Microsoft previews Windows Server 2022: Someone took a spanner to core plumbing features

New Windows Server ahoy - but the company would rather talk about Azure


Ignite Microsoft has released a preview of Windows Server 2022, with "secured core", improved Windows Containers, and MsQuic protocol support in the kernel.

Windows Server can also be deployed using an "as a service" model in the style of Windows 10, though there are important differences. The regularly updated version is simply called Windows Server (plus a release number such as 2004), is in the semi-annual release channel, and requires a subscription licence called Software Assurance, so is not a cheap way to get the latest Windows Server forever.

Each semi-annual channel release is supported for only 18 months. Also, there is no desktop GUI for the semi-annual channel, only the stripped-down Server Core option, or Nano Server for containers. Given the above limitations, it is the traditional long-term support versions of Windows Server, like Server 2022, that are likely to be used for non-ephemeral installations.

Windows Server 2022 looks much like Windows 10; all the interesting changes are in core plumbing features

Windows Server 2022 looks much like Windows 10; all the interesting changes are in core plumbing features

Windows Server 2022 will be generally available later this year. It features what Microsoft has called "secured core," a term it has already used for Windows 10 PCs. Secured core uses Trusted Platform Module (TPM) 2.0 for a hardware root of trust; Credential Guard, which stores secrets using virtualization for an isolated process; and Hypervisor-Protected Code Integrity (HVCI), which verifies kernel code before execution (again using virtualisation) to isolate the verification code.

SMB over QUIC, AES-256 encryption

Microsoft's MsQuic protocol is in the kernel, an implementation of the QUIC transport protocol used both for HTTP/3 internet calls and file transfer over SMB (Server Message Block, used for Windows networking).

SMB also now supports AES-256 encryption. Microsoft claims to have improved network performance in Server 2022. UDP (User Datagram Protocol) performance is improved by offloading more work to the network card hardware and by using UDP Receive Side Coalescing (RSC), which combines multiple packets into one. RSC was previously only used for TCP packets.

According to Microsoft's Principal Program Manager Ned Pyle, SMB over QUIC will allow "mobile users, hybrid users, travelling internet users, instead of using a VPN, [to] tunnel SMB traffic over the QUIC protocol which is a UDP, TLS, highly secure, easily firewall-traversing protocol… but still get the SMB goodness of mapping drives, it won’t change a bit."

The latest Windows Admin Center: note all the options for Azure integration in the left-hand column

The latest Windows Admin Center: note all the options for Azure integration in the left-hand column

Microsoft has improved hybrid on-premises/Azure cloud capabilities in this release, including upgraded storage migration services, for moving data between servers, that support target servers using Azure File Sync. Azure File Sync lets admins over-provision local storage, moving seldom used files to Azure Files storage automatically.

There are also upgrades to Windows Containers, including up to 20 per cent smaller image service and the ability to use Group Managed Services Accounts (gMSA) with Azure Active Directory, without domain joining the container host to Azure AD. The idea is to allow Windows containers to run on Kubernetes with better performance and fewer limitations.

The preferred administration tool for Windows Server is now the browser-based Windows Admin Center (WAC). Running the old Server Manager, a traditional desktop application, brings up a prompt urging admins to try WAC instead. WAC is also available in the Azure portal. Azure Arc is a service enabling admins to manage Windows Server on-premises from Azure.

The latest WAC uses HTTP/2 for improved performance. Azure File Sync, we are promised, is a "much more reliable experience."

The security section of WAC now shows the status of Secured Core features. There are additional features available for users of Azure Stack HCI, on-premises hardware managed through Azure and paid for by subscription.

Microsoft's platform is still built largely on Windows Server, despite the fact that Azure now runs more Linux VMs than Windows. However, a new release of Windows Server though is no longer the big news it once was, with the company preferring to talk up its Azure cloud; and many of the new features are designed to integrate with Azure or (like the improved Windows containers) to run on Azure.

Despite that, the company has been consistent in delivering new Windows Server releases every three years or so, and continues to make progress on its goals of easier administration, removing reliance on the server desktop GUI, and stripping down the operating system so that most features are optional components. ®


Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022