For more information, see Docker's routing mesh available with Windows Server version 1709.

提供適用於 Docker 的新功能New features for Docker are available. 如需詳細資訊,請參閱 Windows Server 1709 提供適用於 Docker 的新功能For more information, see Exciting new things for Docker with Windows Server 1709.

與 Linux 同等適用於 Kubernetes 的 Windows 網路功能:Windows 目前在網路功能上絲毫不遜色於 Linux。Windows Networking at Parity with Linux for Kubernetes: Windows is now on par with Linux in terms of networking. 客戶可以在任何環境 (包括 Azure、內部部署) 中,以及在使用與 Linux 所支援相同網路基本項目和拓撲的協力廠商雲端堆疊上,部署混合作業系統 Kubernetes 叢集,而不需要任何工作負載或交換器擴充功能。Customers can deploy mixed-OS, Kubernetes clusters in any environment including Azure, on-premises, and on 3rd-party cloud stacks with the same network primitives and topologies supported on Linux without the need for any workarounds or switch extensions.

核心網路堆疊:核心網路堆疊的幾個功能已獲改善。Core network stack: Several features of the core network stack are improved. 如需這些功能的詳細資訊,請參閱 Windows 10 Creators Update 中的核心網路堆疊功能For more information about these features, see Core Network Stack Features in the Creators Update for Windows 10.

  • TCP 快速開啟 (TFO):已新增 TFO 支援來最佳化 TCP 三向交握程序。TCP Fast Open (TFO): Support for TFO has been added to optimize the TCP 3-way handshake process. TFO 使用標準三向交握在第一次連線上建立安全 TFO Cookie。TFO establishes a secure TFO cookie in the first connection using a standard 3-way handshake. 與相同伺服器的後續連線會使用 TFO Cookie 而不使用三向交握,以便在沒有耗費來回行程時間的情況下進行連線。Subsequent connections to the same server use the TFO cookie instead of a 3-way handshake to connect with zero round trip time.
  • CUBIC:CUBIC (TCP 壅塞控制演算法) 的實驗性 Windows 原生實作可供使用。CUBIC: Experimental Windows native implementation of CUBIC, a TCP congestion control algorithm is available. 下列命令會分別啟用或停用 CUBIC。The following commands enable or disable CUBIC, respectively.

    netsh int tcp set supplemental template=internet congestionprovider=cubic
    netsh int tcp set supplemental template=internet congestionprovider=compound
    
  • 接收窗口自動調整:TCP 自動調整邏輯會計算 TCP 連線的「receive window」參數。Receive Window Autotuning: TCP autotuning logic computes the “receive window” parameter of a TCP connection. 高速和/或長時間延遲連線需要這個演算法來達到良好的效能特性。High speed and/or long delay connections need this algorithm to achieve good performance characteristics. 在此版本中,演算法已修改為使用步階函數來收斂到指定之連線的最大接收窗口值。In this release, the algorithm is modified to use a step function to converge on the maximum receive window value for a given connection.

  • TCP 統計 API:已導入新的 API,稱為 SIO_TCP_INFO。TCP stats API: A new API is introduced called SIO_TCP_INFO. SIO_TCP_INFO 可讓開發人員使用通訊端選項來查詢有關個別 TCP 連線的豐富資訊。SIO_TCP_INFO allows developers to query rich information on individual TCP connections using a socket option.
  • IPv6:此版本中的 IPv6 有多項改進功能。IPv6: There are multiple improvements in IPv6 in this release.

    • RFC 6106 支援:RFC 6106 允許透過路由器通告 (RA) 進行 DNS 設定。RFC 6106 support: RFC 6106 which allows for DNS configuration through router advertisements (RAs). 您可以使用下列命令來啟用或停用 RFC 6106 支援:You can use the following command to enable or disable RFC 6106 support:

      netsh int ipv6 set interface <ifindex> rabaseddnsconfig=<enabled | disabled>
      
    • 流程標籤:從 Creators Update 開始,透過 IPv6 的輸出 TCP 及 UDP 封包會將此欄位設定為 5-Tuple (Src IP、Dst IP、Src Port、Dst Port) 的雜湊。Flow Labels: Beginning with the Creators Update, outbound TCP and UDP packets over IPv6 have this field set to a hash of the 5-tuple (Src IP, Dst IP, Src Port, Dst Port). 這會讓僅採用 IPv6 的資料中心更有效率地進行負載平衡或流程分類。This will make IPv6 only datacenters doing load balancing or flow classification more efficient. 若要啟用 flowlabels:To enable flowlabels:

      netsh int ipv6 set flowlabel=[disabled|enabled] (enabled by default)
      netsh int ipv6 set global flowlabel=<enabled | disabled>
      
    • ISATAP 和 6to4:Creators Update 預設會停用這些技術,做為邁向未來取代的一步。ISATAP and 6to4: As a step towards future deprecation, the Creators Update will have these technologies disabled by default.

  • 失效閘道偵測 (Dead Gateway Detection,DGD):當目前閘道無法連線時,DGD 演算法會自動將連線轉換到另一個閘道。Dead Gateway Detection (DGD): The DGD algorithm automatically transitions connections over to another gateway when the current gateway is unreachable. 在此版本中,已將演算法改善為定期重新探查網路環境。In this release, the algorithm is improved to periodically re-probe the network environment.
  • Test-NetConnection 是 Windows PowerShell 中執行各種網路診斷的內建 Cmdlet。Test-NetConnection is a built-in cmdlet in Windows PowerShell that performs a variety of network diagnostics. 在此版本中,我們增強此 Cmdlet,以提供有關路由選取及來源位址選取的詳細資訊。In this release we have enhanced the cmdlet to provide detailed information about both route selection as well as source address selection.

軟體定義的網路功能Software Defined Networking

  • 虛擬網路加密是新的功能,可讓虛擬網路流量在彼此於標示為「加密已啟用」的子網路內通訊的虛擬機器之間進行加密。Virtual Network Encryption is a new feature that provides the ability for the virtual network traffic to be encrypted between Virtual Machines that communicate with each other within subnets that are marked as "Encryption Enabled". 這項功能利用虛擬子網路上的資料包傳輸層安全性 (DTLS) 來加密封包。This feature utilizes Datagram Transport Layer Security (DTLS) on the virtual subnet to encrypt the packets. DTLS 會提供保護以防止任何可存取實體網路的人進行竊聽、竄改和偽造。DTLS provides protection against eavesdropping, tampering and forgery by anyone with access to the physical network.

Windows 10 VPNWindows 10 VPN

  • 預先登入基礎結構通道Pre-Logon Infrastructure Tunnels. Windows 10 VPN 預設不會在使用者未登入其電腦或裝置時自動建立基礎結構通道。By default, Windows 10 VPN does not automatically create Infrastructure Tunnels when users are not logged on to their computer or device. 您可以在 VPN 設定檔中使用裝置通道 (prelogon) 功能,將 Windows 10 VPN 設定為自動建立預先登入基礎結構通道。You can configure Windows 10 VPN to automatically create Pre-Logon Infrastructure Tunnels by using the Device Tunnel (prelogon) feature in the VPN profile.
  • 遠端電腦及裝置管理Management of Remote Computers and Devices. 您可以藉由在 VPN 設定檔中設定裝置通道 (prelogon) 功能,管理 Windows 10 VPN 用戶端。You can manage Windows 10 VPN clients by configuring the Device Tunnel (prelogon) feature in the VPN profile. 此外,您還必須將 VPN 連線設定為動態註冊已透過內部 DNS 服務指派給 VPN 介面的 IP 位址。In addition, you must configure the VPN connection to dynamically register the IP addresses that are assigned to the VPN interface with internal DNS services.
  • 指定預先登入閘道Specify Pre-Logon Gateways. 您可以在 VPN 設定檔中指定具有裝置通道 (prelogon) 功能的預先登入閘道,同時結合流量篩選器來控制可在公司網路上透過裝置通道存取哪些管理系統。You can specify Pre-Logon Gateways with the Device Tunnel (prelogon) feature in the VPN profile, combined with traffic filters to control which management systems on the corporate network are accessible via the device tunnel.

找不到您需要的內容嗎?Not finding content you need? Windows 10 使用者,請於意見反應中樞告訴我們您想要什麼。Windows 10 users, tell us what you want on Feedback Hub.