Microsoft is simplifying the way you connect to Windows file servers on the Internet. It’s time to say goodbye to VPN.
The change is underway: the Internet is moving away from the venerable TCP protocol which has been at its basis from the very beginning. Google started working on what eventually became QUIC in the early 2010s, and became the foundation for HTTP / 3 in 2018. Finally, in May 2021, the Internet Engineering Task Force released RFC 9000, transforming QUIC into an Internet standard.
(QUIC doesn’t mean anything. While there was an initial plan to make it an acronym for Quick UDP Internet Connections, it quickly became the official name of the protocol, all in all caps.)
What is QUIC?
So what is QUIC? It uses the User Datagram Protocol (UDP) used by many Internet services that do not need the assured connections of TCP and turns it into a way to open multiple parallel channels between computers for a faster way to connect a network. application to multiple independent endpoints while treating it as a single nonblocking channel. This is an approach that removes much of the overhead from TCP, while providing significantly lower latency.
SEE: Windows Server 2022: A Cheat Sheet (Free PDF) (TechRepublic)
With UDP missing many of TCP’s control structures, QUIC handles problems such as packet loss at a higher level, by providing its own controls. This allows data from other QUIC streams in a connection to continue to flow, while QUIC retries lost packets in a failed stream. At the same time, this simplifies the negotiation of encrypted connections, providing keys as part of a connection setup, assuming it will always work over end-to-end encrypted connections.
Much of the focus on QUIC has been on browsers and other HTTP-based services and APIs. This is not surprising, given his birth within Google. But now it’s starting to show up elsewhere, especially in services that require consistent, secure, and reliable connectivity.
PME on QUIC
It was not difficult for Microsoft to decide to base the next generation of its SMB file transfer protocol on QUIC. He had previous experience implementing it in Edge and its Azure web services. SMB over QUIC was introduced in Windows Server 2022 Azure Edition, providing what can best be thought of as a VPN specific to file transfer between on-premises servers and Azure, running on the familiar TLS port 443 rather than port 445. specific to SMB which is often closed for security reasons.
Using QUIC in this context makes a lot of sense, especially when used with SMB’s file compression. Windows Server 2022 Azure Edition is a key part of Microsoft’s hybrid cloud strategy, as it is the default Windows Server virtual image on Azure and on Azure Stack HCI on-premises. With Azure Files support planned, the ability to quickly enable a QUIC-based file transfer connection between your data center and the Azure public cloud is a big benefit, as you don’t need the complexity and overhead of a VPN. Since it uses familiar TLS ports, you don’t need to reconfigure firewalls to manage your connection.
Microsoft encourages customers to migrate to Azure Stack HCI, so it makes sense to make SMB on QUIC dependent on Windows Server 2022 Azure Edition. Reducing the complexity associated with cross-Internet file shares is a big win, and by running on Azure Stack HCI you get site-to-site as well as site-to-cloud support. Likewise, as part of Windows 11, support for client devices allows remote workers to access files without the need for technologies such as direct access.
As Vijay Kumar, Director of Marketing for Windows Server and Azure Products at Microsoft, told us, “One of the things we kept hearing from customers was, ‘Hey, we’ve got a file sharing on our own premises, but when we move to the cloud, then we want to do secure file sharing over the Internet. ”This is one of the concerns that we can see when they had to transfer some of their servers files to Azure. [SMB over QUIC] was the way to do it. »Migration to Azure does not prevent users from wanting to share files; rather, it increases the global reach of those file shares beyond the firewall.
Kumar noted that this was a way to improve file sharing performance as part of a migration to on-premises hyperconverged systems. “When they want to consolidate some of the file servers in some of their data centers on Azure Stack HCI, they can also do the same as with those big file servers distributed with Azure, and be able to use SMB. on QUIC. “
The change has significant security benefits. Ned Pyle, senior program director for the SMB team, noted in a blog post that SMB on QUIC should reduce the risk of man-in-the-middle attacks and avoid payload sniffing. The integration of SMB into QUIC ensures that the negotiation of the SMB connection takes place inside the QUIC channel, ensuring that all interaction between the client and the server is encrypted.
SEE: Windows 11: Understanding System Requirements and Security Benefits (TechRepublic)
QUIC beyond Windows Server 2022
Interestingly, SMB on QUIC is a feature of Windows 11. With the pandemic causing many of us to work from home, a secure operating system with easy access to corporate resources will become de facto. increasingly important whether those resources are running on-premises or in the public cloud. SMB on QUIC is expected to dramatically reduce the need to run VPNs, redirect network resources, and improve user experience.
Instead of running a VPN to connect to file servers, a user will be able to connect to them in exactly the same way they would on-premises. Windows will first try to connect via TCP as usual, and if that fails, it will automatically switch to QUIC. No user interaction is required; all you need to do is connect to a share like you always have.
Microsoft anticipates a future for SMB on QUIC beyond the data center, with the growing importance of its own Azure Stack Edge hardware. Connectivity here is not guaranteed, with sites using wireless communications to connect to a wider internet. QUIC is designed to work more efficiently over unreliable connections, especially when connections can be transferred between cell towers. QUIC channels are tagged, allowing quick reconnection and rapid resumption of data transfers.
With QUIC being part of Windows Server 2022, it is now used to add support for HTTP / 3 to Microsoft’s own services. The Outlook.com team is using it on the Exchange Online web portal, showing significant improvements, especially on the links between clients and front-end servers, with a 60% reduction in latency. We’ll likely see more Microsoft services transitioning to support for HTTP / 3, as support is already available in current versions of its Chromium-based Edge browser.