Introduction
Windows Server 2022 is built on the strong foundation of Windows Server 2019 and brings many innovations on three key themes:security,Azure hybrid integration and management,and application platform.
Features
Security
- The new security capabilities in Windows Server 2022 combine
other security capabilities in Windows Server across multiple areas to
provide defense-in-depth protection against advanced threats. Advanced
multi-layer security in Windows Server 2022 provides the comprehensive
protection that servers need today.
Secured-core server
- Certified Secured-core server hardware from an OEM partner
provides additional security protections that are useful against
sophisticated attacks. This can provide increased assurance when
handling mission critical data in some of the most data sensitive
industries. A Secured-core server uses hardware,firmware,and driver
capabilities to enable advanced Windows Server security features. Many
of these features are available in Windows Secured-core PCs and are now
also available with Secured-core server hardware and Windows Server
2022.
Hardware root-of-trust
- Trusted Platform Module 2.0 (TPM 2.0) secure crypto-processor
chips provide a secure,hardware-based store for sensitive cryptographic
keys and data,including systems integrity measurements. TPM 2.0 can
verify that the server has been started with legitimate code and can be
trusted by subsequent code execution. This is known as a hardware
root-of-trust and is used by features such as BitLocker drive
encryption.
Firmware protection
- Firmware executes with high privileges and is often invisible to
traditional anti-virus solutions,which has lead to a rise in the number
of firmware-based attacks. Secured-core server processors support
measurement and verification of boot processes with Dynamic Root of
Trust for Measurement (DRTM) technology and isolation of driver access
to memory with Direct Memory Access (DMA) protection.
Virtualization-based security (VBS)
- Secured-core servers support virtualization-based security (VBS)
and hypervisor-based code integrity (HVCI). VBS uses hardware
virtualization features to create and isolate a secure region of memory
from the normal operating system,protecting against an entire class of
vulnerabilities used in cryptocurrency mining attacks. VBS also allows
for the use of Credential Guard,where user credentials and secrets are
stored in a virtual container that the operating system cannot access
directly. HVCI uses VBS to significantly strengthen code integrity
policy enforcement,including kernel mode integrity which checks all
kernel mode drivers and binaries in a virtualized environment before
they are started,preventing unsigned drivers or system files from being
loaded into system memory.
Secure connectivity
- Secure connections are at the heart of today's interconnected
systems. Transport Layer Security (TLS) 1.3 is the latest version of
the internet's most deployed security protocol,which encrypts data to
provide a secure communication channel between two endpoints. HTTPS and
TLS 1.3 are now enabled by default on Windows Server 2022,protecting
the data of clients connecting to the server. It eliminates obsolete
cryptographic algorithms,enhances security over older versions,and aims
to encrypt as much of the handshake as possible. Learn more about
supported TLS versions and about supported cipher suites.
Secure DNS:Encrypted DNS name resolution requests with DNS-over-HTTPS
- DNS Client in Windows Server 2022 now supports DNS-over-HTTPS
(DoH) which encrypts DNS queries using the HTTPS protocol. This helps
keep your traffic as private as possible by preventing eavesdropping
and your DNS data being manipulated. Learn more about configuring the
DNS client to use DoH.
Server Message Block (SMB):SMB AES-256 encryption for the most
security conscious
- Windows Server now supports AES-256-GCM and AES-256-CCM
cryptographic suites for SMB encryption. Windows will automatically
negotiate this more advanced cipher method when connecting to another
computer that also supports it,and it can also be mandated through
Group Policy. Windows Server still supports AES-128 for down-level
compatibility. AES-128-GMAC signing now also accelerates signing
perfomance.
SMB:East-West SMB encryption controls for internal cluster
communications
- Windows Server failover clusters now support granular control of
encrypting and signing intra-node storage communications for Cluster
Shared Volumes (CSV) and the storage bus layer (SBL). This means that
when using Storage Spaces Direct,you can decide to encrypt or sign
east-west communications within the cluster itself for higher security.
SMB Direct and RDMA encryption
- SMB Direct and RDMA supply high bandwidth,low latency networking
fabric for workloads like Storage Spaces Direct,Storage
Replica,Hyper-V,Scale-out File Server,and SQL Server. SMB Direct in
Windows Server 2022 now supports encryption. Previously,enabling SMB
encryption disabled direct data placement;this was intentional,but
seriously impacted performance. Now data is encrypted data before
placement,leading to far less performance degradation while adding
AES-128 and AES-256 protected packet privacy.
SMB over QUIC
- SMB over QUIC updates the SMB 3.1.1 protocol in Windows Server
2022 Datacenter:Azure Edition and supported Windows clients to use the
QUIC protocol instead of TCP. By using SMB over QUIC along with TLS
1.3,users and applications can securely and reliably access data from
edge file servers running in Azure. Mobile and telecommuter users no
longer need a VPN to access their file servers over SMB when on
Windows. More information can be found at the SMB over QUIC
documentation.
Azure hybrid capabilities
- You can increase your efficiency and agility with built-in hybrid
capabilities in Windows Server 2022 that allow you to extend your data
centers to Azure more easily than ever before.
Azure Arc enabled Windows Servers
- Azure Arc enabled servers with Windows Server 2022 brings
on-premises and multi-cloud Windows Servers to Azure with Azure Arc.
This management experience is designed to be consistent with how you
manage native Azure virtual machines. When a hybrid machine is
connected to Azure,it becomes a connected machine and is treated as a
resource in Azure. More information can be found at the Azure Arc
enables servers documentation.
Windows Admin Center
- Improvements to Windows Admin Center to manage Windows Server
2022 include capabilities to both report on the current state of the
Secured-core features mentioned above,and where applicable,allow
customers to enable the features. More information on these and many
more improvements to Windows Admin Center can be found at the Windows
Admin Center documentation.
Azure Automanage - Hotpatch
- Hotpatch,part of Azure Automanage,is supported in Windows Server
2022 Datacenter:Azure Edition. Hotpatching is a new way to install
updates on new Windows Server Azure Edition virtual machines (VMs) that
doesn't require a reboot after installation. More information can be
found at the Azure Automanage documentation.
Details
| Product Description |
Microsoft Windows Server 2022 - add-on licence - 16 cores |
| Operating System |
Microsoft Windows Server 2022 Standard |
| Product Type |
Add-on licence |
| Licence Type |
16 cores |
| Language |
Czech,Brazilian
Portuguese,English,German,French,Italian,Portuguese,Polish,Swedish,Russian,Spanish,Dutch,Japanese,Korean |
| Localisation |
Worldwide |
