What you should change on your file server with Windows Server 2022


Windows server 2022 concept
Image: Adobe stock

While much of the story around Windows Server 2022 is about its role as a key element in Microsoft’s hybrid cloud strategy, it’s a release that hasn’t forgotten its roots. Behind the improvements in management tools and integration with Azure services is the same familiar file server that’s run offices around the world since the 1990s.

While file and print services remain key to many SME (small and mid-sized enterprise) installations of Windows Server, the environment users work in has changed dramatically. Security remains key, but there are other changes as larger and larger files are pushed around faster and faster networks. The old protocols and services are being phased out, with the original SMB 1 protocol now relegated to history (or at best a manually activated compatibility mode) and with support for the latest networking hardware.

That all means when you upgrade, it’s worth tuning your systems to the latest release in order to get the most out of your server investment with a wide selection of new file and storage updates. While up-to-date Windows 10 and 11 clients will automatically connect to servers using the latest file protocols and services, upgrading Windows Server defaults to the previous settings will help maintain compatibility.

SEE: Windows 11 cheat sheet: Everything you need to know (TechRepublic)

Windows Server 2022 brings a lot of security improvements to the platform, taking advantage of hardware support for virtualization and a hardware root of trust to deliver a secured core server. These technologies aim to protect not only the Windows kernel and memory but also any drivers and system firmware, including network cards and storage.

End-to-end file security

This approach extends to securing basic network functionality. For applications that use HTTPS for file transfer, the Windows Server 2022 system will default to using TLS 1.3. This removes older obsolete and insecure encryption algorithms, helping to ensure that any end-to-end encryption is less likely to be broken. This may also require upgrading some applications, as older releases may not support the newest encryption techniques. While Windows Server will fall back to older TLS implementations where necessary, it does add risk.

Outside of HTTPS, Microsoft has enhanced SMB’s built-in encryption tooling. SMB encryption can be enabled for all shares or just for those users want to protect. In addition, SMB 3.1.1 can be as strong as AES-256, though most connections will continue to use AES-128.

As well as protecting data in transit, using encrypted SMB reduces the risk of advanced persistent threats using snooping attacks to determine what data to extract from systems. There’s even the option to encrypt data transfers within a cluster for extra security when sharing storage to build a high-availability storage platform.

Those using SMB Direct via RDMA to speed up data transmission can now use it with encrypted SMB, where previously it had too much overhead and disabled direct placement, which slowed connections down. Now, Windows Server will encrypt data before it’s sent to network hardware, minimizing overhead and allowing users to take full advantage of the speed-up that comes with direct access to network card memory.

Compress files on the move

Perhaps the most useful feature is SMB Compression. This helps users get the most from relatively low bandwidth networks, especially over Wi-Fi. While it does increase CPU usage, it’s not significant compared to the time saved when moving large files.

There’s value to using it in all cases, even on uncongested fast networks, where it reduces the risk of congestion and allows other protocols and services to work more efficiently. As a bonus, SMB Compression respects encryption settings and works over QUIC (Quick UDP Internet Connection). However, it won’t work with SMB Direct, so it’s not possible to get a double performance boost.

While SMB over QUIC is important, it’s only available in the Datacenter edition when it’s running in Azure. Intended to provide secure VPN-less connectivity to edge hardware, support in Windows 11 ensures you can host your own file servers in Azure or Azure Stack and connect directly from Windows PCs, wherever they may be. Removing the need to use a VPN simplifies the process, but you do need to ensure you have set the SMB mapping for the share in question to use QUIC.

SEE: Go-to resources for safe, secure cloud storage (TechRepublic)

Getting started with SMB Compression is simple enough, using Windows Admin Center. When connected to a Windows Server 2022 system, simply go to the Files and file sharing menu item, pick File shares, and then add Compress data to existing or new shares. Alternatively, you can use PowerShell to quickly add compression support to a share, automating the process by first getting the names of all shares and then setting the appropriate state to True. Similar scripts can be used on client Windows 11 PCs to ensure they negotiate SMB Compression with any Windows Server 2022 system, turning it on every time they log into the network.

Usefully, Microsoft has added SMB Compression support to both Robocopy and Xcopy, enabling users to move large files, like virtual disks or databases between servers. The same tools could be used to reduce traffic over leased line connections to disaster recovery sites, either in remote data centers or over VPNs and in Azure. Not every file will be compressed; the algorithm Windows uses checks to see if the file is compressible before running. This means complex files that can’t be compressed won’t be, while virtual disks and similar will end up as relatively small files.

Making storage more reliable

Other storage upgrades to Windows Server 2022 make running Storage Spaces more reliable. You can now control repair speed, giving a balance between resilience and performance. This is linked to faster and more predictable repair times, helping users balance service levels and planned outages while ensuring they can still access files and applications.

Moreover, there are improvements to ReFS, with new snapshot tools that make it easier to create read-only snapshots of a file. This approach speeds up creating regular virtual machine backups.

Good, fast, reliable storage remains a priority for most data centers, and it’s good to see Microsoft addressing this in the latest Windows Server 2022 releases. Improvements to file networking are one side of the coin with storage management the other. The result is improvements in file transfer and system recovery, which should help organizations feel more confident about keeping data on-premises with users who are remote as often as they’re in the office.



Source link