Windows Server 2019 Puts an Emphasis on SDN Security

Software-defined networking (SDN) security is one of the top 10 networking features coming to Windows Server 2019, according to details shared by Microsoft this week.

SDN is a big part of Microsoft's product marketing for the forthcoming server release, despite the technology already being used in the current flagship Windows Server 2016 product. For instance, in its top-10 feature countdown list for Windows Server 2019, Microsoft earlier had suggested that SDN technology will enable so-called "software-defined datacenters," which is considered to be another top networking feature.

This time, as its No. 4 top networking feature, Microsoft is emphasizing the new server's SDN security benefits, including automatic subnet encryption, improved firewall auditing, an expansion of access control lists (ACLs) to logical subnets, virtual network peering and IPv6 support.

The subnet encryption capability in Windows Server 2019 pertains to the encryption of network traffic between virtual machines. There's an automated process involved where "any packet that leaves a VM is automatically encrypted as it passes to other destinations on the same back-end network," Microsoft's announcement explained. If a vulnerability is found during this process, the fabric is automatically updated. The announcement suggested that this feature will alleviate having to check if the encryption for apps is up to date, as it also automatically handles application-level encryption. This automated process just happens within the same subnet. When traffic is sent between subnets, it becomes unencrypted, Microsoft explained, in this document.

The firewall logging feature in Windows Server 2019 works with the Hyper-V host and lets organizations carry out audits of firewall performance. It can be used to verify that network boundaries are working properly. It'll also indicate whether the network is under an attack or if a breach has occurred, according to Microsoft's announcement. Microsoft is also touting this feature's ability to generate logs that "are consistent in format with Azure Network Watcher," which means that Azure Network Watcher tools can be used with this feature.

Microsoft also is highlighting the ability to automatically apply ACLs to logical subnets with Windows Server 2019. "This means that any SDN managed VM connected to a VLAN based network will automatically get the necessary ACLs applied," the announcement explained.

Microsoft is suggesting that its new virtual network peering capability in Windows Server 2019 will serve to improve potential throughput and latency issues for communications between virtual networks. This feature "combines the virtual routers in associated virtual network so they can communicate with each other, without having to traverse through a gateway," the announcement explained.

Lastly, there's SDN support for IPv6 in Windows Server 2019. It works across "virtual network address spaces," "virtual IPs" and "logical networks" to support IPv6 traffic. This feature enables security rather than being a security feature per se. "All of the security features of SDN now work with IPv6 addresses and subnets, including Access Control Lists and User Defined Routing," Microsoft explained regarding the SDN support for IPv6.

Window Server 2019 is still at the preview stage, but it's expected to reach "general availability" (commercial release) later this year. Some of its capabilities can be tested today, although GitHub projects associated with this week's SDN and security announcements seemed to be lacking content at press time.

In related news, Microsoft announced the release of another preview of Windows Server 2019 (build 17744) earlier this week. In this release, Microsoft is extolling new Hyper-V Server 2019 capabilities.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • SharePoint Embedded Becomes Generally Available

    After a six-month preview, SharePoint Embedded, an API-based version of SharePoint that developers and ISVs can use to embed Microsoft 365 capabilities into their apps, is now generally available.

  • Copilot in Microsoft 365 Getting Agents, Extensions and Team (Not Teams) Support

    Microsoft is adding more functionality to its Copilot AI assistant aimed at improving business collaboration, processes and workflows for Microsoft 365 users.

  • Microsoft Giving Startups Templates To Build AI Apps

    A new perk for businesses enrolled in the Microsoft for Startups Founders Hub program aims to fast-track their ability to build AI-powered applications.