Microsoft previews Windows Server 2022: Someone took a spanner to core plumbing features
New Windows Server ahoy - but the company would rather talk about Azure
Ignite Microsoft has released a preview of Windows Server 2022, with "secured core", improved Windows Containers, and MsQuic protocol support in the kernel.
Windows Server can also be deployed using an "as a service" model in the style of Windows 10, though there are important differences. The regularly updated version is simply called Windows Server (plus a release number such as 2004), is in the semi-annual release channel, and requires a subscription licence called Software Assurance, so is not a cheap way to get the latest Windows Server forever.
Each semi-annual channel release is supported for only 18 months. Also, there is no desktop GUI for the semi-annual channel, only the stripped-down Server Core option, or Nano Server for containers. Given the above limitations, it is the traditional long-term support versions of Windows Server, like Server 2022, that are likely to be used for non-ephemeral installations.
Windows Server 2022 looks much like Windows 10; all the interesting changes are in core plumbing features
Windows Server 2022 will be generally available later this year. It features what Microsoft has called "secured core," a term it has already used for Windows 10 PCs. Secured core uses Trusted Platform Module (TPM) 2.0 for a hardware root of trust; Credential Guard, which stores secrets using virtualization for an isolated process; and Hypervisor-Protected Code Integrity (HVCI), which verifies kernel code before execution (again using virtualisation) to isolate the verification code.
SMB over QUIC, AES-256 encryption
Microsoft's MsQuic protocol is in the kernel, an implementation of the QUIC transport protocol used both for HTTP/3 internet calls and file transfer over SMB (Server Message Block, used for Windows networking).
SMB also now supports AES-256 encryption. Microsoft claims to have improved network performance in Server 2022. UDP (User Datagram Protocol) performance is improved by offloading more work to the network card hardware and by using UDP Receive Side Coalescing (RSC), which combines multiple packets into one. RSC was previously only used for TCP packets.
According to Microsoft's Principal Program Manager Ned Pyle, SMB over QUIC will allow "mobile users, hybrid users, travelling internet users, instead of using a VPN, [to] tunnel SMB traffic over the QUIC protocol which is a UDP, TLS, highly secure, easily firewall-traversing protocol… but still get the SMB goodness of mapping drives, it won’t change a bit."
Microsoft has improved hybrid on-premises/Azure cloud capabilities in this release, including upgraded storage migration services, for moving data between servers, that support target servers using Azure File Sync. Azure File Sync lets admins over-provision local storage, moving seldom used files to Azure Files storage automatically.
There are also upgrades to Windows Containers, including up to 20 per cent smaller image service and the ability to use Group Managed Services Accounts (gMSA) with Azure Active Directory, without domain joining the container host to Azure AD. The idea is to allow Windows containers to run on Kubernetes with better performance and fewer limitations.
The preferred administration tool for Windows Server is now the browser-based Windows Admin Center (WAC). Running the old Server Manager, a traditional desktop application, brings up a prompt urging admins to try WAC instead. WAC is also available in the Azure portal. Azure Arc is a service enabling admins to manage Windows Server on-premises from Azure.
The latest WAC uses HTTP/2 for improved performance. Azure File Sync, we are promised, is a "much more reliable experience."
The security section of WAC now shows the status of Secured Core features. There are additional features available for users of Azure Stack HCI, on-premises hardware managed through Azure and paid for by subscription.
Microsoft's platform is still built largely on Windows Server, despite the fact that Azure now runs more Linux VMs than Windows. However, a new release of Windows Server though is no longer the big news it once was, with the company preferring to talk up its Azure cloud; and many of the new features are designed to integrate with Azure or (like the improved Windows containers) to run on Azure.
Despite that, the company has been consistent in delivering new Windows Server releases every three years or so, and continues to make progress on its goals of easier administration, removing reliance on the server desktop GUI, and stripping down the operating system so that most features are optional components. ®