Microsoft released a preview of Windows Server 2022, with “protected core,” improved Windows Containers, and MsQuic protocol support in the kernel.
Windows Server can also be deployed using an “as a service” model in the style of Windows 10, although there are important differences. The regularly updated version is simply called Windows Server (plus a release number like 2004), is located in the semiannual release channel and requires a subscription license called Software Assurance, so it’s not a cheap way to get the latest Windows Server forever.
Each half-yearly channel release is supported for only 18 months. There is also no desktop GUI for the half-yearly channel, just the stripped-down Server Core option or Nano Server for containers. Given the limitations above, it is likely to be the traditional long-term support versions of Windows Server, such as Server 2022, which are likely to be used for non-ephemeral installations.
Windows Server 2022 will be generally available later this year. It contains what Microsoft has called “protected core,” a term it has already used for PCs running Windows 10. Secure Core uses Trusted Platform Module (TPM) 2.0 for a hardware root of trust; Credential Guard, which stores secrets using virtualization for an isolated process; and Hypervisor-Protected Code Integrity (HVCI), which verifies the kernel code before it runs (again using virtualization) to isolate the authentication code.
SMB on QUIC, AES-256 encoding
Microsoft’s MsQuic protocol is in the kernel, an implementation of the QUIC transport protocol used for both HTTP/3 Internet calls and file transfer via Server Message Block (SMB), used for Windows networks.
SMB now also supports AES-256 encryption. Microsoft claims to have improved network performance in Server 2022. User Datagram Protocol (UDP) performance is improved by moving more work to the network card hardware and by using UDP Receive Side Coalescing (RSC), which combines multiple packages into one. Previously, RSC was only used for TCP packages.
According to Ned Pyle, Microsoft’s chief program manager, SMB on QUIC “will allow mobile users, hybrid users, traveling Internet users, instead of using a VPN, to tunnel SMB traffic through the QUIC protocol that a UDP, TLS, is very secure. , easy firewall-traversing protocol … but still get the SMB goodness of mapping drives, it won’t change a bit.”
In this release, Microsoft has improved hybrid on-premise/Azure cloud capabilities, including upgraded storage migration services for moving data between servers that support target servers using Azure File Sync. Azure File Sync allows administrators to provision local storage too much and automatically move rarely used files to Azure Files storage.
There are also upgrades for Windows Containers, including up to 20 percent smaller image service and the ability to use Group Managed Services Accounts (gMSA) with Azure Active Directory, without a domain joining the container host with Azure AD. The idea is to run Windows containers on Kubernetes with better performance and fewer restrictions.
The recommended management tool for Windows Server is now the browser-based Windows Admin Center (WAC). If you run the old Server Manager, a traditional desktop application, a prompt appears urging administrators to try WAC instead. WAC is also available in the Azure portal. Azure Arc is a service that allows administrators to manage Windows Server on-premises from Azure.
The latest WAC uses HTTP/2 for improved performance. Azure File Sync, we are promised, is a “much more reliable experience”.
The security section of WAC now shows the status of Secured Core features. Additional features are available for Azure Stack HCI users, on-premises hardware that is managed through Azure and paid for.
Microsoft’s platform is still largely built on Windows Server, despite the fact that Azure now runs more Linux VMs than Windows. However, a new release of Windows Server is no longer the big news it once was, and the company prefers to talk about its Azure cloud; and many of the new features are designed to integrate with Azure or (like the improved Windows containers) to run on Azure.
Nevertheless, the company has been consistent in delivering new Windows Server releases every three years or so, and continues to make progress in easier management, removing the desktop GUI dependency on the server, and removing the operating system so that most features are optional components.