Discover the Features of Windows Server 2022
Windows Server 2022 builds upon the strong foundation of its predecessor, Windows Server 2019, and adds more functionality to meet the demands of today’s business environments. This new version focuses on three main areas: security, Azure hybrid integration and management, and application platform capabilities.
It also adds a new edition, Windows Server Datacenter: Azure Edition, that maximizes the benefits of cloud computing by keeping Windows Server virtual machines (VMs) updated without requiring a reboot, thereby reducing downtime. We talk about that and all the key features of Windows Server 2022 in the sections below.
Security Features
Windows Server 2022 puts a lot of emphasis on security. Here, we discuss two areas where the bulk of those new security features can be found.
Secured-Core Server
A recent Security Signals study commissioned by Microsoft shows that firmware attacks are on the rise. These are serious threats because they take over while, or even before, the OS starts, rendering installed security solutions helpless. To mitigate these threats in Windows Server 2022 machines, Microsoft incorporated several security features collectively known as Secured-Core Server. Here are some of them:
- Hardware root of trust. The basic concept of a hardware root of trust is to make use of hardware (in this case, a server’s TPM 2.0 chip) to ensure that the server is started with verified code. The TPM 2.0 chip stores cryptographic keys (e.g., Bitlocker keys) as well as measurements that help determine if elements in the boot up sequence have been subjected to tampering.
- Firmware protection. Windows Defender Secure Guard protects the boot-up process from firmware-level attacks by leveraging an innovative technology called Dynamic Root of Trust for Measurement (DRTM), which allows the system to initially boot up using untrusted code but then launches it into a trusted state shortly after.
- Virtualization-based security (VBS). VBS leverages hardware virtualization to provide an isolated portion of memory for hosting certain security solutions, such as Hypervisor-Enforced Code Integrity (HVCI), and to keep them safe from vulnerabilities in the operating system. If exploited, they can render those security solutions ineffective.
Note: Secured-Core Server features can’t be enabled with the OS alone. It requires the OS (in this case, Windows Server 2022), the firmware, and the hardware to work together. To make this happen, Microsoft partnered with hardware original equipment manufacturers (OEMs) and silicon vendors to take care of the hardware and firmware. So, if you wish to take advantage of these Windows Server 2022 Secured-Core features, you need to purchase physical servers that are Secured-Core certified.
Secure connectivity
As part of day-to-day operations, Windows servers accept connection requests from client devices and other servers frequently. To keep those connections safe from man-in-the-middle (MITM) attacks and other network-based threats, Windows Server 2022 incorporated several network security features.
- HTTPS and TLS 1.3 default connections. Instead of using HTTP, Windows Server 2022 uses the TLS-secured version—HTTPS—by default. This protects web-based connections from MITM attacks and preserves the confidentiality of data while in transit. Not only that, Windows Server 2022 uses the latest version of TLS—TLS 1.3— by default to ensure optimal security for all web-based connections.
- Server Message Block (SMB) security. SMB is a widely used (and often exploited) protocol for file sharing between Windows machines. In this latest version of Windows Server, SMB is more secure than ever. It now supports AES-265 encryption for optimal security in SMB file share connections, East-West encryption for internal cluster communications, and SMB Direct and RDMA encryption. SMB Direct and RDMA are used as high-performance networking fabric for workloads like Storage Spaces Direct, Storage Replica, Hyper-V, Scale-Out File Server, and SQL Server.
- SMB over QUIC. This particular SMB security feature is available in the Windows Server 2022 Datacenter: Azure Edition. Protected by TLS 1.3, SMB over QUIC provides users, as well as client applications, secure access to files on servers hosted in Azure.
Azure Hybrid Features
The popularity of hybrid cloud has never been higher, with 82% of enterprises already having developed a hybrid cloud strategy. To help businesses in their hybrid cloud adoption strategies, Windows Server 2022 provides multiple features (as well as supporting Microsoft tools) that help organizations extend their datacenters to Azure.
Azure Arc-Enabled Windows servers
One of the tools that supports hybrid cloud adoption is Azure Arc, which allows you to manage non-Azure-based physical and virtual servers (e.g., those hosted in your on-premises datacenter or on another cloud provider) alongside Azure-based VMs. Once a machine is connected to Azure via Azure Arc, it can be treated as if it were an Azure-based VM.
That means, for instance, you may apply Azure cloud operations on it. Some of these operations include Azure Policy, Microsoft Defender for Cloud, Azure Automation, Automanage (more on this later), and Azure Monitor, among others. All this simplifies the management of your hybrid cloud infrastructure significantly.
Note: Azure Arc is actually a separate tool from Microsoft but it supports Windows Server 2022.
Windows Admin Center
Another Microsoft tool that helps enable hybrid cloud capabilities for Windows Server 2022 is Windows Admin Center, or WAC. Windows Admin Center is the evolved version of traditional Windows management tools like Server Manager and Microsoft Management Console (MMC) and is used normally to manage non-Azure deployments of Windows Server. Now, Windows Admin Center can be accessed from the Azure Portal and used to manage Azure-based Windows Server instances.
You can use WAC to manage Windows Server certificates, events, files, file sharing, installed apps, roles and features, scheduled tasks, services, storage, etc. You can also use it to enable Secured-Core security features for your managed Windows Server 2022 instances easily.
Azure Automanage Hotpatch
Hotpatch, which is part of Azure Automanage, is a nifty feature that enables IT administrators to install updates on certain Windows Server 2022 VMs without requiring a reboot. Not only does this speed up updates considerably, but it also means you can reduce downtimes associated with these updates significantly. Currently, Hotpatch is available only for Windows Server Datacenter: Azure Edition VMs.
Application Platform
Windows Server 2022 brings with it some notable platform improvements for Windows containers. First, it has better application compatibility. For instance, it’s now possible to use Group Managed Service Accounts (gMSA) with Windows containers in Active Directory (AD) authentication without implementing a domain join (a requirement in previous versions). This leads to better scalability when using gMSA in Kubernetes environments.
Speaking of Kubernetes, Windows Server 2022 now boasts a vastly improved Kubernetes experience. It includes multi-subnet support for Windows worker nodes with Calico for Windows and the introduction of a new container type called Hostprocess containers, which enhances the capability of Windows containers to support more Kubernetes cluster management use-cases.
In addition, there’s now IPv6 dual stack support for L2Bridge-based networks. Last but not least, the Server Core image size has been reduced by about 1 GB, which shortens the startup times of containerized applications considerably.
Storage and Network Improvements
With the explosion of data consumption/generation and exchange, storage and network capabilities are crucial in today’s business environments. To help organizations address these developments, Windows Server 2022 comes with multiple storage and network improvements.
Storage improvements
The chart below summarizes the storage improvements in Windows Server 2022.
Feature | Description |
Storage Migration Service | Now easier to migrate storage to Windows Server or Azure, the service can migrate the following: local users and groups, storage to/from failover clusters, from a Linux server that uses Samba, new networks, NetApp CIFS servers from NetApp FAS arrays to Windows servers and clusters, etc. |
Flexible storage repair speed | Gives more flexibility when performing data resync. You can configure storage speed repair settings such that the system allocates more resources to either resyncing and repairing data copies (for more resiliency) or running active workloads (for better performance). |
Storage bus cache | Storage bus cache is now available for standalone servers, which boosts read/write speeds while maintaining cost efficiency. |
SMB compression | This allows users or applications using SMB to compress files during file transfers, speeding up transmission times and decongesting the network. |
Network performance improvements
Windows Server 2022 also includes several network performance improvements, which are summarized in the following chart:
Feature | Description |
User Datagram Protocol (UDP) | A feature known as UDP Segmentation Offload (USO) redirects most of the processing needed for transmitting UDP packets from the CPU to the network adapter. This is augmented by yet another feature called UDP Receive Side Coalescing (UDP RSC), which brings down UDP-related processing in the CPU. |
Transmission Control Protocol (TCP) | Features such as HyStart++ and RACK improve TCP performance at high speeds. The former minimizes packet loss during connection start-up, while the latter reduces Retransmit TimeOuts (RTO), a characteristic inherent to TCP that causes transmission delays. |
Hyper-V | Windows Server 2022 comes with an updated Receive Segment Coalescing (RSC) feature that improves performance of Hyper-V virtual switches when receiving traffic from an external host, when receiving traffic from a virtual network interface card (vNIC), and when receiving traffic from one vNIC to another on the same host. |
Virtualization Features
One more feature worth mentioning is nested virtualization, which allows you to run Hyper-V inside another Hyper-V VM. This can come in handy in certain situations, such as when you want to run an emulator in a VM or when you want to test various configurations that involve multiple hosts.
Windows Server 2022 and Parallels RAS
Parallels® Remote Application Server (RAS) is an all-in-one virtual desktop infrastructure (VDI) solution that enables organizations to deliver applications and virtual desktops to any device, anytime, anywhere.
Applications and virtual desktops delivered via Parallels RAS are not installed on the endpoint device. Rather, they, along with Parallels RAS, are hosted in a central location such as an on-premises datacenter; on a public, private, or hybrid cloud; or on hyperconverged infrastructure (HCI). That makes them easy to manage, configure, secure, patch, and troubleshoot compared to traditional, locally installed applications and desktops.
Parallels RAS supports Windows Server 2022, enabling organizations to take advantage of the powerful new security features, Azure hybrid integration and management, and application platform capabilities of Windows Server 2022 in their VDI environments.
Test drive Parallels RAS for 30 days on Windows Server 2022 to experience the power of VDI!