Cloud Computing, Containers, Hyper-V, Microsoft Azure, Nano Server, Networking / Infrastructure, Server 2019, Virtualization

Server 2019 is now available in preview

2019

Windows Server 2019 is built on the strong foundation of Windows Server 2016 and it is focusing on four themes were consistent – Hybrid, Security, Application Platform, and Hyper-converged infrastructure. Most people reckon Microsoft is pushing every customer in to Cloud slowly and we soon see no more option but moving to cloud. They will do this making costly staying on prem and starting with this edition they put their prices up.

Hybrid Cloud: This is the most common scenario for many companies , a hybrid approach, one that combines on-premises and cloud environments working together. Extending Active Directory, synchronizing file servers, and backup in the cloud are just a few examples of what companies are already doing today to extend their datacenters to the public cloud. In addition, a hybrid approach also allows for apps running on-premises to take advantage of innovation in the cloud such as Artificial Intelligence and IoT. Microsoft also introduced Project Honolulu in 2017 and this will be a one-stop management tool for IT pros.

Security: Microsoft’s approach to security is three-fold – Protect, Detect and Respond.
On the Protect front, They introduced Shielded VMs in Windows Server 2016, which was enthusiastically received by our customers. Shielded VMs protect virtual machines (VM) from compromised or malicious administrators in the fabric so only VM admins can access it on known, healthy, and attested guarded fabric. In Windows Server 2019, Shielded VMs will now support Linux VMs. They are also extending VMConnect to improve troubleshooting of Shielded VMs for Windows Server and Linux. They are adding Encrypted Networks that will let admins encrypt network segments, with a flip of a switch to protect the network layer between servers.

On the Detect and Respond front, in Windows Server 2019, they are embedding Windows Defender Advanced Threat Protection (ATP) that provides preventative protection, detects attacks and zero-day exploits among other capabilities, into the operating system. This gives companies access to deep kernel and memory sensors, improving performance and anti-tampering, and enabling response actions on server machines.

Application Platform: Microsoft focuses on the developer experience. Two key aspects to call out for the developer community are improvements to Windows Server containers and Windows Subsystem on Linux (WSL).

 In Windows Server 2019, Microsoft’s goal is to reduce the Server Core base container image to a third of its current size of 5 GB. This will reduce download time of the image by 72%, further optimizing the development time and performance.

They are also continuing to improve the choices available when it comes to orchestrating Windows Server container deployments. Kubernetes support is currently in beta, and in Windows Server 2019, they are introducing significant improvements to compute, storage, and networking components of a Kubernetes cluster.

Another improvement is that they previously extended Windows Subsystem on Linux (WSL) into insider builds for Windows Server, so that customers can run Linux containers side-by-side with Windows containers on a Windows Server. In Windows Server 2019, they are continuing to improve WSL, helping Linux users bring their scripts to Windows while using industry standards like OpenSSH, Curl & Tar.

Hyper-converged infrastructure (HCI): HCI is one of the latest trends in the server industry today. They partnered with industry leading hardware vendors to provide an affordable and yet extremely robust HCI solution with validated design. In Windows Server 2019 they are building on this platform by adding scale, performance, and reliability. They are also adding the ability to manage HCI deployments in Project Honolulu, to simplify the management and day-to-day activities on HCI environments.

Advertisements
Cloud Computing, Microsoft Azure, Powershell

Creating a file share in AZURE

Microsoft Azure offers fully managed file shares in the cloud. Because Azure File Storage exposes file shares using the Server Message Block 3.0 (SMB) protocol, the predominantly used file share protocol for existing on-premises applications, it simplifies moving your existing applications to the cloud, and because Azure File Storage allows applications to mount file shares from anywhere in the world, your on-premises applications can take advantage of cloud storage without change. Azure File Storage also implements REST API protocol, which enables you to develop modern applications that integrate with existing applications. And Microsoft Azure File Storage has got new features like; SMB 3.0 support, includes encryption and persistent handles, a new browser-based file explorer in the Azure portal,  Azure Storage Metrics for Azure File storage an also the ability to mount Azure File Storage file shares from outside of Azure datacenters.

So how to create a file share; (GUI or Powershell), let’s try Powershell…

Choose your storage account… We will need the name for our powershell cmdlets;

fileShare01

And then click on the storage account to go on CONFIGURE .

fileShare02

At the very bottom click on Manage Access Keys to get your key;

fileShare022

We are interested in the Primary Access Key, and click on the little file icon next to it to copy. This is the long key such as

b8VW6dmfugxsrNyF/TkHO9lkA00123456789KWEBJzPC0OBFStObAuUwzNJWUkT8Qs5AdUJsHGUiCYqbcjSw==

Next is we need to run our Powershell cmdlets;

$storageaccount = “msenelstorage01

$storageaccount_key = “b8VW6dmfugxsrNyF/TkHO9lkA0vSPs4jEos0w+KWEBJzPC0OBFStObAuUwzNJWUkT8Qs5AdUJsHGUiCYqbcjSw==

$sharename = “Logs”

$storageaccount_context = New-AzureStorageContext $storageaccount $storageaccount_key

$create_share = New-AzureStorageShare $sharename -Context $storageaccount_context

And let’s run this….

PS C:\Users\murat.senel> $storageaccount = “msenelstorage01”

$storageaccount_key = “b8VW6dmfugxsrNyF/TkHO9lkA0123456789jEos0w+KWEBJzPCFStObAuUwzNJWUkT8Qs5AdUJsHGUiCYqbcjSw==”

$sharename = “logs”

$storageaccount_context = New-AzureStorageContext $storageaccount $storageaccount_key

$create_share = New-AzureStorageShare $sharename -Context $storageaccount_context

PS C:\Users\murat.senel>

In the storage account, you can see the URL for file storage;

fileShare023

https://msenelstorage01.file.core.windows.net/

Now we can only check this on the Preview Portal as GUI;

Go to the Portal;

fileShare024

Click on the storage account that you used;

fileShare0245

Click on the Files >

fileShare02456

There it is, our Logs file share created….

The second method might be easier if you don’t want to use Powershell…

You can basically go to the File Share tab and  on the top you will see New Share tab.

fileShare02457

What else can we show with a file share ?

Lets’ create a directory (called Server001Logs) in the Logs share;

PS C:\Users\murat.senel> New-AzureStorageDirectory -Share $create_share -Path Server001Logs

Directory: https://msenelstorage01.file.core.windows.net/logs

Type                Length             Name                                                                                                                 —-                ——             —-                                                                                                                    DIR                                    Server001Logs

And upload a file in to that directory…

Set-AzureStorageFileContent -Share $create_share -Source C:\MyScripts\serverlist.txt -Path Server001Logs

Let’s check them on the Portal ….

fileShare0245788

Directory is there .. And our uploaded file is …… >

fileShare09

also there…. 😉

Cloud Computing

Administrator Roles in Azure AD

In various Azure projects we needed to assign certain roles to our users in Azure AD. Main thing is to understand their tasks and scope of responsibilities. Azure gives us a few roles which give users to access various features such as managing subscriptions, assigning other administrator roles, password reset, managing service requests and managing user account. When we assign these roles to users, they will access all these features across all of the cloud services that your organization has subscribed to. This is very important to bear in mind.

admin

The following administrator roles are available:

  • Billing administrator: Makes purchases, manages subscriptions, manages support tickets, and monitors service health.
  • Global administrator: Has access to all administrative features. The person who signs up for the Azure account becomes a global administrator. Only global administrators can assign other administrator roles. There can be more than one global administrator at your company.
  • Password administrator: Resets passwords, manages service requests, and monitors service health. Password administrators can reset passwords only for users and other password administrators.
  • Service administrator: Manages service requests and monitors service health.
    Note: To assign the service administrator role to a user, the global administrator must first assign administrative permissions to the user in the service, such as Exchange Online, and then assign the service administrator role to the user in the Azure classic portal.
  • User administrator: Resets passwords, monitors service health, and manages user accounts, user groups, and service requests. Some limitations apply to the permissions of a user management administrator. For example, they cannot delete a global administrator or create other administrators. Also, they cannot reset passwords for billing, global, and service administrators.

Administrator permissions

Billing administrator

Can do Cannot do
View company and user information

Manage Office support tickets

Perform billing and purchasing operations for Office products

Reset user passwords

Create and manage user views

Create, edit, and delete users and groups, and manage user licenses

Manage domains

Manage company information

Delegate administrative roles to others

Use directory synchronization

Global administrator

Can do Cannot do
View company and user information

Manage Office support tickets

Perform billing and purchasing operations for Office products

Reset user passwords

Create and manage user views

Create, edit, and delete users and groups, and manage user licenses

Manage domains

Manage company information

Delegate administrative roles to others

Use directory synchronization

Enable or disable multi-factor authentication

N/A

Password administrator

Can do Cannot do
View company and user information

Manage Office support tickets

Reset user passwords

Perform billing and purchasing operations for Office products

Create and manage user views

Create, edit, and delete users and groups, and manage user licenses

Manage domains

Manage company information

Delegate administrative roles to others

Use directory synchronization

Service administrator

Can do Cannot do
View company and user information

Manage Office support tickets

Reset user passwords

Perform billing and purchasing operations for Office products

Create and manage user views

Create, edit, and delete users and groups, and manage user licenses

Manage domains

Manage company information

Delegate administrative roles to others

Use directory synchronization

User administrator

Can do Cannot do
View company and user information

Manage Office support tickets

Reset user passwords, with limitations. He or she cannot reset passwords for billing, global, and service administrators.

Create and manage user views

Create, edit, and delete users and groups, and manage user licenses, with limitations. He or she cannot delete a global administrator or create other administrators.

Perform billing and purchasing operations for Office products

Manage domains

Manage company information

Delegate administrative roles to others

Use directory synchronization

Enable or disable multi-factor authentication

Cloud Computing, Powershell

Uploading a VHD file to Azure Storage

Get your Azure Subscription details first….

PS C:\Users\user> Get-AzureRmSubscription

SubscriptionName : Free Trial

SubscriptionId   : ba6d424f-f1d9-40c1-be8d-123f6aad8a7b

TenantId         : dc608e75-2124-48be-9dbc-7a248dc51fb2

State            : Enabled

 

PS C:\Users\user> Get-AzureRmSubscription | ft -Property SubscriptionName

SubscriptionName

—————-

Free Trial                                                                                                                                        

PS C:\Users\user> Get-AzurePublishSettingsFile

PS C:\Users\user> Import-AzurePublishSettingsFile

cmdlet Import-AzurePublishSettingsFile at command pipeline position 1

Supply values for the following parameters:

(Type !? for Help.)

PublishSettingsFile: “C:\book\Free Trial-2-20-2016-credentials.publishsettings”

Id          : ba6d424f-f1d9-40c1-be8d-123456789

Name        : Free Trial

Environment : AzureCloud

Account     : B62082C30D0DA9850123456789

State       :

Properties  : {[Default, True]}

We will need our storage account details such as Name (Label)

PS C:\Users\user> Get-AzureStorageAccount | Format-Table -Property Label

Label

—–

2mportalvhdstorage01

llportalvhds9storage02 

msenelstorage012345abscdr

ndportalvhdsmrw0123456

Select your Storage Account

PS C:\Users\user> $storageAccountName = ‘llportalvhds9storage02 ‘

Set-AzureSubscription -SubscriptionName “Free Trial” -CurrentStorageAccountName $storageAccountName

PS C:\Users\user> Get-AzureStorageContainer

Blob End Point: https://llportalvhds9storage02 .blob.core.windows.net/

 

Name                                           PublicAccess         LastModified

—-                                             ——-                   ———-

vhds                                                 Off                       2/18/2016 11:21:41 AM +00:00

I have a copy of Nano server VHD. I think this is the smallest one I can use (543MB). Don’t forget you will be copying your vhd in to the cloud and it will take some time.

 PS C:\Users\user> $LocalVHD = “C:\book\Nano2016.vhd”

$AzureVHD = “https://llportalvhds9storage02 .blob.core.windows.net/vhds/Nano2016.vhd”

Add-AzureVhd -LocalFilePath $LocalVHD -Destination $AzureVHD

Calculating….

1579

 Uploading….

1578

After finished uploading…..

157

 

 

 

Go to Storage in Azure Portal,

Capture1

Find your Storage Account and click on it,

15

Go to Containers and click on vhds, you should be able to see your vhd file.

 Capture2

Making a copy of the VHD file;

It is always good practice to have a copy of some of your vhds if they are critical to your business. Otherwise you will go through everything from the beginning to upload them again. So;

Go back to Storage and at the bottom of the screen choose Manage Access Keys..

156

Get the storage account name and primary access key for our powershell cmdlet; copy them on to notepad so you can reuse them.

Capture3

#Storage account needs to be authenticated

$context = New-AzureStorageContext -StorageAccountName “llportalvhds9storage02″`

 -StorageAccountKey “abcdefghijklmnopqrstuvyz”  -Protocol Http

$containername = “vhds”

$blobname = “Nano2016.vhd”

#From storage we need to get the VHD’s blob

$blob = Get-AzureStorageBlob -Context $context -Container $containername -Blob $blobname

$uri = “https://llportalvhds9storage02 .blob.core.windows.net/vhds/Nano2016.vhd”

Start-AzureStorageBlobCopy -SrcUri $uri -DestContext $context -DestContainer $containername -DestBlob “Nano2016.vhd-copy.vhd”

To check it, either go to Azure Portal > Storage > Click on the Storage Account > vhds

Capture4

Or use Powershell to check it if it is in our container (vhds);

$context = New-AzureStorageContext -StorageAccountName “llportalvhds9g0s6kqhgqxw”`

 -StorageAccountKey “abcdefghijklmnopqrstuvyz”  -Protocol Http

$containername = “vhds”

$blobcopyname = ” Nano2016.vhd-copy.vhd”

 

#From storage we need to get the VHD’s blob

$blobcopy = Get-AzureStorageBlob -Context $context -Container $containername`

-Blob $blobcopyname

$blobcopy

1

 

Creating an image from a VHD file

 Go to Virtual Machines in Azure Portal and choose Images;

 Capture5

 Click on the “Create an image”

 3456789

456789

Now you can create virtual machine using your image….

56789

Creating a Disk from a VHD file

Go to Virtual Machines in Azure Portal and choose Disks;

 6789

At the bottom of the screen choose Create….

789

If it is OS disk make sure you click “This VHD contains an operating system”..

89

And again you can use this disk to create your virtual machines….

9

Using  PowerShell;

$AzureVHD = “https://llportalvhds9storage02 .blob.core.windows.net/vhds/Nano2016.vhd”

 Add-AzureDisk -DiskName ‘NanoOSDisk’ -MediaLocation $AzureVHD `
-Label ‘Nano Server 2016 OS Disk’ -OS Windows

 

Certification, Cloud Computing, Networking / Infrastructure

Microsoft Azure – How to Configure a VNet-to-VNet connection

In your infrastructure you will probably have a few virtual networks (VNETs). They might be premises sites or azure VNETs. You can connect these multiple VNETs to each other. Virtual network connectivity can be used simultaneously with multi-site VPNs, with a maximum of 10 VPN tunnels for a virtual network VPN gateway connecting to ether other virtual networks or on-premises sites.

What I have got here in my scenario is: 2 sites, one in US and one in Europe which we will create; (Basically 2 sites in 2 different regions). Connecting a virtual network to another virtual network (VNET-to-VNET) is very similar to connecting a virtual network to an on-premises site location.  A couple of different steps such as downloading the script created by Azure and running it on your on premises gateway device. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec/IKE.

Capture121

Let’s create these VNETS now;

Log in to the Azure Classic Portal (not the Azure Portal). In the lower left-hand corner of the screen, click New. In the navigation pane, click Network Services, and then click Virtual Network. Click Custom Create to begin the configuration wizard.

Captur

On the Virtual Network Details page, enter the VNET name and choose your location (region).

On the DNS Servers and VPN Connectivity page, enter your DNS server name and IP address. You are not going to create one. This is purely name resolution for this virtual network. And don’t click any boxes, leave them as they are.

Captu

On the Virtual Network Address Spaces page, specify the address range that you want to use for your virtual network. In my case for Us it will be 10.20.0.0 /16 .These are the dynamic IP addresses (DIPS) that will be assigned to the VMs and other role instances that you deploy to this virtual network. It’s especially important to select a range that does not overlap with any of the ranges that are used for your on-premises network. You will get error message informing you that you have chosen an overlapped network range. You can modify your subnet here and create other subnets for other services but for now these are not required.

Capt

 

Click on the to create it. Create another VNET following the steps above. I will choose 10.10.0.0 /16 and North Europe for my VNET-EU.

Capt1

 

Next we need to add local networks to these virtual networks. I will configure each VNET as a local network. Microsoft refers local networks as on premises network.

Capt12

 

In the lower left-hand corner of the screen, click New. In the navigation pane, click Network Services, and then click Virtual Network. Click Add Local Network

Capt23

 

On the Specify your local network details page, for Name, enter the name of a virtual network that you want to use in your VNet-to-VNet configuration. For this example, I’ll use VNET-EU, as we’ll be pointing VNET-US to this virtual network for our configuration.

For VPN Device IP Address, use any IP address. Typically, you’d use the actual external IP address for a VPN device. For VNet-to-VNet configurations, you will use the Gateway IP address. But, given that you haven’t created the gateway yet, I will use an IP address from my IP range for now. (10.10.0.50). I will then go back into these settings and configure them with the corresponding gateway IP addresses once Azure generates it. Do the same steps for VNET-US and choose 10.20.0.50

Next I will have to point each VNET to each other as Local Network. Go to Networks and then click on the first VNET and click Configure. Scroll down to Connection and tick the box for Connect to the Local Network and choose the other VNET under Local Network.

C

 

In the virtual network address spaces section on the same page, click add gateway subnet, then click the save icon at the bottom of the page to save your configuration.

C1

 

Repeat the step for VNET-US to specify VNET-EU as a local network.

Next step will be creating dynamic routing gateways for each VNET. On the Networks page, make sure the status column for your virtual network is Created.

C2

 

In the Name column, click the name of your virtual network.

On the Dashboard page, notice that this VNet doesn’t have a gateway configured yet. You’ll see this status change as you go through the steps to configure your gateway. At the bottom of the page, click Create Gateway. You must select Dynamic Routing.

C4

When the system prompts you to confirm that you want the gateway created, click Yes. Repeat the same steps for the other VNET. When your gateway is creating, notice the gateway graphic on the page changes to yellow and says Creating Gateway. It typically takes about 15-20 minutes for the gateway to create.

C5

After gateways created, they will be assigned IP addresses and we need to modify our Local Network IPs we assigned temporary when we added them to VNETs to these IPs.

C7

After everything has completed we will need to make sure each connection and both sides of the gateway are using the same PRESHARED KEY.

I will use Powershell to complete this part. First connect to your subscription’

p1

 

And then just check your VNET connections using Get-AzureVNetConnection

p2

 

Lastly run;

Set-AzureVNetGatewayKey -VNetName VNET-EU -LocalNetworkSiteName VNET-US -SharedKey 123456789

Set-AzureVNetGatewayKey -VNetName VNET-US -LocalNetworkSiteName VNET-EU -SharedKey 123456789

(Make sure for production environment you use much better shared keys)

p3

 

And you will see connection is successful.

Capture7777

Capture888

 

 

 

Cloud Computing, Networking / Infrastructure

Microsoft’s StorSimple

 

 

Standard storage management comes with a few challenges. Thinking about capacity, types, tiering, provisioning, scalability. Making plans and decisions take long time and on top of these what about backups and data archiving? They bring their own challenges. Many hours spent just to keep everything the way we wanted around our budget.

I first heard about Storsimple when I was watching one of Azure MVA courses. The idea of storing data based on how often they are accessed and making decisions on where to store is simple and at the same time makes business sense. Applying a simple logic will save a lot of effort and money in the long run.

So If you are tired of buying and installing storage and rebalancing workloads all the time, you really need to have a look at StorSimple. The same is true for managing data protection, because off-site data protection is completely automated with StorSimple you have got no worries on that. And if you can’t perform DR because it’s too disruptive and takes too long, you need to look into non-disruptive, thin recovery with StorSimple.

How does it work?

 

StorSimple is comprised SSDs (split into two layers), HHDs and Cloud. When a user saved the data it goes to first SSD layer on the StorSimple appliance. And this is deduplicated to the second SSD layer along with the other data comes from other users. When the data is accessed it remains active and stays “hot”. Again users keep creating other data and previously created data becomes less accessed and becomes “cold”. Then this data is moved to the HDD layer and it is also compressed in this layer. As the other data becomes cold and they are all moved to the HDD layer and as the data keeps coming to this layer, it will filled up and reach the threshold. The original data moved to the cloud. When the data is in Azure, it will be copied 3 times locally and another 3 copies will be geo-replicated within region. As you may guess it will be a delayed respond when the user requests that data in the cloud as opposed to the data saved on the other layers. Data will be pulled by StorSimple from Azure and presented to the user and it is managed by Azure portal. The new StorSimple Manager is an Azure management portal which controls all functions of all StorSimple arrays across the enterprise. It provides a single, consolidated management point that uses the Internet as a control plane to configure all parameters of StorSimple 8000 arrays and for displaying up-to-the-minute status information in a comprehensive dashboard.