News

Windows Server vNext To Bring Hotpatching for All and Other Perks

• By Kurt Mackie
• 12/01/2023

Microsoft will be bringing a bunch of improvements to Windows Server in its "vNext" release, per a November Microsoft Ignite presentation.

The most current product for on-premises deployments is Windows Server 2022. Microsoft also has Azure-enabled options with the Windows Server 2022 Datacenter Azure Edition, plus the Azure Stack HCI product. Possibly, the next server product for customer premises environments will be called "Windows Server 2025." That's the view of observers such as Microsoft Most Valuable Professional Günter Born, for instance. However, the Microsoft Ignite session just used the vNext descriptor for it.

The Ignite session did not indicate when Windows Server users might see these future vNext improvements. Below is a synopsis of the presentation's highlights.

Easy Upgrades
The upgrade from Windows Server to vNext is going to be somewhat like Windows client updates, promised Eldon Christensen, a principal program manager at Microsoft:

You're going to be able to just go into Windows Update. You're going to see the latest update. You'll just be able to hit Update and it's going to update your system from the old version to the new version.

New Pay as You Go Option
Microsoft is planning to sell Windows Server vNext on a traditional perpetual-license basis, as well as a pay-as-you-go subscription basis.

The pay-as-you-go option will be enabled through Azure Arc, Microsoft's cloud services management tool, and will get billed via "Azure Commerce." The subscription-based offering might be used by organizations having seasonal burst-workload scenarios, rather than needing to support year-round operations, Microsoft suggested.

Azure Stack HCI Features Coming to vNext
Microsoft promised that Azure Stack HCI improvements, which arrive annually, will get delivered to Windows Server vNext. Here's how that notion was expressed by Christensen:

Once a year we release Azure Stack HCI. Then LTSC is on a slightly longer release cadence. Well, we're going to accrue all that value from the Core OS into Window Server as well some of those other features you've seen show up in Azure Stack HCI, such as thinly provisioned Storage Spaces, stretch cluster support for Storage Spaces Direct. Those are now going to accrue value into the next version of Window Server.

Hotpatching for All
One interesting vNext announcement was Microsoft's plans to offer its hotpatching capability across its server products and across cloud services. Hotpatching lets organizations apply updates in memory, avoiding the reboots of the traditional patching process, which that can disrupt operations.

The coming expanded hotpatching capability will be tied to the Azure Arc management tool. However, hotpatching won't just be a feature for Azure Edition and Azure Stack HCI users, indicated Jeff Woolsey, principal program manager at Microsoft. Azure Arc hotpatching will be available to the next Windows Server Standard Edition and Datacenter Edition products on an extra cost subscriber basis, although it's currently available at no cost for Azure Edition and Azure Stack HCI users, Woolsey indicated.

Microsoft also promised that enabling Azure Arc won't be as tedious as it now is. Microsoft is working on a future wizard solution for installing Azure Arc.

SMB over QUIC for All
Microsoft already included Server Message Block (SMB) over QUIC in Windows Server 2022 Azure Edition. SMB over QUIC is an always-encrypted protocol that uses TLS 1.3 for connections. It's described as being able to avoid spoofing and adversary-in-the-middle attacks.

Microsoft is planning to add SMB over QUIC to other Windows Server editions besides the Azure Edition with the release of vNext. It'll be part of the Standard and Datacenter editions, too, according to Christensen.

The End of NTLM
Microsoft is planning to eliminate the need to use the New Technology LAN Manager (NTLM) protocol, replacing it with Kerberos. It's an objective that was described earlier this year with Windows 11. Woolsey kind of described it as a coming vNext feature:

We are working fervently to get rid of NTLM. It's on its way to deprecation -- '90s technology that needs to go, and it needs to go bad. We now have local Kerberos key distribution being built into Windows, not just domain controllers. [It's] Kerberos auth for local user accounts. This is a big change.

However, the timing wasn't indicated. NTLM has typically gotten leveraged for "NTLM relay attacks," where a remote adversary can spoof being an authenticated user on a network.

Christensen added that Microsoft will be bringing the ability to "to disable NTLM at an SMB level" using Group Policy or PowerShell. An "SMB authentication limiter" also will be coming with the vNext release that will make brute-force types of attacks unpromising by adding an authentication time delay. Microsoft also will make SMB signing the default with the vNext release.

Woolsey promised an expansion of Transport Layer Security (TLS) 1.3 use with vNext, where such encryption will be required:

I am super proud of the investments we made in TLS 1.3 and Windows Server 2022. They are dramatically improving the security for servers everywhere. Now we're bringing this to LDAP and Schannel support for TLS 1.3. When you're communicating with domain controllers using confidential attributes, connection now requires encryption.

Active Directory Page Sizing
Surprisingly, the Ignite session referred to a coming "next-gen AD," meaning that Active Directory is getting a database page size enhancement, although a replication boost and security enhancements also will be coming.

Windows Server vNext will be getting a new domain controller with "a 32k page database" that uses "64-bit Long Value IDs." However, it will run in an "8k page mode for compatibility with previous versions," Microsoft indicated.

One catch is that organizations only get this database page improvement if it's done at a "forest-wide level," where "all Domain Controllers in the forest have a 32k page capable database."

The 32k page database enhancement for Active Directory is seen as addressing current "scalability limitations." Another next-gen effort to address AD scalability issues is a coming non-uniform memory access (NUMA) support for "more than 64 cores with Active Directory."

GPU-P Support
Windows Server vNext will get "support for GPU partitioning," which is termed "GPU-P" by Microsoft. Instead of GPUs being mapped to a virtual machine, this capability allows organizations to "share a GPU across multiple virtual machines," Christensen indicated.

GPU-P will be manageable via PowerShell and the Windows Admin Center portal, and it will have "full support for live migration and failover clustering," Christensen added.

NVMe Storage Perks
Microsoft indicated it is seeing a 70 percent increase in input/output operations per second (IOPS) when using vNext with nonvolatile memory express (NVMe) storage, compared with Windows Server 2022. Microsoft expects to up that performance level to 90 percent with a coming "new NVMe native driver." The driver is currently at the preview stage.

Microsoft is planning to support Storage Area Network (SAN) deployments, too, with a coming "NVMe over fabric" addition, which "is emerging as the new block connectivity for storage area networks," according to Christensen.

Also to come is a "3x performance improvement" with the Storage Replica feature, Christensen indicated. He also mentioned a coming Resilient File System (ReFS) "native dedupe" capability, which will be optimized for "hot data."