When configuring your server, your choice of the operating system is a big deal – it needs to work with the apps your projects use. If you’re an old hand at developing, chances are you already have a go-to OS when it comes to Windows vs Linux. But even if you know Windows is your OS of choice, the next big question is, which version do you use?
Unless you’ve been on a remote island somewhere, it’s safe to assume that if you’ve heard about (and even read about) the all-new Windows Server 2022 release. It builds on Windows Server 2019, bringing more features to the table.
These updates focus on things like advanced security, secure connectivity, and application platform. Let’s take a look…
Microsoft has always taken security seriously when it comes to its operating systems. They’ve consistently put it front and center of their releases and, with cyberattacks increasing from 2020 – to 2021, it’s not hard to see why.
With a secured-core server as the main concept, Windows Server 2022 is no different, stuffed with 3 major security enhancements:
- Firmware protection
- Hardware root-of-trust
- Virtualization-based security
Firmware executes with high privileges so it’s pretty standard for it to be invisible to antivirus software. With this, it’s no surprise that firmware-based attacks are on the rise. But, the secured-core server is here to save the day! It uses Dynamic Root of Trust for Measurement technology to support the measurement and verification of boot processes as well as Direct Memory Access (DMA) protection for the isolation of driver access to memory.
If you use features like BitLocker driver encryption then you’ll be happy to hear that with Windows Server 2022, the protection it provides gets an extra boost. This is all possible thanks to Trusted Platform Module 2.0 (TPM 2.0) secure crypto-processor chips. These provide a secure, hardware-based store for sensitive info like cryptographic keys and data. TPM 2.0 verifies that your server only runs known and trusted code, protecting it from rootkits and boot kits.
With support for virtualization-based security (VBS), there’s extra protection against a whole class of vulnerabilities used in cryptocurrency mining attacks. It uses hardware virtualization to create an isolated region of memory, separate from the operating system. That way, in the event of a cyberattack, it won’t spread to the whole system, avoiding your entire server being compromised.
Data transfer is part of day-to-day server life and it goes without saying that it needs to be done securely. The good news is that one of the dramatic improvements that have come along with Windows Server 2022 is secure connectivity, incorporating several network security features.
HTTPS with TLS 1.3 by default
The latest version of the internet’s most deployed protocol, TLS 1.3 uses encryption to create a secure communication channel. And now it’s enabled by default on Windows Server 2022, along with HTTPS! This keeps web-based communications protected from MITM attacks and keeps data safe from prying eyes while in transit.
Server Message Block improvements
An old friend to anyone who’s familiar with Windows Server, Server Message Block sees some of its biggest improvements with Windows Server 2022. It now has support for both AES-256-GCM and AES-256-CCM encryption.
And a new feature that’s got us excited is SMB over QUIC. An update of the SMB 3.1.1 protocol, SMB over QUIC introduces an alternative to the TCP network. This new feature offers a way for remote workers, mobile users, and high-security organizations to securely access file servers without the need for a VPN. Using UDP (Use Datagram Protocol) makes sure that traffic always remains encrypted.
Windows Server 2022 is also packed with some platform improvements for Windows Containers, including enhanced support for using Windows containers with Kubernetes. This experience is also simplified with new support for host-process containers for node configuration and IPv6.
Plus, reducing the Windows Container image size by up to 40% brings another major upgrade in performance – happy days!
With UDP Segmentation Offload (USO), most of the work required to send UDP packets is moved from the CPU to the network adapter’s specialized hardware. Plus UDP sees a boost in performance with the QUIC protocol built on top, bringing it up to a level that’s pretty much even with TCP. And speaking of TCP, that also gets an upgrade using TCP HyStart++ to reduce packet loss during connections and RACK to reduce Retransmit TimeOuts.