Windows Server 2022 was released in early September ready to take on production workloads with a host of new features. What’s hot in the latest edition of Windows Server? Let’s take a look.
New network protocols
It’s no surprise that a major focus for Microsoft in Windows Server is performance. Most people using Windows Server are using it to host critical business services and applications that directly support either employees or customers. In either case time is money, and the platform critical systems run on needs to be both stable and efficient.
Microsoft has included some notable networking improvements to Windows Server 2022. For starters, the Quick UDP Internet Connection (QUIC) protocol developed by Google has been added and enhances UDP connections in a number of ways including encryption, reduced latency, connection reuse, version control, and extension frames.
UDP also gets some love in the form of UDP Segmentation Offload (USO) and UDP Receive Side Coalescing (UDP RSC), each of which moves a lot of the work to assemble UDP packets off CPUs and onto network adapters that support the protocols.
Server Message Block (SMB) over QUIC has several potential benefits for corporate networks, but the most intriguing may be its capability as a secure file-access method. SMB over QUIC is tunnelled by TLS 1.3 using port 443 (HTTPS) rather than port 445 (SMB), and all SMB traffic is contained within the tunnel, meaning none of the traffic is exposed to the network. Because of these capabilities, SMB over QUIC is a solid option for mobile users or organisations with heightened security requirements.
TCP connections aren’t left out in the cold by Windows Server 2022. The HyStart++ specification helps reduce packet loss during connection startup, especially in high-speed networks, while RACK detects retry attempts and helps reduce Retry Timeouts (RTO). Both features are enabled by default in Windows Server 2022.
Storage security and performance
Many of Windows Server’s storage improvements focus on security without sacrificing performance. These include AES-256 cryptographic suites for SMB, and encryption for high-performance network-based storage using SMB Direct and RDMA.
These enable encrypted traffic for workloads that require incredibly high performance like Storage Spaces Direct, Hyper-V, and Scale-out File Server, among others. Windows Server Datacenter: Azure Edition even supports SMB over QUIC, bringing the trifecta of security, reliability, and performance.
SMB compression is an additional enhancement. It allows a user, admin, or application to request that files being transferred over the network be compressed in transit, making it unnecessary to manually create a Zip file before transfer.
Compressing and decompressing the files makes a small hit on the CPU performance at both ends, but it’s well worth it, particularly on networks with bandwidth limitations like Wi-Fi or even 1Gbps Ethernet.
Microsoft Server 2022 includes performance improvements for storage, particularly Storage Spaces Direct. Introduced in Windows Server 2016, it brings flexibility for building out high-performing, highly available network-based storage.
One of its key features is synchronisation that enables redundancy and performance optimisation, but until Windows Server 2022 this synchronisation was based on internally calculated priorities. Windows Server 2022 brings the ability to manage the storage-repair speed setting, with five levels that help users choose between prioritising synchronisation or use by active workloads.
The storage-bus cache feature of Storage Spaces allows binding fast storage media like NVMe or SSD drives with slower storage like HDD, greatly improving both read and write performance while keeping costs manageable.
Prior to Windows Server 2022 storage-bus cache was limited to domain-joined servers, but now standalone servers can take advantage of these features. Storage-bus cache supports both read and write caching for systems that don’t require resiliency or as a read cache for systems requiring parity.
Transitioning applications and other corporate resources from legacy systems to new platforms has never been trivial. Virtualisation and containers certainly help alleviate some of the pain, but they only go so far. Storage Migration Service facilitates the streamlined transfer of critical apps and services from source locations to either the Azure cloud or Windows Server.
With Windows Server 2022 additional capabilities and sources are supported including local users and groups, migration from (and to) failover clusters, and even from Samba shares on Linux.
Microsoft is investing heavily in its Azure cloud services, and a big part of that is enticing customers who have been slow to embrace the cloud with new use cases that are too good to pass up. Two examples of this are Azure Arc and Windows Server Admin Center.
While neither is tied directly to a Windows Server version, both provide management capabilities for new Windows Server 2022 features. For example, Windows Server Admin Center version 2110 offers a new security tool that allows users to take advantage of new Secured-core server and Virtualisation-based Security feature.
Azure Automanage is a new, holistic set of management tools primarily geared toward VM’s running on Azure, but since that includes Azure Stack Hyper Converged Infrastructure (HCI) and Azure Arc-enabled servers, it’s fair game for on-premises use.
Azure Automanage applies best-practices to server configuration during the onboarding process including server monitoring, log analysis, anti-malware, update management, and change tracking. Azure Automanage can even be leveraged to install Windows Server Admin Center, though at the moment it doesn’t support Azure Arc-enabled servers.
Azure Automanage handles system updates using Hotpatch, which is a new method for keeping Windows Server Azure Edition VM’s updated while minimising downtime. The Hotpatch system works using three distinct update types, each with their own cadence: Planned Baselines, Unplanned baselines, and hotpatches.
Planned baselines are released on a regular basis (initially this will be every three months) and will include all of the updates contained in the Windows Update Latest Cumulative Update.
Unplanned baselines will only be released on an as-needed basis, such as when a critical update addressing a zero-day vulnerability is released. Both baseline releases will include updates from the Latest Cumulative Update and will require reboot. Hotpatch releases are provided on a more frequent basis and include only those updates which do not require a restart.
True to form, Microsoft’s naming makes things a little confusing, as it uses the term hotpatch for both the overall system that leverages all three update types as well as the specific update type that does not require a restart.
Containers and virtualisation
Virtualisation and container-based apps are focus areas for Windows Server 2022 including some features that lean heavily toward hybrid capabilities with Azure.
One of these is the HostProcess container type for Kubernetes, which is new in Windows Server 2022 but will also be backported to Windows Server 2019. HostProcess containers run directly at the host layer in the same network namespace as the host, with similar access to the host OS as processes running directly on the server.
Because of the level of access that HostProcess containers have to the OS, they can be used for management tasks and DevOps scenarios, taking advantage of both the access and the development and deployment tools inherently offered by containers.
New to Windows Server 2022 is support for nesting virtual machines on AMD processors. Previously, nested virtualisation -- running Hyper-V within a Hyper-V guest -- was limited to Intel processors. Nested virtualisation can be used for a variety of scenarios including packaging and distributing multi-server systems for things like development or training or spinning up virtual machines from backup within isolated environments.
Group Managed Service Accounts (gMSA) aren’t a new concept. In Active Directory, gMSAs provide a secure mechanism for applications, even those distributed across multiple nodes, to access network resources without requiring manual account management like making password changes; instead Active Directory manages the account.
What’s new about gMSA in Windows Server 2022 is that gMSA can be leveraged on hosts not joined to an Active Directory domain. This is done by creating an account in Azure AD, providing the benefits of gMSA by allowing container apps to access resources through the Azure AD account.
There are additional benefits as well: Removing the requirement to domain-join Worker nodes facilitates scalability, and a secret store can be leveraged in order to manage and share credentials between multiple container hosts.