Introduction
Windows Server 2022 is built on the strong foundation of Windows Server 2019 and brings many innovations on three key themes:security,Azure hybrid integration and management,and application platform.
Features
Security
- The new security capabilities in Windows Server 2022
combine other security capabilities in Windows Server across multiple
areas to provide defense-in-depth protection against advanced threats.
Advanced multi-layer security in Windows Server 2022 provides the
comprehensive protection that servers need today.
Secured-core server
- Certified Secured-core server hardware from an OEM
partner provides additional security protections that are useful
against sophisticated attacks. This can provide increased assurance
when handling mission critical data in some of the most data sensitive
industries. A Secured-core server uses hardware,firmware,and driver
capabilities to enable advanced Windows Server security features. Many
of these features are available in Windows Secured-core PCs and are now
also available with Secured-core server hardware and Windows Server
2022.
Hardware root-of-trust
- Trusted Platform Module 2.0 (TPM 2.0) secure
crypto-processor chips provide a secure,hardware-based store for
sensitive cryptographic keys and data,including systems integrity
measurements. TPM 2.0 can verify that the server has been started with
legitimate code and can be trusted by subsequent code execution. This
is known as a hardware root-of-trust and is used by features such as
BitLocker drive encryption.
Firmware protection
- Firmware executes with high privileges and is often
invisible to traditional anti-virus solutions,which has lead to a rise
in the number of firmware-based attacks. Secured-core server processors
support measurement and verification of boot processes with Dynamic
Root of Trust for Measurement (DRTM) technology and isolation of driver
access to memory with Direct Memory Access (DMA) protection.
Virtualization-based security (VBS)
- Secured-core servers support virtualization-based
security (VBS) and hypervisor-based code integrity (HVCI). VBS uses
hardware virtualization features to create and isolate a secure region
of memory from the normal operating system,protecting against an entire
class of vulnerabilities used in cryptocurrency mining attacks. VBS
also allows for the use of Credential Guard,where user credentials and
secrets are stored in a virtual container that the operating system
cannot access directly. HVCI uses VBS to significantly strengthen code
integrity policy enforcement,including kernel mode integrity which
checks all kernel mode drivers and binaries in a virtualized
environment before they are started,preventing unsigned drivers or
system files from being loaded into system memory.
Secure connectivity
- Secure connections are at the heart of today's
interconnected systems. Transport Layer Security (TLS) 1.3 is the
latest version of the internet's most deployed security protocol,which
encrypts data to provide a secure communication channel between two
endpoints. HTTPS and TLS 1.3 are now enabled by default on Windows
Server 2022,protecting the data of clients connecting to the server. It
eliminates obsolete cryptographic algorithms,enhances security over
older versions,and aims to encrypt as much of the handshake as
possible. Learn more about supported TLS versions and about supported
cipher suites.
Secure DNS:Encrypted DNS name
resolution requests
with DNS-over-HTTPS
- DNS Client in Windows Server 2022 now supports
DNS-over-HTTPS (DoH) which encrypts DNS queries using the HTTPS
protocol. This helps keep your traffic as private as possible by
preventing eavesdropping and your DNS data being manipulated. Learn
more about configuring the DNS client to use DoH.
Server Message Block (SMB):SMB AES-256
encryption
for the most security conscious
- Windows Server now supports AES-256-GCM and
AES-256-CCM cryptographic suites for SMB encryption. Windows will
automatically negotiate this more advanced cipher method when
connecting to another computer that also supports it,and it can also be
mandated through Group Policy. Windows Server still supports AES-128
for down-level compatibility. AES-128-GMAC signing now also accelerates
signing perfomance.
SMB:East-West SMB encryption controls
for internal
cluster communications
- Windows Server failover clusters now support
granular control of encrypting and signing intra-node storage
communications for Cluster Shared Volumes (CSV) and the storage bus
layer (SBL). This means that when using Storage Spaces Direct,you can
decide to encrypt or sign east-west communications within the cluster
itself for higher security.
SMB Direct and RDMA encryption
- SMB Direct and RDMA supply high bandwidth,low
latency networking fabric for workloads like Storage Spaces
Direct,Storage Replica,Hyper-V,Scale-out File Server,and SQL Server.
SMB Direct in Windows Server 2022 now supports encryption.
Previously,enabling SMB encryption disabled direct data placement;this
was intentional,but seriously impacted performance. Now data is
encrypted data before placement,leading to far less performance
degradation while adding AES-128 and AES-256 protected packet privacy.
SMB over QUIC
- SMB over QUIC updates the SMB 3.1.1 protocol in
Windows Server 2022 Datacenter:Azure Edition and supported Windows
clients to use the QUIC protocol instead of TCP. By using SMB over QUIC
along with TLS 1.3,users and applications can securely and reliably
access data from edge file servers running in Azure. Mobile and
telecommuter users no longer need a VPN to access their file servers
over SMB when on Windows. More information can be found at the SMB over
QUIC documentation.
Azure hybrid capabilities
- You can increase your efficiency and agility with
built-in hybrid capabilities in Windows Server 2022 that allow you to
extend your data centers to Azure more easily than ever before.
Azure Arc enabled Windows Servers
- Azure Arc enabled servers with Windows Server 2022
brings on-premises and multi-cloud Windows Servers to Azure with Azure
Arc. This management experience is designed to be consistent with how
you manage native Azure virtual machines. When a hybrid machine is
connected to Azure,it becomes a connected machine and is treated as a
resource in Azure. More information can be found at the Azure Arc
enables servers documentation.
Windows Admin Center
- Improvements to Windows Admin Center to manage
Windows Server 2022 include capabilities to both report on the current
state of the Secured-core features mentioned above,and where
applicable,allow customers to enable the features. More information on
these and many more improvements to Windows Admin Center can be found
at the Windows Admin Center documentation.
Azure Automanage - Hotpatch
- Hotpatch,part of Azure Automanage,is supported in
Windows Server 2022 Datacenter:Azure Edition. Hotpatching is a new way
to install updates on new Windows Server Azure Edition virtual machines
(VMs) that doesn't require a reboot after installation. More
information can be found at the Azure Automanage documentation.
Details
Product Description |
Microsoft Windows Server 2022 - licence - 4 additional cores |
Operating System |
Microsoft Windows Server 2022 Standard |
Product Type |
Licence |
Licence Type |
4 additional cores |
Licence Pricing |
OEM |
Language |
Czech,Brazilian
Portuguese,English,German,French,Italian,Portuguese,Polish,Swedish,Russian,Spanish,Dutch,Japanese,Korean |
Localisation |
Worldwide |