Microsoft Highlights Security SDN Capabilities in Windows Server 2019

Microsoft is touting software-defined networking (SDN) security capabilities in the coming Windows Server 2019 product as being among its top-ten networking features, according to an announcement this week.

SDN technologies are used in the current flagship Windows Server 2016 product, too, but SDN is still a big part of Microsoft's product marketing for this year's model. For instance, in its top-ten feature countdown list for Windows Server 2019, Microsoft earlier had suggested that SDN technology will enable so-called "software-defined datacenters," which is considered to be another top networking feature.

This time, as its No. 4 top networking feature, Microsoft is emphasizing the new server's SDN security benefits, including automatic subnet encryption, improved firewall auditing, an expansion of access control lists (ACLs) to logical subnets, virtual network peering and IPv6 support.

The subnet encryption capability in Windows Server 2019 pertains to the encryption of network traffic between virtual machines. There's an automated process involved where "any packet that leaves a VM is automatically encrypted as it passes to other destinations on the same back-end network," Microsoft's announcement explained. If a vulnerability is found during this process, the fabric is automatically updated. The announcement suggested that this feature will alleviate having to check if the encryption for apps is up to date, as it also automatically handles application-level encryption. This automated process just happens within the same subnet. When traffic is sent between subnets, it becomes unencrypted, Microsoft explained, in this document.

The firewall logging feature in Windows Server 2019 works with the Hyper-V host and lets organizations carry out audits of firewall performance. It can be used to verify that network boundaries are working properly. It'll also indicate whether the network is under an attack or if a breach has occurred, according to Microsoft's announcement. Microsoft is also touting this feature's ability to generate logs that "are consistent in format with Azure Network Watcher," which means that Azure Network Watcher tools can be used with this feature.

Microsoft also is highlighting the ability to automatically apply ACLs to logical subnets with Windows Server 2019. "This means that any SDN managed VM connected to a VLAN based network will automatically get the necessary ACLs applied," the announcement explained.

Microsoft is suggesting that its new virtual network peering capability in Windows Server 2019 will serve to improve potential throughput and latency issues for communications between virtual networks. This feature "combines the virtual routers in associated virtual network so they can communicate with each other, without having to traverse through a gateway," the announcement explained.

Lastly, there's SDN support for IPv6 in Windows Server 2019. It works across "virtual network address spaces," "virtual IPs" and "logical networks" to support IPv6 traffic. This feature enables security rather than being a security feature per se. "All of the security features of SDN now work with IPv6 addresses and subnets, including Access Control Lists and User Defined Routing," Microsoft explained regarding the SDN support for IPv6.

Window Server 2019 is still at the preview stage, but it's expected to reach "general availability" (commercial release) later this year. Some of its capabilities can be tested today, although GitHub projects associated with this week's SDN and security announcements seemed to be lacking content at press time.

In related news, Microsoft announced the release of another preview of Windows Server 2019 (build 17744) earlier this week. In this release, Microsoft is extolling new Hyper-V Server 2019 capabilities.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Google Goes Live with Managed Service for Microsoft Active Directory

    Google's Managed Service for Microsoft Active Directory is now a "generally available" service, according to a Thursday Google announcement.

  • Dell Sells RSA Assets for $2 Billion

    Dell's RSA security solutions businesses, including the RSA Conference, were bought by a consortium of companies for about $2 billion, according to Tuesday announcements.

  • How To Get Started as a Windows Insider

    Microsoft's Windows Insider program is invaluable for IT pros who want to test drive new Windows 10 features before the update rolls out to their entire organization. If you haven't already signed up to be an Insider, here's how to do it.

  • Old Fashioned Mics

    Microsoft Preps for RSA Conference with Multiple Security Product Announcements

    Microsoft announced various enterprise security solution product milestones this week in advance of the forthcoming RSA Conference, which will start on Feb. 24.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.