Windows Server 2022 as a basis for the future

The following new features were added with Windows Server 2022 implemented:

 

  • - Secured-core server: Advanced security features of certified hardware
  • - Hardware root-of-trust: [TPM] 2.0 cryptographic functions for BitLocker
  • - Firmware protection: Safeguards against firmware attacks
  • - Virtualization-based security (VBS): Storage of critical data in virtualized environments
  • - HTTPS with TLS 1.3 as standard
  • - Encrypted DNS over HTTPS
  • - SMB AES-256 encryption
  • - East-West SMB encryption: refinement of encryption for failover cluster techniques
  • - SMB Direct encryption extensions
  • - SMB over QUIC protocol
  • - SMB compression
  • - Azure Arc: Management of cloud services
  • - Enhanced Windows Admin Center
  • - Windows Container and Docker image shrinking
  • - New features in AMD processor virtualization
  • - Microsoft Edge preinstalled as default browser
  • - Increased UDP and TCP performance

Windows Server 2022: Important Changes and Features

Microsoft has given its operating system for servers a new version. As part of the Long-Term Servicing Channel (LTSC), an update has now been released after two years, which in some cases brings important changes. Microsoft did not reinvent the wheel and instead relied on further development of existing functions. After an initial hiccup, Windows Server 2022 is now fully operational. What new features does the system have?

 

What has changed? Windows Server 2022 and its features

There are a few pillars on which Microsoft is introducing the new server version: More options for working in a hybrid cloud, better support for Linux, more security with shielded virtual machines, innovations in the storage subsystem and the establishment of the Windows Admin Center. Around these important items revolve some smaller and some major changes.


Windows Admin Center & System Insights
Not brand new but an important part of Windows Server 2022: Windows Admin Center, a graphical console for managing the server. The software can be controlled via the browser, can be used remotely and gives admins the ability to control connected hardware. By connecting to Azure, the software also provides a good starting point for organizing a hybrid cloud solution. However, the Windows Admin Center is not a complete replacement for the Remote Server Administration Tool (RSAT). It still needs to be used in parallel.


The Windows Admin Center is not part of the default installation of Windows Server 2022, but it can be downloaded and added for free.


Hybrid Cloud & Azure

Microsoft is taking another step towards cloud technology with Windows Server 2019. There is a close connection to Azure, which is not limited to the interface with the Admin Center. The Azure Network connetion between the two systems, in a very short time and with litte configuration effort. Added features include Azure Backup, Azure Update Management and Azure Site Recovery. Other tools that work through the cloud are aimed directly at security.

 


Linux

Windows Server 2022 makes it easier to integrate Linux. It is possible to run Linux containers and Windows containers on the same host. The Microsoft Store also makes it easy to download Linux distributions for the subsystem for Linux. So also applications can run on the server, which are actually intended for Linux. This includes Bash, the free shell of Linux.

 


Container & Kubernetes

Kubernetes plays a more important role than before on Windows. Support for the orchestration system has been extended. Windows Server containers, Hyper-V containers, Docker containers and Linux containers can now also be shared. Kubernetes takes over the administration of the different species. In addition, Microsoft has improved individual images for containers. Also new is the container image "windows", which has a larger range of functions than the well-known images "windowsservercore" and "nanoserver".

 


Security

Security is addressed in several ways in Windows Server 2022. On the one hand, the new server operating system accesses services from the cloud: The Windows Defender Advanced Threat Protection monitors the server for malware and stops processes that are classified as dangerous. Microsoft wants to fight with the cloud service also zero-day attacks and root kits. The Azure-to-Windows Server 2019 link also gives admins the ability to leverage Azure AD's security concepts.


As further protection functions Microsoft relies on Shielded VMs. Sensitive tasks can be done in a secure virtual machine. This also applies to Linux servers that can be secured in this way. Furthermore, the options for encryption have been expanded: With the 2019 version, it is now also possible to encrypt the data transfer between virtual machines.


Storage

The new server version includes several changes in the area of storage. For example, with the Storage Migration Service, Microsoft is making it easier to move to the new version of the operating system, but also to migrate to the cloud, should that be so. In addition, Microsoft Storage Space Direct has improved: You can expect higher speed and more stability. The scalability has also improved significantly: 4 petabytes per cluster are possible.

The storage segment is rounded off by Storage Replica: Now the backup service is also available to users of the standard version - but in a slimmed-down version. Only one replication can be created, and it can only accept a maximum size of 2 terabytes.


Windows Server the Basics

Windows Server 2022 is a server operating system from Microsoft. It is based on Windows 10 (version 1809) and was released on October 2, 2018. Due to issues encountered during upgrade 1809 for Windows 10,

 

Changes from Windows Server 2016

Support of the Windows Subsystem for Linux support of Kubernetes

• advanced Windows Defender, shielded VMs

• system-wide monitoring of the hardware and the network by virtual network peering u. ä.

• Full IPv6 support for networks

Minimum der Hardware-reqirement for Windows Server 2019

Architektur

64-Bit

Prozessor

1,4-GHz-64-Bit-Prozessor mit NX/DEP, CMPXCHG16b,LAHF/SAHF,PrefetchW

Arbeitsspeicher

512 MB (2 GB für Server mit der Installationsoption Desktopdarstellung)

Grafikkarte und Monitor

1024 × 768 Pixel

HDD freier Platz

32 GB freier Festplattenspeicher, ab 16 GB Arbeitsspeicher entsprechend mehr für die dann größeren Auslagerungs-, Ruhezustands- und Absturzabbild-Dateien

Optisches Laufwerk

DVD-Laufwerk (nur zur Installation von DVD/CD-Medien)

BIOS

UEFI System mit Secure-Boot (UEFI 2.3.1c) (für bestimmte Features)

DOS-Linie

 

16-Bit auf DOS

1.0 • 2.x

Windows 3.x (16- u. 32-Bit auf DOS)

3.0 • 3.1

Windows 9x (32-Bit, MS-DOS integriert)

95 • 98 (SE) • ME

 

NT-Linie

 

NT 3.1

NT 3.1 • NT 3.1 Advanced Server

NT 3.5

Workstation • Server

NT 3.51

Workstation • Server

NT 4.0

Workstation • Server • Terminal Server • Embedded

NT 5.0

Windows 2000 Professional • Windows 2000 Server

NT 5.1

Windows XP • XP 64-Bit Edition für Itanium • Tablet PC Edition • XP Embedded • Windows Embedded 2009 • WinFLP

NT 5.2

Windows Server 2003 • Small Business Server • Compute Cluster Server • Home Server • XP 64-Bit Edition 2003 für Itanium • XP Professional 64-Bit Edition für x86-64

NT 6.0

Windows Vista • Windows Server 2008 • Small Business Server 2008 • Essential Business Server 2008 • HPC Server 2008

NT 6.1

Windows 7 • Windows Embedded 7 • Windows Server 2008 R2 • HPC Server 2008 R2 • Small Business Server 2011 • Home Server 2011 • MultiPoint Server 2010 • MultiPoint Server 2011

NT 6.2

Windows 8 • Windows Phone 8 • Windows RT • Windows Server 2012

NT 6.3

Windows 8.1 • Windows Phone 8.1 • Windows RT 8.1 • Windows Server 2012 R2

NT 10.0

Windows 10 • Windows 10 Mobile • Windows Server 2016 • Windows Server 2019


Active Directory (AD)

Active Directory (AD) is the directory service of Microsoft Windows Server. Starting with the Windows Server 2008 release, the service is divided into five roles and its core component is called Active Directory Domain Services (AD DS).


Such directory  is an assignment list, such as a telephone book, which assigns telephone numbers to the respective terminals (owners).

Active Directory makes it possible to organize a network according to the real structure of the company or its spatial distribution. It manages various objects in a network such as users, groups, computers, services, servers, file shares, and other devices such as printers and scanners and their properties. Using Active Directory, an administrator can organize, deploy, and monitor information about the objects.

Users of the network can be granted access restrictions. For example, not every user is allowed to view every file or use each printer.
server roles

Since Windows Server 2008, the term Active Directory has grouped five different server roles:

  •     Active Directory Domain Services (AD DS) is the current version of the original directory service and the central point of domain and resource management.
  •     Active Directory Lightweight Directory Services (ADLDS) is a functionally limited version of the AD DS that serves to connect applications or services that require LDAP-compliant information from the directory. Implemented for the first time in Windows Server 2003, the service was referred to as Active Directory Application Mode (ADAM).
  •     Active Directory Federation Services (ADFS) is used for Web-based authentication of users when they are in areas outside the AD-DS infrastructure.
  •     Active Directory Rights Management Services (ADRMS) protect resources against unauthorized access through cryptographic methods.
  •     Active Directory Certificate Services (ADCS) provides a public-key infrastructure.

The four main components


Lightweight Directory Access Protocol (LDAP)

For example, the LDAP directory provides information about users and their group affiliation. But other objects, such as the certificates of a computer, are stored in the directory. LDAP itself is not a directory, but a protocol by means of which it is possible, via a specific syntax, to query information in an LDAP directory.


Kerberos protocol

Kerberos is a protocol by which the user is authenticated to receive a so-called "Ticket Granting Ticket" (TGT). With this it is possible to get service tickets for accessing a particular service within the network. The user only has to enter his password once in order to receive the TGT. The service tickets are then processed in the background.


Common Internet File System (CIFS)

The CIFS protocol is designed to store files on the network. DNS is used to find the individual computer systems and service information (SRV Resource Record). It also provides a way to connect to the Internet due to the standardized protocol.


Domain Name System (DNS)

Unlike previous versions of Windows, such as Windows NT 4.0, which used NetBIOS for name resolution, Active Directory requires its own DNS. To be fully functional, the DNS server must support SRV resource records.

For compatibility, Windows 2000 or XP clients with the same configuration, even with Active Directory, will still be able to locate resources on the network using NetBIOS or WINS.

construction

ingredients

Active Directory is divided into three parts: schema, configuration, and domain.

  •     A schema is a template for all Active Directory entries. It defines both object types, their classes and attributes, as well as their attribute syntax. Which types of objects are available in Active Directory can be influenced by the definition of new types. The underlying pattern is the "schema" that defines the objects and their attributes.
  •     The configuration describes the Active Directory forest and its trees.
  •     Finally, the domain contains all the information that they describe themselves and the objects created in it.

The first two parts of Active Directory are replicated between all domain controllers in the forest, while the domain-specific information is only available within the domain, that is, on their respective domain controllers. Therefore, in each domain there is an additional so-called Global Catalog. It represents all information of the own domain and contains in addition important partial information of the other domain of the whole structure and thus enables z. B. Domain-wide search operations.

Database

Active Directory uses a Jet (Blue) database to store information about the network objects, which Microsoft also uses for the Exchange Server. It is relational, transactional, and uses write-ahead logging. The Active Directory database is limited to 16 terabytes and each domain controller can create up to 2 billion objects.

The database file "NTDS.DIT" contains three main tables: the "schema table" for storing the schemas, the "link table" for storing the object structure and the "data table" for storing the data.

ESE (Extensible Storage Engine) arranges the Active Directory data stored according to a relational model according to a predetermined schema in a hierarchical model.

In Windows 2000, Active Directory uses the Jet-based ESE98 database.

objects

Unlike NetIQ's eDirectory object-oriented directory system, Active Directory is more object-oriented than hierarchical.

The records in the database are defined in Active Directory as "objects" and their properties as "attributes". The attributes are defined depending on their type. Objects are uniquely identified by their name.

Group Policy settings are stored in Group Policy objects. These are also assigned to domains and locations.

Property Categories

Objects can be divided into two main categories:

  •     Accounts, such as user, group, and computer accounts
  •     Resources, such as file and printer shares

 

Storage in containers (organizational units)

The potentially up to many millions of objects are stored in containers (organizational units), also called OUs (Organizational Unit). Some containers are predefined, any other organizational units can be created with subunits (suborganizational units). As an object-based system, Active Directory supports the inheritance of properties of an object container to child objects, which can also be containers again. This allows Active Directory to build networks logically and hierarchically.

hierarchy

Forest (forest)

The combination of several related domains is called "forest" in the English original, "forest" in English. The most important information of all contained domains is centrally available in the Global Catalog, furthermore all domains use the same directory schema. The use of security information (eg user rights / group assignments) as well as schema extensions are thus possible across domains. The forest can contain different trees, which are domains that are in the same DNS namespace (eg buchhaltung.meinefirma.de and meinefirma.de). Even a single domain already forms a forest, which can later be supplemented by more domains.

organizational units

An organizational unit (OU) is a container object that is used to group other objects in the AD. An OU can contain objects as well as other OUs. The freely definable hierarchy of OUs simplifies the administration of Active Directory. It usually follows the network structures (network management model) or the organizational structure of the company. The OUs are the lowest level of Active Directory, where administrative rights can be split.

Locations

One way of subdivision is locations. These represent a spatial organization of the IP subnets within the overall topology.

The fast networks (LAN) of the sites are usually interconnected by slower networks (WAN). Site formation is therefore important for controlling network traffic generated by replication operations. Domains can contain locations, and locations can include domains.

It is fundamental to carefully plan the corporate information infrastructure into a hierarchical division into domains and organizational units. Splitting geographical locations, tasks or roles or a combination of these models has proven useful.

Domain Controller and Replikation

Windows NT

Under Windows NT, there was always one excellent controller per domain, the Primary Domain Controller (PDC), which was allowed to make changes to the user and computer database (SAM). All other domain controllers served as backup copies, which can be upgraded to a PDC if necessary.


As of Windows 2000: Multimaster replication

Active Directory uses multi-master replication to replicate the directory between the domain controllers. This has the advantage that each replica can be described and synchronized. Thus, in distributed implementations, local administration is completely possible. Unlike NT4 domains, as of Windows 2000, all domain controllers (DC) have a writable copy of the Active Directory database. The change of an attribute on one of the DCs is forwarded (replicated) at regular intervals to all other DCs. As a result, all DCs are in the same state. The failure of a DC is irrelevant for the Active Directory database because no information is lost. The replication interval can be set to 15 or more minutes, depending on the frequency of changes. By default, Windows 2000 Server replicates the AD by no later than 5 minutes, and replaces it with Windows Server 2003 by no later than 15 seconds. Since a replication goes beyond a maximum of 3 hops, depending on the server version used, you get 15 minutes or 45 seconds as the replication interval for a domain.

naming

Active Directory supports naming and access via UNC / URL and LDAP URL names. Internally, LDAP version X.500 is used for the name structure. Each object has a fully qualified name (DN). For example, a print object is called "LaserDrucker3" in the organizational unit "Marketing" and the domain "foo.org". The fully qualified name is thus "CN = LaserPrinter3, OU = Marketing, DC = foo, DC = org". "CN" stands for "common name". DC is the domain object class that can consist of many parts. The objects can also be named after the UNC / URL notation. This is characterized by a reverse order of the identifiers, which are separated by slashes. The above object could also be called "foo.org/Marketing/LaserDrucker3". To address objects within the containers, relative names (RDNs) are used. This would be for the laser printer "CN = LaserDrucker3". Each object has a globally unique identifier (GUID) in addition to its globally unique name. This is usually represented as a string and does not change when the object is renamed. Furthermore, each user and computer object can also be addressed uniquely via its assigned UPN (User Principal Name), which has the structure "object name" @ "domain name".


HYPER-V

Ressourcen optimal nutzen

Hyper-V


Make optimal use of resources

The use of virtualization technology saves companies 30-45% of hardware costs without sacrificing performance.

Is your server really busy?
According to an Intel study, almost all servers are chronically underutilized. At normal normal load thus a large part of the existing resources is broke.

Virtual server solutions dynamically distribute existing hardware resources and respond to varying utilization.

Your advantages:

  •      Improved availability and system recovery
  •      Failover and fault tolerance
  •      powerful
  •      economical

 

Virtual servers are a safe and efficient alternative to dedicated server systems.

Your flexible extension options:

  •      Expansion of memory, disk space or processing power
  •      All-inclusive packages incl. Services
  •      Storage hosting including backup management
  •      System management with optimized monitoring
  •      24x7 support

characteristics

  •      Complete isolation of the individual systems
  •      Hardware level safety functions can be used, for example Data Execution Prevention (DEP)
  •      Hyper-V supports Network Address Translation (NAT) and Network Access Protection (NAP)
  •      Management via the Microsoft Management Console (MMC)
  •      In cluster mode, the Hyper-V can perform so-called live migrations. This allows you to move virtual machines on the fly.
  •      Since Windows Server 2012, so-called shared nothing live migrations can be performed. This moves virtual machines between Hyper-V servers without having to run the hosts in cluster mode.
  •      Host systems can be Windows Server 2008, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016

A guest system can be assigned up to 64 processors and 1 terabyte of RAM.

Availability

The hypervisor comes in two variants: as a server role or operating system feature (eg in Windows Server 2016 or Windows 10) and as a stand-alone product (eg Microsoft Hyper-V Server 2016). The latter version is free of charge but does not include any required licenses for the guest system. In addition, this version is only usable in core mode, which is simplified by the use of PowerShell (PsHyper-V). These are the only restrictions on the paid version.

applications

Hyper-V can be used effectively in many scenarios - both virtualizing entire data centers and smaller environments. In addition, full network configuration can be performed without third-party tools (such as NIC teaming and VLAN configuration), Hyper-V u. a. also the virtualization of entire switches (vSwitch). System Center Virtual Machine Manager (SCVMM), which can be used to manage VMs and hosts, provides extended functionality. a. based on Hyper-V

However, with the version available in Windows 8 and Windows 10, Hyper-V can also be used for client virtualization. However, it should be noted that after activating Hyper-V, the root operating system itself is running in a privileged virtual machine and, for Therefore, it is also wrong for Hyper-V to speak of a "host OS" in the root OS and of a "guest OS" in the child systems, since both (root OS and Child systems) on one level.

As of Windows 8, Windows XP Home and older versions are no longer supported in virtual mode. A list of all supported operating systems is available on Microsoft TechNet Since Linux kernel version 2.6.32, the Hyper-V Integration Components are an integral part and can easily be activated in other Linux distributions. As of CentOS 6.4, the drivers for Hyper-V are included directly in the distribution packages. Since 2012, FreeBSD is officially supported by Hyper-V From version 6.6 of RHEL and CentOS, execution in a 2nd generation virtual machine is also supported.

Our team of specialists gladly shares their many years of experience in the areas of systems management, server hosting and server virtualization and enables you to optimally and individually dimension the system. Integral services and synergies are optimally adapted to your business needs.

Contact us.


Windows Server 2022 - How many cores do I need to license?

 

Licensing is based on the following four rules, which you can use to easily calculate your licensing requirements right away.

Rule no. 1:

Each physical processor is counted as having at least eight cores.

Rule #2:

Each physical server is rated with at least 16 cores.

Rule #3:

All physical and active cores in the server must be licensed subject to Rules #1 and #2 in order for a Standard Server to have two VM rights and a Datacenter Server to have unlimited VM rights.

Rule #4:

To obtain two additional VM rights with the Standard Edition, all physical and active cores must be licensed again using Rules 1 and 2.