Windows Server 2022 Is Coming! - Virtualization Review

This blog post from August 2020 and this one from September 2020 are more sources for what's coming. A Strong Focus on Security The big theme of ... AdvancedSearch HomePapersWebcastsNewslettersAdvertiseSummitsMoreNewsHow-ToDan'sTakeVMworld2013VirtualInsiderEverydayVirtPaulonHyper-VHowToGuyCloudReportAdminAppsBackupDesktopServerStorageWhitePapersWebcastsAdvertiseContactUsSiteMap TopicsvSphereHyper-VSDN/SD-WANServerCloudContainersDesktopAdminStorageBackupHow-To News WindowsServer2022IsComing! ThebigthemeofWindowsServer2022issecurity--primarilybringingtheconceptofSecureCorefromWindowsclienttotheserverworldwithSecureCoreServers. ByPaulSchnackenburg04/06/2021 ThenextversionofWindowsServerwillbeknownas2022andit'sinpublicpreviewsinceIgniteinMarch2021.TheLong-TermServicingChannel(LTSC=fiveyearsmainstream+fiveyearsextendedsupport)releaseisplannedforlaterin2021. Therewasatimewhenthiswouldhavebeenhugenews,with(nearly)everyITshopontheplanetlookingfornewfeaturesthatweregoingtomaketheirlifeeasierandplanninghowtoconvincebossestoapprovetheupgrade.That'snotreallythecaseanymore. Thepreviewnewshadasingle30-minutepresentationdevotedtoit,andhalfthatpresentationcoveredupdatestoAzureandWindowsAdminCenter,tangentiallyconnectedtoWindowsServer. Thisisn'ttosaythattherearen'tsomeinterestingthingscomingthatwillprobablymakeyourlifeeasier,butitsendsaclearmessage--WindowsServerisn'tapriorityatMicrosoftlikeitwassomeyearsago.Wehavetwosourcesforwhatnewfeatureswecanexpect--thepresentationatIgnite,aswellastheSemi-AnnualChannel(SAC)releasesofWindowsServer.IfyouhaveSoftwareAssuranceforyourWindowsServerlicensesandyouwanttousethelatestfromtheserverteam--thereareactuallytworeleaseseachyearofWindowsServerwithnewfeatures,aslongasyoudon'tmindusingServerCoreonlyandupgradeatleastevery18months.ThisblogpostfromAugust2020andthisonefromSeptember2020aremoresourcesforwhat'scoming. AStrongFocusonSecurity ThebigthemeofWindowsServer2022issecurity--primarilybringingtheconceptofSecureCorefromWindowsclienttotheserverworldwithSecureCoreServers.ThisisatypeofPCthatyoucanbuyfromMicrosoft,Lenovo,Dell,Panasonic,HPandothersthathasaTrustedPlatformModule(TPM)2.0chip,BitlockerturnedonandVirtualizationBasedSecurity(VBS)toprotectcredentialswhilethesystemisrunning.Insteadofenablingthese(andother)securityfeaturesaftertakingdelivery,it'sallturnedonoutofthebox. Onserversthiswillprotectagainstbootkitsandrootkits,malwaredesignedtocompromisethesystembeforeitstarts,thusbypassinganydefensesrunningintheOS.TocarrythelabelSecureCoreServertheOEMmustprovidesecurefirmwareanddriversandenablethesefeaturesbydefault. Tobeabletoauditthisacrossafleetofservers,there'sanewextensionforWindowsAdminCenterthatlistswhichofthesixrequirementsaservermeets.Here'saone-year-oldDellHyper-Vhostwithquiteafewmissing. [Clickonimageforlargerview.]WindowsAdminCenterSecureCoreFeatures(source:Microsoft). There'sbeensomeinterestingworkinthesecuritycommunityoverthelastfewyears,demonstratingissueswiththeTPMplatform,asthey'reaseparatecomponentonthemotherboardandthetrafficbetweenitandtherestofthesystemcanbemanipulated.ThisnewSecureCoreServerplatformlaysthefoundationfortheforthcomingPlutonsecurityprocessor,builtontechnologiesfirstincorporatedintoXboxOne.PlutonwillbedifferentthanTPMasitwillbepartoftheCPUitself,allthreemainvendors,Qualcomm,IntelandAMDareon-boardwithPluton. EachofthesixareasshownaboveprotectsdifferentpartsofthebootprocessandtheOSsolet'slookatthemindetail.TPMstoresBitlockerkeysandothersecretsandkeymaterialwhileSecureBootverifiessignaturesonbootsoftware(UEFIfirmware,EFIapplicationsandtheOSitself)toensurethattheyhaven'tbeensubvertedbyarootkit. Virtualization-basedSecurity(VBS)useshardwarevirtualization(basedonHyper-Vtechnologybutdon'tthinkofthisasaseparateVM,justanisolatedpartofthememoryspaceintheOS)tostopcredentialattackslikePass-the-HashthroughMimikatz.OntopofVBSisHypervisor-EnforcedCodeIntegrity(HVCI)whichprotectsmodificationoftheControlFlowGuard(CFG)bitmap,providesavalidcertificateforCredentialGuardandchecksthatdevicedrivershaveanEVcertificate.ControlFlowGuardletsWindowsprotectitselfagainstmaliciousapplicationsthatcorruptmemoryoflegitimateapplications. SystemGuardsitsontopofthesefeaturesandprovidesthefollowingsecurityguaranteesforWindows:protectstheintegrityofthesystemasitstartsupandvalidatethisthroughlocalandremoteattestationusingStaticRootofTrustforMeasurement(SRTM),DynamicRootofTrustforMeasurement(DRTM)andSystemManagementMode(SMM)protection(seemore). BootDirectMemoryAccess(DMA)protectionispartofKernelDMAProtectionwhichprotectsBitlockerkeysandothersecretsstoredinmemorywhiletheOSisrunning.TheclassicattackhereistoplugadrivewithmalwareintoaportthatoffersDMAonarunningPCandreadBitlockerkeysfrommemory.DMAoffersfasttransferofdata,essentiallydirectlyintomemory(asitsaysonthetin)butalsocomeswiththisrisk--BootDMAmitigatesit.Theseimprovementsaren'tjustforWindows,MicrosoftwantstobringtheimprovedbootsecuritytoLinuxaswell,justasthey'redoinginAzure. ApartfromtheSecureCoreServerfeatures,WindowsServer2022willcomewiththenewestversionofTransportLayerSecurity(TLS),1.3enabledbydefaultandoffersAES256-bitencryptionforSMBtraffic. WindowsServer2022willalsomakeitpossibletogivecontainersanidentityinActiveDirectoryusinggroupManagedServiceAccounts(gMSAs)whichyoucanonlydotodaybydomainjoiningthehost--thiswon'tberequiredin2022. [Clickonimageforlargerview.]WindowsServer2022previewbuild20317.1--itlookslikeWindowsServer2016/2019(source:Microsoft). NetworkingImprovements ThereisonefeaturecomingthatIthinkanyITProdealingwithon-premisesdeploymentsandaccesswillloveandthat'sMsQuic.ThisimplementstheQUICprotocolandMicrosofthasopensourcedtheirflavor. «previous 1 2 next» Recommended:SolvingVMwareBackupChallengeswiththeCloud Featured DetectingAnomalousSpendingonYourAWSAccount TipsforManagingVDI,Part6:InfrastructureOptions WorkingWithAWSSimpleNotificationService,Part1:Basics&Setup Most Popular MostPopularArticles MostEmailedArticles ITCertificationsinaCloudyWorld Accenture's'MetaverseContinuum,'TechTrendsandDigitallyEnhancedFuture 'GreatResignation'DepletesAlreadyHard-to-FindCybersecurityTalent NewCloudCybersecurityWorry:'AlertFatigue' WhatCloud-NativeSkillsAreMostinDemandin2022? VirtualizationReview Signupforournewsletter. EmailAddress*Country* UnitedStatesofAmerica Afghanistan ÅlandIslands Albania Algeria AmericanSamoa Andorra Angola Anguilla Antarctica AntiguaandBarbuda Argentina Armenia Aruba Australia Azerbaijan Austria Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia,PlurinationalStateof Bonaire,SintEustatiusandSaba BosniaandHerzegovina Botswana BouvetIsland Brazil BritishIndianOceanTerritory BruneiDarussalam Bulgaria BurkinaFaso Burundi Cambodia Cameroon Canada CapeVerde(CaboVerde) CaymanIslands Curaçao CentralAfricanRepublic Chad Chile China ChristmasIsland Cocos(Keeling)Islands Colombia Comoros Congo Congo,theDemocraticRepublicofthe CookIslands CostaRica Côted'Ivoire Croatia Cuba Cyprus CzechRepublic Denmark Djibouti Dominica DominicanRepublic Ecuador Egypt ElSalvador EquatorialGuinea Eritrea Estonia Ethiopia FalklandIslands(Malvinas) FaroeIslands Fiji Finland France FrenchGuiana FrenchPolynesia FrenchSouthernTerritories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti HeardIslandandMcDonaldIslands HolySee(VaticanCityState) Honduras HongKong Hungary Iceland India Indonesia Iran,IslamicRepublicof Iraq Ireland IsleofMan Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea,DemocraticPeople'sRepublicof Korea,Republicof Kuwait Kyrgyzstan LaoPeople'sDemocraticRepublic Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macao Macedonia,theformerYugoslavRepublicof Madagascar Malawi Malaysia Maldives Mali Malta MarshallIslands Martinique Mauritania Mauritius Mayotte Mexico Micronesia,FederatedStatesof Moldova,Republicof Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands NewCaledonia NewZealand Nicaragua Niger Nigeria Niue NorfolkIsland NorthernMarianaIslands Norway Pakistan Oman Palau PalestinianTerritory,Occupied Panama Paraguay PapuaNewGuinea Peru Philippines Pitcairn Poland Portugal PuertoRico Qatar Réunion Romania RussianFederation Rwanda SaintBarthélemy SaintHelena,AscensionandTristandaCunha SaintKittsandNevis SaintLucia SaintMartin(Frenchpart) SaintPierreandMiquelon SaintVincentandtheGrenadines Samoa SanMarino SaoTomeandPrincipe SaudiArabia Senegal Serbia Seychelles SierraLeone Singapore SintMaarten(Dutchpart) Slovakia Slovenia SolomonIslands Somalia SouthAfrica SouthGeorgiaandtheSouthSandwichIslands SouthSudan Spain SriLanka Sudan Suriname SvalbardandJanMayen Eswatini(Swaziland) Sweden Switzerland SyrianArabRepublic Taiwan,ProvinceofChina Tajikistan Tanzania,UnitedRepublicof Thailand Timor-Leste Togo Tokelau Tonga TrinidadandTobago Tunisia Turkey Turkmenistan TurksandCaicosIslands Tuvalu Uganda Ukraine UnitedArabEmirates UnitedKingdom UnitedStatesMinorOutlyingIslands Uruguay Uzbekistan Vanuatu VietNam Venezuela,BolivarianRepublicof VirginIslands,British VirginIslands,U.S. WallisandFutuna WesternSahara Yemen Zambia Zimbabwe Iagreetothissite'sPrivacyPolicy Pleasetypetheletters/numbersyouseeabove. FreeWhitePapers StorageasaService(STaaS)IsYourSkeletonKey Pay-As-You-GoOn-PremisesITModels TheCloudNativeDataCenterastheFutureofModernInfrastructure FromVirtualizationtoContainerization-AGuideforVMwareAdminsandOtherSmartPeople MostPopularArticles MostEmailedArticles ITCertificationsinaCloudyWorld Accenture's'MetaverseContinuum,'TechTrendsandDigitallyEnhancedFuture 'GreatResignation'DepletesAlreadyHard-to-FindCybersecurityTalent NewCloudCybersecurityWorry:'AlertFatigue' WhatCloud-NativeSkillsAreMostinDemandin2022? SponsoredWebcasts HybridClouds/Multi-Cloudsin2022andBeyondSummit Multi-CloudBestPracticesHeadinginto2022 CloudDataProtection101Summit ApplicationSecurityandDevOpsforEnterprisesSummit