Microsoft has released a preview of Windows Server 2022, with “secure core”, improved Windows Containers and MsQuic protocol support in the kernel.
Windows Server can also be deployed using an “as a service” model in the style of Windows 10, although there are important differences. The regularly updated version is simply called Windows Server (plus a release number like 2004), is in the biannual release channel, and requires a subscription license called Software Assurance, so it’s not a cheap way to get the latest Windows Server forever.
Each biannual channel release is only supported for 18 months. There is also no desktop GUI for the biannual channel, just the stripped-down Server Core option or Nano Server for containers. Given the above limitations, it is likely that the traditional long-term support versions of Windows Server, such as Server 2022, are likely to be used for non-short-term installations.
Windows Server 2022 will be generally available later this year. It includes what Microsoft has called “secure core,” a term it has already used for PCs running Windows 10. Secure Core uses Trusted Platform Module (TPM) 2.0 for a hardware root of trust; Credential Guard, which stores secrets using virtualization for an isolated process; and Hypervisor-Protected Code Integrity (HVCI), which verifies the kernel code before executing it (again using virtualization) to isolate the verification code.
SMB over QUIC, AES-256 encryption
Microsoft’s MsQuic protocol is in the kernel, an implementation of the QUIC transport protocol used for both HTTP/3 Internet calls and file transfers over SMB (Server Message Block, used for Windows networks).
SMB now also supports AES-256 encryption. Microsoft claims to have improved network performance in Server 2022. UDP (User Datagram Protocol) performance is improved by moving more work to the network card hardware and by using UDP Receive Side Coalescing (RSC), which combines multiple packets into one. RSC was previously only used for TCP packets.
According to Ned Pyle, Microsoft’s lead program manager, SMB over QUIC “will allow mobile users, hybrid users, traveling Internet users, instead of using a VPN, to tunnel SMB traffic through the QUIC protocol which is a UDP, TLS, very secure. , easy firewall traversing protocol … but still get the SMB goodness of mapping drives, it won’t change one bit.”
Microsoft has enhanced hybrid on-premise/Azure cloud capabilities in this release, including upgraded storage migration services for moving data between servers that support target servers using Azure File Sync. Azure File Sync allows administrators to overprovision local storage and automatically move rarely used files to Azure Files storage.
There are also upgrades to Windows Containers, including an up to 20 percent smaller image service and the ability to use Group Managed Services Accounts (gMSA) with Azure Active Directory, without a domain joining the container host to Azure AD. The idea is to run Windows containers on Kubernetes with better performance and fewer restrictions.
The recommended administration tool for Windows Server is now the browser-based Windows Admin Center (WAC). If you run the old Server Manager, a traditional desktop application, a prompt will appear urging administrators to try WAC instead. WAC is also available in the Azure portal. Azure Arc is a service that allows administrators to manage Windows Server on-premises from Azure.
The latest WAC uses HTTP/2 for improved performance. Azure File Sync, we are promised, is a “much more reliable experience”.
The security section of WAC now shows the status of Secured Core features. Additional features are available to users of Azure Stack HCI, on-premises hardware managed through Azure and for which a subscription is charged.
Microsoft’s platform is still largely built on Windows Server, despite the fact that Azure now runs more Linux VMs than Windows. However, a new release of Windows Server is no longer the big news it once was, and the company prefers to talk about its Azure cloud; and many of the new features are designed to integrate with Azure or (like the enhanced Windows containers) to run on Azure.
Despite this, the company has been consistent in providing new Windows Server releases every three years or so, and continues to make strides in simplifying management, removing dependency on the server’s desktop GUI, and removing of the operating system so that most functions are optional components.