What’s new in Windows Server 2022

What’s new in Windows Server 2022
  • Article
  • 11 minutes to check out

Applies to: Windows Server 2022

This post explains a few of the brand-new functions in Windows Server2022 Windows Server 2022 is developed on the strong structure of Windows Server 2019 and brings lots of developments on 3 essential styles: security, Azure hybrid combination and management, and application platform. Windows Server 2022 Datacenter: Azure Edition assists you utilize the advantages of cloud to keep your VMs up to date while reducing downtime.

Security

The brand-new security abilities in Windows Server 2022 integrate other security abilities in Windows Server throughout several locations to supply defense-in-depth defense versus sophisticated hazards. Advanced multi-layer security in Windows Server 2022 supplies the detailed security that servers require today.

Secured-core server

Certified Secured-core server hardware from an OEM partner supplies extra security defenses that work versus advanced attacks. This can offer increased guarantee when managing objective vital information in a few of the most information delicate markets. A Secured-core server utilizes hardware, firmware, and motorist abilities to make it possible for sophisticated Windows Server security functions. A lot of these functions are offered in Windows Secured-core PCs and are now likewise readily available with Secured-core server hardware and Windows Server2022 For additional information about Secured-core server, see Secured-core server

Hardware root-of-trust

Trusted Platform Module 2.0 (TPM 2.0) safe and secure crypto-processor chips offer a protected, hardware-based shop for delicate cryptographic secrets and information, consisting of systems stability measurements. TPM 2.0 can validate that the server has actually been begun with genuine code and can be relied on by subsequent code execution. This is referred to as a hardware root-of-trust and is utilized by functions such as BitLocker drive file encryption

Firmware defense

Firmware performs with high advantages and is frequently undetectable to conventional anti-virus services, which has actually resulted in an increase in the variety of firmware-based attacks. Secured-core server processors support measurement and confirmation of boot procedures with Dynamic Root of Trust for Measurement (DRTM) innovation and seclusion of motorist access to memory with Direct Memory Access (DMA) defense

UEFI safe and secure boot

UEFI safe boot is a security requirement that safeguards your servers from harmful rootkits. Protected boot guarantees the server boots just firmware and software application relied on by the hardware maker. When the server is begun, the firmware checks the signature of each boot part consisting of firmware motorists and the OS. If the signatures stand, the server boots and the firmware provides control to the OS.

Virtualization-based security (VBS)

Secured-core servers support virtualization-based security (VBS) and hypervisor-based code stability (HVCI). VBS utilizes hardware virtualization includes to develop and separate a protected area of memory from the regular os, safeguarding versus a whole class of vulnerabilities utilized in cryptocurrency mining attacks. VBS likewise enables using Credential Guard, where user qualifications and tricks are kept in a virtual container that the os can not access straight.

HVCI utilizes VBS to substantially reinforce code stability policy enforcement, consisting of kernel mode stability that examines all kernel mode chauffeurs and binaries in a virtualized environment prior to they are begun, avoiding anonymous chauffeurs or system files from being filled into system memory.

Kernel Data Protection (KDP) offers read-only memory defense of kernel memory consisting of non-executable information where memory pages are secured by Hypervisor. KDP secures crucial structures in the Windows Defender System Guard runtime from being tampered.

Secure connection

Transport: HTTPS and TLS 1.3 made it possible for by default on Windows Server 2022

Secure connections are at the heart these days’s interconnected systems. Transportation Layer Security (TLS) 1.3 is the most recent variation of the web’s most released security procedure, which secures information to supply a safe interaction channel in between 2 endpoints. HTTPS and TLS 1.3 is now made it possible for by default on Windows Server 2022, securing the information of customers linking to the server. It gets rid of outdated cryptographic algorithms, boosts security over older variations, and intends to secure as much of the handshake as possible. Discover more about supported TLS variations and about supported cipher suites

Although TLS 1.3 in the procedure layer is now made it possible for by default, applications and services likewise require to actively support it. Please see paperwork for those applications and services for more details. The Microsoft Security blog site has more information in the post Taking Transport Layer Security (TLS) to the next level with TLS 1.3

Secure DNS: Encrypted DNS name resolution demands with DNS-over-HTTPS

DNS Client in Windows Server 2022 now supports DNS-over-HTTPS (DoH) which secures DNS questions utilizing the HTTPS procedure. This assists keep your traffic as personal as possible by avoiding eavesdropping and your DNS information being controlled. Discover more about setting up the DNS customer to utilize DoH

Server Message Block (SMB): SMB AES-256 file encryption for the most security mindful

Windows Server now supports AES-256- GCM and AES-256- CCM cryptographic suites for SMB file encryption. Windows will immediately negotiate this advanced cipher approach when linking to another computer system that likewise supports it, and it can likewise be mandated through Group Policy. Windows Server still supports AES-128 for down-level compatibility. AES-128- GMAC signing now likewise speeds up finalizing efficiency.

SMB: East-West SMB file encryption manages for internal cluster interactions

Windows Server failover clusters now support granular control of securing and signing intra-node storage interactions for Cluster Shared Volumes (CSV) and the storage bus layer (SBL). This suggests that when utilizing Storage Spaces Direct, you can choose to secure or sign east-west interactions within the cluster itself for greater security.

SMB Direct and RDMA file encryption

SMB Direct and RDMA supply high bandwidth, low latency networking material for work like Storage Spaces Direct, Storage Replica, Hyper-V, Scale-out File Server, and SQL Server. SMB Direct in Windows Server 2022 now supports file encryption. Formerly, making it possible for SMB file encryption handicapped direct information positioning; this was deliberate, however seriously affected efficiency. Now information is secured prior to information positioning, resulting in far less efficiency deterioration while including AES-128 and AES-256 safeguarded package personal privacy.

More details on SMB file encryption, signing velocity, safe RDMA, and cluster assistance can be discovered at SMB security improvements

SMB over QUIC

SMB over QUIC updates the SMB 3.1.1 procedure in Windows Server 2022 Datacenter: Azure Edition and supported Windows customers to utilize the QUIC procedure rather of TCP. By utilizing SMB over QUIC in addition to TLS 1.3, users and applications can firmly and dependably gain access to information from edge file servers running in Azure. Mobile and telecommuter users no longer require a VPN to access their file servers over SMB when on Windows. More info can be discovered at the SMB over QUIC paperwork

Azure hybrid abilities

You can increase your performance and dexterity with integrated hybrid abilities in Windows Server 2022 that permit you to extend your information centers to Azure more quickly than ever in the past.

Azure Arc made it possible for Windows Servers

Azure Arc allowed servers with Windows Server 2022 brings on-premises and multi-cloud Windows Servers to Azure with Azure Arc. This management experience is created to be constant with how you handle native Azure virtual devices. When a hybrid device is linked to Azure, it ends up being a linked maker and is dealt with as a resource in Azure. More details can be discovered at the Azure Arc allows servers paperwork

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: