What you need to change on your file server with Windows Server 2022

Image: Adobe Stock

While much of the story around Windows Server 2022 is about its role as a key part of Microsoft’s hybrid cloud strategy, this is a release that hasn’t forgotten its roots. Behind improvements to management tools and integration with Azure services is the same familiar file server that’s been running offices around the world since the 1990s.

While file and print services remain essential for many Windows Server installations in SMBs, the environment in which users work has changed dramatically. Security remains key, but there are other changes as larger and larger files are moved over faster and faster networks. Legacy protocols and services are being phased out, with the original SMB 1 protocol now consigned to history (or at best a manually enabled compatibility mode) and supporting the latest networking hardware.

This means that when you upgrade, it’s worth setting your systems to the latest version to get the most out of your server investment with a wide selection of new file and storage updates. While up-to-date Windows 10 and 11 clients will automatically connect to servers using the latest protocols and file services, upgrading Windows Server defaults to previous settings will help maintain compatibility.

SEE: Windows 11 cheat sheet: Everything you need to know (TechRepublic)

Windows Server 2022 brings numerous security enhancements to the platform, leveraging hardware support for virtualization and a hardware root of trust to provide a secure back-end server. These technologies aim to protect not only the Windows kernel and memory, but also all system drivers and firmware, including network cards and storage.

End-to-end file security

This approach extends to securing basic network functionality. For applications that use HTTPS for file transfer, the Windows Server 2022 system will default to TLS 1.3. This removes old, outdated and insecure encryption algorithms, helping to ensure that any end-to-end encryption is less likely to be broken. It may also require some apps to be upgraded, as older versions may not support newer encryption techniques. Although Windows Server will fall back to older TLS implementations if necessary, this adds risk.

Apart from HTTPS, Microsoft has improved SMB’s built-in encryption tool. SMB encryption can be enabled for all shares or only for users to be protected. Additionally, SMB 3.1.1 can be as strong as AES-256, although most connections will still use AES-128.

In addition to protecting data in transit, using encrypted SMB reduces the risk of advanced persistent threats using eavesdropping attacks to determine what data to extract from systems. It is even possible to encrypt data transfers within a cluster for added security when sharing storage to create a high availability storage platform.

Those who use SMB Direct over RDMA to speed up data transmission can now use it with encrypted SMB, where previously it had too much overhead and disabled direct placement, which slowed connections. Now, Windows Server will encrypt data before it is sent to network hardware, minimizing overhead and allowing users to take full advantage of the speedup associated with direct network card memory access.

Compress files on the go

Perhaps the most useful feature is SMB compression. This helps users get the most out of relatively low-bandwidth networks, especially over Wi-Fi. Although this increases CPU usage, it is not significant compared to the time saved when moving large files.

It is useful to use in all cases, even on fast uncongested networks, where it reduces the risk of congestion and allows other protocols and services to operate more efficiently. As a bonus, SMB Compression honors encryption settings and works over QUIC (Quick UDP Internet Connection). However, this won’t work with SMB Direct, so it’s not possible to get a double performance boost.

Although SMB over QUIC is important, it is only available in the Datacenter edition when running in Azure. Intended to provide secure VPN-free connectivity to edge hardware, Windows 11 support lets you host your own file servers in Azure or Azure Stack and connect directly from Windows PCs, wherever they are. are found. Removing the need to use a VPN simplifies the process, but you must ensure that you have set the SMB mapping for the share in question in order to use QUIC.

SEE: Must-have resources for safe and secure cloud storage (TechRepublic)

Getting started with SMB Compression is quite simple, using Windows Admin Center. When connected to a Windows Server 2022 system, simply navigate to the Files and File Sharing menu item, select File Shares, and then add Compress Data to existing or new shares. You can also use PowerShell to quickly add compression support to a share, automating the process by first getting the names of all the shares and then setting the appropriate state to True. Similar scripts can be used on Windows 11 client PCs to ensure they negotiate SMB compression with any Windows Server 2022 system, enabling it every time they connect to the network.

Helpfully, Microsoft has added SMB compression support to Robocopy and Xcopy, allowing users to move large files, such as virtual disks or databases between servers. The same tools could be used to reduce traffic on leased line connections to disaster recovery sites, either in remote data centers or through VPNs and into Azure. Not all files will be compressed; the algorithm used by Windows checks if the file is compressible before executing. This means that complex files that can’t be compressed won’t, while ramdisks and the like will end up being relatively small files.

Make storage more reliable

Other storage upgrades to Windows Server 2022 make running Storage Spaces more reliable. You can now control the speed of repair, providing a balance between resiliency and performance. This is tied to faster and more predictable repair times, helping users balance service levels and planned outages while ensuring they can still access files and applications.

Additionally, improvements have been made to ReFS, with new snapshot tools that make it easier to create read-only snapshots of a file. This approach speeds up the creation of regular VM backups.

Quality, fast, and reliable storage remains a priority for most data centers, and it’s good to see Microsoft addressing this issue in the latest versions of Windows Server 2022. Improvements to file networking are a side of the coin and storage management the other. This results in improvements in file transfer and system recovery, which should help organizations feel more confident about keeping data on-premises with remote users as often as they are in the office.

Comments are closed.