When configuring your server, your choice of operating system is a big deal – it needs to work with the apps your projects use. If you’re an old hand at developing, chances are you already have a go-to OS when it comes to Windows vs Linux. But even if you know Windows is your OS of choice, the next big question is, which version do you use?
Unless you’ve been on a remote island somewhere, it’s safe to assume that if you’ve heard about (and even read about) the all-new Windows Server 2022 release. It builds on Windows Server 2019, bringing more features to the table.
These updates focus on things like advanced security, secure connectivity and application platform. Let’s take a look…
Windows Server 2022: Improved security
Microsoft has always taken security seriously when it comes to their operating systems. They’ve consistently put it front and centre of their releases and, with cyber attacks increasing from 2020 - 2021, it’s not hard to see why.
With secured-core server as the main concept, Windows Server 2022 is no different, stuffed with 3 major security enhancements:
- Firmware protection
- Hardware root-of-trust
- Virtualisation-based security
Secured-core server adds an extra layer of protection by combining operating system software defences with the hardware protection in the server. It’s built for simplified security, advanced protection and preventative defence.
Firmware protection
Firmware executes with high privileges so it’s pretty standard for it to be invisible to antivirus software. With this, it’s no surprise that firmware-based attacks are on the rise. But, secured-core server is here to save the day! It uses Dynamic Root of Trust for Measurement technology to support the measurement and verification of boot processes as well as Direct Memory Access (DMA) protection for the isolation of driver access to memory.
Hardware root-of-trust
If you use features like BitLocker driver encryption then you’ll be happy to hear that with Windows Server 2022, the protection it provides gets an extra boost. This is all possible thanks to Trusted Platform Module 2.0 (TPM 2.0) secure crypto-processor chips. These provide a secure, hardware-based store for sensitive info like cryptographic keys and data. TPM 2.0 verifies that your server only runs known and trusted code, protecting it from rootkits and bootkits.
Virtualisation-based security
With support for virtualisation-based security (VBS), there’s extra protection against a whole class of vulnerabilities used in cryptocurrency mining attacks. It uses hardware virtualisation to create an isolated region of memory, separate from the operating system. That way, in the event of a cyberattack, it won’t spread to the whole system, avoiding your entire server being compromised.
Windows Server 2022: Secure connectivity
Data transfer is part of day-to-day server life and it goes without saying that it needs to be done securely. The good news is that one of the dramatic improvements that have come along with Windows Server 2022 is secure connectivity, incorporating several network security features.
HTTPS with TLS 1.3 by default
The latest version of the internet’s most deployed protocol, TLS 1.3 uses encryption to create a secure communication channel. And now it’s enabled by default on Windows Server 2022, along with HTTPS! This keeps web-based communications protected from MITM attacks and keeps data safe from prying eyes while in transit.
Server Message Block improvements
An old friend to anyone who’s familiar with Windows Server, Server Message Block sees some of its biggest improvements with Windows Server 2022. It now has support for both AES-256-GCM and AES-256-CCM encryption.
And a new feature that’s got us excited is SMB over QUIC. An update of the SMB 3.1.1 protocol, SMB over QUIC introduces an alternative to the TCP network. This new feature offers a way for remote workers, mobile users and high-security organisations to securely access file servers without the need for a VPN. Using UDP (Use Datagram Protocol) makes sure that traffic always remains encrypted.
Application platform
Windows Server 2022 is also packed with some platform improvements for Windows Containers, including enhanced support for using Windows containers with Kubernetes. This experience is also simplified with new support for host-process containers for node configuration and IPv6.
Plus, reducing the Windows Container image size by up to 40% brings another major upgrade in performance – happy days!
Network performance
With UDP Segmentation Offload (USO), most of the work required to send UDP packets are moved from the CPU to the network adapter’s specialised hardware. Plus UDP sees a boost in performance with the QUIC protocol built on top, bringing it up to a level that’s pretty much even with TCP. And speaking of TCP, that also gets an upgrade using TCP HyStart++ to reduce packet loss during connections and RACK to reduce Retransmit TimeOuts.
The different Windows Server 2022 editions
Four editions of the new server have been released: essential, standard, data centre and more recently, the Azure data centre. We’re going to run through what you can expect from each edition and the differences between them.
Windows server 2022 Essential Edition
If you have a small business or organisation, this edition is perfect. It supports only 25 users, with just 50 devices, so it really can only be used by smaller teams. There is also no dashboard with this edition – so keep this in mind.
Windows Server 2022 Standard Edition
The basis of the Windows server 2022 is the standard edition. There are two options to choose from, a single licence option or the replica storage option. Within the standard edition, certain features such as software defined networking and hot patching are not available.
Windows Server 2022 Data Centre Edition
With this edition, you will receive a lot more features than you would with the standard edition. The Windows server 2022 data centre comes equipped with protected virtual machines, which protects the firmware of the server.
There are two integrated functions within this edition: software-defined storage and storage replication. Now, the first is all about scalability and managing the amount of servers and storage, the second allows data replication and prevents data losses.
Windows Server 2022 Azure Data Centre Edition
The Azure edition of the new and improved Windows server can also be very beneficial if you are using a cloud server. The Windows Server 2022 Data Centre: Azure Edition is especially designed for users to make the most of their virtual machines and to lessen the time spent updating.
Purely designed for the Microsoft Azure platform, this edition has even more impressive features. For instance, hot patching can be used here, and allows the user to begin updates without having to restart the server. Windows 2022 Azure Edition is known for its high security, improved performance and extra features due to its Azure Stack Hyper-Converged Infrastructure OS.
That’s not all…
Nested virtualisation for AMD processors
Windows Server 2022 brings with it support for nested virtualisation using AMD processors. It means that you can run Hyper-V inside of a Hyper-V VM so there’s more flexibility for your environment.
Improvements to Hyper-V virtual switches
The hypervisor can merge packets and processes into one larger segment with updated Receive Segment Coalescing (RSC). Now CPU cycles are reduced and segments will stay integrated across the whole data path. That means more performance boosts for both network traffic via NIC from an external host and traffic between virtual NICs on the same host.
We’ve covered some of the main features of Windows Server 2022 but we've barely scratched the surface. There’s so much more that this release offers and luckily Microsoft have outlined everything there is to know in their Windows Server 2022 overview.
Looking for more server talk? We have a load of articles in the Server section of our blog! From Windows Server 2019 to building highly-available web applications on our cloud platform, there’s plenty to get stuck into. Or, if you'd like to get your own server going, talk to our sales team.