Microsoft Ignite 2016 Conference Trip Report ISBU & CMBU Competitive Teams

Atlanta, GA, September 25-30, 2016

VMware Contributors: John Ayub, Sean Crookston, Jason Gaudreau, Ed Grigson, Eric Horschman, Eric Railine, Ben
Scheerer, Charles Windom
All available Ignite session presentation slides can be found on the Competitive Team SharePoint site.
[These notes focus on Microsoft products and announcements impacting VMware server and cloud products. For EUC
competitive observations, see the EUC Competitive Teams trip report here.]

General Observations

Ignite is Microsoft's annual ecosystem conference that unites several legacy individual conferences: Microsoft
Management Summit, Microsoft Exchange, SharePoint, Lync, Project, and TechEd conferences. The first Ignite
occurred in 2015 and attracted over 20,000 people. Ignite 2016 attracted ~23,000+ people and ~207 exhibitors.

Technical Keynote (Day 1) focused on big data in the cloud "using machine learning on large amounts of data".
Microsoft is leveraging all the data (unstructured) for their apps (e.g., Office 365, Dynamics CRM) and feeds (e.g.,
datacenter apps) to mine data for business intelligence. These introductions make the full stack, including
Azure, relevant and sticky.

Microsoft is putting less emphasis on traditional on-premises management (e.g., System Center Suite), and
instead is highlighting Operations Management Suite and Azure Stack, based on the number of sessions

Each keynote focused on digital transformation and delivered examples, products, guests, and customers that
showed impressive digital transformation outcomes. Azure public cloud with 34 global regions interconnected
with a private network took center stage many times.

Microsoft highlighted new security features in Windows Server 2016 and Hyper-V like Shielded VMs and Virtual
Secure Mode. They believe theyve found an area where VMware cant match them and are trying to convince
customers that protecting VMs from malicious sysadmins is an exclusive Microsoft capability.

Azure Stack is showing strong momentum for a product that wont ship for nine months with large sessions filled
to capacity. Customers are clearly interested in deploying Azure-in-a-box.

Microsoft is delivering a true SDDC with Windows Server 2016 network virtualization and Storage Spaces Direct.
They have attracted many server OEMs to join their SDDC validated reference architecture program.

Key Announcements and Topics at Ignite 2016 (detailed below):

Microsoft Azure
Microsoft Azure Stack
Microsoft Operations Management Suite (OMS)
Microsoft Windows Server 2016 Compute Hyper-V
Microsoft Windows Server 2016 Storage Storage Spaces Direct
Microsoft Windows Server 2016 Networking
Microsoft Windows Server 2016 Security
Microsoft System Center 2016
Microsoft Windows Server 2016 Nano Server
Microsoft Windows Server Containers
Microsoft Cloud Platform System

Microsoft Ignite 2016 Trip Report

VMware Confidential

Microsoft Azure
Summary:
There were more sessions on Azure cloud and Azure services
than there were sessions for Azure Stack, Azure Pack, System
Center, PowerShell, Windows Server, and Windows
combined. A few of the highlights discussed at Ignite:
Azure Monitoring
o Deep monitoring information presented within
the Azure UI
o Uses the same underlying technology as OMS
Azure Container Service
o Announced earlier this year but highlighted at
Ignite: Azure now supports running containers
natively
o Azure will support either Mesosphere DC/OS or
Docker Swarm for container orchestration
o Red Hat is also partnered with Microsoft and
demonstrated running their OpenShift
Container Platform on top of Azure
VM Scale Sets and autoscaling
o Scale sets allow PaaS-like ease of use with
custom infrastructure requirements
o Horizontal or vertical scale
o Deployable via portal, CLI, SDK, or REST
o Out of the box autoscaling w/o an agent
o 1 min metrics w/ability to autoscale every 5 min
Number of available compute sizes doubled in 2016
o Compute sizes primarily differentiated by
performance characteristics
o Multiple sizes now offering NVIDIA cards for
compute or graphics acceleration
Native IPv6 support for Azure VMs
Azure DNS and Azure Service Fabric are both now GA
Multiple new capabilities in Azure Security Center:
o Threat Intelligence Reports, Integrated
Vulnerability Assessment, Expanded Web
Application Firewall, etc.
Reduced compute prices announced just after Ignite
Threat to VMware:
Microsoft continue to position Azure well as the
enterprise public cloud focused on security and
compatibility with on-prem software & infrastructure.
Microsoft ELAs bundled Azure credits and on-prem
software integration with Azure (System Center, etc.)
are designed to incentivize customers to place
workloads into the Azure cloud.
Azures continued and growing success can be used to
demonstrate the quality of the underlying Windows
Server 2016 hypervisor, and, in conjunction with the
release of Azure Stack next year, further erode the
vSphere customer base.
A new Azure VM backup feature will be added in
October.

Significant focus on security and compliance certifications

met by Azure cloud (see middle slide below)

Weaknesses to exploit:
Even customers can see that Microsofts end goal is to
migrate all workloads to their cloud alone which will not
align for all customer businesses or IT staff
Security remains a public concern about Windows and
Microsoft, and many of their security initiatives around
Azure are very new and unproven. The Azure Security
Center itself is only 3 months old.
Despite the familiar Windows underpinnings, migrating to
Azure still requires significant investment in new technical
skills for IT and personnel costs remain one of the largest
budget items for IT departments.
Microsoft's highly touted Shielded VMs feature will not be
available in Azure because of scalability limitations. Azure
customers will be exposed to the same offline VM attacks
that Microsoft is claiming are a VMware vulnerability.

Additional resources:
THR1043 - Evaluate Microsoft Azure For The Competitive Public Cloud Industry MS Ignite presentation
Microsoft Ignite 2016 Trip Report

VMware Confidential

Microsoft Azure Stack (MAS)

Summary:
Big emphasis on the upcoming Azure Stack release, 9
sessions dedicated to Azure Stack, both overview and
technical related. All of App Service and the Azure
Service Fabric are planned to be available (over time)
with the Azure Stack software suite. Unlike the limited
Azure Pack, Azure Stack is a strategic software offering
intended for hybrid portability of most Azure IaaS & PaaS
capabilities.
Microsoft Azure Stack (MAS) hybrid cloud platform will
enable customers and commercial service providers to
deliver select Azure public cloud services from
datacenters and to run applications/workloads in a
hybrid fashion.
Microsoft will release MAS in 2H 2017. MAS will be
available only as an integrated system from DELL/EMC,
HPE, Lenovo and later other OEMs. Microsoft will not
deliver or support MAS as a software-only option. This
may change after MSFT succeeds with MAS integrated
system (MAS IS).
The SW BOM is Windows Server 2016, Storage Spaces
Direct, Microsoft Azure Stack, OEM software.
MAS IS delivers modern cloud services yet offers the
control of a private datacenter for hybrid cloud
functionality. MAS will enable customers to transform
on-premises datacenter HW resources into cloud
services for maximum agility.
Developers can build and deploy applications the same
way whether they run on Azure public cloud or MAS and
can use identical Azure APIs. Developers can leverage
the rich Azure ecosystem as well as applications and
components from the Azure Marketplace and publish
them to MAS on premises.
IT administrators can manage the lifecycle of MAS IS
infrastructure, see resource utilization across all or
individual tenants, and monitor the state of services and
infrastructure.

MAS is technology is always tested in either Azure or

Microsofts internal cloud for months or years to ensure
customers and SPs have a good user experience.

MAS Integrated System

Source: Microsoft Inc., Ignite 2016, HPE, VMware.

Threat to VMware:
Enables a competing hybrid cloud platform that targets
every VMware customer.
MAS is a turnkey onramp to Azures vast public cloud
capacity (34+ global regions).
Self-service and developer friendly PaaS and IaaS.
Competes directly with VMware Cloud Foundation,
vSphere, VSAN, NSX, vRealize, Cloud Foundry.
Vast and robust ecosystem of customer, developer,
partner solutions.
Additional resources:

Weaknesses to exploit:
Not available until 2H 2017 and only as a highly prescriptive
integrated system from 3 HW OEM vendors. There is a
chance that MS will delay the 2H 2017 date.
MAS forces customers into a closed Azure or Microsoft-only
environment. There is limited integration with AWS.
MAS is not directly compatible with MS CPS or Windows
Azure Pack; requires connector software and services.
OEM leads support and OEM provides new SW update
bundles for all MS SW, OEM SW, and firmware.
Media and Press Coverage:

Azure Stack Overview from Ignite: Link

Azure Stack Deep Dive from Ignite: Link
Azure Stack Deeper Dive from Ignite: Link
Hybrid Apps with Azure & Azure Stack: Link
Azure Stack Blog: Link
VMware Cloud Foundation Advantages: Link

Microsoft Ignite 2016 Trip Report

Azure Stack architecture blog coverage: Link

Azure Stack management blog coverage: Link
Azure Stack Forbes press coverage: Link
Azure Stack WinBeta press coverage: Link
Azure Stack blog coverage: Link

VMware Confidential

Microsoft Operations Management Suite (OMS)

Summary:
There were a large number of sessions covering OMS and
most were very well attended. OMS has moved well beyond
just log and performance metric analytics to incorporate full
automation, configuration mgmt, security services, data
protection & recovery, and more. MS presented a strong
vision of what needs to be included as part of modern cloud
mgmt and demonstrated substantial initial execution on
that vision. OMS breaks down to 4 functional areas below
are the highlights for each:
Automation & Control
o Process automation with simple GUI designer
o Update/patch management
o Configuration management with DSC
o Supports Windows, Linux, and multi-cloud
o Integration via PowerShell, .Net, REST, or
webhooks
o ITSM support: ServiceNow, Provance, Cherwell
Insights & Analytics
o Analytics for many log & metric sources:
Windows, Linux, syslog, Azure, LogStash, etc.
o AppInsights for application performance
monitoring (APM)
o Application Dependency Monitoring (APM) via
Blue Tile acquisition now integrated into OMS
Automatic discovery of service
dependencies on Windows or Linux
Visualization of dependency maps
overlaid with alerts and change events
Security & Compliance
o Bring all of your security data to OMS
Supports Common Event Format (CEF)
used by most security solutions
Windows, Linux, Cisco ASA, syslog
o Update & patching status on all servers
o Antimalware status
o Security configuration baselines
o Snapshot of users accessing servers
o Integrated threat intelligence
Protection & Recovery: Azure Backup and ASR
Threat to VMware:
Weaknesses to exploit:
OMS, like System Center, is taking a much broader view
No RBAC a tenant user can see all resources across his
of operations than VMware has to date and bundles in
organization without restriction.
capabilities competitive with the entire vRealize Suite
Many of the most touted features, like ADM, AppInsights,
plus vDP, SRM, and functionality VMware does not offer
etc. are only in preview today, and will have significant
(patch mgmt, configuration mgmt, APM, etc.)
limitations until they mature.
Breadth of security services is seeing significant
Multiple agents are currently required for OMS, ADM, etc.
customer interest - with virtually none of these services
rather than a single combined agent.
supported by VMware today
Much of the OMS configuration (such as OMS Dashboards)
Azure Site Recovery provides much broader support
requires learning the ARM template format rather than the
than SRM: vSphere, Hyper-V, or physical to/from Azure,
more common PowerShell formatting
physical or vSphere to/from vSphere, AWS to Azure, etc.
Additional resources:
BRK2178 - Dive deep into Operations Management Suite for applications and infrastructure MS Ignite Presentation
Over 15 sessions dedicated to OMS
Microsoft Ignite 2016 Trip Report

VMware Confidential

Microsoft Windows Server 2016 Compute Hyper-V

Summary:
Microsoft considers Windows Server 2016 a major release
for Hyper-V. They have been most vocal about new security
features:
Shielded VMs are encrypted and will only run on
validated hosts. Microsoft claims that without Shielded
VMs, a malicious cloud hoster or sysadmin could copy a
virtual disk file and attack a VM offline.
Virtual Secure Mode uses VMs to isolate user credentials
and protect against rootkits. VSM features work on both
Windows 10 clients with Hyper-V and Windows Server
2016.
Other significant new Hyper-V features:
Storage Resiliency attempts to fix a common Hyper-V
stability issue that takes down VMs when hosts lose
storage connectivity. Now VMs are placing in
PausedCritical state for up to 24 hours. A related Node
Quarantine feature evacuates VMs from unstable hosts.
Nano Server reduces Hyper-Vs disk footprint to only
460MB (compared to 158MB for vSphere 6)
Hot add virtual NICs and guest memory
Configuration maximums increased Beast VMs with
12TB vRAM, 240vCPUs
Checkpoints of Windows and Linux guests now
supported in production
Storage QoS has been enhanced to set limits per storage
server rather than per Hyper-V host
Rolling cluster upgrades now allow mixed Win2012 and
Win2016 nodes during an upgrade to 2016.
ReFS v2 support greatly accelerates virtual disk
provisioning
Microsoft has signed up many H/W OEMs (Cisco, DellEMC,
HPE, Lenovo and more) to their Windows Server SoftwareDefined program. Those vendors will be selling Win2016
based hyperconverged systems using MSFT validated
reference architectures. Sort of a hybrid of our VVDs and
Cloud Foundation.
Threat to VMware:
If Storage Resiliency and Node Quarantine fixes work,
they will cure a leading cause of customer switches from
Hyper-V to vSphere
Customers convinced that rogue sysadmins are a threat
may require Shielded VMs in their RFPs
Nano Server addresses the Windows bloat and patching
burden that leads customers to favor the thin ESXi
architecture
Storage Spaces Direct plus Hyper-V makes Win2016 a
true hyperconverged platform and the only one besides
VSAN that doesnt rely on virtual appliances

Weaknesses to exploit:
Shielded VM feature is complex to configure, requires hosts
with TPM hardware, and has limited guest support
Shielded VMs are NOT available for Azure MSFT product
managers said they cant scale up enough
No enhancements made to Hyper-V memory management
it will continue to have poor VM density compared to
vSphere
Nano Server is alien to Windows sysadmins and has many
limitations like Server Core, it is unlikely to get much
adoption as a Hyper-V platform

Additional resources:
BRK2165 - Discover Whats New in Windows Server 2016 Virtualization
BRK2169 - Explore Windows Server 2016 Software Defined Datacenter
BRK2167 Enterprise-grade Building Blocks for Windows Server 2016 SDDC Partner Offers

Microsoft Ignite 2016 Trip Report

VMware Confidential

Microsoft Windows Server 2016 Storage Storage Spaces Direct

Summary:
For Storage Spaces Direct, Microsoft has created a very
flexible solution where you can add three different volume
types depending on the application and business
requirements. You can have a volume on the hot tier, the
cold tier, or take advantage of the ReFS auto-tiering.
Storage Spaces Direct seems very mature for its first
iteration, they showed some impressive performance
numbers. With a 16 node deployment using all NVMe drives
and 100 GB RDMA cards, they were able to achieve
6,000,000 IOPs and 1 TB/s throughput in a performance test.
They are also claiming they can gain 50% to 80% storage
efficiency with their use of auto-tiering between their hot
capacity tier (mirrored) and their cold capacity tier (erasure
coding).
Microsoft mentioned they are the only vendor that offers
both a converged and hyper-converged solution with Storage
Spaces Direct. You can run S2D as a scale-out file server, or in
hyper-converged mode; or you can run SQL Server 2016
bare-metal on Storage Spaces Direct.
At the conference, they announced that Storage Space Direct
was going to support 2 nodes to 16 nodes. The 2 node
solution uses a witness for quorum, which can be installed on
another server or in the Azure cloud.
With Microsoft Operations Management Suite, they have a
cloud-first backup, cloud-first archive, and cloud-first disaster
recovery strategy.
Storage Replica is another free feature with Datacenter
licensing. It provides block-level replication either
synchronously or asynchronously. You can manage it with
Azure Site Recovery, PowerShell, or Server Manager Tool.
Storage Replica currently cannot replicate to multiple
locations (hub-and-spoke, parent-child-child).
Threat to VMware:
Free converged and hyper-converged storage solution
with Windows 2016 Server Datacenter edition
Very impressive performance numbers taking advantage
of both NVMe storage and RDMA networks with Storage
Spaces Direct
Free block based replication solution with Windows
2016 Server Datacenter edition
Investments in SaaS based backup, archive and DR
solutions with Operations Management Suite

Weaknesses to exploit:
First iteration of their hyper-converged solution
RDMA networking is not a requirement, but is
recommended for Storage Spaces Direct
Storage Spaces Direct is limited to 16 nodes
No hub-and-spoke multi-replication scenarios with Storage
Replica
Operations Manage Suite Site Recovery and Backup is
offered in both Azure Classic and Resource Manager with no
migration solution

Additional resources:
Azure Recovery Services Competitive Analysis
Microsoft Storage Spaces Direct Competitive Analysis
Optimize your software-defined storage investment with Windows Server 2016
Microsoft Ignite 2016 Trip Report

VMware Confidential

Microsoft Windows Server 2016 Networking

Summary:
Microsoft has created a very flexible solution where
you can create truly multi-tenant logical networks on
top of a single physical network. This Software
Defined Network (SDN) was inspired by Azure, their
public cloud networking solution. For on-premises
deployments, provides many of the features of their
Azure version of the product. These sessions were
well attended.
There are many claims that this product can
deployed in minimal time, but there are prerequisites such as the deployment of Hyper-V hosts,
Windows Failover Clustering, certificates and the
physical network that may well contradict this claim.
The heart of the Microsoft SDN solution is the
Network Controller. This Windows Server 2016 role
provides central management of the following;

Management Plane Manage (Access via

SCVMM, PowerShell scripts, Azure Stack)
Control Plane Services (NAT, S2S VPN,
Gateways, etc.)
Data Plane virtual networks or tenant
networks

The Network Controller services include NFV such as

Firewall, Software Load balancers, distributed
routers just to mention just a few. Resiliency for the
SDN solution is provided through the deployment of
multiple network controllers.
Microsoft SDN provides microsegmentation for the
datacenter networks through the use of firewalls,
policies and network security groups (NSG). Policies
can be applied to prevent communication with
external as internal clients and servers.
Threat to VMware:
Free converged and hyper-converged Software
Defined Networking solution with Windows
2016 Server Datacenter edition
Microsegmentation features that are Good
Enough for a included product

Weaknesses to exploit:
Complex and confusing to deploy and manage
Requires additional gateways (hardware/virtual machines) to
provide north-south traffic
No advanced tools for trouble-shooting. Will require more
management overhead for the SDN solution
Unproven 1st-generation product

Additional resources:
BRK3122 - Microsegment and secure your networks with the Azure inspired Software Defined Networking
BRK3123 - Deploy complex workloads with Azure Agility - from zero to SDN in 60 minutes
BRK3137 - Achieve high-performance datacenter expansion with Azure Networking

Microsoft Ignite 2016 Trip Report

VMware Confidential

Microsoft Windows Server 2016 Security

Summary:
Microsoft has announced a comprehensive end-to-end
security solution for providing the datacenter using
Windows Virtualization. Microsoft has adopted a four
prong approach to security protect, detect, respond and
isolate. The features of this solution consists of the
following;
For the OS, host and guest integrity;
Device Guard Protects the OS through the use of policies.
Code integrity policies are created to whitelist the
software running on the host. If software is added to the
host or malware tries to execute on the host, those
processes will be blocked.
Control Flow Guard Is a platform security feature that
was created to prevent memory corruption vulnerabilities.
Defender Anti-Malware Defender is now available and
enabled by default on Windows servers and clients.
Attestation AD and hardware based (more secure)
provides a means to ensure that trusted hosts can run
shielded virtual machines
Just Enough Administration (JEA) is a security
technology that helps businesses enforce security by
restricting administrative rights.
Shielded Virtual Machines Allows the deployment of
virtual machines that protect data inflight and data at
rest
SDN: Microsegmentation The use of firewalls, policies
and network security groups (NSG) to protect the flow of
traffic to, from and between virtual machines on the same
subnets.
Threat to VMware:
No comprehensive security solution to date
Virtual Secure Mode can exclude us from using
Microsoft security solution
Currently no support for Windows/Linux secure boot
and TPM
No clear messaging around our security solution

Weaknesses to exploit:
No Shielded Virtual Machines support for existing Gen 1 VMs
Available on Windows Server 2016 Datacenter Only
New, immature product feature. Not very refined
No guest backup solution must backup and restore whole
shielded virtual machine
Very crude and immature shielded virtual machine recovery
process

Additional resources:

BRK2152 - Explore Windows Server 2016 Security

BRK3124 - Dive into Shielded VMs with Windows Server 2016 Hyper-V

BRK3126 - Discover Shielded VMs and learn about real world deployments

Microsoft Ignite 2016 Trip Report

VMware Confidential

Microsoft System Center 2016

Summary:
System Center 2016 offers significant new features,
enhancements and extensions across the suite of
included products.
o HTML5 web console (no Silverlight)
o Automatic discovery and notification of
unmonitored workloads
o Significant performance enhancements
o Enhanced monitoring and management of
vSphere environments
o Deployment, configuration management,
monitoring, & backup of Linux VMs
o Enhanced monitoring of Azure resources and
services
o Monitoring of AWS services (via partner
management packs)
o Management of Storage Spaces Direct for both
converged (or disaggregated) and
hyperconverged architectures
o Management of new SDN services incl.
Network Controllers, Software Load Balancers,
NAT, gateway/VPN services, QoS, Port ACLs,
etc.
o Monitoring of physical or virtual network
devices via SNMP
o Provisioning and management of new host
guardian service and Shielded VMs
Microsoft are also tying a number of new capabilities to
Azure-based Operations Management Suite:
o OMS Network Performance Monitoring
o OMS SCOM Assessment
o Application Insights
o Azure Backup Recovery integrated with DPM
Threat to VMware:
Weaknesses to exploit:
Tight integration of new functionality between on-prem System Center is still a very large suite of products and is
System Center and Azure cloud services entices
perceived as being very complex to setup, configure, and
customers to use new SaaS offerings and pave the way
manage.
for further SaaS-ification and migration to Azure cloud & System Center (and Microsoft) do not have a good history of
services.
managing and monitoring non-Microsoft products like
vSphere, Linux, etc.
Significant improvements to this widely-deployed suite
of management products narrowing gap with VMW
Azure services integration could be a double-edged sword
products & providing functionality in areas we do not
not all customers who may be interested in new
compete (configuration management, client updates, IT
functionality like NPM will be will want them implemented
process management, etc.) will make it more difficult
as a cloud service.
to move customers to vRealize Suite (and other VMware
o Cloud services, particularly for data-intensive ones
products) and provide further attractions for customers
like network monitoring and backups, can require
not currently using System Center (or, most frequently,
significant bandwidth which may be more than
not using the full suite).
customers have or are cost-effective to obtain.
SC presents a believable multi-cloud story (on-prem
Azure Stack does not use System Center this raises
physical, private Hyper-V/SCVMM, private vSphere,
questions about the long-term future of System Center.
Azure, & AWS)
Additional resources:
BRK2159 - Take advantage of new capabilities in System Center 2016 MS Ignite session presentation

Microsoft Ignite 2016 Trip Report

VMware Confidential

Microsoft Windows Server 2016 Nano Server

Summary:
A new, lightweight, version of Windows designed to
be more secure, use less resources, and boot faster.
Positioned to run 'cloud native' workloads, Windows
containers, and infrastructure roles such as Hyper-V,
IIS, DNS, and scale out file services
Runs as a 'headless' server with no GUI or local logon
capability. All management is done remotely.

Threat to VMware:
As a Hyper-V host: better VM density due to lower
resource usage, threatening our TCO
As a Hyper-V host: smaller footprint & more secure
with less patching/reboots previously a weak point
for Hyper-V vs ESXi
Caters to the DevOps crowd, gaining developer
mindshare

Weaknesses to exploit:
Extremely limited compatibility with existing Windows
applications and management utilities.
v1.0 release. At Ignite stated only one customer currently
running in production.
Significant learning curve for administrators typically used to
GUIs (Server Core was not well adopted).
Requires Software Assurance and priced per core
Only supported on CBB release schedule (n-2). Customers may
be forced to upgrade to maintain support.

Additional resources:
BRK2171 - Explore Windows Server 2016 Application Platform
Microsoft Competitive Superdeck (Vault)
Nano Server homepage

Microsoft Ignite 2016 Trip Report

VMware Confidential

10

Microsoft Windows Server Containers

Summary:
Microsoft are now offering Docker containers on the
Windows platform in Windows Server 2016. This was
developed in close partnership with Docker.
Available in two 'flavours' which can be chosen at
runtime;
o Windows Server Containers. Use a shared
kernel much like Linux containers.
o Hyper-V Containers. Wrap the Windows Server
container in a Hyper-V VM for increased
security, and don't use a shared kernel.
Only available in Server Core and Nano Server editions.
Windows Server containers are not interchangeable with
Linux containers;
o you cant run a Linux container natively on
Windows or vice versa
Management solutions will be able to run mixed
workloads of Windows Server and Linux containers
Integration with Microsoft's development tools including
Visual Studio
Threat to VMware:
Neither VIC nor Photon Platform currently support
Windows Containers (though can in theory)
Hyper-V Containers compete conceptually with
VIC/Bonneville (though VMware work with Linux
containers today)
Microsoft gaining traction with developers through
thought leadership and creation of a container
ecosystem strongly aligned to DevOps
Increasingly close partnership with Docker Inc.

Weaknesses to exploit:
Extremely limited ecosystem in comparison to Linux
containers (for major scheduler such as Kubernetes,
Marathon, Mesos aren't available today)
Windows Containers are a v1.0 release and unproven in
production they're not yet used in the Azure Container
Service.
Not backwards compatible Windows Server 2016 only
Windows Server Core images, at 7GB+, are very large
compared to typical Linux containers. Nano Server
container images are smaller but incompatible with many
existing Windows apps and adoption is uncertain.

Additional resources:
BRK2171 - Explore Windows Server 2016 Application Platform
Microsoft Competitive Superdeck (Vault)

Microsoft Ignite 2016 Trip Report

VMware Confidential

11

Microsoft Cloud Platform System (MS CPS)

Summary:
The MS CPS portfolio of integrated systems provides an
Azure-consistent or Azure-like cloud-in-a-box for
virtualized Windows and Linux workloads, accelerating
private cloud adoption with a factory-integrated
solution.
There are 4 CPS models: CPS Premium Dell (3-tier), CPS
Standard Dell (3-tier), CPS Standard Nutanix (HCI), CPS
Standard HPE (HCI). CPS capacity ranges from 3 nodes
with CPS Standard to 128 with CPS Premium.
MS CPS Premium software BOM is Windows Server 2012
R2, System Center 2012 R2, and Windows Azure Pack
(WAP) portal, with server, storage, and networking
hardware.
MS CPS Standard software BOM is Windows Server 2012
R2, System Center 2012 R2, and Windows Azure Pack
(WAP) portal, either HPE StoreVirtual or Nutanix
software, with HCI hardware.
CPS delivers a self-service, multi-tenant cloud
environment for Windows and Linux applications and for
applications such as Microsoft SQL Server, SharePoint,
Exchange.
CPS lowers costs at all stages of the infrastructure lifecycle. The software BOM is validated and integrated at
the factory, decreasing risk and complexity, while
accelerating deployment time from months to weeks.
CPS offers a single-point-of-contact for support,
simplifying issue resolution and reduces the risk of
outages.
There is no migration path for either MS CPS Premium or
MS CPS Standard to MS Windows Server 2016, MS
System Center 2016, Microsoft Azure Stack, or Azure
Services.
MS CPS Premium and MS CPS Standard are not hybrid
with Azure public cloud. Customers can backup CPS to
Azure public cloud.
Source: Microsoft, Ignite 2016, Dell, VMware.

Threat to VMware:
Simplifies the use of existing MS software, which targets
every VMware customer.
Delivers a proven self-service and developer friendly
PaaS and IaaS portal that mimics a handful of Azure
public cloud services.
Many customers and SPs have successfully used
Windows Azure Pack (WAP), and have created an
ecosystem of solutions for WAP.

Weaknesses to exploit:
CPS has no upgrade path: it will remain based on Windows
Server 2012 R2 & System Center 2012.
Missing SDDC capabilities compared to VMware
Uses a traditional 3-tier hardware model and is not a hyperconverged infrastructure
Inferior virtualization, storage, and network virtualization
capabilities.
Lower customer adoption across SDDC technologies.
Market share follower in each SDDC category
Manual day 0 bring-up and configuration. Complex
workload provisioning and SW lifecycle management

Additional resources:
Explore Microsoft Cloud Platform System from Ignite: Video, Slides
VMware Cloud Foundation Advantages over MS CPS: Vault Link

Microsoft Ignite 2016 Trip Report

VMware Confidential

12