What's new in Azure Stack HCI, version 22H2

Applies to: Azure Stack HCI, version 22H2 and Supplemental Package

This article lists the various features and improvements that are available in Azure Stack HCI, version 22H2. This article also describes the Azure Stack HCI, Supplemental Package that can be deployed in conjunction with Azure Stack HCI, version 22H2 OS.

Azure Stack HCI, version 22H2 is the latest version of the operating system available for the Azure Stack HCI solution and focuses on Network ATC v2 improvements, storage replication compression, Hyper-V live migration, and more. Additionally, a preview version of Azure Stack HCI, Supplemental Package, is now available that can be deployed on servers running the English version of the Azure Stack HCI, version 22H2 OS.

You can also join the Azure Stack HCI preview channel to test out features for future versions of the Azure Stack HCI operating system. For more information, see Join the Azure Stack HCI preview channel.

The following sections briefly describe the various features and enhancements in Azure Stack HCI, Supplemental Package and in Azure Stack HCI, version 22H2.

Important

This feature is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Azure Stack HCI, Supplemental Package (preview)

Azure Stack HCI, Supplemental Package is now available to be deployed on servers running Azure Stack HCI, version 22H2 OS. This package contains a brand new deployment tool that allows for an interactive deployment, new security capabilities, an Azure Stack HCI Environment Checker tool that will validate connectivity, hardware, identity and networking prior to deployment, and a unified log collection experience.

New deployment tool (preview)

For servers running Azure Stack HCI, version 22H2 OS, you can perform new deployments using the Azure Stack HCI, Supplemental Package (preview). You can deploy an Azure Stack HCI cluster via a brand new deployment tool in one of the three ways - interactively, using an existing configuration file, or via PowerShell.

Important

When you try out this new deployment tool, make sure that you do not run production workloads on systems deployed with the Supplemental Package while it's in preview even with the core operating system Azure Stack HCI 22H2 being generally available. Microsoft Customer Support will supply support services while in preview, but service level agreements available at GA do not apply.

Follow these steps to download the Supplemental Package files:

  1. Download the Azure Stack HCI operating system from the Azure portal. Make sure to select English from the Choose language dropdown list.

  2. Download the following Supplemental Package files:

    Azure Stack HCI Supplemental Package component Description
    BootstrapCloudDeploymentTool.ps1 Script to extract content and launch the deployment tool. When this script is run with the -ExtractOnly parameter, it will extract the zip file but not launch the deployment tool. 
    CloudDeployment.zip Azure Stack HCI, version 22H2 content, such as images and agents. 
    Verify-CloudDeployment.ps1 Hash used to validate the integrity of zip file. 

To learn more about the new deployment methods, see Deployment overview.

New security capabilities (preview)

The new installations with Azure Stack HCI, Supplemental Package release start with a secure-by-default strategy. The new version has a tailored security baseline coupled with a security drift control mechanism and a set of well-known security features enabled by default.

To summarize, this release provides:

  • A tailored security baseline with over 200 security settings configured and enforced with a security drift control mechanism that ensures the cluster always starts and remains in a known good security state.

    The security baseline enables you to closely meet the Center for Internet Security (CIS) Benchmark, Defense Information Systems Agency Security Technical Implementation Guides (DISA STIG), Common Criteria, and Federal Information Processing Standards (FIPS) requirements for the OS and Azure Compute Security baselines.

    For more information, see Security baseline settings for Azure Stack HCI.

  • Improved security posture achieved through a stronger set of protocols and cipher suites enabled by default.

  • Secured-Core Server that achieves higher protection by advancing a combination of hardware, firmware, and driver capabilities. For more information, see What is Secured-core server?

  • Out-of-box protection for data and network with SMB signing and BitLocker encryption for OS and Cluster Shared Volumes. For more information, see BitLocker encryption for Azure Stack HCI.

  • Reduced attack surface as Windows Defender Application Control is enabled by default and limits the applications and the code that you can run on the core platform. For more information, see Windows Defender Application Control for Azure Stack HCI.

New Azure Stack HCI Environment Checker tool (preview)

Azure Stack HCI Environment Checker is a standalone, PowerShell tool that you can use prior to even ordering hardware to validate connectivity readiness.

For new deployments using the supplemental package, the Environment Checker automatically validates internet connectivity, hardware, identity, networking, and Arc integration across all the nodes of your Azure Stack HCI cluster. The tool also returns a Pass/Fail status for each test, and saves a log file and a detailed report file.

To get started, you can download this free tool here. For more information, see Assess your environment for deployment readiness.

Azure Stack HCI, version 22H2

The following sections briefly describe the various features and enhancements in Azure Stack HCI, version 22H2.

Network ATC v2 improvements

In this release, the Network ATC has several new features and improvements:

  • Network symmetry. Network ATC automatically checks for and validates network symmetry across all adapters (on each node) in the same intent - specifically the make, model, speed, and configuration of your selected adapters.

  • Storage automatic IP assignment. Network ATC automatically identifies available IPs in our default subnets and assigns those addresses to your storage adapters.

  • Scope detection. Network ATC automatically detects if you're configuring a cluster node, so no need to add the -ClusterName or -ComputerName parameter in your commands.

  • Contextual cluster network naming. Network ATC understands how you'll use cluster networks and names them more appropriately.

  • Live Migration optimization. Network ATC intelligently manages:

    • Maximum simultaneous live migrations - Network ATC ensures that the maximum recommended value is configured and maintained across all cluster nodes.
    • Best live migration network - Network ATC determines the best network for live migration and automatically configures your system.
    • Best live migration transport - Network ATC selects the best algorithm for SMB, compression, and TCP given your network configuration.
    • Maximum SMB (RDMA) bandwidth - If SMB (RDMA) is used, Network ATC determines the maximum bandwidth reserved for live migration to ensure that there's enough bandwidth for Storage Spaces Direct.
  • Proxy configuration. Network ATC can configure all server nodes with the same proxy information as needed for your environment. This action provides one-time configuration for all current and future server nodes.

  • Stretched cluster support. Network ATC configures all storage adapters used by Storage Replica in stretched cluster environments. However, since such adapters need to route across subnets, Network ATC can't assign any IP addresses to them, so you’ll still need to assign these addresses yourselves.

  • Post-deployment VLAN modification. You can use the new Set-NetIntent cmdlet in Network ATC to modify VLAN settings just as you would if you were using the Add-NetIntent cmdlet. No need to remove and then add the intents again when changing VLANs.

For more information, see the blog on Network ATC v2 improvements.

Storage Replica compression

This release includes the Storage Replica compression feature for data transferred between the source and destination servers. This new functionality compresses the replication data from the source system, which is transferred over the network, decompressed, and then saved on the destination. The compression results in fewer network packets to transfer the same amount of data, allowing for higher throughput and lower network utilization, which in turn results in lower costs for metered networks.

There are no changes to the way you create replica groups and partnerships. The only change is a new parameter that can be used with the existing Storage Replica cmdlets.

You specify compression when the group and the partnership are created. Use the following cmdlets to specify compression:

New-SRGroup -EnableCompression 
New-SRPartnership -EnableCompression 

If the parameter isn't specified, the default is set to Disabled.

To modify this setting later, use the following cmdlets:

Set-SRGroup -Compression <Boolean>
Set-SRPartnership -Compression <Boolean>

where $False is Disabled and $True is Enabled.

All the other commands and steps remain the same. These changes aren't in Windows Admin Center at this time and will be added in a subsequent release.

For more information, see Storage Replica overview.

Partition and share GPU with virtual machines on Azure Stack HCI

With this release, GPU partitioning is now supported on NVIDIA A2, A10, A16, and A40 GPUs in Azure Stack HCI, enabled with NVIDIA RTX Virtual Workstation (vWS) and NVIDIA Virtual PC (vPC) software. GPU partitioning is implemented using single root I/O virtualization (SR-IOV), which provides a strong, hardware-backed security boundary with predictable performance for each virtual machine.

For more information, see Partition and share GPU with virtual machines on Azure Stack HCI.

Hyper-V live migration improvements

In Azure Stack HCI, version 22H2, the Hyper-V live migration is faster and more reliable for switchless 2-node and 3-node clusters. Switchless interconnects can cause live migration delays and this release addresses these issues.

Cluster-Aware Updating (CAU) improvements

With this release, Cluster-Aware Updating is more reliable due to the smarter retry and mitigation logic that reduces errors when pausing and draining cluster nodes. Cluster-Aware Updating also supports single server deployments.

For more information, see What is Cluster-Aware Updating?

Thin provisioning conversion

With this release, you can now convert existing fixed provisioned volumes to thin using PowerShell. Thin provisioning improves storage efficiency and simplifies management.

For more information, see Convert fixed to thin provisioned volumes on your Azure Stack HCI.

Single server scale-out

This release supports inline fault domain and resiliency changes to scale out a single server. Azure Stack HCI, version 22H2 provides easy scaling options to go from a single server to a two-node cluster, and from a two-node cluster to a three-node cluster.

For more information, see Scale out single server on your Azure Stack HCI.

Tag-based segmentation

In this release, you can secure your application workload virtual machines (VMs) from external and lateral threats with custom tags of your choice. Assign custom tags to classify your VMs, and then apply Network Security Groups (NSGs) based on those tags to restrict communication to and from external and internal sources. For example, to prevent your SQL Server VMs from communicating with your web server VMs, simply tag the corresponding VMs with SQL and Web tags. You can then create an NSG to prevent Web tag from communicating with SQL tag.

For more information, see Configure network security groups with Windows Admin Center.

Azure Hybrid Benefit for Azure Stack HCI

Azure Hybrid Benefit program enables customers to significantly reduce the costs of running workloads in the cloud. With Windows Server Software Assurance (SA), we are further expanding Azure Hybrid Benefit to reduce the costs of running workloads on-premises and at edge locations.

If you have Windows Server Datacenter licenses with active Software Assurance, use Azure Hybrid Benefit to waive host service fees for Azure Stack HCI and unlimited virtualization with Windows Server subscription at no additional cost. You can then modernize your existing datacenter and edge infrastructure to run VM and container-based applications.

For more information, see Azure Hybrid Benefit for Azure Stack HCI.

Azure Arc VM changes and Azure Marketplace

Another feature also available with this release is Azure Marketplace integration for Azure Arc-enabled Azure Stack HCI. With this integration, you'll be able to access the latest fully updated images from Microsoft, including Windows Server 2022 Datacenter: Azure Edition and Windows 10/11 Enterprise multi-session for Azure Virtual Desktop.

You can now use the Azure portal or the Azure CLI to easily add and manage VM images and then use those images to create Azure Arc VMs. This feature works with your existing cluster running Azure Stack HCI, version 21H2 or later.

For more information, see:

Windows Server 2022 Datacenter: Azure Edition VMs on Azure Stack HCI

Beginning this release, you can run Windows Server 2022 Datacenter: Azure Edition on Azure Stack HCI. The preview of Marketplace VM images lets customers deploy Windows Server 2022 Datacenter: Azure Edition (already generally available in Azure IaaS) on Azure Stack HCI. This enables unique features like Hotpatch and SMB over QUIC on Windows Server 2022 Datacenter: Azure Edition VMs on Azure Stack HCI. Through future guest management extensions, the full Azure Automanage experience will also become available in upcoming releases.

Automatic renewal of Network Controller certificates

You can now renew your Network Controller certificates automatically, in addition to manual renewal. For information on how to renew the Network Controller certificates automatically, see Automatic renewal.

Next steps