 Hey, folks. It's Ned Pyle again here to talk to you today about enhancing your security and saving time when you combine Windows Server 2022 and Windows 11. You know me, I'm from SMB and File Services. I'm going to focus really heavily on that very popular workload and show you how these things really operate best when combined. Let's go to it. Obviously, Windows 11 and Windows Server 2022 have just come out in the last year or so. You're probably still evaluating, still looking, still kicking the tires. What I love about this thing together, I call it 11 and 22 for ease of talking, is how when I combine them, I can get some experiences that you've really been waiting for for the last 20 years between the Windows and Server architecture. I think the one that you'll probably find the most valuable every single day is the time-saving piece that is SMB compression. We now offer the ability for you to compress larger, more inefficient files, things like VHDs, VHDX, ISO, DMP, anything files don't get smaller over time, they get bigger, right? Developers tend to get less efficient with their file sizes. SMB compression will make up that gap. It can be used with Explorer, Robocopy, MapDrive, shares, you can set it globally, it's very flexible, you don't need to teach your end users how to use it. That's always a recipe for failures, changing something that they've been using one way for 20 years, and then asking them to do it a different way. We don't require you to do that, and I'll show you with a nice demo here in a second. And you can also manage it yourself as an administrator using Windows Evans Center, PowerShell, Group Policy, editing the registry if you'd like to be a wacko. SMB compression is actually a variety of different kinds of compression we have Express, we have Huffman, we have LZNT, LZ77 pattern, negotiates automatically, and the likelihood of you getting anything but Express is really pretty low. And that's a really good balanced compression algorithm that does good performance with good compression, not the most overhead for the best compression. It's trying to find that happy balance where you get good per for not too much payment. Let's actually see this in action. So I have a nice demo here. I have a pretty inefficient file, it's called DogoTime, and inside this file, I've copied a few pictures of my dogs, as everybody always likes to see Ned's dogs and these types of demos. So here's from Halloween this year, Derby and Indy dressed as little dragons, and then there's a lion, a lion tamer, and some hash browns, and some happy flower time. Anyway, it's a handful of JPEGs. As you know, JPEGs do not compress, they're already a highly compressed format. So I'm gonna put them into this VHDX, this container file, this drive that I've mounted, and it's a one gig file using only about 10% of its space with data. So right now, if I was to copy this file, it's one gig file from my machine, and this is really my desktop, two file server at my office, and one gig, you can see the rate right here that we're going, it's not going super fast. It's going as fast as it can, but I have not really amazing internet here. In fact, I've just waited a little while, it's still taking a while. I waited a little bit longer, it's still going, we're a couple of minutes in here, with me doing the cooking show. If I look at my wireless network right now, I'm only getting about 43 megabits upstream, and if you were to go and run a little speed test application on my machine right now, you'd find out that that's the actual maximum speed that my cable provider goes. So now we've waited, and waited, and waited, and waited, we're gonna get to 100%. It's a little one gig file, it's not that big of a file. It takes almost four minutes for me to copy from my work from home office to my office office. That's not awesome. So let's get rid of that file and try this again, but with a little extra option on Robocopy of slash compress. So we're gonna go and hit boop, and this is going, seems like it's kind of still slow, except whoa, it's not slow anymore. And now it's done. That was from four minutes to nine seconds. So that's a pretty good exchange rate, right? My copy now takes instead of four minutes, just under 10 seconds for the exact same file. Now you're saying like, I'm not gonna teach my users to use Robocopy, and you are 100% right about that, you are not. But that's the beauty of this feature. We've put the ability for you to tag on compression all over the place. So here I'm in Windows Admin Center. I'm going to just look at one of the shares that I'm using right here is the scratch two share. And you'll notice that little column says compressed data here. If I click on my share, I can just turn on compression for that share. So the user doesn't know that compression is on. Compression is a negotiated thing. It's a requested thing where it's best effort, right? So if the server doesn't support it, who cares? If the client doesn't support it, who cares? But if they both support it, now my experience is instead of using Robocopy, which again, no user will use, if I just use explore and I drag that file onto that share, because compression is turned on on the share, watch my little chart here blow out, zoom. So yet again, it looks like I have like five times the bandwidth I do because that's how good the compression is. Now that's me doing one file or doing one share that doesn't really scale for your everyday kind of use. Let me turn compression back off on the share so you can see there's like nothing up my sleeve. Turn that off. This all works on the fly, by the way, as you can tell. Not rebooting servers, not restarting services, it just works. And I'm going to take a look here with PowerShell on my client. If I run get SMB client configuration that shows me all the SMB settings, and you'll notice now on Windows 11 that I have this request compression flag. So I can actually set compression on my client to just always compress, always try to compress no matter what is set on the server, no matter if I ran Robocopy, if I ran explore, and then you can just stop having to remember to do compression. You're never going to be able to teach your users how to like compress files. So just take it out of their hands, just put it here where we'll just try to do it. And if it works out, great, that suddenly their files just seem to copy much faster. They don't even need to be taught. It'll just be like a little treat. So now if I copy that same file, nothing's configured on the server. It's just on the client globally. You'll see that my chart was bananas here as my performance kicks in with compression yet again, four minutes to 10 seconds. You can also not just do this using PowerShell, which is a sort of an obvious pain point if you don't want to deal with PowerShell. We have group policy. So here I am running the group policy editor, but go into administrative templates into the network section. You'll see under landman server and landman workstation use compression. So I can just turn it on through group policy, deploy it as a policy object and active directory, blast it out to all my servers, all my users, some subset and not have to go and run PowerShell or edit the registry or do other shenanigans, right? That's the beauty of AD and group policy. I can also just map drives. So if I have users going into a login script or if I have a startup script, I can just say when you're mapping a drive, that map drive is always going to be compressed. It works for both PowerShell and USB mapping as well as the ancient net use command that you're probably still using because I use it too. And furthermore on that server, I can make those same kinds of global changes using SMB server configuration commandlet. So I take a look here, a lot of things you can set, but right down in there is request compression. And I can turn that on using set SMB server configuration and slowly type. You think that'd be a better type of system and basically type for a living, right? So it's a true, yes. And now anybody who connects to the server is going to tell the client you should try to compress those files with SMB. So if I go ahead and leave the copy that I had and I'm still using Explorer, like our regular kind of user would and I copy that file, it's going to compress. And anybody who connects to the server is going to compress. All right, that's compression. So that's something you're going to use every single day, it's going to make your life much easier. Let's talk about that next pillar, security of 11 and 22 together. When you combine those two together, and it's important that you combine 11 and 22 together because security, as you know, is always a negotiated capability when it comes to SMB, is we have now the most advanced encryption that you can use in the market, AS256, GCM, young future proof. That's the one where you start bringing it out against quantum computing. We have RDMA encryption now, meaning that in the past you'd use SMB direct, you might want to try to turn on compression for those data fabric workloads of SMB and the performance would absolutely tank because the DMA and RDMA, the direct memory access piece is something we share with the entire computer. And we didn't think that by having shared data, encryption would be a safe concept anymore because everything that's happening there is shared. The encryption's happening on the wire, that's not where you need to be safe, maybe safe end to end. And now we're doing encryption before and after you get through RDMA, so you get a little bit of a performance hit, which you're encrypted the whole way through. And we caught up SMB signing to use AS128's GMAC accelerated signing, so it'll offload, thinking about math onto your ARM or Intel processor and you'll get performance that's better than encryption with signing to prevent things like relay attacks and still be using AS128. All right, so compression was first, encryption was second, it's basically ease of use and safety and we're gonna combine the two in the end for something I call easy mobility, okay? 11 and 22, easy mobility. And that's where we bring SMB over quick. SMB over quick is a new replacement for SMB over TCP. It's an automatic TLS 1.3 VPN. You still have TCP, it's still there, it's still usable. If you opt in to SMB over quick, you now can access edge file servers safely from Windows and actually from other things as well. And now this is supposed to be a Windows and 22 sort of session, but we already have an Android client that we have done with a partner, so you can use mobile phones for this technology. What it means is telecommuters, mobile users, your highest security posture users can now use SMB as it is today through this highly secure, highly available, highly tunneled protocol of quick that works over the internet. It works using UDP, it's works everywhere. Much of the internet, about 25% is already using quick whether it's HTTP 3 or parts of DNS. And SMB is the first like major application protocol is designed for use with file servers to make use of this technology. I mean, quick is the future. So let's get to this little demo here. So here's another Windows 11 machine. This user is an editor over at some publishing house working on editing this coffee table book and this coffee table book is something that I'm trying to get published, not really. And it just has those dogs again that everybody wanted to see in Darby and Indy and then also all of our various foster dogs over the years. People know and love. In fact, if I didn't include them in a demo I would get nasty emails. So anyway, this user signs up, goes to a coffee shop. So it's today case, right? They were connecting through SMB. It worked fine for Word. They leave the building and it stops working. And it's, there's nothing that could be done, right? The SMB over TCP won't work over the internet. The user tries to go back to that map drive. I'm time compressing this error, this ridiculous behavior of Explorer where it finally times out after a whole minute. It just takes a whole minute to give up. So let's go to our experience as the administrator and go to file server settings using admin center and I'll configure SMB over Quick. And it's gonna be not that hard to do. So don't blink. I have a list of certificates that have been provided to the server. The ones that are valid for this purpose. I select the certificate I want and the names that it provides that a user can connect to. I decide if I want to enable the KDC proxy meaning that I'll use Kerberos through its own little side channel. And that's it. That, I mean, that's it. Now Quick is turned on and accessible. And the user who I have not rebooted or done anything with. Now, if they try to open this thing, this Word document, it will just start working because we try to use TCP before we try to use Quick. Meaning the user doesn't have to pick or choose or you don't have to do anything here. It'll just start working immediately. And you can see here in my Wireshark capture that I've got all this Quick stuff going on. I can map drives also specifically to use Quick. So if you don't like the behavior of always use Quick first, if it doesn't work, then try to use TCP. That can be changed using PowerShell. But I can also right here just specify me like in a map drive or me the administrator when I'm doing some task. I want to use say TCP because it'll be a little bit faster. I'm on a network that I trust. I don't want to deal with a slightly less performance in order to get my thing done or I'm already working fine. So I point to a server that might already have Quick on it but now I can say like, yeah, I don't want you to use Quick. Like I'm deciding not to use Quick. And so now we exit out of this various Shell commands. And if I just do a map drive net use and specify that same server, I can say, I've been using Quick this whole time you can still see it in Wireshark. But now if I choose my transport of TCP and I press honor, boop. Then it will just start immediately going back to SMB over TCP. And you can see right there in the Wireshark there was no, again, no rebooting, no restarting services, none of that nonsense. Just works on the fly like that. And I go back to my share. I open up my coffee table book and the user experience here when set up correctly they can't tell anything different when they're in the office or they're at home or they're at the coffee shop or whatever. It'll just work. It's pretty slick. Now, Quick comes from something new. It's Azure Edition Windows Server. The Quick client is in all versions of Windows. The Quick server is in the Azure Edition of Windows 22. And that means that you have an Azure Edition just like data center and standard that will run in Azure the public cloud or on Azure Stack. That's a brand new option until October of this year. You could not run Azure Edition anywhere but Azure. And now you can run it basically anywhere because if you have Azure Stack or Azure, you have on-prem and you have public cloud. And that means that your users can use SMB over Quick to servers running in your data center or in an Azure public cloud data center. They can't tell the difference and you get the flexibility if you want to be in a private cloud or public cloud to do whatever you want. That management story is now tied together as well so that when you get an Azure Stack running and you go to its new VM marketplace, it will deploy Azure Edition VMs for you. That means that you don't even have to pick and choose and get the right OS to do all this stuff. Azure Stack is gonna try and run Azure Edition. Azure Edition is available there for you to run SMB over Quick and compression and hot patch and storage replicas, new compression that also uses SMB's compression that I just showed you. Like this stuff's moving really fast. You have to keep up here because we keep iterating here. We're not waiting every three years anymore. This stuff's all coming out every year and sometimes sooner than every year. So that was a lot to take in. I have a large number of links here to share. The one I think is probably the most interesting to you right away is that ISO download. If you go to the Windows Server 22, what's new page? We actually have links to Azure Edition right there as ISOs. So if you don't have Azure Stack yet, you're still evaluating things. It requires hardware and stuff. You can download the ISO, deploy it onto a regular VM and kick the tires on SMB over Quick. Remember that compression and these other features exist in regular Windows Server 22. So you can always go to the eval center to get those. I really think that Windows 11 and 22 is the real state of the art for file services. When you combine these things together, you're getting that ease of use, that simplicity, that mobility, that security, and that efficiency that you need to do your job. I really wanna thank you for your time today. I know it's real precious. I hope you enjoyed this. And if you have questions, please find me over at the FileCamp blog. And thanks very much for your time.