All You Need to Know about Windows Server 2022
Windows Server 2022 has been available to all customers since September 1, 2021. Based on information posted on its lifecycle support page, it already has reached general availability (GA) status as early as August 18, 2021. It features significant improvements in security, hybrid cloud, and scalability capabilities, among others. Should you upgrade to it soon? Well, it depends on your priorities. In this post, we break down what Windows Server 2022 has in store for customers so you can see if an upgrade needs to be moved up your pipeline.
Windows Server 2022 Overview
Windows Server 2022 comes in two main editions—Standard and Datacenter. They share a number of similarities, including key features such as Active Directory Certificate, Domain, and Federation services; Windows containers; and Microsoft Defender (among many others). They also share licensing models such as core-based licensing plus client access license (CAL).
The Datacenter edition is much more expensive, with a current retail price of over $6,000, while the Standard edition is just over $1,000. Standard is targeted at physical or minimally virtualized environments, while Datacenter is for highly virtualized datacenters and cloud environments. The disparity between the two in terms of virtualization support is huge. Standard supports only two virtual machines (VMs), while Datacenter supports an unlimited number.
There’s also an Essentials edition that’s targeted at small businesses. Although it looks like a separate product, it has all the features of the Standard Edition but with some restrictions. Essentials supports only up to 25 users and 50 devices. The good thing is that it’s considerably cheaper (about half the price of Standard) and doesn’t require any CAL.
Last but not the least, there’s Windows Server 2022 Datacenter: Azure Edition. It has all the features of the Datacenter edition plus a combination of Azure and Windows Server functionality. More on this particular edition later.
In the succeeding sections, we’ll talk about the major new features in Windows Server 2022, the benefits they bring, and a few “gotchas” that you probably need to be aware of.
Secured-Core Server
Firmware attacks, which also happen to be the highlight of the Microsoft-commissioned March 2021 Security Signals report, have been getting out of hand. The main goal of a firmware attack is to infect the system with malware before the OS starts. A malware that’s able to infiltrate the system this early in the boot process can have the capability of disabling installed security solutions before they can act.
To counter these threats, Microsoft has taken a more comprehensive approach to security— one that not only protects the software layer but also the firmware and hardware layers. Basically, when a customer purchases a server certified for Secured-Core, that customer has the assurance that the server is completely protected —from the software all the way down to the hardware.
This more comprehensive approach to security makes it more difficult and expensive for threat actors to gain a foothold on a Windows Server-powered system and, therefore, reduces potential downtimes caused by cyberattacks. This new emphasis on firmware/hardware security, which works in tandem with new and existing software security, is dubbed Secured-Core Server and consists of six elements:
- Virtualization-based security (VBS): Employs hardware virtualization to mitigate credential attacks.
- Hypervisor-Protected Code Integrity (HVCI): Works with VBS to prevent Control Flow Guard (CFG) from being tampered with, and validates device drivers’ certificates.
- Boot direct memory access (DMA) protection: Provides protection against attacks carried out via high-speed ports (e.g., FireWire, Thunderbolt, USB 4, PCI, PCI Express) that allow DMA.
- System Guard: Validates the whole boot chain by using Static Root of Trust for Measurement (SRTM). It prevents any unauthorized firmware from loading before the Windows bootloader.
- Secure boot: Ensures that the server boots into a secure environment by ensuring only components digitally signed by trusted entities are loaded in the boot process.
- TPM 2.0: Stores cryptographic keys as well as data of components loaded during boot. Secure boot uses this data as reference during the boot process. Any change in the boot components is taken as a sign of tampering.
While all these new security features combine to provide additional layers of security, there’s a caveat. They can work only if the physical hardware itself supports them. That is, they work only with servers that are Secured-Core certified.
Networking Improvements
Security is a recurring theme throughout Windows Server 2022. Some of the improvements on the networking side deal with security, and some of them can be found in the Server Message Block (SMB) protocol, which now supports AES-256-CGM and AES-256-CCM encryption. This provides optimal data protection against eavesdroppers while the data is in transit. You’re given granular control in setting encryption between nodes in a cluster as well as for inbound/outbound traffic into and from a cluster.
With SMB over QUIC, which is essentially SMB over User Datagram Protocol (UDP) protected by Transport Layer Security (TLS) 1.3, users no longer need to use a virtual private network (VPN) to secure their SMB connections. SMB now also supports AES-128-GMAC acceleration for signing, which allows SMB messages to be checked for tampering. GMAC acceleration improves performance by speeding up that process. SMB over QUIC can be had through the Windows Server 2022 Datacenter: Azure Edition.
Speaking of improved performance, another new feature that does that is SMB compression, which allows file transfers to consume smaller bandwidths. This not only speeds up transmission times but also frees up bandwidth for other connections. SMB compression can be requested by an administrator, user, or application.
Note, however, you can take advantage of all these only if you’re connecting from a Windows 11 client or, for server-to-server transfers, if the two nodes are both running Windows Server 2022.
Scalability Improvements
Scalability has been given a boost, with Windows Server 2022 now able to support 48 TB of memory and 2,048 logical processors. That’s double the maximum RAM (24 TB) and quadruple the maximum logical processors (512) supported in the previous version (Windows Server 2019).
While these scalability improvements might seem pretty awesome, in reality, the large majority of the organizations out there won’t need them. For practicality reasons, these capabilities will only likely be used by very large enterprises that run massive VMs and extremely demanding workloads such as SAP and large data warehouses.
Windows Server 2022 also boasts an improved Kubernetes experience. It now includes multi-subnet support for Windows worker nodes and comes with a new container type, HostProcesses, that supports a wider range of Kubernetes cluster management scenarios. For those unfamiliar with Kubernetes, it is the de-facto platform for orchestrating, managing, and deploying large-scale container environments. Speaking of containers, Windows Server 2022 also introduces a smaller (by 1 GB) Server Core image size. This means containerized applications that use this image can start much faster.
Azure and Hyper-V Advancements
While it’s not really a new feature or improvement in Windows Server 2022, it’s worth noting that Windows Admin Center—which allows administrators to manage Windows Server instances, from versions 2012 to 2022—can now be used natively in the Azure Portal.
In addition, the new Windows Admin Center (WAC) already supports:
- Automatic in-app platform and extension updates. You no longer have to download and install the .msi manually.
- The ability to select virtual switches on the destination when moving a VM from one host or cluster to another.
- The ability to redirect all Windows Admin Center traffic (download extensions, register to Azure, etc.) through a web proxy.
- HTTP/2, which improves performance significantly.
These improvements in Windows Admin Center are worth mentioning because they can simplify the management of your Windows Server 2022 instances and clusters greatly.
Many of the Azure-related improvements in Windows Server 2022 can be found in the Datacenter: Azure Edition. This edition runs on Azure cloud and Azure Stack HCI and contains advanced hybrid and compute features such as Hotpatch, SMB over QUIC, and Azure Extended Networking.
We already touched on SMB over QUIC earlier. Hotpatch is a feature that allows you to update your Windows Server machines without requiring a reboot, while Azure Extended Networking solves the problem of moving on-premises machines to the Azure cloud and keeping the same IP addresses they’re using on-premises.
Microsoft has a bunch of other tools that give you a holistic view and control of your Windows Server 2022 machines, regardless of whether they’re running on-premises or on Azure. To incorporate your on-premises Windows Server machines into the Azure control plane (so you can manage them alongside your Azure-based VMs) you can use Azure Arc. In addition, you can employ Auto Manage to onboard and configure machines automatically, regardless of whether they’re Azure VMs or Azure Arc-enabled machines (running on-premises), to comply with recommended Azure practices as well as your own internal configuration preferences.
For the Hyper-V role in Windows Server 2022, it’s now possible to use PowerShell cmdlets to configure rules for managing VMs that need to run on the same host and those that need to be kept apart. It’s still also possible to use Affinity/AntiAffinity rules for that. But this time, those rules can be managed more efficiently and are now site aware.
Network Performance Improvements for Windows Server 2022
UDP Performance Improvements
Due to the rising popularity of RTP and other bespoke (UDP) streaming and gaming protocols, UDP is quickly becoming a very popular protocol that carries a growing amount of network traffic. UDP’s performance is now on pace with TCP thanks to the QUIC protocol, which is developed on top of UDP. Significantly, UDP Segmentation Offload is included in Windows Server 2022. (USO). The majority of the work needed to deliver UDP packets is moved via USO from the CPU to the hardware-specific network device. UDP Receive Side Coalescing (UDP RSC), which coalesces packets and lowers CPU consumption for UDP processing, complements USO. The UDP data channel has also seen hundreds of enhancements for both transmit and receive. This new feature is present in both Windows Server 2022 and Windows 11.
TCP Performance Improvements
TCP HyStart++ and RACK are used by Windows Server 2022 to decrease packet loss during connection establishment (particularly in high-speed networks) (RTO). These characteristics, which are by default enabled in the transport stack, offer a higher performance at high speeds and a smoother network data flow. This new feature is present in both Windows Server 2022 and Windows 11.
Hyper-V Virtual Switch Improvements
Updated Receive Segment Coalescing has improved virtual switches in Hyper-V. (RSC). Due to this, packets can be combined and processed by the hypervisor network as a single, bigger segment. CPU time is cut down, and segments stay coalesced throughout the whole data stream until the designated application processes them. This translates to better performance for network traffic flowing from a virtual NIC to another virtual NIC on the same host as well as from a virtual NIC to an external host.
Parallels RAS and Windows Server 2022
Parallels® Remote Application Server (RAS) supports Windows Server 2022 with its version 18.3 release. This allows businesses to take advantage of the latest features of Windows Server 2022 when delivering virtual applications and desktops through Parallels RAS.
Parallels RAS is an all-in-one virtual desktop infrastructure (VDI) solution that delivers applications and virtual desktops to any device, anytime, anywhere.
Parallels RAS has superior security capabilities, starting from its centralized architecture—which keeps applications and data secure even if the endpoint device they’re running on is stolen—to its full range of security features that includes SSL/TLS, FIPS 140-2 encryption, multi-factor authentication, and many others. It aligns perfectly with the Windows Server 2022 emphasis on security.
Try Parallels RAS now, and take advantage of Windows Server 2022 capabilities when delivering virtual applications and desktops.