- Restrict installation of (USB) devices using Group Policy - Mon, Sep 13 2021
- Windows Server 2022: Comparison of editions and features - Tue, Sep 7 2021
- Microsoft will not release a free Hyper-V Server 2022 - Mon, Sep 6 2021
In the preview phase, Microsoft particularly emphasized the new features for improving security. These implement the concept of Secured-core Server, which is based on a combination of hardware (TPM), firmware, and drivers. The related features can be configured in the Windows Admin Center (WAC).
As a further innovation, the manufacturer announced that HTTPS and TLS 1.3 would be enabled by default. Also, part of the new OS is Secure DNS (DNS over HTTPS), which will be included in Windows 10 21H2 and Windows 11 as well.
The current group policy templates already ship with a setting to configure the feature.
Enhancements to Server Message Block ^
Server 2022 also improves signing and encryption for the SMB protocol, where two more secure algorithms are now available (AES-256-GCM and AES-256-CCM). AES-128 will still be supported for backward compatibility.
In addition, SMB encryption and signing can be configured separately for communication between the nodes of a cluster ("east–west"). This affects both Cluster Shared Volumes (CSV) and Storage Spaces Direct.
These security features are now also compatible with SMB Direct, whereas in previous versions of Windows Server, they caused performance degradation with RDMA NICs.
Another new feature is the ability to compress SMB traffic. In Windows 10, since release 20H2, SMB compression could be enabled for xcopy and robocopy with separate switches for these programs. In Server 2022, this feature can now be enabled for file shares in general via either the Windows Admin Center or PowerShell.
Another new feature for accessing file shares is support for SMB over QUIC. The QUIC protocol can be used as an alternative to TCP, and in combination with TLS 1.3, it can also be used to replace VPNs. However, this feature is only available in Windows Server 2022 Datacenter: Azure Edition.
The SMB configuration section of Windows Admin Center doesn't contain settings for SMB over QUIC when connected to Server 2022 Datacenter
Strangely, the call to Get-SmbServerConfiguration returns the value $true for the property EnableSMBQUIC, even in the Datacenter Edition.
With hotpatching, Microsoft reserves another interesting new feature for Azure. It allows updates to be applied without having to restart the server. Windows Server 2022 uses the Azure service Automanage for this.
In addition to new options for hybrid configurations (such as managing on-prem servers via Azure Arc) and expanded support for containers, Windows Server 2022 also offers some progress that is more in line with the conventional use of the system.
Nested virtualization for AMD ^
This includes support for nested virtualization on AMD processors, which has been available for Intel CPUs since Windows Server 2016.
In terms of CPU support, version 2022 can also take advantage of Intel Ice Lake processors. On this platform, it can address up to 48 TB of RAM and provide up to 2048 logical processor cores.
Edge is included in Server Core ^
With the end of support for Internet Explorer on June 15, 2022, Microsoft Edge will replace the outdated browser on the server as well. Edge is thus included in Server 2022 and can also be used with the Server Core installation option. This configuration has already been supported, but there were some hurdles for manual installation.
Improvement for Storage Spaces Direct ^
For running hyperconverged infrastructures, all future innovations will go into Azure Stack HCI; however, Windows Server will continue to benefit from improvements to existing features.
This is now reflected in Server 2022, which still lacks advanced features such as stretched clusters, but has been given a new repair option for Storage Spaces Direct ("Adjustable Storage Repair Speed"). Admins can use this to control how many resources they want to allocate for repairing data copies or active workloads.
Other storage innovations ^
While Storage Spaces Direct combines the local storage of the cluster nodes into a storage pool, Storage Spaces only manages the drives of a single server. This feature also received an update in Windows Server 2022. It now offers storage tiering, which can use fast media, such as SSDs or NVMe, for caching.
Finally, in Server 2022, Microsoft has extended the Storage Migration Service introduced with the 2019 release. It was originally intended to move file shares from legacy systems to a newer Windows Server. It now supports failover clusters, Samba servers, and NetApp FAS as sources, and it also migrates local users and groups.
Windows Server 2022 does not introduce any new roles or features, but it does improve a number of existing functions and protocols. Some of the new features will benefit server security.
Overall, however, it is obvious that Windows Server is losing relevance. This is reflected not only in the fewer innovations but also in reserving new functions for hyperconvergence to Azure Stack HCI.
Subscribe to 4sysops newsletter!
The on-prem server is even deprived of improvements in genuine OS features such as hotpatching or SMB over QUIC. To get them, you have to run Server 2022 in Azure.