Andrea Danti - Fotolia
Controlling a network with software-defined networking, or SDN, gives IT a way to define a logical network subnet to limit network data traffic to desired hosts. While this benefits network organization and performance, the data that moves across a software-defined network is still vulnerable to snooping, forgery and theft.
To address this security risk, Microsoft added functionality it calls "encrypted networks" to its Windows Server 2019 SDN feature to protect sensitive data in a virtualized environment. Encrypted networks use automatic Datagram Transport Layer Security on a subnet to encode the traffic moving between VMs in the subnet. As long as data remains within the subnet, the data remains encrypted. If data passes outside of the subnet, the data is decrypted because the destination network or system may not support the encryption paradigm. The notion of encrypting network traffic is hardly new, but the addition of encryption as a native OS feature is noteworthy.
Windows Server 2019 SDN virtual network encryption requires putting several components in place. For example, administrators have encryption certificates on each of the SDN-enabled Hyper-V hosts, a credential object in the network controller which corresponds to that certificate, and the configuration of each virtual network must include subnets that use encryption.
The Windows Server 2019 SDN encrypted networks feature also has automatic updating. If a vulnerability is discovered in the server OS or any part of the network fabric, Windows Server 2019 will update to close any vulnerabilities in the network fabric and ensure that applications running in the VMs have sufficient protections in place.
But encryption is not the only network security feature that Microsoft has brought to Windows Server 2019 SDN. Microsoft expanded the use of access control lists (ACLs) to apply them to the encrypted subnet for more granular control over network traffic and systems on the network. VMs that run on the subnet will automatically get the required ACLs, reducing the possibility of overlooked or incorrect security configurations.
Windows Server 2019 SDN also introduced firewall auditing for organizations that want to conduct more efficient security checks on Hyper-V hosts. Windows Server 2019 saves logs from these audits to assist with testing network boundaries and detecting any ongoing attacks.
Windows Server 2019 SDN also supports virtual network peering which makes two or more virtual LANs appear and function as a single network while maintaining the security posture provided by SDN. Virtual network peering enables routers and other network hardware to operate collaboratively to offer high throughput and low-latency network communication. In addition, Windows Server 2019 now supports IPv6 for all security features.
Dig Deeper on Microsoft Windows Server 2019
Related Q&A from Stephen J. Bigelow
Learn how load balancing in the cloud differs from a traditional network traffic distribution, and explore services available from AWS, Google and ... Continue Reading
Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS ... Continue Reading
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading