Category: Windows Server 2012 R2

Download the new Windows Terminal Preview

How to open Windows Terminal from Command Prompt or Run

This is a really short blog post and more of a reminder than anything else. You might have seen the new Windows Terminal for Windows 10 was just released in the Windows Store as a preview. However, in the last couple of updates to the Windows Terminal app, it got to a state which already makes it my default terminal. The Windows Terminal allows you to run Windows PowerShell, PowerShell Core and even Bash using the Windows Subsystem for Linux (WSL). Especially the integration of the Azure Cloud Shell is a great plus for me. In this blog post, I am just going to show you how you can open the Windows Terminal from command prompt or Run (WIN + R).

To open Windows Terminal from the command line (cmd) or in Windows Run (WIN +R) type:

wt
Open Windows Terminal start wt

Open Windows Terminal start wt

 

If you want to know more about the Azure Cloud Shell integration, read the blog of Pierre Roman (Microsoft Cloud Advocate) on the ITOpsTalk blog.



Migrate Hyper-V VMs to Azure using Azure Migrate

Assess and Migrate Hyper-V VMs with Azure Migrate

Today, the Azure Migrate team launched an update to the Azure Migrate service, which can help you discover, assess, and migrate applications, infrastructure, and data from your on-prem environment to Microsoft Azure. This is excellent timing since we all know that Windows Server 2008 and Windows Server 2008 R2 are soon out of support and you get free extended security updates if you migrate your VMs to Azure. With Azure Migrate, you can now centrally track the progress of your migration journey across multiple thrid-party and Microsoft tools. In addition, Azure Migrate can now assess and migrate your Hyper-V virtual machines (VMs).

With the latest release of Azure Migrate you can now:

  • Extensible approach with choice across Microsoft and popular ISV assessment and migration tools
  • Integrated experience for discovery, assessment, and migration with end-to-end progress tracking for servers and databases
  • Server Assessment and Server Migration for large-scale VMware, Hyper-V, and physical server migrations
  • Database Assessment and Database Migration across various database targets including Azure SQL Database and Managed Instance

You can find more about the Azure Migrate capabilities on Microsoft Docs. For more information on Azure Migration, check out my blog post about Azure Migration on the Nigel Frank International blog. In this post, I am going to show you how you can step-by-step assess and migrate Hyper-V VMs to Azure using Azure Migrate.

Preparation

First, you need to prepare your Azure to set the right permissions and prepare the on-premises Hyper-V hosts and VMs for server assessment and migration. You can find more about the details for permissions and host preparations on Microsoft Docs.

Next, you will need to create a new Migration project for servers. Click on Asses and migrate servers.

Azure Portal Azure Migrate

Azure Portal Azure Migrate

Now you will need to add the tools you want to use for the assessment as well as for the migration, click on “add tools”.

Getting started

Getting started

You will need to create a new Azure Migrate project. Enter the details for your subscription, resource group, and a name for the project. You will also need to choose a region where your project is going to be deployed. No worries, this will only store the assessment data, you can still select another region for the migration.



Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



Azure Generation 2 Virtual machine

Generation 2 VM support on Azure – and why should I care?

A couple of days ago Microsoft announced the public preview of Generation 2 virtual machines on Azure. Generation 2 virtual machines support a bunch of new technologies like increased memory, Intel Software Guard Extensions (SGX), and virtual persistent memory (vPMEM), which are not supported on generation 1 VMs. But more on that later.

What are Hyper-V Virtual Machine Generations

Windows Server 2012 R2 Hyper-V introduced the concept of virtual machine generations. Not to be confused with Hyper-V configuration versions. The generation of a virtual machine defines the virtual hardware of a virtual machine and adds some additional and modern functionality. In Hyper-V, there are two virtual machine generations, generation 1 and generation 2. Generation 2 virtual machines support Unified Extensible Firmware Interface (UEFI) firmware instead of BIOS-based firmware. The Hyper-V team also removed a lot of the legacy devices and replaced them with a simplified virtual machine model.

On Windows Server Hyper-V Generation 2 VMs support features and improvements like

  • PXE boot by using a standard network adapter
  • Boot from a SCSI virtual hard disk
  • Boot from a SCSI virtual DVD
  • Secure Boot (enabled by default)
  • UEFI firmware support
  • OS disk > 2 TB
  • improved boot and installation times

However, an important note here, not all of these features are currently available on Azure Generation 2 virtual machines, and not all operating systems are supported in Generation 2 VMs. For example, in Windows7, Windows Server 2008 and Windows Server 2008 R2 and 32-bit Windows systems are not supported. You can find more information about Hyper-V Generation 2 VMs here.

Azure Generation 2 Virtual Machines Overview

Azure Generation 2 Virtual Machines are currently in public preview. To be honest, Generation 2 VMs in Azure aren’t that new, with the public preview of Azure Confidential Computing, we already used Generation 2 VMs. However, now we can start using it for other workloads as well. This means that you can now upload and use your local VHD (not VHDX) files based on Hyper-V Generation 2 virtual machines. Before you had to use Azure Site Recovery to replicate and convert your Hyper-V Generation 2 VMs to Azure Generation 1 VMs.

Azure Generation 1 vs. Generation 2 capabilities

Azure Generation 1 vs Generation 2 VM

Currently, Generation 2 VMs are in public preview, and that means next to not having a service level agreement (SLA), the features which are available can and are limited. If you look at features like ASR or Azure Backup, which are currently not supporting Generation 2 VMs.

CapabilityGeneration 1Generation 2
OS disk > 2 TB
Custom Disk/Image/Swap OS
Virtual machine scale set support
ASR/Backup
Shared Image Gallery
Azure Disk Encryption

You can find more information about Azure Generation 2 virtual machines with an updated list of capabilities on Microsoft Docs.

Hyper-V vs. Azure Generation 2 VMs

There are also differences between Hyper-V Generation 2 VMs and Azure Generation 2 VMs. Not all of the features provided in Hyper-V are currently present in the public preview version on Azure.

FeatureOn-prem Hyper-VAzure
Secure Boot
Shielded VM
vTPM
Virtualization-Based Security (VBS)
VHDX format

Again, you can find an up-to-date list on Microsoft Docs.

Getting started

You can get started using the Generation 2 VMs on the following VM Sizes on Azure Premium Storage and Ultra SSD:

Windows Server Azure Generation 2 Virtual Machine

In public preview, you can now also use the following Azure Marketplace images from the “windowsserver-gen2preview” offer.

  • Windows Server 2019 Datacenter (2019-datacenter-gen2)
  • Windows Server 2016 Datacenter (2016-datacenter-gen2)
  • Windows Server 2012 R2 Datacenter (2012-r2-datacenter-gen2)
  • Windows Server 2012 Datacenter (2012-datacenter-gen2)

Create a virtual machine

You can use the Azure Portal to create a new VM or the Azure CLI using the following commands:

 
az group create --name myGen2ResourceGroupVM --location eastus
az vm create \
--resource-group myGen2ResourceGroupVM \
--name myVM \
--image MicrosoftWindowsServer:windowsserver-gen2preview:2019-datacenter-gen2:latest \
--admin-username thomas \
--admin-password myPassword12

Conclusion

I hope this gives you an overview of the benefits and how you can run Generation 2 VMs on Azure. If you have any questions please let me know in the comments.



Azure File Sync Windows Admin Center

Sync File Servers with Azure File Sync in Windows Admin Center

One of the biggest challenges a lot of customers are facing, is the capability to provide access to files everywhere and have DR plans in place. This becomes especially true when you are dealing with classic file server infrastructures. Where it is difficult to manage capacity, availability, replication and much more. The Azure Storage team is addressing that need with Azure File Sync. Azure File Sync allows you to sync your file servers with an Azure Files. Azure File is a simple, secure, and fully managed cloud file share solution, using SMB 3.0 and HTTPS.

Azure File Sync

In addtion the service allows customer to use functionality like:

  • Cloud Tiering
  • Cloud Access
  • Multi-site Sync
  • Cloud Backup
  • Rapid File Server DR

In this post I will cover how, Windows Admin Center will help you to deploy Azure File Sync, if you want to know more, check out the Azure File Sync documentation page.



Setup VM Protection in Windows Admin Center_LI

Configure Azure Site Recovery from Windows Admin Center

With the Hybrid Cloud effort Microsoft invested heavy to make Windows Server and Hyper-V better connect to Microsoft Azure. One way of doing that is with Windows Admin Center and Azure Site Recovery. The Azure Site Recovery integration in Windows Admin Center, allows you to easily replicate Hyper-V virtual machines to Microsoft Azure. The technology is not new, ASR does exist for a long time and allows you to not only replicate Hyper-V VMs, but also VMware VMs and physical servers. However, with the integration in Windows Admin Center, setting up Azure Site Recovery became super easy.

Set up Azure Site Recovery from Windows Admin Center

Setup VM Protection in Windows Admin Center_LI

In the Virtual Machines extension, you can already see a recommendation to setup ASR: “Help protect your VMs from disasters by using Azure Site Recovery.” Which will guide you through the onboarding steps. If you don’t see that banner, just click on the VM you want to protect and replicate to Azure. Click on More and select “Set up VM Protection“, this will guide you through the same wizard.

If you haven’t connected your Windows Admin Center to Microsoft Azure yet, the wizard will help you to go through and set up this connection.

Setup up Hyper-V ASR Host with Windows Admin Cenetr

After your WAC is connected to Azure, you will now setup Azure Site Recovery for the Hyper-V host in Azure. This can directly be done from Windows Admin Center. For example, this will let you select the Azure Subscription you want ASR to connect to. It will let you create a new Resource Group and Recovery Services Vault or use an existing one. After you have done the configuration part, WAC will create the specific Azure resources and configure the Hyper-V host for Azure Site Recovery. This can take up to 10 minutes depending if you are using existing resources or creating new once.

If you have a look at the Hyper-V Replica settings in Hyper-V Manager, you will see that ASR is completely setup and configured.



Windows Admin Center Azure Monitor Setup

Connect Windows Admin Center to Azure Monitor

As mentioned in blogs posts before, Windows Admin Center allows admins to extend there on-prem environments with hybrid Azure services. The latest addition is the integration of Azure Monitor in Windows Admin Center. This allows you to collect events and performance counters from Windows Server to run analytics and reporting in Azure and take action when a particular condition is detected. This can then be a notification (SMS, email, push notification) and/or a direct action using Azure Logic Apps, Azure Functions, Azure Automation Runbooks, webhooks or integration into ITSM tools.

Setup monitoring and alerts in Windows Admin Center with Azure Monitor

Windows Admin Center Azure Monitor Setup

Setting up the Azure Monitor connection in Windows Admin Center is simple. Select the server you want to connect to Azure Monitor. Go to Settings and then Monitoring Alerts.

Windows Admin Center Azure Monitor Connect to Azure Monitor

Here you will be able to configure the server with the right Azure subscription, resource group and log analytics workspace.