Last updated by at .

  • Hyper-V 2016
    What's new in Hyper-V 2016
  • Microsoft Azure
    Microsoft Azure

Category: Windows Server 2012 R2

Open website from PowerShell

Open website from PowerShell

If you want to directly open a website from the PowerShell console, you can use the Start-Process cmdlet. This will open the website in the default browser:

You can also use “Start” which is an alias for Start-Process:

 



Hyper-V Manager ins Azure Server Management Tools SMT

Manage Hyper-V from Azure Server Management Tools

Microsoft released an updated to the Azure Server Management Tools (SMT) and this improves some of the existing tools such as File Explorer and Device Manager. But the big announcement here is, that you now can manage your Hyper-V Server and Virtual Machines directly from Microsoft Azure from where ever you are. This is one of the great examples of using cloud solutions to extend your on premise environment, By using Management as a Service you basically don’t need to updated anything, you just got this new feature available in the Azure portal and you can start using it.

In this update to the Server Management Tools, Microsoft supports the following VM management functionality:

  • Start/Shutdown/Turn off/Pause/Resume
  • Save State/Delete Saved State
  • Take/Apply & rename checkpoints

You can see the Virtual Machines on which are running on the Hyper-V server

Hyper-V Manager in Azure SMT

You can also do basic management of checkpoints

Hyper-V VM in Azure SMT

If you want to know more about the Server Management Tools (SMT) check out my blog post: Manage Nano Server and Windows Server from Azure using Remote Server Management Tools

 



Windows Azure Pack Version PowerShell

Verify installed Windows Azure Pack version

If you want to check which version of Windows Azure Pack is installed or if you want to find out which Update Rollup of Windows Azure Pack is installed you can simply do this using two ways.

You can check the version of the installed Windows Azure Pack components on each server, using the Control Panel – Programs and it shows you the installed components:

Windows Azure Pack Version

You can also use the following PowerShell command to check the installed Windows Azure Pack server

Windows Azure Pack Version PowerShell

You can now compare the version numbers in this list an you can see which Windows Azure Pack Update Rollup is installed. Every component on every sever has to be checked.

Windows Azure Pack (links to KB articles) Version number Build Date
Update Rollup 10 3.33.8196.14 04/20/2016
Security Update Rollup 9.1 3.32.8196.12 3/2/2016
Update Rollup 8.1 3.29.8196.0 11/16/2015
Update Rollup 8 3.28.8196.48 10/28/2015
Update Rollup 7.1 3.27.8196.3 8/25/2015
Update Rollup 7 3.25.8196.75 7/31/2015
Update Rollup 6 3.24.8196.35 4/28/2015
Update Rollup 5 3.22.8196.48 2/10/2015
Update Rollup 4 3.19.8196.21 10/21/2014
Update Rollup 3 3.15.8196.48 7/22/2014
Update Rollup 2 3.14.8196.32 4/16/2014
Update Rollup 1 3.12.8198.0 1/20/2014
RTM release 3.10.8198.9 9/16/2013

If you need more information please check the following Microsoft TechNet article: Install Windows Azure Pack updates and verify versions

Thanks to Fulvio Ferrarini (itnetX) which helped me with this blog post.



Installation Windows Server 2016 VPN

How to Install VPN on Windows Server 2016

This post shows you how you can install a VPN Server on Windows Server 2016 Step-by-Step. It shows you how you can easily setup a VPN server for a small environment or for a hosted server scenario.

This is definitely not a guide for an enterprise deployment, if you are thinking about a enterprise deployment you should definitely have a look at Direct Access.

I already did similar blog posts for Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.

You can simply follow this step by step guide:

First install the “Remote Access” via Server Manager or Windows PowerShell.

Install Remote Access Role VPN

Select the “DirectAccess and VPN (RAS)” role services and click next.

DirectAccess and VPN (RAS)



5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.

Architecture

The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers

Impressions

5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.

5nine-switch-extension

 

Conclusion

Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.

 

 



diskpart-usb-drive

Create a USB Stick for Windows Server 2016 Installation

If you have download the latest version of Windows Server 2016 you can create a USB stick to install it on a physical server.

For UEFI Systems:

  • The at least a 8GB USB drive has to be formatted in FAT32
  • The USB needs to be GPT and not MBR
  • Copy all files from the ISO to the USB drive

diskpart-usb-drive

This is it, and here is how you do it:

First plugin your USB drive to your computer. The USB drive should be bigger than 6GB.

Open a CMD prompt or PowerShell using the Run as Administrator option and open diskpart. Now you can do list all this by using

Select the USB disk, in my case this was disk 1

Clean the disk. Be careful this will remove all files and partitions on the USB media.

Now convert it to GPT

Create a new primary partition. But make sure the partition is not greater than 16GB otherwise it can be formatted with FAT32.

Format the partition with FAT32

Assign a drive letter to the volume

now you can exit the diskpart and copy all files from the Windows or Windows Server to the USB drive and boot it. This works with Windows 8, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 or even Hyper-V Server in the same editions.

For MBR systems:

  • The at least a 8GB USB drive has to be formatted in FAT32
  • The USB needs to be MBR
  • Partition need so be set active
  • Copy all files from the ISO to the USB drive

diskpart-usb-drive-mbr

 

This is it, and here is how you do it:

First plugin your USB drive to your computer. The USB drive should be bigger than 6GB.

Open a CMD prompt or PowerShell using the Run as Administrator option and open diskpart. Now you can do list all this by using

Select the USB disk, in my case this was disk 1

Clean the disk. Be careful this will remove all files and partitions on the USB media.

Create a new primary partition. But make sure the partition is not greater than 16GB otherwise it can be formatted with FAT32.

Format the partition with FAT32

Set Active

Assign a drive letter to the volume

now you can exit the diskpart and copy all files from the Windows or Windows Server to the USB drive and boot it. This works with Windows 8, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 or even Hyper-V Server in the same editions.

 

Important:

If Install.wim is larger than 4GB, you cannot copy the file to the drive, because of theFAT32 based partition limitation. The solutions for this is to split the wim file into smaller files.

split wim file using dism (you may have to change the drive letters):

 



PowerShell get Drvier Version

Get Installed Driver Version using PowerShell

If you are using Windows Server Core or you just want to check the driver version using PowerShell you can using the following command:

You can also filter a specific driver name using the following command: