- How to install Group Policy ADMX templates for OneDrive - Mon, Mar 27 2023
- How to change the PowerShell prompt - Wed, Mar 22 2023
- Trim characters from strings in PowerShell - Tue, Mar 14 2023
In the preview phase, Microsoft particularly emphasized the new features for improving security. These implement the concept of Secured-core Server, which is based on a combination of hardware (TPM), firmware, and drivers. The related features can be configured in the Windows Admin Center (WAC).
The functions that Microsoft combines for Secured core Server can be configured via the WAC
As a further innovation, the manufacturer announced that HTTPS and TLS 1.3 would be enabled by default. Also, part of the new OS is Secure DNS (DNS over HTTPS), which will be included in Windows 10 21H2 and Windows 11 as well.
The current group policy templates already ship with a setting to configure the feature.
Group policy for the configuration of DNS over HTTPS
Enhancements to Server Message Block
Server 2022 also improves signing and encryption for the SMB protocol, where two more secure algorithms are now available (AES-256-GCM and AES-256-CCM). AES-128 will still be supported for backward compatibility.
Signatures for SMB connections can now be generated using the AES 256 algorithms
In addition, SMB encryption and signing can be configured separately for communication between the nodes of a cluster ("east–west"). This affects both Cluster Shared Volumes (CSV) and Storage Spaces Direct.
These security features are now also compatible with SMB Direct, whereas in previous versions of Windows Server, they caused performance degradation with RDMA NICs.
Another new feature is the ability to compress SMB traffic. In Windows 10, since release 20H2, SMB compression could be enabled for xcopy and robocopy with separate switches for these programs. In Server 2022, this feature can now be enabled for file shares in general via either the Windows Admin Center or PowerShell.
SMB compression is no longer limited to xcopy and robocopy in Server 2022
Another new feature for accessing file shares is support for SMB over QUIC. The QUIC protocol can be used as an alternative to TCP, and in combination with TLS 1.3, it can also be used to replace VPNs. However, this feature is only available in Windows Server 2022 Datacenter: Azure Edition.
The SMB configuration section of Windows Admin Center doesnt contain settings for SMB over QUIC when connected to Server 2022 Datacenter
The SMB configuration section of Windows Admin Center doesn't contain settings for SMB over QUIC when connected to Server 2022 Datacenter
Strangely, the call to Get-SmbServerConfiguration returns the value $true for the property EnableSMBQUIC, even in the Datacenter Edition.
With hotpatching, Microsoft reserves another interesting new feature for Azure. It allows updates to be applied without having to restart the server. Windows Server 2022 uses the Azure service Automanage for this.
In addition to new options for hybrid configurations (such as managing on-prem servers via Azure Arc) and expanded support for containers, Windows Server 2022 also offers some progress that is more in line with the conventional use of the system.
Nested virtualization for AMD
This includes support for nested virtualization on AMD processors, which has been available for Intel CPUs since Windows Server 2016.
In terms of CPU support, version 2022 can also take advantage of Intel Ice Lake processors. On this platform, it can address up to 48 TB of RAM and provide up to 2048 logical processor cores.
Edge is included in Server Core
With the end of support for Internet Explorer on June 15, 2022, Microsoft Edge will replace the outdated browser on the server as well. Edge is thus included in Server 2022 and can also be used with the Server Core installation option. This configuration has already been supported, but there were some hurdles for manual installation.
Microsoft supported the installation of Edge under Server 2019 Core and now the browser is included with 2022
Improvement for Storage Spaces Direct
For running hyperconverged infrastructures, all future innovations will go into Azure Stack HCI; however, Windows Server will continue to benefit from improvements to existing features.
This is now reflected in Server 2022, which still lacks advanced features such as stretched clusters, but has been given a new repair option for Storage Spaces Direct ("Adjustable Storage Repair Speed"). Admins can use this to control how many resources they want to allocate for repairing data copies or active workloads.
Other storage innovations
While Storage Spaces Direct combines the local storage of the cluster nodes into a storage pool, Storage Spaces only manages the drives of a single server. This feature also received an update in Windows Server 2022. It now offers storage tiering, which can use fast media, such as SSDs or NVMe, for caching.
Finally, in Server 2022, Microsoft has extended the Storage Migration Service introduced with the 2019 release. It was originally intended to move file shares from legacy systems to a newer Windows Server. It now supports failover clusters, Samba servers, and NetApp FAS as sources, and it also migrates local users and groups.
Conclusion
Windows Server 2022 does not introduce any new roles or features, but it does improve a number of existing functions and protocols. Some of the new features will benefit server security.
Overall, however, it is obvious that Windows Server is losing relevance. This is reflected not only in the fewer innovations but also in reserving new functions for hyperconvergence to Azure Stack HCI.
Subscribe to 4sysops newsletter!
The on-prem server is even deprived of improvements in genuine OS features such as hotpatching or SMB over QUIC. To get them, you have to run Server 2022 in Azure.
Than k you , but for now , I think I will be stick with the 2019 version