Category Archives: Windows Server 2022

The Azure edition of Windows Server 2022

The new operating system Windows Server 2022 introduced a new special edition dedicated to Azure environments, able to offer specific features not available in the classic Standard and Datacenter editions. This article describes the features available in this edition that allow you to better address certain scenarios in cloud environments.

First of all, the Azure Datacenter edition of Windows Server 2022 is only supported in the following environments:

  • Azure IaaS
  • Azure Stack HCI (21H2)

Windows Server 2022 Datacenter Azure Edition includes all the features of the Datacenter version, in addition it offers the functions described in the following paragraphs, not available outside of these environments.

Azure Extended Networking

This is a feature designed to solve the challenge of moving applications and workloads running on-premises to the cloud, when it is required to keep the same IP addresses associated with virtual machines. Azure Extended Networking allows you to extend an existing on-premises subnet to Azure to allow virtual machines to keep the same private IP addresses. All this is made possible thanks to the fact that the network is extended using a bi-directional VXLAN tunnel between two Windows Server virtual machines. 2022 which cover the role of virtual appliance.

Figure 1 - Generic diagram for extending a subnet in Azure

A virtual appliance must be running in an on-premises environment, while the other must be running in the cloud and must have the Datacenter Azure Edition. Each subnet to be extended requires the presence of a pair of these virtual appliances. In this way, you can keep your private IP addresses in use in the on-premises environment also in Azure and everything works transparently for applications. In this regard it is good to specify that it is advisable to use this feature only in scenarios where it is not possible to proceed otherwise. In fact,, if possible, it is always better to change the IP address and directly connect the migrated systems to existing subnets in Azure. This type of configuration can be done using the procedure reported in Microsoft's official documentation, which provides for the presence of Windows Admin Center connected to Azure.

SMB over QUIC

QUIC is a standard protocol designed to provide a reliable connection over unsecured networks, like the Internet. In fact,, QUIC uses a TLS encrypted tunnel 1.3 on the UDP port 443. With SMB over QUIC all SMB traffic, including the authentication and authorization process, it always remains inside this tunnel and is never exposed on the network. In this scenario, SMB behaves in a standard way inside the tunnel, therefore the user experience and capabilities remain unchanged. SMB over QUIC inWindows Server 2022 Datacenter Azure Edition uses the updated version of the SMB protocol (version 3.1.1). Using SMB over QUIC, users and applications can securely and reliably access data on file servers running in the Azure environment or file servers located on the edges, without having to adopt VPN connections. For more details please visit the Microsoft's official documentation.

Figure 2 - Configuring SMB over QUIC from Windows Admin Center

Hotpatch of Azure Automanage

The Hotpatch feature, part of Azure Automanage, is supported inWindows Server 2022 Datacenter: Azure Edition. Support is currently for Core mode installations, but will also be extended to Desktop installations in the future. Hotpatching is a new mechanism, used to install updates on Windows Server Azure Edition virtual machines, which allows you to reduce the number of reboots required to install updates.

Figure 3 - Hotpatch for a machine Windows Server 2022 in Azure environment

Azure Automanage allows you to orchestrate the installation of security patches on top of a Cumulative Update, which is released every three months. Cumulative Update requires a system restart, but the security patches released between the Cumulative Updates can modify the code running in memory without the need to reboot the machine.

For more information about this feature, you can consult thespecific Microsoft documentation.

Conclusions

Thanks to these features, designed for hybrid environments and fully integrated into the operating system, Windows Server 2022 allows you to significantly increase efficiency and agility. To discover all the new features introduced in Windows Server 2022 you can consult this series of articles.

Everything you need to know about Windows Server 2022 – Part 2 of 2

The new operating system Windows Server 2022, based on the solid foundation of the predecessor Windows Server 2019, brings numerous innovations in the field of security, in integration and hybrid management in the Azure environment, and as an application platform. The article is divided into two parts, in first part the available editions have been discussed, functionalities for hybrid environments and aspects related to the application platform. This second part shows the main features of the new server operating system in the security and storage area, but not only.

Security

Windows Server 2022 combines different security features in different areas to provide advanced multi-layered protection capable of effectively countering increasingly sophisticated security threats.

Secured-core server

Windows Server 2022 is part of the program Secured-Core of Microsoft. This program was initially launched with PC hardware partners and then extended to the server area as well. Secured-core offers transversal security on hardware and firmware, integrated into the functionalities of the operating system, that can help protect servers from advanced threats.

Using a combination of identity features, virtualization, operating system and hardware defenses, Secured-Core servers offer both hardware and software protection. With Windows Defender System Guard, integrated into Windows Server 2022, Secured-Core servers allow organizations to have guarantees on the integrity of the operating system and checks to help prevent firmware attacks.

Secured-core server is based on three fundamental pillars:

  • Simplified security: when purchasing hardware from an OEM for Secured-core servers, you can be sure that the vendor provides a hardware set with firmware and drivers capable of fulfilling the Secured-core promise. Furthermore, the Windows Server configuration experience will be simple and the Secured-core security features can be enabled directly from the Windows Admin Center.
  • Advanced security by contemplating the following areas:
    • Root-of-trust hardware (TPM 2.0 come standard)
    • Firmware protection
    • Virtualization-based security (VBS)
  • Preventive defense: enabling the Secured-core functionality helps to proactively defend oneself and to interrupt many of the paths that attackers can use to compromise a system.

Secure connectivity

To increase the level of security in communications, in Windows Server 2022 the following new features have been introduced:

  • Transport: HTTPS e TLS 1.3 enabled by default
  • Secure DNS: DNS name resolution requests encrypted with DNS-over-HTTPS
  • Server Message Block (SMB): introduced support for AES-256 encryption for the SMB protocol
  • SMB: East-West SMB encryption controls for internal communications of cluster systems. Failover clusters now support granular control of intra-node communication encryption and signing for Cluster Shared Volumes (CSV) and for the storage bus layer (SBL). This means that when using Storage Spaces Direct, you can decide to encrypt or sign east-west communications within the cluster itself for greater security.
  • SMB over QUIC. QUIC is a standard protocol designed to provide a more reliable connection over unsecured networks, like the Internet. QUIC uses a TLS encrypted tunnel 1.3 on the UDP port 443. Inside this tunnel all SMB traffic, including the authentication and authorization process, it is never exposed on the network and SMB behaves in a completely normal way offering the usual capabilities. SMB over QUIC in Windows Server 2022 Datacenter: Azure Edition uses the updated version of the SMB protocol (version 3.1.1). Using SMB over QUIC in conjunction with TLS 1.3, users and applications can securely and reliably access data on file servers running in the Azure environment, without having to adopt VPN connections.

Storage innovations

In the storage field Windows Server 2022 brings the following news:

  • Storage Migration Service: there are several improvements regarding this service, useful for simplifying storage migrations to both Windows Server and Azure, including:
    • Migration of local users and groups to the new server.
    • Storage migration between failover clusters, and migration between standalone servers and failover clusters.
    • Storage migration from Linux servers using Samba.
    • Easier synchronization of migrated shares with Azure, using Azure File Sync.
    • Easier migration to new environments, such as Azure.
    • Migration of NetApp CIFS servers from NetApp FAS arrays to Windows servers and clusters.
  • Storage Space Direct introduces the new feature User adjustable storage repair speed which gives you greater control over the data resync process by allocating resources to repair copies of the data (resilience) or to run active workloads (performance).
  • SMB compression: thanks to improvements on the SMB side in Windows Server 2022 and Windows 11 files can be compressed during network transfer, thus obtaining benefits in transfer times.
  • Storage bus cache is also available for standalone servers. This feature can significantly improve read and write performance, maintaining high storage efficiency and low operating costs. As is the case in its implementation for Storage Spaces Direct, this function merges the fastest media (for example, NVMe or SSD) with slower media (for example, HDD) to create different tiers. Some of the faster media is reserved for the cache.

More new features

In addition to the aspects covered in the previous paragraphs, the following features have been announced:

  • La Nested Virtualization in Windows Server 2022 it is also available for AMD processors, thus expanding the choice of hardware for your environment.
  • Microsoft Edge is included with Windows Server 2022, in place of Internet Explorer. Edge can be used with the Server Core and Server with Desktop Experience installation options.

Conclusions

Windows Server 2022 evolves the mature and consolidated Windows Server platform by introducing a series of innovative updates in different areas. There are therefore various advantages for companies to evaluate the adoption of this new server operating system, in particular, for those who use Windows Server in an Azure environment.

Everything you need to know about Windows Server 2022 – Part 1 of 2

The new operating system Windows Server 2022, based on the solid foundation of the predecessor Windows Server 2019, brings numerous innovations in the field of security, in integration and hybrid management in the Azure environment, and as an application platform. The article is divided into two parts, this first part shows the main features of the new server operating system relating to the editions available, the features designed for hybrid environments and the new aspects related to the application platform.

Editions

Windows Server 2022 is characterized by the following aspects relating to the editions:

  • Windows Server 2022 will have a Standard edition, a Datacenter edition and a new version called Azure Datacenter.
  • The Azure Datacenter edition of Windows Server 2022 it will only be supported on Azure (Azure IaaS or Azure Stack HCI – 21H2) and offers specific features not available outside of these environments (hotpaching, SMB over QUIC, and Azure Extended Networking).
  • For all editions Windows Server 2022 there are both Core and Desktop installation options.
  • You will be able to upgrade in place Windows Server 2019 Datacenter Edition to bring it to the new Windows Server 2022 Datacenter Azure edition. Nevertheless, the upgrade in place for server operating systems is a practice to be carefully evaluated and, if possible, to be avoided.
  • Microsoft recently updated its servicing model for server operating systems. In fact,, Microsoft has decided to abandon the semi-annual versions of Windows Server and, starting with Windows Server 2022, there is only one main release channel, the Long-Term Servicing Channel. With the Long-Term Servicing Channel, a new major version of Windows Server is released every 2-3 years. Users are entitled to 5 years of mainstream support and 5 years of extended support. This channel provides systems with prolonged maintenance and functional stability. The Long-Term Servicing Channel receives security and non-security updates, but it does not receive new features and new functionalities. The Semi-Annual Channel, available in previous versions of Windows Server, it was suitable for containers and microservices. In these areas, innovation will continue with Azure Stack HCI. In this regard, please note that the operating system of the Azure Stack HCI solution is a specific and dedicated operating system with a simplified composition, which includes only the roles needed by the solution.

Hybrid Functionality

Using Windows Server 2022 it is possible to increase efficiency and agility by using features designed for hybrid environments and fully integrated into the operating system.

Azure Automanage – Hotpatch

The Hotpatch feature, part of Azure Automanage, is supported in Windows Server 2022 Datacenter: Azure Edition. Support is currently for Core mode installations, but will also be extended to Desktop installations in the future. Hotpatching is a new mechanism, used to install updates on Windows Server Azure Edition virtual machines, which allows you to reduce the number of reboots required to install updates.

Azure Automanage allows you to orchestrate the installation of security patches on top of a Cumulative Update, which is released every three months. Cumulative Update requires a system restart, but the security patches released between the Cumulative Updates can modify the code running in memory without the need to reboot the machine.

For more information about this feature, you can consult the specific Microsoft documentation.

Windows Admin Center

Windows Admin Center (WAC) introduces specific improvements for management of Windows Server 2022, among which WAC allows you to check the status of the Secured-core and, where applicable, allows its enabling.

Azure Arc

Also Windows Server 2022 allows Azure Arc to be enabled for management, physical servers and virtual machines residing outside Azure (on the on-premises corporate network or at other cloud providers), consistent with the management methodologies of native virtual machines residing in the Azure environment. In fact, connecting a machine to Azure through Arc is considered in all respects as an Azure resource. Each connected machine has a specific ID, it is included in a resource group and benefits from standard Azure constructs.

Application platform

There are several improvements that Windows Server 2022 brings to the application field, among the main ones we find:

  • Reducing the size of the Windows Container image down to 40%, which leads to a faster boot time than the 30% and better performance.
  • Ability to run applications that depend on Azure Active Directory with group Managed Services Accounts (gMSA) without having to join the host container domain.
  • Windows Container support of Microsoft Distributed Transaction Control (MSDTC) and Microsoft Message Queuing (MSMQ).
  • Simplification of the Windows Container experience in the Kubernetes environment, including: support for host-process containers for node configuration, IPv6 and the implementation of network policies with Calico.
  • In addition to the platform improvements, Windows Admin Center has been updated to simplify containerization of .NET applications. Once the application is in a container, you can host it in an Azure Container Registry and then deploy it to other Azure services, even Azure Kubernetes Service (AKS).
  • Thanks to the support of Intel Ice Lake processors, Windows Server 2022 supports large-scale business-critical applications, such as SQL Server, which take up to 48 TB of memory e 2.048 logical cores running on 64 physical sockets. Using Intel Secured Guard Extension Confidential computing technology (SGX) available on Intel Ice Lake, you can get an improvement in the area of ​​application security, isolating them from each other through memory protection.

The second part of the article reports the main features of the new server operating system in the security and storage area, but not only.