Hyper-V Server 2019 or Hyper-V Server Role?

Question

Hello, I'm trying to determine the best approach for my hypervisors going forward. My current setup is Hyper-V role installed on a Windows Server (GUI). I am interested in reducing the overhead (management/resources) on the hypervisor and would like to try out Hyper-V Server.

If I am understanding correctly, Hyper-V Server 2019 is a host hypervisor OS that can then manage/run the Hyper-V VMs without the bulk and resource demand that Windows Server GUI/CORE would need. Understanding that this would be a CLI solution for the hypervisor, would I be able to remotely manage the hypervisor with Hyper-V Manager or something similar on my workstation? If not, will I be able to run PowerShell commands remotely to the hypervisor or will I have to login to the hypervisor directly?

Indirectly, I am interested in what security benefits Hyper-V Server may bring to the equation. I am thinking of less roles, features, and etc. that would be part of an attack surface. How are updates handled for Hyper-V Server? Can it work with WSUS or some other scheduled update task / command?

If the above is not the best approach, what is? Would running Hyper-V as a server role on Windows Server Core be the best solution to minimize resource usages on the hypervisors? PowerShell / command line does not scare me, so either option works for me.

Answer 1

Hyper-V Server reached the end with version 2019. If you install Hyper-V Server 2019, the only upgrade path is to a later version of Windows Server. In other words, there isn't a Hyper-V Server 2022 and there won't be any future releases of Hyper-V Server. Windows Server is the only way to run Hyper-V as a host in the server SKUs from 2022 onward.

Hyper-V Server is effectively Windows Server with a lot of roles and features removed so that they are completely unavailable. It uses the Windows Server kernel for its management operating system. WSUS, sconfig, PowerShell, and all such things work. You can get a similar result by installing Windows Server without the Desktop User Experience and never enabling any of the alternative roles. That's just good practice anyway. I'm not sure what you qualify as "bulk" or "resource demand". The size and resource difference between Hyper-V Server and Windows Server without the desktop experience are so minimal as to be irrelevant. The size and resource difference between Windows Server with and without the Desktop Experience are measurable but not impressive. With no logged on sessions, the Desktop Experience doesn't use any more resources than a server without the Desktop Experience.

Security is only a bit different. Hyper-V Server has no way to install several roles available to the full Windows Server SKU. If you don't enable those roles on a Windows Server installation, then I suppose the risk is that someone would break into your host and install roles that you don't want. If that's their nefarious plan, then I question their endgame. The Desktop Experience makes the Explorer engine available, which opens you up to some additional attack vectors.

In the absence of any concrete reason to use Hyper-V Server (mainly cases where you won't ever run a Windows Server guest so you could get away without buying any Windows Server licenses), I would choose Windows Server. Aside from the upgrade issue mentioned in the beginning, the only place that Hyper-V Server can't work in place of Windows Server as a Hyper-V host is when you want to use it as a Remote Desktop Virtualization Host. Starting with the 2019 SKUs, that requires Windows Server as the management operating system.