Following are some of the important new features of Windows Server 2022.
Secured-core Server provides security at the root level of the Server hardware/software by highly improving security of the Hardware, Firmware, and the Drivers. Secured-core Server assures more security for the Windows Server Operating System. The three main concepts behind Secured-core Server are Simplified Security, Advanced Protection and Preventative Defense. Windows Admin Center has advanced features to monitor and control the security of your Windows 2022 Servers.
Simplified Security : Microsoft Certified OEM hardware manufacturers for Secured-core server assure that the Server Hardware, Server Firmware, and the Drivers are well up to the security requirement levels of Windows Server 2022.
- Trusted Platform Module 2.0 (TPM 2.0) : TPM 2.0 is a microchip that is often built into the computer’s mother-board to provide hardware-based security. TPM 2.0 stores sensitive information for your Windows Server 2022, such as cryptographic keys and other related sensitive data).
- Protected Firmware : Firmware is a microcode which constitutes a persistent memory and microcode stored in it. Firmware can be considered as a middle-man between Operating System and the hardware. Firmware makes the hardware inside the computer do its job exactly as the way the hardware was made for. Firmware has somewhat higher-level of privilege than other software. Also, the anti-virus software has limited access to firmware memory location. There are lot of attacks targeted at firmware. Dynamic Root of Trust for Measurement (DRTM) technology and Direct Memory Access (DMA) provided firmware protection.
- Preventative defense : Technologies like Hypervisor Enforced Code Integrity (HVCI), Boot DMA (Direct Memory Access) Protection, System Guard, Secure Boot, Virtualization-based Security (VBS), TPM 2.0 etc., provides proper defense to your server from today’s most vicious attacks against your server.
HTTPS (HTTP over SSL) and TLS 1.3 enabled by default on Windows Server 2022
Secure DNS provides much more security by encrypting DNS Queries using DNS-over-HTTPS
AES-256 encryption for SMB (Server Message Block)
SMB (Server Message Block) is a protocol developed by Microsoft to share files and printers over network. SMB Servers provided File System and Printer Services over network and SMB Client access those services. Windows Server 2022 provides advanced AES-256-GCM and AES-256-CCM encryption for SMB traffic.
SMB Direct with Remote Direct Memory Access (RDMA)
Windows Server 2022 supports SMB Direct with Remote Direct Memory Access (RDMA). These features can perform at high-speed with increased throughput, low latency, without consuming much CPU resources.
UDP with QUIC (Quick UDP Internet Connections)
UDP (User Datagram Protocol) together with QUIC (Quick UDP Internet Connections) elevates the performance of UDP to next level.
SMB over QUIC (Quick UDP Internet Connections)
SMB over QUIC is an alternative to TCP transport, providing secure, reliable connectivity to edge file servers.
Windows Admin Center
Windows Admin Center in Windows Server 2022 can report on Secured-core server features.
Nested virtualization allows you to run Hyper-V inside another Hyper-V virtual machine (VM).
Written by Jajish Thomas.
Last updated on 27th January, 2022.