The new operating system Windows Server 2022, based on the solid foundation of the predecessor Windows Server 2019, brings numerous innovations in the field of security, in integration and hybrid management in the Azure environment, and as an application platform. The article is divided into two parts, in first part the available editions have been discussed, functionalities for hybrid environments and aspects related to the application platform. This second part shows the main features of the new server operating system in the security and storage area, but not only.
Windows Server 2022 combines different security features in different areas to provide advanced multi-layered protection capable of effectively countering increasingly sophisticated security threats.
Windows Server 2022 is part of the program Secured-Core of Microsoft. This program was initially launched with PC hardware partners and then extended to the server area as well. Secured-core offers transversal security on hardware and firmware, integrated into the functionalities of the operating system, that can help protect servers from advanced threats.
Using a combination of identity features, virtualization, operating system and hardware defenses, Secured-Core servers offer both hardware and software protection. With Windows Defender System Guard, integrated into Windows Server 2022, Secured-Core servers allow organizations to have guarantees on the integrity of the operating system and checks to help prevent firmware attacks.
Secured-core server is based on three fundamental pillars:
- Simplified security: when purchasing hardware from an OEM for Secured-core servers, you can be sure that the vendor provides a hardware set with firmware and drivers capable of fulfilling the Secured-core promise. Furthermore, the Windows Server configuration experience will be simple and the Secured-core security features can be enabled directly from the Windows Admin Center.
- Advanced security by contemplating the following areas:
- Root-of-trust hardware (TPM 2.0 come standard)
- Firmware protection
- Virtualization-based security (VBS)
- Preventive defense: enabling the Secured-core functionality helps to proactively defend oneself and to interrupt many of the paths that attackers can use to compromise a system.
To increase the level of security in communications, in Windows Server 2022 the following new features have been introduced:
- Transport: HTTPS e TLS 1.3 enabled by default
- Secure DNS: DNS name resolution requests encrypted with DNS-over-HTTPS
- Server Message Block (SMB): introduced support for AES-256 encryption for the SMB protocol
- SMB: East-West SMB encryption controls for internal communications of cluster systems. Failover clusters now support granular control of intra-node communication encryption and signing for Cluster Shared Volumes (CSV) and for the storage bus layer (SBL). This means that when using Storage Spaces Direct, you can decide to encrypt or sign east-west communications within the cluster itself for greater security.
- SMB over QUIC. QUIC is a standard protocol designed to provide a more reliable connection over unsecured networks, like the Internet. QUIC uses a TLS encrypted tunnel 1.3 on the UDP port 443. Inside this tunnel all SMB traffic, including the authentication and authorization process, it is never exposed on the network and SMB behaves in a completely normal way offering the usual capabilities. SMB over QUIC in Windows Server 2022 Datacenter: Azure Edition uses the updated version of the SMB protocol (version 3.1.1). Using SMB over QUIC in conjunction with TLS 1.3, users and applications can securely and reliably access data on file servers running in the Azure environment, without having to adopt VPN connections.
In the storage field Windows Server 2022 brings the following news:
- Storage Migration Service: there are several improvements regarding this service, useful for simplifying storage migrations to both Windows Server and Azure, including:
- Migration of local users and groups to the new server.
- Storage migration between failover clusters, and migration between standalone servers and failover clusters.
- Storage migration from Linux servers using Samba.
- Easier synchronization of migrated shares with Azure, using Azure File Sync.
- Easier migration to new environments, such as Azure.
- Migration of NetApp CIFS servers from NetApp FAS arrays to Windows servers and clusters.
- Storage Space Direct introduces the new feature User adjustable storage repair speed which gives you greater control over the data resync process by allocating resources to repair copies of the data (resilience) or to run active workloads (performance).
- SMB compression: thanks to improvements on the SMB side in Windows Server 2022 and Windows 11 files can be compressed during network transfer, thus obtaining benefits in transfer times.
- Storage bus cache is also available for standalone servers. This feature can significantly improve read and write performance, maintaining high storage efficiency and low operating costs. As is the case in its implementation for Storage Spaces Direct, this function merges the fastest media (for example, NVMe or SSD) with slower media (for example, HDD) to create different tiers. Some of the faster media is reserved for the cache.
More new features
In addition to the aspects covered in the previous paragraphs, the following features have been announced:
- La Nested Virtualization in Windows Server 2022 it is also available for AMD processors, thus expanding the choice of hardware for your environment.
- Microsoft Edge is included with Windows Server 2022, in place of Internet Explorer. Edge can be used with the Server Core and Server with Desktop Experience installation options.
Windows Server 2022 evolves the mature and consolidated Windows Server platform by introducing a series of innovative updates in different areas. There are therefore various advantages for companies to evaluate the adoption of this new server operating system, in particular, for those who use Windows Server in an Azure environment.