This article provides an overview of the latest enhancements in Windows Server 2022. Windows Server 2022 builds upon the robust foundation of Windows Server 2019 and introduces numerous innovations across three primary areas: security, Azure hybrid integration and management, and the application platform.
Azure Edition
Windows Server 2022 Data-center: Azure Edition offers a way to harness the advantages of the cloud, ensuring your virtual machines (VMs) stay current with minimal downtime. This section highlights some of the novel features in Windows Server 2022 Data-center: Azure Edition. For further insights into how Azure Auto-manage for Windows Server brings these capabilities to Windows Server Azure Edition, refer to the Azure Automanage for Windows Server services article.
Windows Server 2022 Data-center: Azure Edition extends the capabilities of the Data-center Edition, providing a VM-exclusive operating system designed to leverage cloud benefits. It introduces advanced features such as SMB over QUIC, Hot-patch, and Azure Extended Networking. This section provides details on several of these new features.
You can explore the differences between the various editions of Windows Server 2022 and learn more about how Azure Automanage for Windows Server extends these capabilities to Windows Server Azure Edition by referring to the Azure Automanage for Windows Server services article.
April 2023 – Hotpatching
Windows Server 2022 Datacenter: Azure Edition now offers Hotpatching as a public preview for the Desktop Experience, both within Azure and as a supported guest VM on Azure Stack HCI version 22H2.
September 2022 – Cumulative Update
This section outlines the features and enhancements available in Windows Server Datacenter: Azure Edition beginning with the 2022-09 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5017381). After installing the Cumulative Update, the OS build number will be 20348.1070 or higher.
Storage Replica Compression for Data Transfer
This update introduces Storage Replica compression for data transmitted between source and destination servers. This innovative functionality compresses replication data at the source system, reducing network packets, enhancing throughput, and minimizing network usage. This improvement is particularly valuable in scenarios like disaster recovery, where swift synchronization is critical.
New Storage Replica PowerShell parameters have been added to existing commands; you can find more details in the Windows PowerShell StorageReplica reference. For comprehensive information on Storage Replica, consult the Storage Replica overview.
Support for Azure Stack HCI
With this release, you can run Windows Server 2022 Datacenter: Azure Edition as a supported guest VM on Azure Stack HCI version 22H2. This integration allows you to leverage all existing features, including Hotpatch for Server Core and SMB over QUIC, at your datacenter and edge locations.
To begin deploying Windows Server 2022 Datacenter: Azure Edition, you can use the Azure Marketplace on Arc-enabled Azure Stack HCI or an ISO image available for download:
Your Azure subscription grants you the permission to use Windows Server Datacenter: Azure Edition on virtual machine instances running on Azure Stack HCI. For further details, refer to your product terms.
For information on the latest Azure Stack HCI features, explore our “What’s new in Azure Stack HCI, version 22H2” article.
Deploy from Azure Marketplace on Arc-enabled Azure Stack HCI (preview)
Windows Server 2022 Datacenter: Azure Edition images will be readily available in the Azure Marketplace for Arc-enabled Azure Stack HCI, simplifying the process of trying, purchasing, and deploying using Azure-certified images.
To learn more about the Azure Marketplace integration for Azure Arc-enabled Azure Stack HCI features, review our “What’s new in Azure Stack HCI, version 22H2” article.
Azure Edition (initial release)
This section highlights the features and improvements introduced in Windows Server Datacenter: Azure Edition with its initial release in September 2021.
Azure Automanage – Hotpatch
Hotpatching, a component of Azure Automanage, offers a novel approach to installing updates on new Windows Server Azure Edition virtual machines (VMs) without necessitating a reboot following installation. You can find further information in the Azure Automanage documentation.
SMB over QUIC
SMB over QUIC updates the SMB 3.1.1 protocol, replacing TCP with the QUIC protocol in Windows Server 2022 Datacenter: Azure Edition, Windows 11, and later versions, and third-party clients that support it. By employing SMB over QUIC in conjunction with TLS 1.3, users and applications can securely and reliably access data from Azure-based edge file servers. This eliminates the need for a VPN for mobile and telecommuter users when accessing SMB file servers on Windows. Additional details can be found in the SMB over QUIC documentation and SMB over QUIC management with Automanage machine best practices. For a deeper dive into QUIC, review RFC 9000.
Extended Network for Azure
Azure Extended Network enables you to extend an on-premises subnet into Azure, allowing on-premises virtual machines to retain their original private IP addresses when migrating to Azure. To learn more, refer to the Azure Extended Network documentation.
All Editions
This section outlines some of the new features in Windows Server 2022, applicable across all editions. For a detailed comparison of the various editions, consult the “Comparison of Standard, Datacenter, and Datacenter: Azure Edition” article for Windows Server 2022.
Security
Windows Server 2022 introduces an array of new security capabilities, combining existing security features across multiple areas to deliver comprehensive defense-in-depth protection against advanced threats. Advanced multi-layer security in Windows Server 2022 ensures that servers are well-protected.
Secured-core Server
Certified Secured-core server hardware, developed in collaboration with OEM partners, offers enhanced security protections against sophisticated attacks. These servers are particularly valuable in data-sensitive industries, employing hardware, firmware, and driver capabilities to enable advanced Windows Server security features. Many of these features, previously available on Windows Secured-core PCs, are now accessible with Secured-core server hardware in Windows Server 2022. For a deeper understanding of Secured-core server capabilities, explore the Secured-core server documentation.
Hardware Root-of-Trust
Trusted Platform Module 2.0 (TPM 2.0) secure crypto-processor chips, used in features like BitLocker drive encryption, provide a secure, hardware-based repository for sensitive cryptographic keys and data, including systems integrity measurements. TPM 2.0 plays a crucial role in verifying that the server has been initiated with legitimate code, establishing a hardware root-of-trust.
Firmware Protection
Firmware operates with elevated privileges and is often hidden from traditional antivirus solutions, making it susceptible to firmware-based attacks. Secured-core servers employ Dynamic Root of Trust for Measurement (DRTM) technology to measure and verify boot processes. These servers also isolate driver access to memory with Direct Memory Access (DMA) protection.
UEFI Secure Boot
UEFI secure boot is a security standard that safeguards servers against malicious rootkits. It ensures that the server only boots firmware and software trusted by the hardware manufacturer. When the server initiates, the firmware validates the signature of each boot component, including firmware drivers and the OS. If the signatures are valid, the server boots, and control is handed over to the OS.
Virtualization-based Security (VBS)
Secured-core servers support virtualization-based security (VBS) and hypervisor-based code integrity (HVCI). VBS employs hardware virtualization features to create a secure memory region isolated from the regular operating system, guarding against vulnerabilities frequently exploited in cryptocurrency mining attacks. VBS also facilitates Credential Guard, storing user credentials and secrets in a virtual container inaccessible to the operating system.
HVCI leverages VBS to significantly enhance code integrity policy enforcement. Kernel mode integrity prevents unsigned kernel mode drivers or system files from loading into system memory. Kernel Data Protection (KDP) offers read-only memory protection for kernel memory containing non-executable data, securing key structures within the Windows Defender System Guard runtime. This safeguards against tampering with these structures.
Secure Connectivity
Secure connections are essential in today’s interconnected systems. Windows Server 2022 enables Transport Layer Security (TLS) 1.3 and HTTPS by default, enhancing data security for clients connecting to the server. TLS 1.3 eliminates obsolete cryptographic algorithms, strengthens security, and aims to encrypt as much of the handshake process as possible.
While TLS 1.3 is enabled in the protocol layer by default, applications and services also need to actively support it. Further details can be found in the Microsoft Security blog post on Taking Transport Layer Security (TLS) to the next level with TLS 1.3.
Secure DNS: Encrypted DNS Name Resolution Requests with DNS-over-HTTPS
Windows Server 2022’s DNS Client now supports DNS-over-HTTPS (DoH), encrypting DNS queries using the HTTPS protocol. DoH enhances privacy by preventing eavesdropping and manipulation of DNS data. For guidance on configuring the DNS client to utilize DoH, refer to the relevant documentation.
Server Message Block (SMB): SMB AES-256 Encryption
Windows Server now offers support for AES-256-GCM and AES-256-CCM cryptographic suites for SMB encryption. The server can automatically negotiate advanced cipher methods when connecting to other compatible systems, and these can also be mandated through Group Policy. While AES-128 is still supported for compatibility, AES-128-GMAC signing accelerates signing performance.
SMB: East-West SMB Encryption Controls
Windows Server failover clusters now provide granular control over encrypting and signing intra-node storage communications for Cluster Shared Volumes (CSV) and the storage bus layer (SBL). When utilizing Storage Spaces Direct, you can decide whether to encrypt or sign east-west communications within the cluster for enhanced security.
SMB Direct and RDMA Encryption
SMB Direct and Remote Direct Memory Access (RDMA) offer high bandwidth, low latency networking for various workloads. In Windows Server 2022, SMB Direct now supports encryption, enhancing data security. Unlike previous implementations where enabling SMB encryption disabled direct data placement, data is now encrypted before placement, resulting in minimal performance impact while adding AES-128 and AES-256 protected packet privacy. For more information on these enhancements, refer to the SMB security enhancements documentation.
Azure Hybrid Capabilities
Windows Server 2022 introduces built-in hybrid capabilities to enhance efficiency and agility, facilitating data center extension to Azure.
Azure Arc Enabled Windows Servers
Azure Arc enabled servers with Windows Server 2022 enable the integration of on-premises and multicloud Windows Servers with Azure Arc. This management experience aligns with the management of native Azure virtual machines, allowing hybrid machines to become connected resources in Azure. Detailed information can be found in the Azure Arc enables servers documentation.
Windows Admin Center
Windows Admin Center has been improved to manage Windows Server 2022 more effectively. It now enables reporting on the current status of Secured-core features and, where applicable, allows customers to enable these features. Further details can be found in the Windows Admin Center documentation.
Application Platform
Windows Server 2022 brings several platform enhancements for Windows Containers, including improved application compatibility and the Windows Container experience with Kubernetes.
Some of the key features include:
- Reduced Windows Container image size by up to 40%, resulting in a 30% faster startup time and improved performance.
- Applications can now utilize Azure Active Directory with group Managed Services Accounts (gMSA) without requiring domain joining of the container host. Windows Containers now also support Microsoft Distributed Transaction Control (MSDTC) and Microsoft Message Queuing (MSMQ).
- Simple buses can now be assigned to process-isolated Windows Server containers, allowing applications running in containers to communicate over SPI, I2C, GPIO, and UART/COM.
- Support for hardware acceleration of DirectX APIs in Windows containers, enabling scenarios such as Machine Learning (ML) inference using local GPU hardware.
- Enhancements for Windows Container integration with Kubernetes, including support for host-process containers for node configuration, IPv6, and consistent network policy implementation with Calico.
- Windows Admin Center has been updated to facilitate containerization of .NET applications. Once containerized, these applications can be hosted on Azure Container Registry and deployed to other Azure services, including Azure Kubernetes Service.
- Windows Server 2022 supports business-critical and large-scale applications that require up to 48 TB of memory and 2,048 logical cores running on 64 physical sockets. Confidential computing with Intel Secured Guard Extension (SGX) on Intel Ice Lake enhances application security by isolating applications from each other with protected memory. For further insights into these features, refer to the “What’s new for Windows containers in Windows Server 2022” article.
Other Key Features
Task Scheduler and Hyper-V Manager for Server Core Installations
This version introduces two management tools, Task Scheduler (taskschd.msc) and Hyper-V Manager (virtmgmt.msc), to the App Compatibility Feature on Demand feature package for Server Core installations. For more details, consult the Server Core App Compatibility Feature on Demand (FOD) documentation.
Nested Virtualization for AMD Processors
Windows Server 2022 adds support for nested virtualization using AMD processors, allowing Hyper-V to run inside a Hyper-V virtual machine (VM). This broadens the hardware options available for your environments. Further information can be found in the nested virtualization documentation.
Microsoft Edge Browser
Microsoft Edge is now included with Windows Server 2022, replacing Internet Explorer. Built on the Chromium open-source project and backed by Microsoft’s security and innovation, Microsoft Edge is compatible with the Server with Desktop Experience installation options. Detailed guidance can be found in the Microsoft Edge Enterprise documentation. Note that Microsoft Edge follows the Modern Lifecycle for its support lifecycle.
Networking Performance
UDP Performance Improvements
UDP is gaining popularity as a protocol for carrying network traffic, especially with the rise of RTP and custom UDP-based streaming and gaming protocols. Windows Server 2022 introduces UDP Segmentation Offload (USO), which offloads most of the work required to send UDP packets from the CPU to the network adapter’s specialized hardware. UDP Receive Side Coalescing (UDP RSC) coalesces packets and reduces CPU usage for UDP processing. Windows Server 2022 also includes numerous improvements to the UDP data path, enhancing both transmit and receive performance.
TCP Performance Improvements
Windows Server 2022 utilizes TCP HyStart++ to reduce packet loss during connection start-up, particularly in high-speed networks, and RACK to reduce Retransmit TimeOuts (RTO). These features, enabled in the transport stack by default, provide a smoother network data flow and improved performance at high speeds.
Hyper-V Virtual Switch Improvements
Hyper-V virtual switches have been enhanced with updated Receive Segment Coalescing (RSC), allowing the network to coalesce packets and process them as larger segments. This reduces CPU cycles and keeps segments coalesced throughout the data path until they are processed by the intended application, resulting in improved performance for network traffic from external hosts received by virtual NICs and between virtual NICs on the same host.
System Insights Disk Anomaly Detection
System Insights, accessible via Windows Admin Center, introduces disk anomaly detection as a new capability. Disk anomaly detection highlights instances where disks behave differently than usual, aiding in troubleshooting system issues. This capability is also available for servers running Windows Server 2019.
Windows Update Rollback Improvements
Windows Servers can now automatically recover from startup failures caused by recent driver or quality Windows Updates. If a device fails to start after recent driver or quality updates, Windows will automatically uninstall those updates to restore normal operation. This functionality is available for servers using the Server Core installation option with a Windows Recovery Environment partition.
Storage
Storage Migration Service
Enhancements to the Storage Migration Service in Windows Server 2022 simplify storage migration from various source locations to Windows Server or Azure. Key features include the ability to migrate local users and groups, migrate storage between failover clusters or standalone servers and failover clusters, migrate storage from Linux servers using Samba, synchronize migrated shares into Azure with Azure File Sync, migrate to new networks like Azure, and migrate NetApp CIFS servers from NetApp FAS arrays to Windows servers and clusters.
Adjustable Storage Repair Speed
User-adjustable storage repair speed is a new feature in Storage Spaces Direct that provides more control over the data resynchronization process. This feature allows allocation of resources for either repairing data copies (resiliency) or running active workloads (performance), improving availability and flexibility in servicing clusters.
Faster Repair and Resynchronization
Storage repair and resynchronization, following events such as node reboots or disk failures, are now twice as fast in Windows Server 2022. Repairs exhibit less variance in time taken due to enhanced data tracking granularity, and repairs now only move the necessary data, reducing resource utilization and time required.
Storage Bus Cache with Storage Spaces on Standalone Servers
Storage bus cache is now available for standalone servers, significantly improving read and write performance while maintaining storage efficiency and operational cost-effectiveness. This feature combines faster media (e.g., NVMe or SSD) with slower media (e.g., HDD) to create tiers, reserving a portion of the faster media tier for caching. For further details, consult the documentation on enabling storage bus cache with Storage Spaces on standalone servers.
ReFS File-Level Snapshots
Microsoft’s Resilient File System (ReFS) now supports file-level snapshots through a quick metadata operation. Snapshots, unlike ReFS block cloning, are read-only and offer constant-time performance regardless of file size. This capability is particularly valuable for virtual machine backup scenarios involving VHD/VHDX files. For snapshot support, refer to ReFSUtil or the associated API.
SMB Compression
Enhancements to SMB in Windows Server 2022 and Windows 11 enable users or applications to compress files during network transfer, eliminating the need for manual zipping and facilitating faster transfers, especially on slower or congested networks. Detailed information can be found in the SMB Compression documentation.
Consult with and IT expert click here
