Dec192018December 19, 2018December 19, 20180Commentby Thomas Maurer
Windows Sandbox

Windows Sandbox – Isolated Windows Desktop

Posted in Cloud, Containers, Hyper-V, Microsoft, Windows 10

Today Microsoft announced a new feature called Windows Sandbox. Windows Sandbox is built based on Windows Container technology, which allows you to spin up an isolated, temporary, desktop environment where you can run untrusted software. The software you run and install in the Windows Sandbox does not affect the host. If you shut down the Windows Sandbox all changes and all software you installed in the Sandbox are gone again. This sounds very similar to the technology Windows Defender Application Guard already used to build a sandbox environment for Microsoft Edge.

Windows Sandbox Overview

Windows Sandbox on Windows 10

picture by Microsoft

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

Windows Sandbox brings the advantages of Windows Containers and also adds a desktop. If you compare this to a Windows 10 Virtual Machine, the Windows Sandbox will consume much less resources, it starts up match faster and will be much more efficient with hardware resources. You can think of it as a lightweight virtual machine, which can share the same hardware but also the same kernel and memory as the host system (like a container).

Windows Sandbox Prerequisites

Prerequisites for using the feature

  • Windows 10 Pro or Enterprise build 18305 or later (Today this is a Windows Insider Preview)
  • 64-bit architecture
  • Virtualization capabilities enabled in BIOS
  • At least 4GB of RAM (8GB recommended)
  • 1GB of free disk space (SSD recommended)
  • 2 CPU cores (4 cores with hyperthreading recommended)

Enable Windows Sandbox on Windows 10

To enable Windows Sandbox you have to run a Windows 10 Insider Preview build 18305 or later (not yet released). Later this will be released to the public, which could be Windows 1903 (just my speculation). After that you have to follow these steps:

  1. Open Windows Features, and then select Windows Sandbox. Click OK and this will install the feature, you may need to restart your computer.
  2. After that you have the Windows Sandbox installed and you can open it from the start menu. You can copy and paste files from your Windows 10 machine to the sandbox. If you close the sandbox, all the files are gone.

Under the hood

Microsoft shared some details how they are making the Windows Sandbox work under the hood.

  • Dynamically generated Image – Less disk space used, by using links to the file on the host.
  • Smart memory management – It uses the same physical memory pages as the host for operating system binaries via a technology Microsoft refers to as “direct map”. Similar as Windows Containers do today.
  • Integrated kernel scheduler – More responsiveness by better prioritizing processes on the host and in the sandbox.
  • Snapshot and clone – Improves start time of the sandbox
  • Graphics virtualization – Benefit from hardware accelerated rendering.
  • Battery pass-through – Aware of the host’s battery state, which allows it to optimize power consumption. Similar to the Windows 10 Hyper-V Battery pass-through.

If you want to know more about the technology, I recommend to read Microsofts blog post.

My thoughts

I think it is pretty cool to see Microsoft bringing technologies together like Hyper-V, Windows Containers, Windows Defender Application Guard and many more, to bring Windows Sandbox to live. We will see if this not only can be used on a Windows 10 PC users and developers to test their applications, but also for things like Remote Desktop Session Hosts or better Windows Virtual Desktops.


Dec112018December 11, 2018December 11, 20181Commentby Thomas Maurer
Technado Podcast

Interview about Azure and Microsoft on Technado ITPro.TV

Posted in Cloud, Microsoft, Microsoft Azure, Microsoft Azure Stack, Microsoft MVP, Speaking, Webinar, Work

I was a proud interview guest at the Technado Podcast by ITPro.TV this week! Together with Cherokee and Don, we were talking about Microsoft Azure, Azure Stack and the Cloud as well as Microsoft in general and my favorite foods.

The Technado, Episode 77: Microsoft MVP Thomas Maurer

 

If you’re plugged into the Microsoft community, you’ve heard of Thomas Maurer. In this episode, Thomas will give Don and Cherokee his take on all things Azure. This week also sees a return of the latest tech news from the week.

ITProTV is the industry leader for online, on-demand IT training for tech professionals, students, and organizations worldwide. Home of binge-worthy learning, ITProTV empowers the world through engaging training.

By blending entertainment and cutting-edge technology with IT education, ITProTV creates high-quality training shows taught by experienced educators and industry professionals. Toss the boring PowerPoint classroom training aside, ITProTV is streaming the latest training for the most current tech trends and certification exams daily. Start FREE today: https://www.itpro.tv/plans/

Enjoy watching!


Dec062018December 6, 2018December 7, 20181Commentby Thomas Maurer
Azure Stack VM Update Management

Using Azure Update Management on Azure Stack

Posted in Cloud, Microsoft, Microsoft Azure, Microsoft Azure Stack, Virtualization, Windows, Windows Admin Center, Windows Server, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019

At Microsoft Ignite 2018, Microsoft announced the integration of Azure Update and Configuration Management on Azure Stack. This is a perfect example how Azure services from the public cloud can be extended into your datacenter using Azure Stack. Azure Update and Configuration Management brings Azure Update Management, Change Tracking and Inventory to your Azure Stack VMs. In the case of Azure Stack, the backend services and orchestrator like Azure Automation and Log Analytics, will remain to run in Azure, but it lets you connect your VMs running on Azure Stack.

Azure Update and Configuration Managemen Schemat

Today, the Azure Update and Configuration Management extension, gives you the following features:

  • Update Management – With the Update Management solution, you can quickly assess the status of available updates on all agent computers and manage the process of installing required updates for these Windows VMs.
  • Change Tracking – Changes to installed software, Windows services, Windows registry, and files on the monitored servers are sent to the Log Analytics service in the cloud for processing. Logic is applied to the received data and the cloud service records the data. By using the information on the Change Tracking dashboard, you can easily see the changes that were made in your server infrastructure.
  • Inventory – The Inventory tracking for an Azure Stack Windows virtual machine provides a browser-based user interface for setting up and configuring inventory collection.

If you want to use Azure Update Management and more on VMs on-premise (without Azure Stack) or running at another Cloud Provider, you can do this as well. Have a look at Windows Admin Center, which allows you to directly integrate with Azure Update Management. However, there will be a difference in pricing.

Read More

Dec052018December 5, 2018December 5, 20180Commentby Thomas Maurer
Microsoft House Zürich

Microsoft House opened in Zürich

Posted in Cloud, Hardware, HoloLens, Microsoft, Microsoft Azure, Office, Office365, Surface, Surface Hub, Windows, Windows 10

Microsoft Switzerland just announced the Microsoft “Pop-Up” House in Zürich. The Microsoft House in Zürich will offer different experiences to dive into the Microsoft world.

Over the next three months, the Microsoft House offers you the opportunity to visit events and workshops and experience our technologies, solutions and latest Surface devices. We look forward to talking to you about your business and what’s important for you and invite you to work with us in our 300 m2 co-working space.

The opening will take place on Monday, December 10th at 12.00 pm. The Microsoft House is located at Poststrasse 5, a few steps away from Paradeplatz, in Zurich.

The Microsoft House in Zürich offers:

  • A temporary Microsoft Store – To discover and buy the latest Microsoft Surface devices and accessories.
  • Experience – You can experience the latest technology like Microsoft Surface devices, HoloLens, Mixed Reality and even the dive into the world of artificial intelligence. Or just enjoying playing games on the latest Xbox One X and explore the history of Microsoft. You can also join workshops for things like Office 365 and more.
  • Open Workspace – There is even a 300m2 co-working pace which you can use.

Microsoft House Zürich Flyer

I will definitely step by and check it out!

 


Dec042018December 4, 2018December 4, 20181Commentby Thomas Maurer
System Center release cadence

System Center 2019 – What’s new

Posted in Cloud, Hyper-V, Microsoft, Microsoft Azure, Service Management Automation, Service Manager, System Center, Virtual Machine Manager, Virtualization, Windows Admin Center, Windows Server, Windows Server 2019, Work

Microsoft just launched Windows Server 2019 and Windows Admin Center, which also raised the interest in System Center 2019. At Microsoft Ignite, Microsoft was talking about what is new in System Center 2019, the future of System Center, and how it fits in with Windows Admin Center and other management tools.

Microsoft Cloud and Datacenter Management Story

Microsoft Cloud and Datacenter Management Overview

With Microsoft now offering a range of products to manage your Cloud and Datacenter environments, the question comes up “which is the best solution?”. It is not only depending on the size of your company, it also depends on which services you are using and what your job role is. Coming from the Azure site, you have Azure Security and Management, which allows you not only to manage your Azure resources but also integrates and extends with your on-premises environment. System Center is aimed to manage fatacenter environments at scale, and Windows Admin Center helps you to dig deeper to manage individual servers or single cluster management. Both Windows Admin Center and System Center 2019, can be used side by side and both are integrated into Microsoft Azure.

System Center Windows Admin Center better together

System Center vs Windows Admin Center

I often get the question, does Windows Admin Center replace System Center? The answer to this is no, System Center is aimed to do management at a datacenter scale, while Windows Admin Center is giving you deep management access to a single server or clusters. In small environments you might end up using Windows Admin Center only, but in larger datacenter deployments, you are likely to use a combination of System Center and Windows Admin Center.

System Center 2019 Suite Improvements

System Center 2019 Focus

The System Center 2019 release focuses on three main areas. First of all, it adds more capabilities to the existing components and features which were requested by customers. Secondly, it brings integration for the next version of Windows Server, Windows Server 2019 and brings new Windows Server features to life in System Center. Last but not least, System Center 2019 adds more Hybrid Cloud integrations with Microsoft Azure.

Read More

Dec032018December 3, 2018December 3, 20180Commentby Thomas Maurer
Azure Stack Tenant Portal

Considerations for deploying apps and services on Azure Stack

Posted in Cloud, Microsoft, Microsoft Azure, Microsoft Azure Stack, PowerShell, Private Cloud, Work

I work with a couple of customers on different Azure Stack projects. One of the main topics that always comes up, is what are the differences between Azure and Azure Stack when deploying applications and services. Obviously there are the high level differences, which I have written about it here: Microsoft Azure Stack – Azure Extension in your Datacenter. However, there are also small differences in features and services between Azure and Azure Stack. These differences can block customers form deploying and automating workloads. I tried to summarize the most common differences and considerations you should know, in a single blog post.

High-level differences between Azure and Azure Stack

Some of the high-level differences between the to platforms are:

  • An Azure Stack does not have the same SLA and physical security in place, since the Azure Stack does not run in a Microsoft operated location.
  • Azure Stack provides only a subset of the Azure services and features.
  • Azure Stack is not operated by Microsoft. Azure Stack backend is operated by the operators in your company or by a service provider.
  • The Azure Stack operator, which can be your company or a service provider, chooses which services, features and marketplace items he wants to make available on Azure Stack.
  • Azure Stack comes with its own portal. It has the same look and feel, but it will be another URL and endpoints for the portal as well as for the APIs.
  • Azure Stack will have different PowerShell and API versions available. If you are building a hybrid cloud app, which should work on Azure and Azure Stack, make sure you are using the versions supported by Azure Stack.

Considerations and differences between Azure and Azure Stack

Obviously, there is much more to this. I put a list of links together, where you can find the differences between Azure and Azure Stack and more considerations you should think of when deploying on Azure Stack.

Setup an Azure Stack operator and developer environment

Install Azure Stack PowerShell

To connect to Azure Stack using PowerShell, Visual Studio, the Azure CLI or other Azure Stack tooling, you have to setup a few things. I recommend that you read my blog post about how to setup an Azure Stack operator and developer environment. This is not only helpful for operators, but also for people who want to deploy and develop solutions on Azure Stack.

Check API versions available on Azure Stack

Azure Stack API Verions PowerShell

If you are an Azure Stack tenant and you want to check which API versions are available on your Azure Stack, you can run the following PowerShell command against Azure Stack. This does not need any administrator rights, you will just need a tenant account on Azure Stack to access it. If your Azure Stack is running at a service provider, it is very likely that you won’t have access to the Administrator portal to check the version.

Check Azure Stack version release notes

Azure Stack Version Release Notes

Another good thing to check if you are running in any issues deploying applications or services, is to check the Azure Stack version release notes. They document very well the new features added, fixed as well as known issues with that release.

You can find the links to the latest Azure Stack release notes here. I also recommend that you read my article about Updating Azure Stack.

I hope this gives you a quick overview and help you to successfully deploy applications and services on Azure Stack. You can find most of this information on the documentation site, but I decided to consolidate this information in one post.


Nov302018November 30, 2018November 30, 20180Commentby Thomas Maurer
Geeksprech Podcast Windows Server 2019 with Thomas Maurer

GeekSprech Podcast – Windows Server 2019 (German)

Posted in Cloud, Containers, Hyper-V, Microsoft, Microsoft Azure Stack, Microsoft MVP, Virtualization, Windows Server, Windows Server 2019, Work

Microsoft just released Windows Server 2019 to the public and with that I was invited to be a guest in the GeekSprech Podcast from Microsoft MVPs Eric Berg and Alexander Benoit. We talked about the Windows Server 2019 release and what great new features in this release. We also got off topic and had some chats about security, Azure Stack and more.

If you want to listen to it (it is in German), you can do this on the GeekSprech website or here:

It was an honor and a lot of fun talking with Eric and Alexander!



  • Follow Me

  • About

    Thomas Maurer

    My Name is Thomas Maurer. Microsoft MVP. Work as a Solutions Architect and Technology Lead for itnetX, a consulting and engineering company located in Switzerland. I am focused on Microsoft Technologies, especially Microsoft Cloud & Datacenter solutions based Microsoft System Center, Microsoft Virtualization and Microsoft Azure.

    Microsoft MVP

  • Sponsor

  • Sponsor

    Starwind HCA

  • Sponsor

    Vembu BDR Suite

  • Sponsor

    Altaro Hyper-V eBook