Microsoft introduces Windows Server 2022 features and upcoming editions – Redmondmag.com
Microsoft introduces Windows Server 2022 features and upcoming editions
Microsoft offered more information on its upcoming Windows Server 2022 product this week.
Details were presented in a Thursday session, “Windows Server 2022, the best on Azure”, which is now available on request. The live presentation included demos as well as question-and-answer time. It also included information on the security, patch and management features of the new server, as well as expected product releases.
Windows Server 2022 is currently in the release stage (RTM), which means the finished bits have been handed over to hardware manufacturers for integration work, ahead of any hardware product releases.
Microsoft Evaluation Center preview and RTM release of Windows Server 2022 announced back on June 1st. In early March, Microsoft announced a preview of the new server to be tested on an Azure virtual machine (VM).
Retail version, editions and installation options
Windows Server 2022 products are expected to be released this year.
Microsoft’s new application server products, such as Exchange Server 2022 and SharePoint Server 2022, will arrive “shortly after” the “general availability” retail version of Windows Server 2022, the conference Q&A explained.
Windows Server 2022 will have a Standard Edition, as well as a Datacenter Edition, plus an Azure Datacenter edition (now in preview). The talk did not detail these products, but a key new feature called “Azure Automanage” with its “hotpatch” capability will require the Azure Datacenter Edition.
Microsoft plans to release the Azure Datacenter Edition of Windows Server 2022 for Azure subscribers using Azure VMs, as well as organizations using Azure Stack HCI, Microsoft’s hyperconverged infrastructure product for on-premises installation. customer. Azure Stack HCI, requiring server hardware built by Microsoft’s hardware partners, was released in December.
âWe will be making Windows Server Azure Edition virtual machines available first on the Azure public cloud, and then on Azure Stack HCI 21 H2 in the coming months,â Nick Washburn, Microsoft program manager, told the conference.
Windows Server 2022 products will have “both Core and Desktop installation options for all editions,” the Q&A says. Core is the small footprint headless installation option that is optimal for remote management and automation. The Desktop option installs the server with a graphical user interface, which is traditional but is considered problematic for organizations that perform large-scale automations.
It will be possible to perform an “in-place upgrade” from the current Windows Server 2019 Datacenter product to the new Windows Server 2022 Datacenter Azure Edition product. However, as of now, Microsoft has not released the media to realize it, according to the Q&A. An in-place upgrade replaces bits in an operating system with new ones. Under this scheme, IT professionals do not have to first erase the old operating system and then “cleanly install” the new operating system, so that upgrades on site are considered to save time.
Azure Automanage and Hotpatch
Azure Self-manage, currently previewed, is a service for automating management tasks, including patching through its hotpatch functionality. Windows and Linux virtual machines hosted on the Microsoft Azure datacenter infrastructure can be managed using Azure Automanage.
Windows Server 2022 Azure Datacenter Edition will be required to use Azure Automanage and Hotpatch solutions. In addition, “the Azure edition will only be supported on Azure (either Azure IaaS or Azure Stack HCI),” Microsoft said during the question-and-answer session.
However, when asked if Azure Automanage and its patching capability could be used with Windows Server installed on a customer’s premises, Microsoft said “it’s on our impending roadmap.”
It will be possible to use Azure Automanage with “new and existing Windows Server virtual machines on Azure,” according to Washburn. Azure Automanage manages things like security best practices and virtual machine configuration states, he added:
With Azure Automanage, management best practices, such as Azure Defender Service, and security best practices, such as operating system security baseline, are managed for you. Choose from the available configuration profiles and Automanage takes care of the rest. Finally, Automanage keeps your virtual machines in a good state of configuration by monitoring and correcting drifts, depending on the configuration profile you choose.
The patching capability in Azure Automanage enables IT professionals to apply security updates to virtual machines without rebooting, reducing downtime for applications and services, Washburn added. âUpdates that used to take a few minutes or more now take a few seconds,â he said. Running workloads are not interrupted when patching using the hotpatch feature because the bits are stored in memory, he explained.
Microsoft will initially make the hotpatch feature available to Windows Server 2022 Datacenter Azure Edition users of the Core install option, but support for the Desktop install option is also planned. âRest assured, we’re working hard on this and that will follow later,â Washburn said of desktop patch support.
Blocking of server messages on QUIC
The Server Message Block (SMB) over QUIC feature was not mentioned in Microsoft’s March preview announcement of Windows Server 2022. However, this is now done on the server side after being available in Windows 10 and the browser. Microsoft Edge, according to Ned Pyle, a senior program manager at Microsoft, during the briefing.
Pyle is responsible for overseeing Microsoft’s Windows SMB component. He may also be known for urging organizations to stop using SMB version 1.0, which was targeted by the “WannaCry” wiper malware (NotPetya) in 2017. Surprisingly, Windows Server 2022 will always include SMB v1, according to the Q&A.
Pyle had explained more than a year ago that SMB over QUIC was coming to Windows, Windows Server and the Azure Files service as a replacement for the virtual private network. It relies on User Datagram Protocol (UDP) and Transport Layer Security (TLS) 1.3, rather than TCP / IP and Remote Direct Memory Access (RDMA), and has the effect of ensuring that Internet traffic always remains crypt.
SMB over QUIC can be used “securely over the Internet, securely over untrusted networks, or even inside your own network,” Pyle said. He suggested that SMB over QUIC would open up scenarios for file services, allowing secure connections for mobile users and telecommuters, and not just for Windows users:
So instead of going through TCP port 445, which doesn’t really work on the internet, you’ll go through UDP port 443, which it definitely does. And you will do all your business inside our very secure TLS 1.3 encrypted tunnel. So you can feel both secure and confident that your users will be able to log in, not only from Windows, but from Android, maybe from iOS at some point, from Linux.
Windows Server 2022 has SMB compression capability which can optionally compress files to speed up file transfers. Pyle showed how SMB compression handles a 20 GB file when performing a robocopy surgery.
According to the demo, it took almost three minutes to compress the 20GB file during robocopy operation without SMB compression. With SMB compression enabled, the compression time has been reduced to approximately 30 seconds. These compression benefits also extend to end users accessing a file share through Windows Explorer, Pyle said.
TLS 1.3, AES-256 encryption and secure core
Windows Server 2022 will use the latest security protocols including HTTPS and TLS 1.3 by default. The server will have TLS 1.0 and TLS 1.1 disabled by default.
âWindows Server 2022 will also have TLS 1.0 and 1.1 disabled by default to help drive adoption of the latest secure connectivity standards, and we want to make sure bad actors won’t be able to see what you’re transmitting over the network,â Nazmus said. Sakib, senior program manager at Microsoft, during the interview.
However, Microsoft added during the question-and-answer session that TLS 1.2 “is still here and will totally work” if organizations have applications that can’t make the jump.
AES-256 encryption will be used for Server Message Block. Pyle said AES-128 encryption is still good and likely won’t be defeated for decades, but the use of AES-256 encryption will establish a posture of “supreme security for the future.”
Microsoft has also added encryption support for RDMA. The support eliminates a performance issue that organizations may have faced, according to Pyle:
In the past, if you did direct SMB and used SMB as a matrix, we wouldn’t let you encrypt. If you wanted to use encryption, we would let you turn it on and then turn off RDMA. Your performance would be really, really terrible. Now you are going to have the best of both worldsâ¦.
Windows Server 2022 will use Domain Name System (DNS) over HTTPS encryption, known as “DoH,” for DNS queries, according to Sakib.
âWindows Server 2022 will support DNS queries using encryption, especially DNS over HTTPS, which will allow servers to protect their name searches from path tampering,â Sakib said.
Microsoft previewed DNS over HTTPs for Windows 10 about a year ago. This is an Internet Engineering Task Force standard that adds encryption when clients transmit URL requests over the Internet to servers. Without DNS over HTTPS, these requests are transmitted in plain text.
The inclusion of Secured-core features in Windows Server 2022 is a major new security addition, although Secured-core protection for Windows 10 PCs has been available for almost two years. Secure-core technologies add boot-level protections, which can generally be opaque to anti-malware solutions.