The following new features were added with Windows Server 2022 implemented:
Microsoft has given its operating system for servers a new version. As part of the Long-Term Servicing Channel (LTSC), an update has now been released after two years, which in some cases brings important changes. Microsoft did not reinvent the wheel and instead relied on further development of existing functions. After an initial hiccup, Windows Server 2022 is now fully operational. What new features does the system have?
What has changed? Windows Server 2022 and its features
There are a few pillars on which Microsoft is introducing the new server version: More options for working in a hybrid cloud, better support for Linux, more security with shielded virtual machines, innovations in the storage subsystem and the establishment of the Windows Admin Center. Around these important items revolve some smaller and some major changes.
Windows Admin Center & System Insights
Not brand new but an important part of Windows Server 2022: Windows Admin Center, a graphical console for managing the server. The software can be controlled via the browser, can be used remotely and gives admins the ability to control connected hardware. By connecting to Azure, the software also provides a good starting point for organizing a hybrid cloud solution. However, the Windows Admin Center is not a complete replacement for the Remote Server Administration Tool (RSAT). It still needs to be used in parallel.
The Windows Admin Center is not part of the default installation of Windows Server 2022, but it can be downloaded and added for free.
Microsoft is taking another step towards cloud technology with Windows Server 2019. There is a close connection to Azure, which is not limited to the interface with the Admin Center. The Azure Network connetion between the two systems, in a very short time and with litte configuration effort. Added features include Azure Backup, Azure Update Management and Azure Site Recovery. Other tools that work through the cloud are aimed directly at security.
Windows Server 2022 makes it easier to integrate Linux. It is possible to run Linux containers and Windows containers on the same host. The Microsoft Store also makes it easy to download Linux distributions for the subsystem for Linux. So also applications can run on the server, which are actually intended for Linux. This includes Bash, the free shell of Linux.
Kubernetes plays a more important role than before on Windows. Support for the orchestration system has been extended. Windows Server containers, Hyper-V containers, Docker containers and Linux containers can now also be shared. Kubernetes takes over the administration of the different species. In addition, Microsoft has improved individual images for containers. Also new is the container image "windows", which has a larger range of functions than the well-known images "windowsservercore" and "nanoserver".
Security is addressed in several ways in Windows Server 2022. On the one hand, the new server operating system accesses services from the cloud: The Windows Defender Advanced Threat Protection monitors the server for malware and stops processes that are classified as dangerous. Microsoft wants to fight with the cloud service also zero-day attacks and root kits. The Azure-to-Windows Server 2019 link also gives admins the ability to leverage Azure AD's security concepts.
As further protection functions Microsoft relies on Shielded VMs. Sensitive tasks can be done in a secure virtual machine. This also applies to Linux servers that can be secured in this way. Furthermore, the options for encryption have been expanded: With the 2019 version, it is now also possible to encrypt the data transfer between virtual machines.
The new server version includes several changes in the area of storage. For example, with the Storage Migration Service, Microsoft is making it easier to move to the new version of the operating system, but also to migrate to the cloud, should that be so. In addition, Microsoft Storage Space Direct has improved: You can expect higher speed and more stability. The scalability has also improved significantly: 4 petabytes per cluster are possible.
The storage segment is rounded off by Storage Replica: Now the backup service is also available to users of the standard version - but in a slimmed-down version. Only one replication can be created, and it can only accept a maximum size of 2 terabytes.
Windows Server 2022 is a server operating system from Microsoft. It is based on Windows 10 (version 1809) and was released on October 2, 2018. Due to issues encountered during upgrade 1809 for Windows 10,
Changes from Windows Server 2016
• Support of the Windows Subsystem for Linux support of Kubernetes
• advanced Windows Defender, shielded VMs
• system-wide monitoring of the hardware and the network by virtual network peering u. ä.
• Full IPv6 support for networks
Minimum der Hardware-reqirement for Windows Server 2019 | |
Architektur | 64-Bit |
1,4-GHz-64-Bit-Prozessor mit NX/DEP, CMPXCHG16b,LAHF/SAHF,PrefetchW | |
512 MB (2 GB für Server mit der Installationsoption Desktopdarstellung) | |
Grafikkarte und Monitor | 1024 × 768 Pixel |
HDD freier Platz | 32 GB freier Festplattenspeicher, ab 16 GB Arbeitsspeicher entsprechend mehr für die dann größeren Auslagerungs-, Ruhezustands- und Absturzabbild-Dateien |
DVD-Laufwerk (nur zur Installation von DVD/CD-Medien) | |
UEFI System mit Secure-Boot (UEFI 2.3.1c) (für bestimmte Features) | |
DOS-Linie |
| ||||||||||||||||||||||||
NT-Linie |
|
Active Directory (AD) is the directory service of Microsoft Windows Server. Starting with the Windows Server 2008 release, the service is divided into five roles and its core component is called Active Directory Domain Services (AD DS).
Such directory is an assignment list, such as a telephone book, which assigns telephone numbers to the respective terminals (owners).
Active Directory makes it possible to organize a network according to the real structure of the company or its spatial distribution. It manages various objects in a network such as users, groups, computers, services, servers, file shares, and other devices such as printers and scanners and their properties. Using Active Directory, an administrator can organize, deploy, and monitor information about the objects.
Users of the network can be granted access restrictions. For example, not every user is allowed to view every file or use each printer.
server roles
Since Windows Server 2008, the term Active Directory has grouped five different server roles:
The four main components
Lightweight Directory Access Protocol (LDAP)
For example, the LDAP directory provides information about users and their group affiliation. But other objects, such as the certificates of a computer, are stored in the directory. LDAP itself is not a directory, but a protocol by means of which it is possible, via a specific syntax, to query information in an LDAP directory.
Kerberos protocol
Kerberos is a protocol by which the user is authenticated to receive a so-called "Ticket Granting Ticket" (TGT). With this it is possible to get service tickets for accessing a particular service within the network. The user only has to enter his password once in order to receive the TGT. The service tickets are then processed in the background.
Common Internet File System (CIFS)
The CIFS protocol is designed to store files on the network. DNS is used to find the individual computer systems and service information (SRV Resource Record). It also provides a way to connect to the Internet due to the standardized protocol.
Domain Name System (DNS)
Unlike previous versions of Windows, such as Windows NT 4.0, which used NetBIOS for name resolution, Active Directory requires its own DNS. To be fully functional, the DNS server must support SRV resource records.
For compatibility, Windows 2000 or XP clients with the same configuration, even with Active Directory, will still be able to locate resources on the network using NetBIOS or WINS.
construction
ingredients
Active Directory is divided into three parts: schema, configuration, and domain.
The first two parts of Active Directory are replicated between all domain controllers in the forest, while the domain-specific information is only available within the domain, that is, on their respective domain controllers. Therefore, in each domain there is an additional so-called Global Catalog. It represents all information of the own domain and contains in addition important partial information of the other domain of the whole structure and thus enables z. B. Domain-wide search operations.
Database
Active Directory uses a Jet (Blue) database to store information about the network objects, which Microsoft also uses for the Exchange Server. It is relational, transactional, and uses write-ahead logging. The Active Directory database is limited to 16 terabytes and each domain controller can create up to 2 billion objects.
The database file "NTDS.DIT" contains three main tables: the "schema table" for storing the schemas, the "link table" for storing the object structure and the "data table" for storing the data.
ESE (Extensible Storage Engine) arranges the Active Directory data stored according to a relational model according to a predetermined schema in a hierarchical model.
In Windows 2000, Active Directory uses the Jet-based ESE98 database.
objects
Unlike NetIQ's eDirectory object-oriented directory system, Active Directory is more object-oriented than hierarchical.
The records in the database are defined in Active Directory as "objects" and their properties as "attributes". The attributes are defined depending on their type. Objects are uniquely identified by their name.
Group Policy settings are stored in Group Policy objects. These are also assigned to domains and locations.
Property Categories
Objects can be divided into two main categories:
Storage in containers (organizational units)
The potentially up to many millions of objects are stored in containers (organizational units), also called OUs (Organizational Unit). Some containers are predefined, any other organizational units can be created with subunits (suborganizational units). As an object-based system, Active Directory supports the inheritance of properties of an object container to child objects, which can also be containers again. This allows Active Directory to build networks logically and hierarchically.
hierarchy
Forest (forest)
The combination of several related domains is called "forest" in the English original, "forest" in English. The most important information of all contained domains is centrally available in the Global Catalog, furthermore all domains use the same directory schema. The use of security information (eg user rights / group assignments) as well as schema extensions are thus possible across domains. The forest can contain different trees, which are domains that are in the same DNS namespace (eg buchhaltung.meinefirma.de and meinefirma.de). Even a single domain already forms a forest, which can later be supplemented by more domains.
organizational units
An organizational unit (OU) is a container object that is used to group other objects in the AD. An OU can contain objects as well as other OUs. The freely definable hierarchy of OUs simplifies the administration of Active Directory. It usually follows the network structures (network management model) or the organizational structure of the company. The OUs are the lowest level of Active Directory, where administrative rights can be split.
Locations
One way of subdivision is locations. These represent a spatial organization of the IP subnets within the overall topology.
The fast networks (LAN) of the sites are usually interconnected by slower networks (WAN). Site formation is therefore important for controlling network traffic generated by replication operations. Domains can contain locations, and locations can include domains.
It is fundamental to carefully plan the corporate information infrastructure into a hierarchical division into domains and organizational units. Splitting geographical locations, tasks or roles or a combination of these models has proven useful.
Domain Controller and Replikation
Windows NT
Under Windows NT, there was always one excellent controller per domain, the Primary Domain Controller (PDC), which was allowed to make changes to the user and computer database (SAM). All other domain controllers served as backup copies, which can be upgraded to a PDC if necessary.
As of Windows 2000: Multimaster replication
Active Directory uses multi-master replication to replicate the directory between the domain controllers. This has the advantage that each replica can be described and synchronized. Thus, in distributed implementations, local administration is completely possible. Unlike NT4 domains, as of Windows 2000, all domain controllers (DC) have a writable copy of the Active Directory database. The change of an attribute on one of the DCs is forwarded (replicated) at regular intervals to all other DCs. As a result, all DCs are in the same state. The failure of a DC is irrelevant for the Active Directory database because no information is lost. The replication interval can be set to 15 or more minutes, depending on the frequency of changes. By default, Windows 2000 Server replicates the AD by no later than 5 minutes, and replaces it with Windows Server 2003 by no later than 15 seconds. Since a replication goes beyond a maximum of 3 hops, depending on the server version used, you get 15 minutes or 45 seconds as the replication interval for a domain.
naming
Active Directory supports naming and access via UNC / URL and LDAP URL names. Internally, LDAP version X.500 is used for the name structure. Each object has a fully qualified name (DN). For example, a print object is called "LaserDrucker3" in the organizational unit "Marketing" and the domain "foo.org". The fully qualified name is thus "CN = LaserPrinter3, OU = Marketing, DC = foo, DC = org". "CN" stands for "common name". DC is the domain object class that can consist of many parts. The objects can also be named after the UNC / URL notation. This is characterized by a reverse order of the identifiers, which are separated by slashes. The above object could also be called "foo.org/Marketing/LaserDrucker3". To address objects within the containers, relative names (RDNs) are used. This would be for the laser printer "CN = LaserDrucker3". Each object has a globally unique identifier (GUID) in addition to its globally unique name. This is usually represented as a string and does not change when the object is renamed. Furthermore, each user and computer object can also be addressed uniquely via its assigned UPN (User Principal Name), which has the structure "object name" @ "domain name".
![[Translate to Englisch:] Hyper-V Virtualisierung](/fileadmin/_processed_/e/d/csm_Grafik_Servervirtualisierung_9f17876938.png "[Translate to Englisch:] Hyper-V Virtualisierung")
Hyper-V
Make optimal use of resources
The use of virtualization technology saves companies 30-45% of hardware costs without sacrificing performance.
Is your server really busy?
According to an Intel study, almost all servers are chronically underutilized. At normal normal load thus a large part of the existing resources is broke.
Virtual server solutions dynamically distribute existing hardware resources and respond to varying utilization.
Your advantages:
Virtual servers are a safe and efficient alternative to dedicated server systems.
Your flexible extension options:
characteristics
A guest system can be assigned up to 64 processors and 1 terabyte of RAM.
Availability
The hypervisor comes in two variants: as a server role or operating system feature (eg in Windows Server 2016 or Windows 10) and as a stand-alone product (eg Microsoft Hyper-V Server 2016). The latter version is free of charge but does not include any required licenses for the guest system. In addition, this version is only usable in core mode, which is simplified by the use of PowerShell (PsHyper-V). These are the only restrictions on the paid version.
applications
Hyper-V can be used effectively in many scenarios - both virtualizing entire data centers and smaller environments. In addition, full network configuration can be performed without third-party tools (such as NIC teaming and VLAN configuration), Hyper-V u. a. also the virtualization of entire switches (vSwitch). System Center Virtual Machine Manager (SCVMM), which can be used to manage VMs and hosts, provides extended functionality. a. based on Hyper-V
However, with the version available in Windows 8 and Windows 10, Hyper-V can also be used for client virtualization. However, it should be noted that after activating Hyper-V, the root operating system itself is running in a privileged virtual machine and, for Therefore, it is also wrong for Hyper-V to speak of a "host OS" in the root OS and of a "guest OS" in the child systems, since both (root OS and Child systems) on one level.
As of Windows 8, Windows XP Home and older versions are no longer supported in virtual mode. A list of all supported operating systems is available on Microsoft TechNet Since Linux kernel version 2.6.32, the Hyper-V Integration Components are an integral part and can easily be activated in other Linux distributions. As of CentOS 6.4, the drivers for Hyper-V are included directly in the distribution packages. Since 2012, FreeBSD is officially supported by Hyper-V From version 6.6 of RHEL and CentOS, execution in a 2nd generation virtual machine is also supported.
Our team of specialists gladly shares their many years of experience in the areas of systems management, server hosting and server virtualization and enables you to optimally and individually dimension the system. Integral services and synergies are optimally adapted to your business needs.
Licensing is based on the following four rules, which you can use to easily calculate your licensing requirements right away.
Rule no. 1:
Each physical processor is counted as having at least eight cores.
Rule #2:
Each physical server is rated with at least 16 cores.
Rule #3:
All physical and active cores in the server must be licensed subject to Rules #1 and #2 in order for a Standard Server to have two VM rights and a Datacenter Server to have unlimited VM rights.
Rule #4:
To obtain two additional VM rights with the Standard Edition, all physical and active cores must be licensed again using Rules 1 and 2.
