Microsoft has unveiled plans for the upcoming release of Windows Server vNext, setting the stage for numerous enhancements in server management and security. During a session at the Microsoft Ignite event, principal program manager Eldon Christensen assured users of a streamlined update process. Upon the release, server administrators will be able to simply navigate to Windows Update, select the latest update, and initiate an upgrade directly from their current server version to vNext, simplifying the traditionally complex upgrade procedure.
Flexible Licensing and Management
In a departure from the exclusive perpetual-license model, Microsoft is introducing a new pay-as-you-go subscription model for Windows Server vNext. This offering is designed for organizations with variable workload demands and will be enabled via Azure Arc, Microsoft's comprehensive service management tool. Christensen highlighted that the annual improvements seen with Azure Stack HCI will be integrated into the core operating system of Windows Server, leveraging accrued advancements along a longer release cadence. Notable features include thinly provisioned Storage Spaces and stretch cluster support for Storage Spaces Direct, benefitting the broader server technology landscape.
Security Upgrades and Protocol Expansion
Security takes center stage in the vNext update, with hotpatching abilities expanding across all server products and cloud services. Hotpatching allows updates to be applied in-memory, thus eliminating the need for system reboots that typically disrupt operations. This enhanced capability, associated with Azure Arc, will be available to Windows Server Standard Edition and Datacenter Edition users, according to Jeff Woolsey, principal program manager at Microsoft.
Furthermore, Microsoft is democratizing access to SMB over QUIC, an always-encrypted protocol that was previously exclusive to Windows Server Azure Edition. This protocol, utilizing the robustness of TLS 1.3, plays a crucial role in circumventing spoofing and intermediary attacks. The upcoming inclusion in Standard and Datacenter editions represents Microsoft's pledge to bolster network security.
Another landmark decision made by Microsoft involves NTLM protocol which is infamous for being vulnerable to NTLM relay attacks. The plan is to phase out NTLM in favor of more secure authentication methods like Kerberos. The shift in strategy is part of ongoing efforts to modernize and secure communication channels, including the elevation of SMB signing to a default setting, and integrating an ‘SMB authentication limiter' to thwart brute-force attacks by adding an authentication delay.
Performance and Infrastructure Improvements
The underneath layers of Windows Server are also receiving significant attention. The next iteration promises a new domain controller boasting a 32k database page size leveraging 64-bit Long Value IDs. This design aims to mitigate scalability issues, albeit requiring a forest-wide upgrade to ensure all domain controllers have a 32k page capable database.
A drastic performance gain has been reported with nonvolatile memory express (NVMe) storage, where a 70 percent increase in I/O operations per second (IOPS) has been observed over Windows Server 2022, potentially reaching a 90 percent increase with the deployment of a new NVMe native driver—currently in preview. To supplement this, Microsoft plans to introduce an NVMe over fabric solution, boosting SAN deployment capabilities.
A commitment to innovation is also apparent in the promise of GPU-P, which will allow GPU resources to be shared across multiple virtual machines and managed with PowerShell and Windows Admin Center. The update will feature both live migration and failover clustering support, maintaining operational continuity.
Maintaining the forward momentum, Microsoft's upcoming version of the Windows Server vNext not only paves the way for security enhancements but also sets new benchmarks for performance, reliability, and ease of use. The detailed timeline for these enticing updates, however, remains under wraps.
