Hi Everybody – Dan Cuomo, Principal PM on the Azure Edge and Platform, Core Networking team, here to talk about some changes we’re making to NIC certification in the Windows Server Catalog. During OS deployment (and periodically after that), you likely install network drivers for your NICs. These drivers were certified to run on a specific OS and call out capabilities that Microsoft has confirmed these adapters support.
In this blog, we’ll discuss how we’re simplifying the structure of Windows Server NIC certifications and answer the following questions you might have about your certified NICs, like:
- Can my device be used for all workloads?
- Which NIC is best for my workloads?
- How does Azure Stack HCI use the Windows Server certifications?
With each new OS, Microsoft includes new offloads to the NIC bringing additional functionality (for example RDMA, VMMQ, etc.) or increased system efficiency (in the form of host CPU reduction when processing network traffic). These offloads can take years to develop and are a result of the great partnerships between the NIC vendors (IHVs), OEMs, and Microsoft.
With every new offload, Microsoft releases tests in our Hardware Lab Kit (HLK) to ensure that the NIC vendor and Microsoft “got our stories straight” when developing the feature. These tests are in addition to the feature (for example: RDMA, VMMQ, etc.) and scenarios (Storage Spaces Direct, etc.) testing that a NIC vendor runs against their driver during development.
To get certified for Windows, every vendor must pass the tests that Microsoft outlines for various capabilities. If the vendor passes additional tests, they can qualify for special notation in the Windows Server Catalog called an “Additional Qualification” (AQ) like the SDDC Standard or SDDC Premium nomenclature you may have seen on some of the NICs. Here’s an example of a certified device which received our highest award, SDDC Premium.
The previous certification structure was based on adapter link speed which meant that any adapter of 10 Gbps or higher had additional (Microsoft test) requirements imposed on it regardless of the adapters intended use (as designed by the manufacturer). This led to two outcomes that we’re aiming to fix with the changes outlined in this article:
- Lower driver quality for some adapters as the partner would run the Microsoft tests without knowing the additional scenarios that their adapters would be used for. For example, a 10 Gbps management adapter would not be tested by the NIC vendor for Storage Spaces Direct.
- Confusion for you, our customers, who weren’t aware of these scenario limitations of the adapter that you purchased.
The old certification structure worked well for the common scenarios it was designed for between Windows Server 2008 and Windows Server 2019. These scenarios generically assumed that all adapters were seeking to provide the same capabilities – and namely that a faster NIC was a better NIC. Following discussions with our NIC partners and a growing number of support cases during our last certification cycle with Windows Server 2022, it became clear that the existing structure wasn’t well suited for several scenarios that are becoming more prevalent such as:
- Switchless storage adapters which do not require some of the advanced virtualization capabilities
- Single-Node clusters which do not require high-performance storage replication capabilities
- Increasing network speeds of adapters that could pass all the link speed tests, but not the scenario stress that you, our customers will be putting the adapters under.
- An increasing number of support cases which resulted in the frustrating support claim, “not supported” despite the device having been certified.
We’re replacing the “link speed” based certification structure with a “role-based” structure that aligns a device certification with its intended purpose. You can already see these changes reflected for the Windows Server 2022 certifications in the Windows Server Catalog.
An adapter can now be certified and can indicate how the device may be used, for example:
- Management traffic – Traffic such as (but not limited to) Remote Desktop, PowerShell remoting, Windows Admin Center, and the connection to Active Directory and DNS. You will likely add a default gateway to this adapter. Management traffic also includes:
- Non-SMB based live migration (TCP or compression)
- Replicating data between stretch cluster sites as this adapter will have a default gateway
- Compute traffic – This adapter can be used to carry virtualized network traffic. This includes traffic originating from or destined to a VM or container. This may also include virtual NICs that are used by the host.
- Storage traffic – This adapter can be used for east-west traffic using the Server Message Block (SMB) protocol, for example Storage Spaces Direct or SMB-based live migration.
Note: The official definitions (listed here) may be updated over time to be more descriptive as needed to keep you informed.
Standard vs Premium
As we have always done, we’ll continue to highlight adapters which have earned distinction within their respective roles by awarding the “Premium” tag to the role-based achievements. Our latest innovations will always be found in Premium adapters for that role. Here’s the full break-down for the role-based certification structure.
The adapters that will provide the best experience in the Microsoft ecosystem, suitable for all purposes, will be displayed in our catalog with the following:
You can also click on any of the links provided to investigate what types of features the partner was required to pass to receive that additional qualification level.
You probably noticed that our definitions above don’t focus on a specific product (like SQL, AKS-HCI, etc.) and therefore might be wondering what your workload requires. Here’s an example to help you identify the requirements. If you’re still not sure, contact Microsoft Support and we can get you a clear answer.
Imagine you’re running a SQL server; which NICs are suitable to support the network traffic you would be using with this SQL server? The answer is that the device needs to be in the Windows Server Catalog (only). No Additional Qualifications (Management, Compute or Storage) are required.
Now imagine that this SQL Server is inside of a VM, and the virtual switch connecting your SQL Server to the physical network is attached to this physical NIC we’re considering in this example. In this case, your adapter would need “Compute Standard” OR “Compute Premium”
Next, imagine you’ll remote desktop to the physical server which hosts your SQL server virtual machine. The IP address (or registered DNS address) used to remote to that machine is added to a host vNIC attached to the same virtual switch. Now your adapter would also require “Management.”
If we expand the example to include replication of storage traffic for storage spaces direct, the adapter will additionally need one of Storage Standard or Storage Premium.
This change is intended to end the perilous phrase, “I’m sorry, but your configuration is not supported.” We’ve heard your feedback on how frustrating it can be to call into support with a certified device only to find out that the adapter cannot be supported in the way that you’re using it.
With this new approach, there is no more guessing. You simply pick an adapter that has the required capabilities. Best of all, we anticipate an increase in network reliability as a result of the use of adapters used for their designed purposes.
Furthermore, if you’re using Azure Stack HCI and Network ATC, provisioning your adapters (and the rest of the host network configuration) is straightforward. As you may know, Network ATC uses the same nomenclature (Management, Compute, Storage) to define your intent for the system. This lets you easily “match” the Windows Server Catalog certification listing to your deployment command, and Network ATC will deploy all the correct configuration for that adapter.
For example, if your device had the Management and one of the Storage qualifications, you could use the following Network ATC command to deploy:
Add-NetIntent -Name MyIntent -Management -Storage...
If an adapter isn’t listed in the Windows Server Catalog, then it’s not certified for Windows Client, Windows Server, or any of the Azure Stack products. There is no change in this.
Your device is certified and you can use it to run the data traffic for many different workloads (LoB apps). You cannot attach it with virtualization, SMB storage replication, or server management purposes.
Yes! Your device remains supported for Windows Server 2022. We’re simply clarifying the scenarios your device is supported for as a result of the testing the devices have already passed.
I hope you are now more easily able to understand how your adapter is intended to be used and never again hear the phrase “not supported” when talking about your NICs. You can use the new certification structure to inform when making purchasing decisions, identify the best adapters for your intended workloads, configuration decisions, and more.
Of course, if you have feedback, please leave a comment in the chat below.
Thanks for reading!