Best New Features in Windows Server 2022

Windows Server 2022 was released this summer, ready to handle production workloads with a range of new features. What’s hot in the latest Windows Server release? Let’s explore.

New Network Protocols

It’s no surprise that Microsoft’s primary focus in Windows Server is performance. Most users employ Windows Server to store critical business applications and services that directly support employees or customers. In both cases, time is money, and the platform on which your critical systems run needs to be both stable and efficient.

Microsoft has introduced notable networking improvements for Windows Server 2022. To begin with, the Quick UDP Internet Connections (QUIC) protocol, developed by Google, has been added. It enhances UDP connections in various ways, including encryption, latency reduction, connection reuse, version control, and extensions. UDP is also favored in the form of UDP Segment Offload (USO) and UDP Receive Side Scaling (UDP RSC), each handling various tasks to offload UDP packets from the CPU to the network adapter that supports these protocols.

Server Message Block (SMB) over QUIC holds potential benefits for corporate networks. Its most attractive feature might be its role as a secure file access method. SMB over QUIC establishes a tunnel encrypted by TLS 1.3 using port 443 (HTTPS) instead of port 445 (SMB). All SMB access traffic is contained within the tunnel, meaning no access traffic enters the network. Thanks to these capabilities, SMB over QUIC is a secure choice for mobile users or organizations with high-security requirements.

TCP connections are not left behind in Windows Server 2022. The HyStart++ specification helps reduce packet loss during connection startup, especially in high-speed networks, while RACK detects retries and helps reduce Retransmission TimeOut (RTO). Both features are enabled by default in Windows Server 2022.

Storage Security and Performance

Many storage improvements in Windows Server focus on security without compromising performance. These include AES-256 encryption for SMB and encryption for network-based storage performance using SMB Direct and RDMA. These allow encrypted traffic for performance-demanding workloads such as Storage Spaces Direct, Hyper-V, and Scale-Out File Server, along with other workloads. Windows Server 2022’s Data Center version even supports SMB over QUIC, bringing three factors of security, reliability, and performance.

SMB Compression is an additional enhancement. It allows users, administrators, or applications to request compression of files transmitted over the network, eliminating the need to manually create Zip files before transmission. While compressing and decompressing files will have a minor impact on CPU performance on both ends, it’s worthwhile, especially on networks with limited bandwidth, such as Wi-Fi or even 1Gbps Ethernet.

Microsoft Server 2022 includes performance improvements for storage, especially for Storage Spaces Direct. Introduced in Windows Server 2016, it provides flexibility in building high-performance network-based storage, high availability. One of its key features is synchronous replication, allowing for fault tolerance and performance optimization. However, until Windows Server 2022, this synchronization was based on internally calculated priorities. Windows Server 2022 brings the ability to manage storage repair speed settings, with five levels allowing you to choose between prioritizing synchronization or using workload-based optimization.

Storage Spaces Buffer Cache feature allows linking fast storage media like NVMe or SSD drives with slower storage like HDD, significantly improving both read and write performance while still managing costs effectively. Previously, Windows Server 2022’s Storage Spaces Buffer Cache was limited to domain-joined servers, but now standalone servers can leverage these features. The Buffer Cache supports both read and write caching for systems that do not require fault tolerance or act as read cache for systems requiring even parity.

Transitioning applications and other resources from old systems to new platforms has never been a small feat. Virtualization and containers certainly help alleviate some challenges, but they only go so far. The Storage Migration Service facilitates the smooth transition of critical applications and services from on-premises to Azure or Windows Server reasonably. With Windows Server 2022, the supported capabilities and additional resources include local users and groups, migration from (and to) failover clusters, and even from Samba shares on Linux.

Hybrid Cloud

Microsoft is heavily investing in its Azure cloud services, and a significant part of this is aimed at enticing customers unfamiliar with the cloud with compelling use cases. Two examples of this are Azure Arc and Windows Server Management Center. While both are not directly linked to the Windows Server version, they both provide management capabilities for the new features of Windows Server 2022. For example, Windows Server Management Center version 2110 provides a new security tool allowing you to take advantage of new security features and virtualization-based security.

Azure Automanage is a new comprehensive management tool primarily geared toward VMs running on Azure. Still, as it includes Azure Stack Hyperconverged Infrastructure (HCI) and Azure Arc-enabled servers, it’s a sensible choice for on-premises use. Azure Automanage applies best practices for configuring your server during deployment, including server monitoring, log analytics, anti-malware, update management, and change tracking. Azure Automanage can even be utilized to install Windows Server Management Center, although currently, it does not support Azure Arc-enabled servers.

Azure Automanage handles system updates through Hotpatch, a new method for updating Azure Edition Windows Server virtual machines while minimizing downtime. Hotpatch operates using three separate update types, each with its own cadence: Planned Base, Unplanned Base, and Hotpatch Updates. Planned Base releases are issued regularly (initially every three months) and will include all updates found in the latest Windows Update Cumulative Update. Unplanned Base releases will only be issued when necessary, such as when a critical zero-day vulnerability update is released. Both base release types will include updates from the latest Cumulative Update and will require a reboot. Hotpatch releases are provided more frequently and only include updates that do not require a reboot. True to Microsoft’s naming convention, the term hotpatch is used for the entire system taking advantage of all three update types, as well as for specific updates that do not require a reboot.

Best New Features in Windows Server 2022

Containers and Virtualization

Virtualization and container-based applications are focal points of Windows Server 2022, including features geared towards seamless integration with Azure.

One of these is the HostProcess container type for Kubernetes, a type new to Windows Server 2022 but will also be backported to Windows Server 2019. HostProcess containers run directly at the server level within the same network namespace as the server, with similar access rights to the operating system as processes running directly on the server. Due to the level of access HostProcess containers have to the operating system, they can be used for management tasks and DevOps scripting, leveraging both access rights and development and deployment tools provided by containers.

A new feature in Windows Server 2022 is nested virtualization support on AMD processors. Previously, nested virtualization—running Hyper-V within Hyper-V guests—was limited to Intel processors. Nested virtualization can be used for various scenarios, including packaging and distributing multi-server systems for tasks such as development or training, or starting virtual machines from backups in isolated environments.

Group Managed Service Account (gMSA) is not a new concept. In Active Directory, gMSA provides a security mechanism for applications, even those distributed across multiple nodes, to access network resources without requiring manual account management, such as changing passwords; instead, Active Directory manages the account. The new aspect of gMSA in Windows Server 2022 is that gMSA can be leveraged on servers not joined to the Active Directory domain. This is achieved by creating an account in Azure AD, providing the benefits of gMSA by allowing containerized applications to access resources through the Azure AD account. Additionally, there are additional benefits: Eliminating the requirement for Worker nodes to join the domain paves the way for scalability, and a secret store can be leveraged to manage and share authentication information between multiple containerized servers.