Microsoft Windows Server 2022 – 1 Device CAL-DG7GMGF0D5VX-6

Windows Server 2022 introduces advanced multi-layer security, hybrid capabilities with Azure, and a flexible application platform. As part of this release, Microsoft Windows is bringing secured-core capabilities to help protect hardware, firmware, and Windows Server OS capabilities against advanced security threats. Secured-core server builds on technologies such as Windows Defender System Guard and Virtualization-based Security to minimize risk from firmware vulnerabilities and advanced malware. The release also provides secured connectivity that introduces several capabilities such as faster and more secure encrypted HTTPS connections, industry-standard SMB AES 256 encryption, and more.

Product Features

Security

The new security capabilities in Windows Server 2022 combine other security capabilities in Windows Server across multiple areas to provide defense-in-depth protection against advanced threats. Advanced multi-layer security in Windows Server 2022 provides the comprehensive protection that servers need today.

Secured-core server

Certified Secured-core server hardware from an OEM partner provides additional security protections that are useful against sophisticated attacks. This can provide increased assurance when handling mission-critical data in some of the most data-sensitive industries. A Secured-core server uses hardware, firmware, and driver capabilities to enable advanced Windows Server security features. Many of these features are available in Windows Secured-core PCs and are now also available with Secured-core server hardware and Windows Server 2022. For more information about Secured-core servers, see Secured-core server.

Hardware root-of-trust

Trusted Platform Module 2.0 (TPM 2.0) secure crypto-processor chips provide a secure, hardware-based store for sensitive cryptographic keys and data, including systems integrity measurements. TPM 2.0 can verify that the server has been started with legitimate code and can be trusted by subsequent code execution. This is known as a hardware root-of-trust and is used by features such as BitLocker drive encryption.

Firmware protection

Firmware executes with high privileges and is often invisible to traditional anti-virus solutions, which has led to a rise in the number of firmware-based attacks. Secured-core server processors support measurement and verification of boot processes with Dynamic Root of Trust for Measurement (DRTM) technology and isolation of driver access to memory with Direct Memory Access (DMA) protection.

UEFI secure boot

UEFI secure boot is a security standard that protects your servers from malicious rootkits. Secure boot ensures the server boots only firmware and software trusted by the hardware manufacturer. When the server is started, the firmware checks the signature of each boot component including firmware drivers and the OS. If the signatures are valid, the server boots and the firmware gives control to the OS.

Virtualization-based security (VBS)

Secured-core servers support virtualization-based security (VBS) and hypervisor-based code integrity (HVCI). VBS uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system, protecting against an entire class of vulnerabilities used in cryptocurrency mining attacks. VBS also allows for the use of Credential Guard, where user credentials and secrets are stored in a virtual container that the operating system cannot access directly.

HVCI uses VBS to significantly strengthen code integrity policy enforcement, including kernel mode integrity that checks all kernel-mode drivers and binaries in a virtualized environment before they are started, preventing unsigned drivers or system files from being loaded into system memory.

Kernel Data Protection (KDP) provides read-only memory protection of kernel memory containing non-executable data where memory pages are protected by Hypervisor. KDP protects key structures in the Windows Defender System Guard runtime from being tampered with.

Product Specifications

• Contents
  Perpetual software license
• Licensing
  Licensing Programs: DEFAULT
• Shipping Weight
  0 lbs
• System Requirements
  Processor:
  Minimum:
  1.4 GHz 64-bit processor
  Compatible with x64 instruction set
  Supports NX and DEP
  Supports CMPXCHG16b, LAHF/SAHF, and PrefetchW
  Supports Second Level Address Translation (EPT or NPT)

  RAM:
  Minimum:
  512 MB (2 GB for Server with Desktop Experience installation option)
  ECC (Error Correcting Code) type or similar technology, for physical host deployments

  Storage controller and disk space: 32GB minimum

  Network adapter requirements:
  Minimum:
  An ethernet adapter capable of at least 1 gigabit per second throughput
  Compliant with the PCI Express architecture specification.

  Other requirements
  Computers running this release also must have the following:
  DVD drive (if you intend to install the operating system from DVD media)

  The following items are only required for certain features:
  UEFI 2.3.1c-based system and firmware that supports secure boot
  Trusted Platform Module
  Graphics device and monitor capable of Super VGA (1024 x 768) or higher-resolution
  Keyboard and Microsoft mouse (or other compatible pointing device)
  Internet access (fees may apply)

• UNSPSC
  43233004