1
00:00:01,040 --> 00:00:05,240
Secure Connectivity Features in Windows Server 2022.

2
00:00:05,240 --> 00:00:09,940
SMB has been around for a very long time, server message blocks.

3
00:00:09,940 --> 00:00:12,950
This is the way servers communicate to each other,

4
00:00:12,950 --> 00:00:16,810
a lot of other communications happen within this realm.

5
00:00:16,810 --> 00:00:21,890
One of the improvements is AES256 will now automatically be

6
00:00:21,890 --> 00:00:26,560
negotiated between clients. If both clients accept it, that

7
00:00:26,560 --> 00:00:28,560
is the protocol that they use.

8
00:00:28,560 --> 00:00:33,700
The good news is Windows 10 recently patched, Windows Server 2019

9
00:00:33,700 --> 00:00:37,510
recently patched, both are going to support this, so your

10
00:00:37,510 --> 00:00:40,940
communications just got a lot more secure.

11
00:00:40,940 --> 00:00:45,970
SMB now supports compression when using Robocopy or Xcopy,

12
00:00:45,970 --> 00:00:50,150
which is going to save a lot of time with large file transfers.

13
00:00:50,150 --> 00:00:54,380
SMB Direct now supports encryption, and if you have a cluster,

14
00:00:54,380 --> 00:00:59,340
your east‑west communications can now be encrypted and can be signed.

15
00:00:59,340 --> 00:01:01,440
SMB over QUIC.

16
00:01:01,440 --> 00:01:03,780
This is a large improvement here.

17
00:01:03,780 --> 00:01:08,080
It's an alternative to the TCP network transport and this provides

18
00:01:08,080 --> 00:01:12,850
secure, reliable connectivity to the Edge file servers over an

19
00:01:12,850 --> 00:01:17,090
untrusted network like the internet. All packets are always

20
00:01:17,090 --> 00:01:22,400
encrypted and the handshake is authenticated with TLS 1.3. You have

21
00:01:22,400 --> 00:01:26,030
parallel streams of data, you have your reliable data,

22
00:01:26,030 --> 00:01:29,450
you have your unreliable data so these two streams

23
00:01:29,450 --> 00:01:34,220
make it faster. With SMB over QUIC, you have congestion control,

24
00:01:34,220 --> 00:01:39,920
you have lost recovery just as you would with TCP. It uses a friendly UDP

25
00:01:39,920 --> 00:01:44,660
port of 443, it's going to be open on most systems.

26
00:01:44,660 --> 00:01:48,930
This is great for new VPNs because it survives changes in the

27
00:01:48,930 --> 00:01:52,290
IP address or port of the client itself.

28
00:01:52,290 --> 00:01:57,000
So that's a look at how networks and communication between

29
00:01:57,000 --> 00:02:05,000
servers are a lot more secure now with these improvements for SMB in Windows Server 2022.