Barely a month ago, Microsoft launched their new server operating system, Windows Server 2022 and did so without much fanfare. In fact, the launch was initially silent, followed by a few online events. This is far from Microsoft’s usual approach when launching a new version of Windows, which normally involves a tour around multiple countries. Perhaps it’s because of the current pandemic or a change in marketing strategy, but I’m personally hoping that we will see them return to the road in the future.
But I digress. Let’s take a look at what we’re really going to talk about today.
Today, we are going to carry out a brief assessment of the new operating system for Windows servers: Windows Server 2022. We’ll take a look at all the new features of the various editions, focusing on security, functionalities, appearance and services.
We will try to do this in a concise way, going into more detail where necessary perhaps in future articles.
Editions of Windows Server 2022:
This new version of Windows Server provides three different editions: the classic “Standard Edition”, “Datacenter Edition” and a new one, the “Azure Edition”. Below is a brief summary of what each one has to offer, particularly the new Azure Edition.
- Windows Server 2022 Standard Edition: For many years now, this has been the main server operating system, being ideal to install for the majority of roles and services that a business might need, although with the classic limitation of a single licenced virtual machine on Hyper-V. Ideal as a web server, database server or Active Directory. The limitation on virtual machines makes it best suited for physical or less virtual environments.
- Windows Server 2022 Datacenter Edition: This is the ideal edition for private or hybrid cloud environments. It allows a single server to host multiple licensed servers, although it will be limited by the number of licensed processors and cores. It features some improvements with respect to the Standard edition, such as Software-defined networking (SDN), which is really useful for creating a consistent virtual environment.
- Windows Server 2022 Datacenter Azure Edition: This is a new edition that is specially designed to provide compatibility with Microsoft’s public cloud by extending some of its features to work in a native way, both on Azure and on a physical environment. It also boasts another feature that I want to highlight, which has been demanded by systems administrators for a long time – Hotpatching – which allows you to install system patches without having to restart the system. Furthermore, the extended capabilities include some integrated within the Windows Admin Center, such as AKS (Azure Kubernetes Services), Azure Monitor or Azure Security Center.
To help you clearly see the differences, here is a comparison between the different editions and their features.
System Appearance:
In some previous editions, we were presented with a significant change to the appearance of Windows Server. Unlike the radical change to the new version of the Windows desktop operating system (Windows 11), this is not the case with Windows Server 2022. Judging Windows Server 2022 by its appearance during installation and our first minutes of use, you could easily be fooled into thinking that you were using Windows Server 2019 or even 2016. There are no huge differences here.
When we dive below the surface, we find that there are more new additions to services, menus or consoles than there were changes to the appearance of Windows desktop. These are the differences that you don’t see, whether on the desktop, the server admin console or other relevant consoles.
Image: Windows Server 2022 Desktop
New Features (Windows Server 2022):
It’s important to point out that, although there are many new features, they are not all available for every edition. Some of them are only available with Datacenter or Azure Datacenter, meaning that some of the new features for the Standard edition are less exciting.
Let’s begin by saying that the new capability to apply updates without needing to restart the system, called Azure Automanage, is only available on Windows Server 2022: Azure Datacenter, which means that many of us will not get to use it, at least not until it is added to other editions.
However, looking at other features, the storage migration service in this new version has significantly improved. Now, it is possible to carry out migrations from more locations than in previous versions, both to Windows Server and the Microsoft cloud. Some of the improvements to storage migration include:
- Migration of local users and groups.
- Different types of cluster migration.
- Samba migration from GNU/Linux to Windows Server.
- Simplified migrations to Azure.
- Real-time SMB compression when transferring data on the network.
The storage bus cache on independent servers improves read and write speeds. Similarly, the new functionalities include faster direct storage by levels, using SSD and NVMe for rapid access in the form of cache while using slower HDD disks for definitive or deep storage.
Furthermore, storage improvements also include a new feature, Storage Spaces, designed to improve resynchronisation by assigning resources solely dedicated to this task while designating other resources to actively improve performance.
With regard to communications, there is also a significant improvement in terms of performance in the management of TCP and UDP packets or the use of virtual commutators on Microsoft Hyper-V. This new version of Windows uses HyStart++ to manage TCP packets, reducing packet loss at the start of communication, and RACK to reduce the RTO. In the case of UDP, it uses the QUIC protocol to significantly improve UDP performance. It includes USO to route part of the CPU packets across the network, working alongside UDP RSC to reduce the processing cost of UDP packets.
Looking at network improvements, the Hyper-V virtual commutators have been improved using RSC, which fuses packets together, resulting in less CPU usage and improved processing performance.
With respect to virtualisation, we also find that it has now finally been added for AMD processors. Since Windows Server 2016, virtualisation was only available for Intel processors.
Finally, we come to the new features with regard to Azure hybrid environments. Windows Server 2022 allows the integration of Windows with Azure Arc, which allows us to work in a native way on multi-cloud environments, being able to manage virtual machines and servers from Azure as if they were just another cloud resource.
And obviously, add to this the aforementioned Automanage, allowing us to update the system while it is running.
Security Improvements:
For many years, Microsoft has made security one of its top priorities, possibly due to the common perception that the security of Microsoft systems was no better than other freeware options. This emphasis on security can be clearly seen in the design of Windows Server 2022 since it is where we find the most improvements.
In this new version, we have a new level of core protection, protecting the system against some of the most sophisticated attacks currently being used. This represents an enhancement of the security improvements made to Windows 10 and Windows Server 2016 and is part of Microsoft’s strategy to “change the rules of the game by doing away with the playbooks most commonly used by attackers”.
Alongside this, we also have a small change to the Windows Admin Center, which in this version, allows us to monitor the security status of the core.
Furthermore, there are improvements to TPM 2.0 to provide secure storage both for keys and sensitive data, which amongst other things, boosts the security of the protection provided by BitLocker.
Other key improvements have been made to Virtualization-based Security (VBS) and Hyper-V Code Integrity (HVCI). VBS uses hardware virtualisation to create and isolate a secure part of the memory from the rest of the system memory and that way protect data. This enables the use of Credential Guard for storing user credentials in a virtual container. HVCI reinforces the application of code integration instructions through VBS, preventing, for example, an unsigned driver from being loaded on the system and exploiting associated vulnerabilities.
Up until now, the firmware was relatively unprotected and could be attacked. Now, it enjoys a certain level of protection through the use of DRTM, which will monitor and measure its behaviour at all times. The use of DMA also makes it possible to isolate controller access to the memory.
With regard to network connectivity, we have the following list of improvements:
- Improvements to the transport layer, where HTTPS and TLS1.3 are enabled by default.
- Encrypted DNS requests over HTTPS.
- Possibility of using AES-256 on SMB.
- SMB encryption for internal communication of the cluster.
- Direct SMB with RDMA for direct storage spaces and Hyper-V.
- SMB over QUIC.
Image: Installation of Windows Server 2022
Conclusions:
Just three weeks after launch, it’s still early to know whether this is a good operating system. Much more time will be needed to test it thoroughly and so far, there are not enough reports about problems, bugs, etc. However, there are several things that I like about Windows Server 2022:
There is no great change in the way that this server is managed or operates with respect to previous versions. This is a continuation of previous systems, which is great for systems administrators.
Some of the new features of this new version of Windows Server are really useful and its integration with the Microsoft cloud is also a big leap, to say nothing about the great advantage of not having to restart the system when applying patches…
I can also confirm that, after having been performing tests for a few days, this system feels quite good with respect to performance. I have tried it on two environments. Firstly, on a second-generation virtual machine on Hyper-V on Windows 11, and secondly on the Jotelulu cloud, where it provided a good user experience.
However, there will be much to discover about Windows Server 2022, and you can be sure of more articles on this topic to come in the future.