When configuring your server, your choice of operating system is a big deal – it needs to work with the apps your projects use. If you’re an old hand at developing, chances are you already have a go-to OS when it comes to Windows vs Linux. But even if you know Windows is your OS of choice, the next big question is, which version do you use?

Unless you’ve been on a remote island somewhere, it’s safe to assume that if you’ve heard about (and even read about) the all-new Windows Server 2022 release. It builds on Windows Server 2019, bringing more features to the table.

These updates focus on things like advanced security, secure connectivity and application platform. Let’s take a look…

Improved security

Microsoft has always taken security seriously when it comes to their operating systems. They’ve consistently put it front and centre of their releases and, with cyber attacks increasing from 2020 - 2021, it’s not hard to see why.

With secured-core server as the main concept, Windows Server 2022 is no different, stuffed with 3 major security enhancements:

  • Firmware protection
  • Hardware root-of-trust
  • Virtualisation-based security

Secured-core server adds an extra layer of protection by combining operating system software defences with the hardware protection in the server. It’s built for simplified security, advanced protection and preventative defence.

Firmware protection

Firmware executes with high privileges so it’s pretty standard for it to be invisible to antivirus software. With this, it’s no surprise that firmware-based attacks are on the rise. But, secured-core server is here to save the day! It uses Dynamic Root of Trust for Measurement technology to support the measurement and verification of boot processes as well as Direct Memory Access (DMA) protection for the isolation of driver access to memory.

Hardware root-of-trust

If you use features like BitLocker driver encryption then you’ll be happy to hear that with Windows Server 2022, the protection it provides gets an extra boost. This is all possible thanks to Trusted Platform Module 2.0 (TPM 2.0) secure crypto-processor chips. These provide a secure, hardware-based store for sensitive info like cryptographic keys and data. TPM 2.0 verifies that your server only runs known and trusted code, protecting it from rootkits and bootkits.

Virtualisation-based security

With support for virtualisation-based security (VBS), there’s extra protection against a whole class of vulnerabilities used in cryptocurrency mining attacks. It uses hardware virtualisation to create an isolated region of memory, separate from the operating system. That way, in the event of a cyberattack, it won’t spread to the whole system, avoiding your entire server being compromised.

Secure connectivity

Data transfer is part of day-to-day server life and it goes without saying that it needs to be done securely. The good news is that one of the dramatic improvements that have come along with Windows Server 2022 is secure connectivity, incorporating several network security features.

HTTPS with TLS 1.3 by default

The latest version of the internet’s most deployed protocol, TLS 1.3 uses encryption to create a secure communication channel. And now it’s enabled by default on Windows Server 2022, along with HTTPS! This keeps web-based communications protected from MITM attacks and keeps data safe from prying eyes while in transit.

Server Message Block improvements

An old friend to anyone who’s familiar with Windows Server, Server Message Block sees some of its biggest improvements with Windows Server 2022. It now has support for both AES-256-GCM and AES-256-CCM encryption.

And a new feature that’s got us excited is SMB over QUIC. An update of the SMB 3.1.1 protocol, SMB over QUIC introduces an alternative to the TCP network. This new feature offers a way for remote workers, mobile users and high-security organisations to securely access file servers without the need for a VPN. Using UDP (Use Datagram Protocol) makes sure that traffic always remains encrypted.

Application platform

Windows Server 2022 is also packed with some platform improvements for Windows Containers, including enhanced support for using Windows containers with Kubernetes. This experience is also simplified with new support for host-process containers for node configuration and IPv6.

Plus, reducing the Windows Container image size by up to 40% brings another major upgrade in performance – happy days!

Network performance

With UDP Segmentation Offload (USO), most of the work required to send UDP packets are moved from the CPU to the network adapter’s specialised hardware. Plus UDP sees a boost in performance with the QUIC protocol built on top, bringing it up to a level that’s pretty much even with TCP. And speaking of TCP, that also gets an upgrade using TCP HyStart++ to reduce packet loss during connections and RACK to reduce Retransmit TimeOuts.

That’s not all…

Nested virtualisation for AMD processors

Windows Server 2022 brings with it support for nested virtualisation using AMD processors. It means that you can run Hyper-V inside of a Hyper-V VM so there’s more flexibility for your environment.

Improvements to Hyper-V virtual switches

The hypervisor can merge packets and processes into one larger segment with updated Receive Segment Coalescing (RSC). Now CPU cycles are reduced and segments will stay integrated across the whole data path. That means more performance boosts for both network traffic via NIC from an external host and traffic between virtual NICs on the same host.

We’ve covered some of the main features of Windows Server 2022 but we've barely scratched the surface. There’s so much more that this release offers and luckily Microsoft have outlined everything there is to know in their Windows Server 2022 overview.

Looking for more server talk? We have a load of articles in the Server section of our blog! From Windows Server 2019 to building highly-available web applications on our cloud platform, there’s plenty to get stuck into.