Last updated by at .

  • Hyper-V 2016
    What's new in Hyper-V 2016
  • Microsoft Azure
    Microsoft Azure

Tag: Virtual Machine

Azure Nano Server PowerShell Package Management

How to deploy Nano Server in Azure

In some other post I have written how you can deploy a Nano Server on premise using PowerShell or the Nano Server Image Builder. In this post I will quickly show you how you can setup a new Nano Server in Microsoft Azure.

To deploy Nano Server in Azure, Microsoft offers you a Nano Server Image in the Marketplace.

Using the Azure Portal to deploy Nano Server on Microsoft Azure

There are also several ways you can deploy Nano Server, for example using the Azure Portal or PowerShell. First this will show you how you can create a Nano Server Virtual Machine using the Azure Portal.

Nano Server on Azure Marketplace

Simply follow the steps to create a new Azure Virtual Machine.

Nano Server on Azure VM Size

The most important part is to configure the Network Security Groups to allow PowerShell Remoting since Nano Server does not support RDP. There are two options to do this, using WinRM over http (5985) or using WinRM using https (5986). To be honest in production you should only use https, but for some demos or if you are configuring Nano Server to be used over a VPN you can also use WinRM over http. I also recommend that you remove the RDP port rule, since this is not really necessary. If the WinRM rule in the network security group is not already there, just create it. For easy setup you can use 5985 if you want to use SSL you will require additional steps.

Nano Server on Azure Network Security Groups NSG

Follow the rest of the wizard to deploy the new Nano Server VM. After the VM is created you will see it in the Azure Portal. You can now use the IP address to connect to the virtual machine using PowerShell remoting. If you don’t have a VPN connection to the Azure VM Network you will need to use the public IP address, if it is connected trough a VPN or from another machine running in the same VM Network, you can use the internal IP address. In my demo case I am using the public IP address to connect to the virtual machine. To make it easier I also created a Public DNS name for this Azure IP address.

Nano Server on Azure Public DNS Name

To connect to your Nano Server you also have to setup PowerShell Remoting on your machine and add the host to your trusted hosts group.

You can now connect to your Nano Server running in Azure.

Nano Server PowerShell Remoting Azure VM

Using the Azure PowerShell module to deploy Nano Server on Microsoft Azure

First you have to install the Azure PowerShell Module and get the NanoServerAzureHelper PowerShell Module (NanoServerAzureHelper_20160927) this will help you with the setup.

Time to fire up PowerShell and login to Azure

First create a new Azure Resource Group and a Key Vault if you don’t have them already available. The key vault will be helping you to use SSL configuration for your PowerShell remoting.

Import the NanoServerAzureHelper PowerShell module which you have downloaded before.

NanoServerAzureHelper PowerShell Module

This will give you some new PowerShell cmdlets to deploy Nano Server quickly on Azure.

The most important for creating new Nano Server VMs in Azure is simply the New-NanoServerAzureVM.

New-NanoServerAzureVM

Create a new Nano Server VM in Azure using the following PowerShell command:

New-NanoServerAzureVM Create Nano Server VM

To connect you can get the public IP address for the system you deployed and connect to it

 

Using PowerShell Package Management to Install Roles and Features on Nano Server

Since in Nano Server does not include any roles per default you can now use PowerShell Package Management to installed Nano Server Packages on your Azure Virtual Machine.

Azure Nano Server PowerShell Package Management

If you want to know more about PowerShell Package Management on Nano Server, check out my blog post. If you want to know more about Nano Server in general check this post here: Nano Server – The future of Windows Server – Just enough OS

 

 

 

 

 

 

 



VCNRW Nano Server and Container

Nano Server – The future of Windows Server – Just enough OS

Finally, Microsoft released Windows Server 2016 and with Windows Server 2016 we also get the first version of Nano Server. I had the opportunity to speak on several different events and conferences about Nano Server, so I tried to create a quick summary of my presentation in this blog post.

Nano Server installation option Just enough OS

Nano Server - Just enough OS

Nano Server is a redesign version of Windows Server which is very lightweight, very small footprint and fully remote managed and it is designed to solve some of the datacenter challenges we have today. Nano Server is a headless, 64-bit only deployment option of Windows Server. Microsoft basically removed all components from the base image. Roles and feature are not directly included in the base image and they have to be added while creating a new Nano Server Image or online using PowerShell Package Management. Not even the drivers are included in the base image, since you don’t want the physical drivers in a virtual machines, and you don’t want the virtual drivers on a physical machine This is also the reason why Nano Server does not show up during the installation dialog when you boot the Windows Server 2016 ISO file.

Nano Server Key Scenarios

The first version of Nano Server is designed for the following key scenarios:

  1. Born-in-the-cloud applications – support for multiple programming languages and runtimes. (e.g. ASP.NET Core, C#, Java, Node.js, Python, etc.) running in containers, virtual machines, or on physical servers.
  2. Microsoft Cloud Platform infrastructure – support for compute clusters running Hyper-V and storage clusters running Scale-out File Server and Storage Spaces Direct.
  3. But Microsoft also added some other roles like DNS and IIS to the Nano Server and we can expect more roles and features in the future.

In this version Nano Server will of course not replace Windows Server Core and Windows Server (Full or Server with Desktop Experience), but it will be definitely be they way going forward.

Nano Server Footprint

Nano Server has a very small foot print, The default WIM file has a size around 170 MB and if you create a Nano Server VHD or VHDX file it can be only around 400 MB in size. If you add more roles, features and drivers the size of the image gets bigger, but even if you add more stuff the size will be around 800 MB for an Hyper-V server including the Hyper-V role, Failover Clustering Feature, DCB feature, Physical OEM drivers and additional network adapter and storage controller drivers. If you compare Nano Server to Windows Server you can see some of the following changes:

  • 93 percent lower VHD size
  • 92 percent fewer critical bulletins
  • 80 percent fewer reboots

Nano Server Servicing Improvements

Nano Server Servicing Improvments

Nano Server Deployment Improvements

Nano Server Deployment Improvments

This not only reduced deployment time and gives you some operational improvements, it also reduces the attack surface by a lot and this is a huge security improvement.

To achieve these results, Microsoft removed some parts of Windows Server such as:

  • GUI stack
  • 32 bit support (WOW64)
  • MSI support
  • RDP
  • Some default Server Core components
  • Basic OEM Drivers
  • and more

Nano Server Management

By removing the User Interface stack, Microsoft made this server to a true headless server, without any login screen or RDP support. By removing the Graphic User Interface, Windows Administrator have to learn new ways how they manage servers, or better use existing ways to manage a Nano Server environment. The answer is simple and is the best practice for managing servers for a long time called Remote Management. Nano Server will offer some advanced remote Management features such as:

  • WMI
  • PowerShell Remoting
  • PowerShell Direct
  • PowerShell Desired State Configuration
  • RSAT Tools (Server Manager, Hyper-V Manager, Failover Cluster Manager, …)
  • System Center and other Management tools
  • Server Management Tools (Azure Web-based management tools to replace local inbox management tools)

With that, existing Remote Management Tools, such as Server Manager and other RSAT tools, will continue to work. But Microsoft also improved PowerShell Remoting and introduces the Azure Serivce for Server Management Tools.

Server Management Tools

Microsoft Azure Server Management Tools Topology

This service allows you to manage your servers directly from Azure using a web-based HTML5 portal. I personally think that this could also replace Server Manager and allows you to easily manage non-GUI servers such as Windows Server Core and Nano Server.

Azure Remote Server Management Nano Server

If you want to know more about the Sever Management Tools, check out my blog post: Manage Nano Server and Windows Server from Azure using Remote Server Management Tools

The Server Management Tools do not only support Nano Server, they also support Windows Server 2016, Windows Server 2012 R2 and Windows Server 2012 with WMF 5.0 and higher.

Remote Manage Nano Server with PowerShell

Nano Server PowerShell Remoting

The simplest way to manage Nano Server is by using PowerShell Remoting using for exmaple the following command.

If you are directly on a Hyper-V Server you can also use PowerShell Direct which allows you to directly connect to a Virtual Machine using the Hyper-V VMBus.

If you want to know more about Managing Nano Server check out the following blog posts How to Remote Manage your Nano Server using PowerShell or Hyper-V PowerShell Direct.

Manage Nano Server using System Center

Nano Server can also be managed using System Center Virtual Machine Manager and System Center Operations Manager. With SCVMM you can deploy new Hyper-V and Storage Spaces Direct hosts as well as Virtual Machines.

Deploy Nano Server

To deploy Nano Server as a virtual machine or as a physical host you have to create a new Nano Server Image. For this you have basically have two option. The first one is using the built in Nano Server Image Generator PowerShell module and the second option is the Nano Server Image Builder UI wizard.

Nano Server Image Generator PowerShell module

New-NanoServerImage

The Nano Server Image Generator PowerShell module allows you to create new Nano Server Images. You can find this on the Windows Server 2016 media in the Nano Server folder. Here is a quick example how to create a new VHDX using the PowerShell module.

Nano Server Image Builder

Nano Server Image Builder

The Nano Server Image Builder is a UI based wizard to create Nano Server Images in VHDX, VHD, WIM or ISO to install Nano Server on all possible systems.

The Nano Server Image Builder can help you with the following tasks:

  • Graphical UI to create Nano Server Images
  • Adding drivers
  • Choose Windows Server Edition
  • Adding roles and features
  • Adding drivers
  • Adding updates
  • Configuration of Network Settings
  • Configuration of Domain settings
  • Set Remoting Options
  • Create an ISO file to boot from DVD or BMC (remote connection like HP ILO)

First download and install the Windows Assessment and Deployment Kit (ADK) and the Nano Server Image Builder.

If you need more information about deploying Nano Server check my blog post about Create a Nano Server using the Nano Server Image Builder and How to create a Nano Server Image using PowerShell.

Nano Server Packages

Nano Server Packages

Roles, Features and Drivers live outside of the basic Nano Server Image have to be added while creating the Nano Server Image or after that using PowerShell Package Management.

You can find and install Windows Packages from the online package repository by using the NanoServerPackage provider of PackageManagement (OneGet) PowerShell module.

Troubleshooting Nano Server

Nano Server Recovery Console

Hyper-V Nano Server Console

When you boot Nano Server you can not really login to Nano Server and browse the file system. What you can do is login to the Nano Server Recovery Console which allows you to do some basic tasks:

  • Shows computer info like Name, IP Configuration, OS Version and more
  • Reset Networking to DHCP
  • Reset basic Windows Firewall rules
  • If the Server is a Hyper-V Server you can see the VM running on the system and remove the Virtual Switch

Sysinternals for Nano Server

Sysinternals for Nano Server

There is also a Sysinternals version for Nano Server.

Nano Server over a serial port with Emergency Management Services

Emergency Management Services (EMS) lets you perform basic troubleshooting, get network status, and open console sessions (including CMD/PowerShell) by using a terminal emulator over a serial port. This replaces the need for a keyboard and monitor to troubleshoot a server.

You can include this using the following cmdlets

Nano Server Servicing

Nano Server Servicing

Windows Server are usually from the Long Term Servicing Branch and have 5 + 5 years of servicing and only get security and quality fixes, no new features. In Windows Server 2016 Server Core and Server with Desktop Experience follow this traditional servicing model. Nano Server on the other hand will be in a new servicing branch called Current Branch for Business (CBB).

  • Nano Server will not have an LTSB with Windows Server 2016 and therefore not have 5+5 years of servicing
  • Nano Server installations will have to move forward to future CBB releases of Nano Server to continue to be serviced
  • Licensing Nano Server will require Software Assurance (SA)
  • Installation of new CBBs are always controlled by administrators, no forced upgrades

Nano Server Key Wins

  • Easy and fast to deploy
  • Lightweight
  • Easily integrates with our automated approach
  • Reduces attack surface
  • Works with existing deployment tools (WDS, SCVMM, SCCM and boot from VHDX)
  • Reduces operational overhead
  • Highly stable
  • Delivers on scale and performance

Conclusion

In my opinion the effort Microsoft does with Nano Server really makes sense and will help Service Providers as well as Enterprise companies to deploy clouds even faster, more secure, more efficient and with less management overhead. Of course it is still early and Nano Server may not fit every case and scenario today, but definitely in the future.

 

 

 



What's new in Hyper-V 2016

Windows Server 2016 Hyper-V Scale Numbers

Yesterday Microsoft announced the VMware to Hyper-V Migration offer with Windows Server 2016. The Hyper-V team also announced the new scale numbers in Windows Server 2016 Hyper-V. Microsoft announced a Hyper-V Host will support 24TB of RAM and up to 512 CPUs, and up to 16TB and 240 virtual CPUs per Virtual Machine. This are huge number and a huge improvement to the numbers to the numbers of Windows Server 2012 and Windows Server 2012 R2.

Windows Server 2012/2012 R2

Standard & Datacenter

Windows Server 2016 Standard & Datacenter
Physical (Host) Memory Support Up to 4 TB per physical server Up to 24 TB per physical server (6x)
Physical (Host) Logical Processor Support Up to 320 LPs Up to 512 LPs
Virtual Machine Memory Support Up to 1 TB per VM Up to 16 TB per VM (16x)
Virtual Machine Virtual Processor Support Up to 64 VPs per VM Up to 240 VPs per VM (3.75x)


unatted xml file for VM

Add unattend.xml to VHDX File for VM automation

If you for example don’t have System Center Virtual Machine Manager or another tool to create Virtual Machine Templates and automate the deployment, you can also do this using Sysprep, PowerShell and an unattend.xml file to automate or simplify the Virtual Machine creation process. In other blog posts I already wrote how you can sysprep Virtual Machines or how you can create Hyper-V Virtual Machines using PowerShell. In this post I will show you how you can add an unattend.xml file to your VHD or VHDX so your virtual machine gets some default settings like regional information.

Here we have a basic unattend.xml file. If you want to enhance it, or create your own, you can also use the Windows ADK.

To use this unattend.xml you first have to sysprep a virtual machine and create a sysprep VHD file. After that you can mount the VHDX file and insert the unattend.xml file to the VHD. Copy the unattend.xml file to the following location: D:\Windows\Panther (in my case the VHD was mounted as D drive).

You can mount the VHDX using the UI or PowerShell:

There are more paths as well. You can check out the Windows Setup Automation Overview on TechNet where you can see all the possible paths to place the unattend.xml file.



sysprep.exe vm mode

Windows Sysprep for Virtual Machines

For using the same system image for different virtual machines or physical computer, Microsoft created a tool called sysprep.exe. Most people should be already familiar with that tool. If not here is the description:

Sysprep prepares a Windows installation (Windows client and Windows Server) for imaging, allowing you to capture a customized installation. Sysprep removes PC-specific information from a Windows installation, “generalizing” the installation so it can be reused on different PCs. With Sysprep you can configre the PC to boot to audit mode, where you can make additional changes or updates to your image. Or, you can configure Windows to boot to the Out-of-Box Experience (OOBE).

This is great so you can sysprep a virtual machine copy the VHD or VHDX file and use it for the first boot of different VMs. In Windows Server 2012 and Windows 8, Microsoft added an addition to sysprep called the mode switch “/mode:vm”. The mode:vm switch allows you to identify the Windows as a Virtual Machine and sysprep.exe will generalize a Virtual Hard Disk (VHD or VHDX) so that you can deploy the VHD as a VHD on the same Virtual Machine (VM) or hypervisor. You must deploy the VHD on a Virtual Machine (VM) or hypervisor with the same hardware profile. For example, if you created VHD in Microsoft Hyper-V, you can only deploy your VHD to Microsoft Hyper-V VMs with a matching hardware profile, and you can only run VM mode from inside a VM.

This will boost the performance and time for the virtual machine for the first startup and installation. This also work of course with virtual machines running on other hypervisors such as VMware or Xen.

Run the following command inside the Virtual Machine (You find sysprep.exe in the  C:\Windows\System32\Sysprep folder):

Now you can copy the VHD or VHDX file from that virtual machine and use it for other VMs.



Hyper-V Nested Virtualization

Hyper-V Nested Virtualization in Windows 10 Build 10565

This week Microsoft released a new Windows 10 Insider Preview build to the Windows Insiders. It brings a couple of new features to the OS, but Ben Armstrong (Hyper-V Program Manager at Microsoft) mentions in a blog post that it also brings a preview of Nested Virtualization to Hyper-V in Windows 10. Nested Virtualization allows you to run Hyper-V inside a VM. This is prefect for Lab and Training scenarios, so you can run multiple Hyper-V server without the need of a lot of physical hardware.

So how can you enable Nested Virtualization in this early preview build? Theo Thompson describes this in a blog post:

Step 1: Create a VM

Step 2: Run the enablement script

Given the configuration requirements (e.g. dynamic memory must be off), we’ve tried to make things easier by providing a PowerShell script.

This script will check your configuration, change anything which is incorrect (with permission), and enable nested virtualization for a VM. Note that the VM must be off.

Step 3: Install Hyper-V in the guest

From here, you can install Hyper-V in the guest VM.

Step 4: Enable networking (optional)

Once nested virtualization is enabled in a VM, MAC spoofing must be enabled for networking to work in its guests. Run the following PowerShell (as administrator) on the host machine:

Step 5: Create nested VMs

This is still a very early preview and this means this feature still has a lot of know issues:

  • Both hypervisors need to be the latest versions of Hyper-V. Other hypervisors will not work. Windows Server 2012R2, or even builds prior to 10565 will not work.
  • Once nested virtualization is enabled in a VM, the following features are no longer compatible with that VM. These actions will either fail, or cause the VM not to start:
    • Dynamic memory must be OFF. This will prevent the VM from booting.
    • Runtime memory resize will fail.
    • Applying checkpoints to a running VM will fail.
    • Live migration will fail.
    • Save/restore will fail.
  • Once nested virtualization is enabled in a VM, MAC spoofing must be enabled for networking to work in its guests.
  • Hosts with Virtualization Based Security (VBS) enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization.
  • This feature is currently Intel-only. Intel VT-x is required.
  • Beware: nested virtualization requires a good amount of memory. I managed to run a VM in a VM with 4 GB of host RAM, but things were tight.

 

 



Containers PowerShell

First steps with Windows Containers

At Microsoft Ignite 2015 back in Chicago Microsoft announced Windows Containers. With the release of the Technical Preview 3 (TP3) for Windows Server 2016 we are finally able to start using Windows Containers, and we can finally test them. But first let use check a little what containers are.

The concept of containers is nothing new, in the Linux world containers are a well known concept. If you have a look at the Wikipedia description for Linux Containers, Wikipedia describes it as follows: LXC (Linux Containers) is an operating-system-level virtualization environment for running multiple isolated Linux systems (containers) on a single Linux control host. Containers provide operating system-level virtualization through a virtual environment that has its own process and network space, instead of creating a full-fledged virtual machine. With Windows Server 2016 more or less the same concept comes the Windows world. This makes containers much more light-weight, faster and less resource consuming than Virtual Machines, which makes it perfect for some scenarios, especially dev-test scenarios or for worker roles.

Container Ecosystem

If we have a look at the concept of containers you have several things in the container ecosystem:

Container Ecosystem

First you have the Container Run-Time which builds the boundaries between the different containers and the operating system. To make deployment easier, faster and more efficient you build Container Images which Include the application frameworks as well as the applications on top of the OS used for the container. To use, store and share Container Images you can use an Image Repository.

The question most people will ask is how are containers different than Virtual Machines etc.

Physical Server

Physical Host

At the beginning what we did is, we installed an operating system on physical hardware and in that operating system we installed applications directly.

Virtual Machines

Virtual Machines

With virtual machines we created simulated some virtual hardware on top of the operating system of the physical server. We installed an operating system inside the virtual machine on top of the virtual hardware and installed application inside the VM. In this case, each virtual machine has its own operating system.

Containers

Containers

With container we use an operating-system-level virtualization environment which create boundaries between different applications. This is so efficient you can run multiple applications side by side without effecting each other. Since this is operating-system-level virtualization you cannot only directly on the operating system on the physical hardware, you can also use operating-system-level virtualization inside a virtual machine. This is by the way the way I see most of the deployments of containers.

Windows Containers vs. Hyper-V Containers

Hyper-V Containers

Microsoft will provide two different types of Container Run-Times. One is Windows Containers and the other one will be Hyper-V Containers (not Hyper-V Virtual Machines). In some cases it is maybe not compliant that some applications share the same operating system. In this case Hyper-V Containers will add an extra boundaries of security. Hyper-V Containers are basically Windows Containers running in a Hyper-V Partition, so with that you gain all the stuff you get with Windows Containers but with another layer of isolation.The great thing here, is that both Container Run-Times use the exam same image format. This means if an image is created in a Windows Container Run-Time it also works as a Hyper-V Container and vice versa.

Hyper-V Containers Nested Virtualization

The other great side effect of Hyper-V Containers is, that in order to run Hyper-V Containers inside a Virtual Machine we need nested Virtualization, which will be included in Windows Server 2016 Hyper-V. Btw. Hyper-V Containers are not part of the Technical Preview 3.

(Pictures from the Microsoft Ignite 2015 presentation of Taylor Brown and Arno Mihm (Program Managers for Containers)

Deploy Windows Containers

With the release of the Technical Preview 3 of Windows Server 2016, Microsoft made Windows Containers available to the public. To get started you can download a install Windows Server 2016 inside a Virtual Machine or even bare-metal. If the virtual machine has internet connection you can use the following command to download the configuration script, which will prepare your container host.

Install Windows Container Host

After that you can run the C:\ContainerSetup.ps1 script, which will prepare your container host. This can take some time depending on your internet connection and hardware.

The VM will restart several times and if it is finished you can start using Windows Containers inside this Virtual Machine.

Managing Windows Containers

Containers PowerShell Module

After you have logged in to the Virtual Machine you can start managing Containers using PowerShell:

Containers PowerShell

Get Container Images, by default you will get a WindowsServerCore Image. You can also create your own images, based on this image.

Create a new Container

Start the container

Connect to the Container using Enter-PSSession

Of course you an also use the docker command to make your containers.

Windows Containers Docker

Deploy a Container Host in Microsoft Azure

If you don’t want to go trough all the installation process you can also use a Template in Microsoft Azure to deploy a new Container Host Virtual Machine.

Microsoft Azure Windows Server Container Preview

If you need some more information on Windows Containers check out the Microsoft Resources on MSDN about Windows Server Containers.