Ubuntu VM on Windows 10

How to create an Ubuntu VM on Windows 10

Windows 10 is not just a modern desktop operating system, and it also has some great IT Pro and Developer related features build in. One of them is client Hyper-V. This is the same hypervisor which powers virtualization in Windows Server and the Microsoft Azure datacenters. With Hyper-V, you can create virtual machines running on Windows 10, without the need for third-party software. You can not just run Windows virtual machines, and you can also run Linux virtual machines. In this blog post, I am going to show you how you can create an Ubuntu VM on Windows 10 using Hyper-V.

If you want to know more about Hyper-V on Windows 10, check out the Microsoft Docs.

Install Hyper-V

First, you will need to install Hyper-V on your Windows 10 computer. Hyper-V on Windows 10 has the following requirements:

  • Windows 10 Enterprise, Professional, or Education (Home does not have the Hyper-V feature included)
  • 64-bit Processor with Second Level Address Translation (SLAT)
  • CPU support for VM Monitor Mode Extension (VT-c on Intel CPU’s)
  • Minimum of 4 GB memory

The easiest way to enable Hyper-V on Windows 10 is to run the following PowerShell command as an administrator:

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

After you have installed Hyper-V, you need to restart your computer.

Create an Ubuntu virtual machine on Windows 10

To create an Ubuntu virtual machine on Windows 10 Hyper-V, you could download the Ubuntu ISO file and install it like any operating system. However, there is a much easier way, using the Hyper-V Quick Create feature. In the Hyper-V VM Gallery, you will find not just two Windows 10 virtual machines; you will also currently find Ubuntu 18.04 LTS and Ubuntu 19.04. These are prepared Hyper-V virtual machines images, ready for you to download and install.

Ubuntu Hyper-V VM Images

Select the Ubuntu version you want to install and click on Create Virtual Machine. This will start downloading the virtual machine image.

Downloading Ubuntu Hyper-V VM Image

After the image is downloaded, you can either connect to the virtual machine and start it, or you can first modify the virtual machine settings.

Ubuntu 18.04 LTS Hyper-V VM

Optional: If you click on Edit settings, you will be able to configure the virtual machine hardware settings like vCPU or vRAM. You can also enable Secure Boot. If you enable Secure Boot for a Linux virtual machine, make sure you change the Secure Boot template to Microsoft UEFI Certificate Authority.

Ubuntu Hyper-V UEFI Secure Boot Settings

You can now start the Ubuntu VM.

Start Ubuntu hyper-V VM

 

This will boot you in the Ubuntu installation, where you can set up your Ubuntu operating system.

Install Ubuntu VM

All the specific Hyper-V drivers for Ubuntu, are already included in the image. This allows you to use features like Hyper-V Enhanced Session Mode, which enables you also to use copy-paste, and others.

Ubuntu VM on Windows 10

I hope this gives you a step-by-step guide, how you can create an Ubuntu VM on Windows 10 using Hyper-V. If you have any questions, please let me know in the comments.



Download the new Windows Terminal Preview

Install the new Windows Terminal (Preview)

At Microsoft Build 2019, the team announced a new Windows Terminal which will be open-source. There are a couple of improvements which are coming to the new Windows Terminal like; multiple tabs support, GPU accelerated DirectWrite/DirectX-based text rendering engine, advanced configuration settings, and much more. It allows you to run different shells like Windows PowerShell, PowerShell Core, Command Prompt, WSL, and also WSL 2. Today you can download the Windows Terminal Preview from the Microsoft Store. It is still a very early preview and the team, as well as the community, are still working on it. The team’s goal is to work with the community and launch version 1.0 end of 2019. Here is how you can install the new Windows Terminal.

Windows Terminal is a new, modern, fast, efficient, powerful, and productive terminal application for users of command-line tools and shells like Command Prompt, PowerShell, and WSL.

You can find more information about it here on the Microsoft announcement blog.

Download and Install the Windows Terminal

You were able to download the sources for the terminal from GitHub and build it yourself. However, the preview release in the Windows Store makes it much easier to try it out and stay more up to date.

Windows Terminal

Windows Terminal will be delivered via the Microsoft Store in Windows 10 and will be updated regularly, ensuring you are always up to date and able to enjoy the newest features and latest improvements with minimum effort.

Provide Feedback and get involved

Windows Terminal is a new, modern, feature-rich, productive terminal application for command-line users. It includes many of the features most frequently requested by the Windows command-line community including support for tabs, rich text, globalization, configurability, theming & styling, and more.

The Terminal will also need to meet our goals and measures to ensure it remains fast, and efficient, and doesn’t consume vast amounts of memory or power.

You can file bugs and share feedback with the community and us, as well as fix issues and make improvements on GitHub. If you come across any bugs or want to share feedback, you can do that on GitHub issues for detailed issues/discussions or with the Microsoft Store release in the Feedback Hub. You join the development on GitHub.

Try out the Windows Terminal today, and if you have any questions, please let me know in the comments.



Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



Migrate Amazon S3 bucket to Azure blob Storage

Migrate AWS S3 buckets to Azure blob storage

With the latest version of AzCopy (version 10), you get a new feature which allows you to migrate Amazon S3 buckets to Azure blob storage. In this blog post, I will show you how you can copy objects, folders, and buckets from Amazon Web Services (AWS) S3 to Azure blob storage using the AzCopy command-line utility. This makes it easy to migrate S3 storage to Azure or create a simple backup of your AWS S3 bucket on Azure.

AzCopy will use the Put Block from URL API, which allows you to directly copy files from AWS directly to Azure. This means you will not use a lot of bandwidth from your computer. You can even copy large objects or buckets from S3 to Azure.

Configure access and authorize AzCopy with Azure and AWS

First, you will need to install AzCopy to your machine. After that, you will need to authorize AzCopy with Microsoft Azure and AWS. To authorize with AWS S3, you have to use an AWS access key and a secret access key.

AWS access key and secret access key, and then set these environment variables:

OSCommand
Windowsset AWS_ACCESS_KEY_ID=
set AWS_SECRET_ACCESS_KEY=
Linuxexport AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
macOSexport AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=

Copy an AWS S3 object to Azure blob

You can copy a simple object using the following command:

azcopy cp "https://s3.amazonaws.com/tomsbucket/tomsobject" "https://tomsstorageaccount.blob.core.windows.net/tomscontainer/tomsblob"

Copy and migrate Amazon S3 folder to Azure

You can copy a folder from the Amazon S3 bucket to the Azure blob storage:

azcopy cp "https://s3.amazonaws.com/tomsbucket/tomsfolder" "https://tomsstorageaccount.blob.core.windows.net/tomscontainer/tomsfolder" --recursive=true

Copy an Amazon S3 bucket to Azure blob storage

You can also copy one or multiple Amazon S3 buckets to Azure:

azcopy cp "https://s3.amazonaws.com/tomsbucket" "https://tomsstorageaccount.blob.core.windows.net/tomscontainer" --recursive=true

I hope this gives you a quick idea of how you can migrate data from Amazon AWS S3 storage to Azure using AzCopy. If you want to know more, check out the official Microsoft Docs about how to copy data from Amazon S3 buckets by using AzCopy.



AZ-500 Microsoft Certified Azure Security Engineer Associate

Passed Exam AZ-500 Microsoft Certified Azure Security Engineer Associate

The new Azure Security exam just came out of beta, and I took some time to learn and see if I would pass it. I am happy that I just passed exam AZ-500: Microsoft Azure Security Technologies, which focuses on Microsoft Azure security engineers who implement security controls, maintain the security posture, manages identity and access, and protects data, applications, and networks. After passing this exam, you can call yourself a Microsoft Certified: Azure Security Engineer Associate. Azure Security Engineers implement security controls and threat protection, manage identity and access, and protect data, applications, and networks in cloud and hybrid environments as part of the end-to-end infrastructure. That means this exam covers different topics across the Azure infrastructure and many various Azure services like Azure AD, Azure IaaS, Azure Networking, Azure Kubernetes Service (AKS), Databases, Azure Monitor, Azure Security Center and many more.

Exam AZ-500: Microsoft Azure Security Technologies

Candidates identify and remediate vulnerabilities by using a variety of security tools, implements threat protection, and responds to security incident escalations. As a Microsoft Azure security engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.

Candidates for this exam should have strong skills in scripting and automation, a deep understanding of networking, virtualization, and cloud N-tier architecture, and a strong familiarity with cloud capabilities, Microsoft Azure products and services, and other Microsoft products and services.

You can find more detailed information on the Microsoft exam website. There you will find all the skills measured in this exam.

How to prepare for the AZ-500 exam

Microsoft Learn

Microsoft Learn

Exams always have a specific focus; this one covers a broad set of Azure security topics over different Azure services. This means you not only need to have particular security know-how, but also a good overview of the various Azure services. If you don’t have that right now, I recommend that you might start with other exams, such as AZ-900 and AZ-10X for the Microsoft Certified: Azure Administrator Associate. But if you want to go forward with the AZ-500 exam and become a Microsoft Certified: Azure Security Engineer Associate, first have a look at the more detailed information on the Microsoft exam website. Start reading through the Microsoft Docs about the different security topics mentioned in the skills measured, and also get some hands-on experience by trining out the various technologies. My favorite place to learn and understand some tutorial about different topics is Microsoft Learn! On Microsoft learn, you can use a lot of different learning modules, and some of them are focused on Azure Security. If you want to know more about Microsoft learn, check out my blog post: Microsoft Learn – A Great Place To Learn!

At Microsoft Ignite The Tour, our team also presented a session on securing your Azure environment, my session in Amsterdam was recorded, you can watch it here: Microsoft Ignite The Tour 2019 Azure Hybrid Session Recordings.

With that, I wish you happy learning and good luck with the AZ-500 Microsoft Azure Security Technologies exam!



Microsoft Hyper-V Server 2019

Download Hyper-V Server 2019 now

A lot of people have been waiting for this. After the release of Windows Server 2019 back in October 2018, you were able to download Windows Server 2019 Standard, Datacenter and Essentials. Today you can also download Microsoft Hyper-V Server 2019. This is the free version of the Hyper-V role which you can find in Windows Server 2019. It includes all the great Hyper-V virtualization features like the Datacenter Edition. This is especially interesting if you don’t need to license Windows Server VMs, and is ideal when you run Linux Virtual Machines or VDI VMs.

This version of Hyper-V also comes with a lower footprint, since it is only available as Server Core and doesn’t include any other roles and features, which are not related to virtualization. That said, it does not come with other Software Defined Datacenter features like Storage Spaces Direct (S2D). These features are only included in the Windows Server Datacenter edition.

Microsoft Hyper-V Server is a free product that delivers enterprise-class virtualization for your datacenter and hybrid cloud. Microsoft Hyper-V Server 2019 provides new and enhanced features that can help you deliver the scale and performance needs of your mission-critical workloads.

The Windows hypervisor technology is the same as what’s in the Hyper-V role on Windows Server 2019. It is a stand-alone product that contains only the Windows hypervisor, a Windows Server driver model, and virtualization components. It provides a simple and reliable virtualization solution to help you improve your server utilization and reduce costs.

You can download Microsoft Hyper-V Server 2019 ISO from the Microsoft Evaluation Center. You should also have a look at the Windows Admin Center, which is a locally deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs

If you want to learn more about the new Hyper-V and Windows Server 2019 features, check out my blog: Windows Server 2019 – What’s coming next



Install WSL 2 on Windows 10

With the Windows 10 Insider Preview Build 18917, the team also ships the first version of the Windows Subsystem for Linux 2 (WSL 2), which was announced at the Microsoft Build 2019 conference. In this post, I am going to show you how you can install WSL 2 on your Windows 10 machine.

The Windows Subsystem for Linux (WSL 1) was in Windows 10 for a while now and allowed you to use different Linux distros directly from your Windows 10 machine. With WSL 2, the architecture will change drastically and will bring increased file system performance and full system call compatibility. WSL 2 is now using virtualization technology (based on Hyper-V) and uses a lightweight utility VM on a real Linux kernel. You can find out more about WSL 2 in the release blog or on the Microsoft Docs Page for WSL 2.

WSL 2 Architecture

Requirements

To install WSL 2, you will need the following requirements:

Install WSL 2

To install the Windows Subsystem for Linux 2 (WSL 2), you need to follow these tasks.

  • Enable the Windows Subsystem for Linux Optional feature (WSL 1 and WSL 2)
  • Install a distro for the Windows Subsystem for Linux
  • Enable the ‘Virtual Machine Platform’ optional feature (WSL 2)
  • Configure the distro to use WSL 2

Enable the Windows Subsystem for Linux

To run the WSL on Windows 10 you will need to install the optional feature:

 
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

Install a Linux distro for the Windows Subsystem for Linux

If you don’t already have installed a WSL distro, you can download and install it from the Windows 10 store. You can find more here: Crazy times – You can now run Linux on Windows 10 from the Windows Store

Enable the Virtual Machine Platform feature

WSL 2 Enable Virtual Machine Platform

WSL 2 Enable Virtual Machine Platform

To make use of the virtualization feature for WSL 2, you will need to enable the optional Windows feature. You can run the following PowerShell command to do this. You will need to start PowerShell as an Administrator. After you run this command, you might need a restart of your computer.

 
Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform

Set WSL distro to use version 2

After you completed the first two steps, you will need to configure the distro to use WSL 2. Run the following command to list the available distros in PowerShell:

 
wsl -l -v

To set a distro to WSL 2 you can run the following command:

 
wsl --set-version DistroName 2

You can also set WSL 2 as the default:

 
wsl --set-default-version 2

To find out more about installing WSL 2, check out the Microsoft Docs page.

If you are now running your distro using WSL 2, you can now see that there is a Virtual Machine worker process running and if you search a little bit more, you can also find the VHDX file of the distro.

WSL 2 VHDX file

I hope this helps you and gives you a quick overview, if you have any questions, let me know in the comments and check out the WSL 2 FAQ.