Last updated by at .

  • Hyper-V 2016
    What's new in Hyper-V 2016
  • Microsoft Azure
    Microsoft Azure

Category: Windows Server 2012

Installation Windows Server 2016 VPN

How to Install VPN on Windows Server 2016

This post shows you how you can install a VPN Server on Windows Server 2016 Step-by-Step. It shows you how you can easily setup a VPN server for a small environment or for a hosted server scenario.

This is definitely not a guide for an enterprise deployment, if you are thinking about a enterprise deployment you should definitely have a look at Direct Access.

I already did similar blog posts for Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.

You can simply follow this step by step guide:

First install the “Remote Access” via Server Manager or Windows PowerShell.

Install Remote Access Role VPN

Select the “DirectAccess and VPN (RAS)” role services and click next.

DirectAccess and VPN (RAS)



5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.

Architecture

The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers

Impressions

5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.

5nine-switch-extension

 

Conclusion

Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.

 

 



diskpart-usb-drive

Create a USB Stick for Windows Server 2016 Installation

If you have download the latest version of Windows Server 2016 you can create a USB stick to install it on a physical server.

For UEFI Systems:

  • The at least a 8GB USB drive has to be formatted in FAT32
  • The USB needs to be GPT and not MBR
  • Copy all files from the ISO to the USB drive

diskpart-usb-drive

This is it, and here is how you do it:

First plugin your USB drive to your computer. The USB drive should be bigger than 6GB.

Open a CMD prompt or PowerShell using the Run as Administrator option and open diskpart. Now you can do list all this by using

Select the USB disk, in my case this was disk 1

Clean the disk. Be careful this will remove all files and partitions on the USB media.

Now convert it to GPT

Create a new primary partition. But make sure the partition is not greater than 16GB otherwise it can be formatted with FAT32.

Format the partition with FAT32

Assign a drive letter to the volume

now you can exit the diskpart and copy all files from the Windows or Windows Server to the USB drive and boot it. This works with Windows 8, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 or even Hyper-V Server in the same editions.

For MBR systems:

  • The at least a 8GB USB drive has to be formatted in FAT32
  • The USB needs to be MBR
  • Partition need so be set active
  • Copy all files from the ISO to the USB drive

diskpart-usb-drive-mbr

 

This is it, and here is how you do it:

First plugin your USB drive to your computer. The USB drive should be bigger than 6GB.

Open a CMD prompt or PowerShell using the Run as Administrator option and open diskpart. Now you can do list all this by using

Select the USB disk, in my case this was disk 1

Clean the disk. Be careful this will remove all files and partitions on the USB media.

Create a new primary partition. But make sure the partition is not greater than 16GB otherwise it can be formatted with FAT32.

Format the partition with FAT32

Set Active

Assign a drive letter to the volume

now you can exit the diskpart and copy all files from the Windows or Windows Server to the USB drive and boot it. This works with Windows 8, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 or even Hyper-V Server in the same editions.

 

Important:

If Install.wim is larger than 4GB, you cannot copy the file to the drive, because of theFAT32 based partition limitation. The solutions for this is to split the wim file into smaller files.

split wim file using dism (you may have to change the drive letters):

 



PowerShell get Drvier Version

Get Installed Driver Version using PowerShell

If you are using Windows Server Core or you just want to check the driver version using PowerShell you can using the following command:

You can also filter a specific driver name using the following command:

 



VM Network Adapter

PowerShell One-liner to list IP Addresses of Hyper-V Virtual Machines

Here a very quick PowerShell command to list all the Virtual Network Adapters, including IP Addresses of Virtual Machines running on a Hyper-V Host.

This will give you a list of all Virtual Machines running on Hyper-V Server called “HyperV01”



cmd clip

Pipe cmd prompt commands into the clipboard

This is a very all but very useful command if you work with the Windows Command Prompt. This allows you to output text from commands into the Windows clipboard.

Scott Hanselman from Microsoft just reminded the community about this feature, which is available in Windows since Windows Vista.

PowerShell v5 got some similar command using Set-Clipboard and Get-Clipboard.



unatted xml file for VM

Add unattend.xml to VHDX File for VM automation

If you for example don’t have System Center Virtual Machine Manager or another tool to create Virtual Machine Templates and automate the deployment, you can also do this using Sysprep, PowerShell and an unattend.xml file to automate or simplify the Virtual Machine creation process. In other blog posts I already wrote how you can sysprep Virtual Machines or how you can create Hyper-V Virtual Machines using PowerShell. In this post I will show you how you can add an unattend.xml file to your VHD or VHDX so your virtual machine gets some default settings like regional information.

Here we have a basic unattend.xml file. If you want to enhance it, or create your own, you can also use the Windows ADK.

To use this unattend.xml you first have to sysprep a virtual machine and create a sysprep VHD file. After that you can mount the VHDX file and insert the unattend.xml file to the VHD. Copy the unattend.xml file to the following location: D:\Windows\Panther (in my case the VHD was mounted as D drive).

You can mount the VHDX using the UI or PowerShell:

There are more paths as well. You can check out the Windows Setup Automation Overview on TechNet where you can see all the possible paths to place the unattend.xml file.