What’s new in Windows Server 2022

What’s new in Windows Server 2022
  • Article
  • 11 minutes to check out

Applies to: Windows Server 2022

This post explains a few of the brand-new functions in Windows Server2022 Windows Server 2022 is constructed on the strong structure of Windows Server 2019 and brings lots of developments on 3 essential styles: security, Azure hybrid combination and management, and application platform. Windows Server 2022 Datacenter: Azure Edition assists you utilize the advantages of cloud to keep your VMs up to date while decreasing downtime.

Security

The brand-new security abilities in Windows Server 2022 integrate other security abilities in Windows Server throughout numerous locations to offer defense-in-depth security versus sophisticated dangers. Advanced multi-layer security in Windows Server 2022 supplies the extensive security that servers require today.

Secured-core server

Certified Secured-core server hardware from an OEM partner offers extra security defenses that work versus advanced attacks. This can offer increased guarantee when dealing with objective important information in a few of the most information delicate markets. A Secured-core server utilizes hardware, firmware, and motorist abilities to allow innovative Windows Server security functions. A lot of these functions are offered in Windows Secured-core PCs and are now likewise offered with Secured-core server hardware and Windows Server2022 For additional information about Secured-core server, see Secured-core server

Hardware root-of-trust

Trusted Platform Module 2.0 (TPM 2.0) safe and secure crypto-processor chips offer a safe and secure, hardware-based shop for delicate cryptographic secrets and information, consisting of systems stability measurements. TPM 2.0 can validate that the server has actually been begun with genuine code and can be relied on by subsequent code execution. This is referred to as a hardware root-of-trust and is utilized by functions such as BitLocker drive file encryption

Firmware defense

Firmware performs with high opportunities and is frequently unnoticeable to standard anti-virus options, which has actually resulted in an increase in the variety of firmware-based attacks. Secured-core server processors support measurement and confirmation of boot procedures with Dynamic Root of Trust for Measurement (DRTM) innovation and seclusion of chauffeur access to memory with Direct Memory Access (DMA) security

UEFI safe boot

UEFI safe and secure boot is a security requirement that safeguards your servers from destructive rootkits. Safe boot guarantees the server boots just firmware and software application relied on by the hardware maker. When the server is begun, the firmware checks the signature of each boot part consisting of firmware motorists and the OS. If the signatures stand, the server boots and the firmware offers control to the OS.

Virtualization-based security (VBS)

Secured-core servers support virtualization-based security (VBS) and hypervisor-based code stability (HVCI). VBS utilizes hardware virtualization includes to produce and separate a safe and secure area of memory from the regular os, safeguarding versus a whole class of vulnerabilities utilized in cryptocurrency mining attacks. VBS likewise enables using Credential Guard, where user qualifications and tricks are kept in a virtual container that the os can not access straight.

HVCI utilizes VBS to considerably reinforce code stability policy enforcement, consisting of kernel mode stability that examines all kernel mode chauffeurs and binaries in a virtualized environment prior to they are begun, avoiding anonymous motorists or system files from being packed into system memory.

Kernel Data Protection (KDP) supplies read-only memory defense of kernel memory including non-executable information where memory pages are safeguarded by Hypervisor. KDP secures essential structures in the Windows Defender System Guard runtime from being tampered.

Secure connection

Transport: HTTPS and TLS 1.3 allowed by default on Windows Server 2022

Secure connections are at the heart these days’s interconnected systems. Transportation Layer Security (TLS) 1.3 is the most recent variation of the web’s most released security procedure, which secures information to supply a safe interaction channel in between 2 endpoints. HTTPS and TLS 1.3 is now allowed by default on Windows Server 2022, securing the information of customers linking to the server. It gets rid of outdated cryptographic algorithms, improves security over older variations, and intends to secure as much of the handshake as possible. Discover more about supported TLS variations and about supported cipher suites

Although TLS 1.3 in the procedure layer is now allowed by default, applications and services likewise require to actively support it. Please see documents for those applications and services to find out more. The Microsoft Security blog site has more information in the post Taking Transport Layer Security (TLS) to the next level with TLS 1.3

Secure DNS: Encrypted DNS name resolution demands with DNS-over-HTTPS

DNS Client in Windows Server 2022 now supports DNS-over-HTTPS (DoH) which secures DNS questions utilizing the HTTPS procedure. This assists keep your traffic as personal as possible by avoiding eavesdropping and your DNS information being controlled. Find out more about setting up the DNS customer to utilize DoH

Server Message Block (SMB): SMB AES-256 file encryption for the most security mindful

Windows Server now supports AES-256- GCM and AES-256- CCM cryptographic suites for SMB file encryption. Windows will immediately negotiate this advanced cipher approach when linking to another computer system that likewise supports it, and it can likewise be mandated through Group Policy. Windows Server still supports AES-128 for down-level compatibility. AES-128- GMAC signing now likewise speeds up finalizing efficiency.

SMB: East-West SMB file encryption manages for internal cluster interactions

Windows Server failover clusters now support granular control of securing and signing intra-node storage interactions for Cluster Shared Volumes (CSV) and the storage bus layer (SBL). This suggests that when utilizing Storage Spaces Direct, you can choose to secure or sign east-west interactions within the cluster itself for greater security.

SMB Direct and RDMA file encryption

SMB Direct and RDMA supply high bandwidth, low latency networking material for work like Storage Spaces Direct, Storage Replica, Hyper-V, Scale-out File Server, and SQL Server. SMB Direct in Windows Server 2022 now supports file encryption. Formerly, making it possible for SMB file encryption handicapped direct information positioning; this was deliberate, however seriously affected efficiency. Now information is secured prior to information positioning, causing far less efficiency deterioration while including AES-128 and AES-256 secured package personal privacy.

More info on SMB file encryption, signing velocity, safe RDMA, and cluster assistance can be discovered at SMB security improvements

SMB over QUIC

SMB over QUIC updates the SMB 3.1.1 procedure in Windows Server 2022 Datacenter: Azure Edition and supported Windows customers to utilize the QUIC procedure rather of TCP. By utilizing SMB over QUIC in addition to TLS 1.3, users and applications can safely and dependably gain access to information from edge file servers running in Azure. Mobile and telecommuter users no longer require a VPN to access their file servers over SMB when on Windows. More details can be discovered at the SMB over QUIC paperwork

Azure hybrid abilities

You can increase your performance and dexterity with integrated hybrid abilities in Windows Server 2022 that permit you to extend your information centers to Azure more quickly than ever in the past.

Azure Arc allowed Windows Servers

Azure Arc allowed servers with Windows Server 2022 brings on-premises and multi-cloud Windows Servers to Azure with Azure Arc. This management experience is created to be constant with how you handle native Azure virtual devices. When a hybrid device is linked to Azure, it ends up being a linked device and is dealt with as a resource in Azure. More info can be discovered at the Azure Arc allows servers paperwork

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: