Windows Server 2022 provides users with new and advanced features in the areas of virtualization, networking, storage, user experience, cloud computing, and automation. The important focus of Windows Server 2022 is on the issue of security, which primarily introduces the concept of Secure Core from the Windows client with secure kernel servers to the server world. This version of the Windows Server operating system has made amazing improvements to the security of the Core version as well as the Standard and Datacenter versions. It has also extended these security features to its virtualization infrastructure.
What is Windows Server?
Windows Server is a brand of server operating system released by Microsoft. This includes all Windows operating systems known as “Windows Server”. Windows servers are commonly used to provide services to users and control shared networks, applications, and data storage. Over the years Microsoft has released a lot of Windows Servers, but currently, the latest version of Windows Server is Windows Server 2022.
Windows Server 2022 Overview:
Advanced multilayer security: As cybersecurity threats increase, Windows Server 2022 includes new security features such as a secure kernel server and secure connection. Secure Kernel Server provides powerful threat protection to create multi-layered security in hardware and operating systems. It uses Trusted Platform Module 2.0 and System Guard to securely run Windows Server and minimize the risk of operating system vulnerabilities.
The secure kernel server also has virtualization-based security (VBS) features such as Credential Guard and Hypervisor-protected code integration (HVCI). Credential Guard provides preventive protection for sensitive assets such as credit, and HVCI uses hardware security to prevent advanced malware on the system.
Secure connection for advanced protection adds an extra layer of security during transport. Windows Server 2022 improves connection security with Fast Secure Text Transfer Protocol (HTTPS) and Transport Layer Security (TLS) 1.3, which is enabled by default. Users can also secure server communications with AES-256 standard encryption, which now supports Message Server Block Protocol (SMB) and better controls.
Combined capabilities with Azure: Microsoft has announced that we are offering new features that will allow users to innovate in the cloud with their in-house investments. Azure Arc and Storage Migration Service are the two main combination features that work best with Windows Server 2022.
Azure Arc enables users to manage, secure, and manage Windows servers on-site, in the margins, or in multi-cloud environments through a single control panel in Azure. Through Azure Arc, customers can easily use Azure management features such as Azure Policy, Azure Monitor, and Azure Defender for those servers.
In addition, with a few simple clicks in the Windows Admin Center, you can enable the connection to Azure Arc. Microsoft has also improved Windows Admin Center v2103 with significant improvements in virtual machine management, easier event display, and many other updates. Windows Admin Center is also available on the Azure portal.
Windows Server 2022 enhances the integrated connection of internal server files to Azure server files. Storage service updates allow customers to move file servers from NetApp FAS to Windows servers. Using Storage Migration to transfer data to servers allows customers to maintain low latency while reducing the effect of internal storage.
Flexible operating-system: Users use Windows Server to run widely distributed applications. Hence, the Microsoft team is constantly focusing on bringing platform capabilities and tools that improve developer speed and support for critical business loads such as SQL Server.
Windows Server 2022 Features
- Security: New security features in Windows Server 2022 have been introduced. This time Microsoft has combined other security features in various parts of Windows Server to provide deep protection against advanced threats. Advanced multi-layer security in Windows Server 2022 provides the comprehensive protection that servers need today.
- Secured-core server: Secured-core server in Windows Server 2022 offers protections that are useful against complex attacks. It can provide more security when managing mission critical data in some industries that are sensitive to their data. The system is built on three main pillars, simplified security, advanced protection and preventive defense.
- Simplified security: When you buy hardware from an OEM for a Secured-core server, you can be sure that the OEM has a set of hardware, operating system, and drivers that deliver the Secured-core promise. Windows Server systems will have an easy-to-configure sense of configuration in the Windows Admin Center to enable Secure-core security features.
- Advanced protection: Secured-core servers make the most of hardware, computers, and operating system capabilities to protect against current and future threats. Secures-enabled protections are targeted to create a secure platform for applications and important data used on that server. Secured-core capabilities cover the following areas:
- Hardware root-of-trust: Trusted platform Module 2.0 (TPM 2.0) comes with servers that can be used with Secured-core servers. TPM 2.0 provides secure storage for keys and sensitive data, such as measuring components loaded at boot. This root-of-trust hardware enhances the protection provided by features such as BitLocker that use TPM 2.0, and facilitates attestation-based workflows that can be incorporated into zero-trust security strategies.
- Firmware protection: A significant increase in security vulnerabilities is reported in the operating system space, which provides high scores that the operating system runs and relative transparency of what happens in the operating system on traditional anti-virus solutions. Recent reports indicate that malware and ransomware platforms increase operating system capabilities and the risk of operating system attacks that have previously targeted enterprise resources such as Active Directory domain controllers. Using CPU support for Dynamic Root of Trust of Measurement (DRTM) technology, along with DMA protection, secure kernel systems separate the important security hypervisor from attacks like this.
- Virtualization-based security (VBS): Secured-core servers support VBS and hypervisor-based code integrity (HVCI). VBS and HVCI protect against all vulnerabilities used in cryptocurrency mining attacks due to the separation that VBS creates between privileged parts of the operating system such as the kernel and the rest of the system. VBS also offers more features like Credential Guard that better protect domain credentials.
- Preventative defense: Enabling Secure-core capabilities helps prevent defenses against many of the paths that attackers may take to exploit a system. This defense suite also allows IT and SecOps teams to use their time in a variety of areas that need attention.
- Secure connectivity:
- Transport: HTTPS and TLS 1.3 are enabled by default in Windows Server 2022.
- Secure connections are at the heart of today’s interconnected systems. Transport Layer Security (TLS) 1.3 is the latest version of the Internet-wide security protocol that encrypts data to provide a secure communication channel between two endpoints. HTTPS and TLS 1.3 are now enabled by default in Windows Server 2022 and protect the data of clients connected to the server. It eliminates obsolete cryptographic algorithms, increases security in older versions, and aims to encrypt as much as possible.
- Secure DNS: Encrypted DNS name encryption requests with DNS-over-HTTPS:
- The DNS client in Windows Server 2022 now supports DNS-over-HTTPS (DoH), which encrypts DNS requests using the HTTPS protocol. This helps protect the privacy and privacy of your traffic as much as possible by preventing eavesdropping and tampering with your DNS data.
- Server Message Block (SMB): SMB AES-256 encryption has been added for more security
- Windows Server 2022 now supports the AES-256-GCM and AES-256-CCM encryption packages for SMB encryption and marking. Windows automatically encrypts this method when connected to another computer that supports it, and it can also be enforced through Group Policy. Windows Server still supports AES-128 for low-level compatibility.
- SMB: East-West SMB encryption controls for internal cluster communications:
- Failover clusters Windows Server now supports granular control of encrypting and signing intra-node storage communications for Cluster Shared Volumes (CSV) and storage bus layer (SBL). This means that when using Storage Spaces Direct, you can decide to encrypt or sign east-west communications inside the cluster for added security.
- SMB: SMB over QUIC:
- SMB over QUIC Updates SMB 3.1.1 protocol in Windows Server 2022 datacenter: Azure version supports Windows clients to use QUIC protocol instead of TCP. Using SMB over QUIC with TLS 1.3, users and applications can securely and reliably access data through edge file servers running on Azure. Mobile and other telecommunication users do not need a VPN to access file servers via SMB in Windows.
- Transport: HTTPS and TLS 1.3 are enabled by default in Windows Server 2022.
- Azure hybrid capabilities: With the introduction and release of Windows Server 2022, you can increase your performance and agility with the built-in hybrid capabilities in Windows Server 2022, which allows you to expand your data center more easily than ever before. In the following, we will review and introduce some features of Azure hybrid in Windows Server 2022.
- Azure Arc activates Windows servers: Active Azure Arc Servers With Windows Server 2022 brings on-premises and multi-cloud servers to Azure with Azure Arc. This management experience is designed to be compatible with how native Azure virtual machines are managed. When a hybrid machine connects to Azure, it becomes a connected machine and behaves as a resource in Azure.
- Windows Admin Center: Enhancement of the Windows Admin Center feature in Windows Server 2022 management includes features that both report the current status of the Secured-core features listed above and, if necessary, allow users to enable the features.
- Azure Automanage – Hotpatch:
- Hotpatch, part of Azure Automanage supported on Windows Server 2022 Datacenter: Azure Edition.
- Hotpatching is a new way to install updates on Windows Server Azure Edition (VM) virtual machines that do not need to be restarted after installation.
- Application platform: There are several platform improvements for Windows Containers, including application compatibility and the Windows Container experience with Kubernetes. Major improvements include reducing the Windows Container image size by up to 40%, which makes startup time 30% faster and performance better.
- You can now run applications that depend on Azure Active Directory with group Managed Services Accounts (gMSA) without joining the domain to the container host, and now Windows Containers with Microsoft Control Distributed Transaction Control (MSDTC) and Microsoft Message Queuing (MSMQ) supports.
- There are several other enhancements that make the Windows Container experience with Kubernetes easier. These enhancements include support for host-process containers for node configuration, IPv6, and implementation of Calico-compliant network policy.
- In addition to improving the platform, the Windows Management Center has been updated to easily access .NET applications. Once the application is in a container, you can host it in the Azure Container Registry to later deploy it to other Azure services, including the Azure Kubernetes Service.
- Windows Server 2022 supports Intel Ice Lake processors and supports business-critical and large-scale applications such as SQL Server, which require 48 terabytes of memory and 2048 logical cores in 64 physical sockets. Confidential computing with Intel Secure Guard Extension (SGX) on Intel Ice Lake enhances application security by separating applications with protected memory.
Other Windows Server 2022 features
- Nested virtualization on AMD processors: Nested virtualization is a feature that allows you to run Hyper-V inside a Hyper-V virtual machine (VM). Windows Server 2022 supports nested virtualization using AMD processors and hard choices Provides more software for your environments.
- Microsoft Edge: Microsoft Edge is included in Windows Server 2022 and replaces Internet Explorer. This program is based on Chromium open source and is supported by Microsoft security and innovation. It can be used with Server Core or Server with Desktop Experience installation options. Note that Microsoft Edge, unlike other Windows servers, follows a modern life cycle to support its life cycle.
- Storage: Below we introduce some storage features in Windows Server 2022.
- Storage Migration Service: Advances in Storage Migration service in Windows Server 2022 make it easier to transfer memory to Windows Server or Azure from the source location. Here are some features that work when running Storage Migration Server orchestrator in Windows Server 2022:
- Move local users and groups to a new server.
- Move storage from failover clusters to another location, move to failover clusters, and move between standalone servers and failover clusters.
- Transfer memory from a Linux server that uses Samba.
- Make it easier to transfer migrated shares to Azure by using the Azure Sync File.
- Migrate to new networks like Azure.
- Transfer NetApp CIFS servers from the NetApp FAS array to Windows servers and clusters.
- Adjustable storage repair speed: Adjustable storage repair speed by the user is a new feature in Storage Spaces Direct that provides more control over the data synchronization process by allocating resources to improve data copy (flexibility) or run an active workload (performance). This helps improve availability and allows you to serve your clusters more flexibly and efficiently.
- Storage bus cache with Storage Spaces on standalone servers: Storage bus cache is now available for standalone servers. This feature can significantly improve read and write performance while maintaining storage efficiency and keeping operating costs low. This feature, similar to that implemented for Storage Spaces Direct, connects faster media (e.g., NVMe or SSD) to slower media (e.g., HDD) to create a layer. Part of the media level is saved faster for cache.
- Storage Migration Service: Advances in Storage Migration service in Windows Server 2022 make it easier to transfer memory to Windows Server or Azure from the source location. Here are some features that work when running Storage Migration Server orchestrator in Windows Server 2022:
- SMB compression: Increasing SMB in Windows Server 2022 and Windows 11 allows the user or application to compress files when transferring over the Internet. Users no longer need manual zip files to be able to transfer faster on networks that are slower or busier.
Download Links:
Before purchasing Windows Server 2022, you can use the Evaluation version of Windows Server 2022. It is free for 180 days, after that purchase it.