Category: Windows Server 2012 R2

New Windows Server Performance Monitor

New Performance Monitor for Windows Server

In this blog post, I am going to show you the new Windows Performance Monitor feature in Windows Admin Center. This feature was announced publicly at Microsoft Ignite 2019. But before we are going to have a look at the new Windows Admin Center Performance Monitor extension, it is time for some history. If you have worked with Windows or Windows Server in the past, you almost certainly have used a tool called perfmon.exe, or Windows Performance Monitor.

You can use Windows Performance Monitor to examine how programs affect your computer’s performance, both in real-time and by collecting log data for later analysis. It uses performance counters, event trace data, and configuration information, which can be combined into Data Collector Sets. Perfmon exists already for a long time. It is super powerful for troubleshooting Windows. However, it is definitely if you look at the classic MMC user-interface and the user-experience in general, probably not your favorite tool to use. That is why we needed something better.

Perfmon

Perfmon.exe

Windows Reliability and Performance Monitor is a Microsoft Management Console (MMC) snap-in that provides tools for analyzing system performance. From a single console, you can monitor application and hardware performance in real time, customize what data you want to collect in logs, define thresholds for alerts and automatic actions, generate reports, and view past performance data in a variety of ways.

You can find more about the classic perfmon.exe here.

A couple of weeks ago, I was contacted by Windows Server Program Manager Cosmos Darwin, who works at great features in Windows Server like Storage Spaces Direct. He asked me if I remember my feedback item in user voice, which I created a couple of years ago.

Windows Server Windows Admin Center User Voice Feedback

Windows Server Windows Admin Center User Voice Feedback

Back then, I wasn’t working for Microsoft, but I was working in a couple of different projects where we were using Windows Server and needed to build a real-time performance monitoring system. Which allowed us to monitor remote servers and clusters.

And here it is, the shiny new Windows Admin Center Performance Monitor extension. This new UI is integrated into the web-based Windows Admin Center management tool.

Windows Admin Center Performance Monitor

Windows Admin Center Performance Monitor

Using the Performance Monitor extension in Windows Admin Center uses the same performance data as perfmon, like performance counters, which means that it will just work with your existing configuration. However, it adds a couple of benefits. No worries, the classic perfmon.exe is still there for you to use it.

  • Easy Remoting ✔ – You can easily use it on your remote machine. Windows Admin Center uses PowerShell remoting in the background to connect to the remote computer.
  • Share Workspaces ✔ – You can create workspaces that you can save and use for multiple systems within the same Windows Admin Center instance. But you can also export them and import them on other Windows Admin Center gateway installations.
    Upload and Download Workspaces

    Upload and Download Workspaces

  • Search and highlighting ✔ – You can easily search for objects and counters. Performance Monitor also highlights the useful objects for your system. So you don’t have to guess which counter to use.
    Performance Monitor Search Counter

    Performance Monitor Search Counter

  • Different Graph Types ✔ – You can use different types of graphs, which make it easier to find and compare the right information depending on your scenario.
    Min-Max View

    Min-Max View

    Windows Server Performance Monitor Heatmap

    Windows Server Performance Monitor Heatmap

     

I hope this gives you a quick overview of the new Performance Monitor extension in Windows Admin Center. You can get Windows Admin Center from here. If you have any questions, feel free to leave a comment. There is also a short survey, about different tools like perfmon, this will directly influence the work on Windows Admin Center. You can check out the official announcement blog here.

By the way, Windows Admin Center also offers a great set of Azure Hybrid services integration. Check out my blog post and videos about the Azure Hybrid services in Windows Admin Center.



Connect Azure VMs with Windows Admin Center

How to manage Azure VMs with Windows Admin Center

Windows Admin Center is a browser-based management tool to manage your servers, clusters, hyper-converged infrastructure, and Windows 10 PCs. You can deploy it anywhere you want. If you run on-prem, you can install it on a Windows Server running in your infrastructure, or you can also install Windows Admin Center on an Azure virtual machine (VM). In this post, we want to address scenarios where you have deployed Windows Admin Center on-premises, and you want to manage some Azure VMs. In this post, I am going to show you how you can manage Azure VMs with Windows Admin Center (WAC).

If you want to know more about Windows Admin Center in general, check out my blog post.

How to manage Azure IaaS VMs with your on-premises Windows Admin Center gateway

As mentioned before, you can also install a Windows Admin Center server running on Azure IaaS virtual machine, but more on that in another post. In this post, I will cover how you can connect to an Azure VM from your on-prem Windows Admin Center (WAC) installation. There are two ways you can connect from WAC to Azure VMs.

The first one would be using the public IP address of a virtual machine running in Azure. This would mean that you need to open the PowerShell remoting port in the network security group (NSG), to be able to connect. I wouldn’t recommend this scenario since this exposes your virtual machines to the public internet. However, if you want to know more about that solution, check out the Microsoft Docs.

What I wound recommend is that you use a VPN connection to connect to your Azure virtual network where your VM is running. However, I know that in a lot of cases, you might not have a Site-2-Site VPN connection to your Azure virtual network. To still be able to connect form Windows Admin Center to an Azure VM, you can use the Azure Network Adapter feature. The Azure Network Adapter will create a Point-2-Site VPN connection from your Windows Server to Azure. And we are going to use this feature on our WAC gateway, so the WAC gateway is able to reach the virtual machine in Azure.

Add Azure Network Adapter

Add Azure Network Adapter

First, you will need to add a new Azure Network Adapter. This can be done in the Network extension in Windows Admin Center. This will open up a wizard that will guide you through the setup and if needed also helps you to register WAC in Microsoft Azure.

Create Azure Network Adapter

Create Azure Network Adapter

The setup can take a while, depending on if you already have a VPN gateway in Azure or not. WAC will create all the necessary resources in Azure, and create the Point-to-Site VPN connection for you. Also, keep in mind that the VPN gateway is an additional resource and will have an additional cost.

Connect to an Azure Virtual network

Connect to an Azure Virtual network

Now you can add and connect to your virtual machine running in Azure, using the private IP address of the machine.

Connect Azure VMs with Windows Admin Center

Connect Azure VMs with Windows Admin Center

You add a server by directly entering the IP address or you can use the Add Azure Virtual Machine wizard, to discover the VM in your Azure subscription.

Add Azure VM in Windows Admin Center

Add Azure VM in Windows Admin Center

I hope this helps you to connect your Azure virtual machines security without exposing ports to the public internet. If you have a site-to-site VPN connection to your Azure virtual network, you can use this as well without the need of setting up Azure Network Adapter.

If you are interested in other Azure Hybrid services in Windows Admin Center, check out the following blog post including the video series: Configure Azure Hybrid Services in Windows Admin Center

Besides, you can also have a look at my other blog post about how to set up Azure hybrid cloud services.

If you want to download Windows Admin Center, check out the download page. If you have any questions, feel free to leave a comment.



Run Windows Admin Center on Windows Server Core

Run Windows Admin Center on Windows Server Core

Windows Admin Center is a locally deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs. If you ever asked yourself if Windows Admin Center (WAC) runs on Windows Server Core, the answer is yes. Run and install Windows Admin Center on Windows Server Core, simply copy the MSI installer to the Windows Server, or download it directly. If you are running Windows Server in a Hyper-V virtual machine, PowerShell Direct and be very handy to copy files using the VMBus from the Hyper-V host to the virtual machine.

Copy Windows Admin Center MSI to Windows Server Core VM PowerShell Direct

Copy Windows Admin Center MSI to Windows Server Core VM PowerShell Direct

Download Windows Admin Center (WAC) from here. You can simply use the following commands on your Hyper-V host to copy a file using PowerShell Direct.

$cred = Get-Credential
$s = New-PSSession -VMName WindowsServerInsider -Credential $cred
Copy-Item -Path .\WindowsAdminCenterPreview1908.msi -ToSession $s -Destination "C:\Users\Administrator"

Now you can run the MSI installer for Windows Admin Center. There is also an unattended option for WAC on Windows Server Core. You can find more about installing WAC here.

Install Windows Admin Center on Windows Server Core

Install Windows Admin Center on Windows Server Core

After the installation has finished you can now remotely access the Windows Admin Center web portal form your workstation. However, if you install the new Microsoft Edge Insider Preview, which runs on Windows Server Core as well. You can access the console form your local machine. Don’t do that in production, but it is great if you are running demos or you need to troubleshoot the installation.

Install Microsoft Edge on Windows Server Core

Install Microsoft Edge on Windows Server Core

You can download the Microsoft Edge Insider from here. Thanks to Jeff Woolsey for the tip.

If you want to know more about Windows Admin Center check out my blog post and the Microsoft Docs. If you have any questions, please let me know in the comments. By the way, also make sure that you check out the Windows Admin Center Hybrid features, which allows you to easily connect Azure services.



Download the new Windows Terminal Preview

How to open Windows Terminal from Command Prompt or Run

This is a really short blog post and more of a reminder than anything else. You might have seen the new Windows Terminal for Windows 10 was just released in the Windows Store as a preview. However, in the last couple of updates to the Windows Terminal app, it got to a state which already makes it my default terminal. The Windows Terminal allows you to run Windows PowerShell, PowerShell Core and even Bash using the Windows Subsystem for Linux (WSL). Especially the integration of the Azure Cloud Shell is a great plus for me. In this blog post, I am just going to show you how you can open the Windows Terminal from command prompt or Run (WIN + R).

To open Windows Terminal from the command line (cmd) or in Windows Run (WIN +R) type:

wt
Open Windows Terminal start wt

Open Windows Terminal start wt

 

If you want to know more about the Azure Cloud Shell integration, read the blog of Pierre Roman (Microsoft Cloud Advocate) on the ITOpsTalk blog.



Migrate Hyper-V VMs to Azure using Azure Migrate

Assess and Migrate Hyper-V VMs with Azure Migrate

Today, the Azure Migrate team launched an update to the Azure Migrate service, which can help you discover, assess, and migrate applications, infrastructure, and data from your on-prem environment to Microsoft Azure. This is excellent timing since we all know that Windows Server 2008 and Windows Server 2008 R2 are soon out of support and you get free extended security updates if you migrate your VMs to Azure. With Azure Migrate, you can now centrally track the progress of your migration journey across multiple thrid-party and Microsoft tools. In addition, Azure Migrate can now assess and migrate your Hyper-V virtual machines (VMs).

With the latest release of Azure Migrate you can now:

  • Extensible approach with choice across Microsoft and popular ISV assessment and migration tools
  • Integrated experience for discovery, assessment, and migration with end-to-end progress tracking for servers and databases
  • Server Assessment and Server Migration for large-scale VMware, Hyper-V, and physical server migrations
  • Database Assessment and Database Migration across various database targets including Azure SQL Database and Managed Instance

You can find more about the Azure Migrate capabilities on Microsoft Docs. For more information on Azure Migration, check out my blog post about Azure Migration on the Nigel Frank International blog. In this post, I am going to show you how you can step-by-step assess and migrate Hyper-V VMs to Azure using Azure Migrate.

Preparation

First, you need to prepare your Azure to set the right permissions and prepare the on-premises Hyper-V hosts and VMs for server assessment and migration. You can find more about the details for permissions and host preparations on Microsoft Docs.

Next, you will need to create a new Migration project for servers. Click on Asses and migrate servers.

Azure Portal Azure Migrate

Azure Portal Azure Migrate

Now you will need to add the tools you want to use for the assessment as well as for the migration, click on “add tools”.

Getting started

Getting started

You will need to create a new Azure Migrate project. Enter the details for your subscription, resource group, and a name for the project. You will also need to choose a region where your project is going to be deployed. No worries, this will only store the assessment data, you can still select another region for the migration.



Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



Azure Generation 2 Virtual machine

Generation 2 VM support on Azure – and why should I care?

A couple of days ago Microsoft announced the public preview of Generation 2 virtual machines on Azure. Generation 2 virtual machines support a bunch of new technologies like increased memory, Intel Software Guard Extensions (SGX), and virtual persistent memory (vPMEM), which are not supported on generation 1 VMs. But more on that later.

What are Hyper-V Virtual Machine Generations

Windows Server 2012 R2 Hyper-V introduced the concept of virtual machine generations. Not to be confused with Hyper-V configuration versions. The generation of a virtual machine defines the virtual hardware of a virtual machine and adds some additional and modern functionality. In Hyper-V, there are two virtual machine generations, generation 1 and generation 2. Generation 2 virtual machines support Unified Extensible Firmware Interface (UEFI) firmware instead of BIOS-based firmware. The Hyper-V team also removed a lot of the legacy devices and replaced them with a simplified virtual machine model.

On Windows Server Hyper-V Generation 2 VMs support features and improvements like

  • PXE boot by using a standard network adapter
  • Boot from a SCSI virtual hard disk
  • Boot from a SCSI virtual DVD
  • Secure Boot (enabled by default)
  • UEFI firmware support
  • OS disk > 2 TB
  • improved boot and installation times

However, an important note here, not all of these features are currently available on Azure Generation 2 virtual machines, and not all operating systems are supported in Generation 2 VMs. For example, in Windows7, Windows Server 2008 and Windows Server 2008 R2 and 32-bit Windows systems are not supported. You can find more information about Hyper-V Generation 2 VMs here.

Azure Generation 2 Virtual Machines Overview

Azure Generation 2 Virtual Machines are currently in public preview. To be honest, Generation 2 VMs in Azure aren’t that new, with the public preview of Azure Confidential Computing, we already used Generation 2 VMs. However, now we can start using it for other workloads as well. This means that you can now upload and use your local VHD (not VHDX) files based on Hyper-V Generation 2 virtual machines. Before you had to use Azure Site Recovery to replicate and convert your Hyper-V Generation 2 VMs to Azure Generation 1 VMs.

Azure Generation 1 vs. Generation 2 capabilities

Azure Generation 1 vs Generation 2 VM

Currently, Generation 2 VMs are in public preview, and that means next to not having a service level agreement (SLA), the features which are available can and are limited. If you look at features like ASR or Azure Backup, which are currently not supporting Generation 2 VMs.

CapabilityGeneration 1Generation 2
OS disk > 2 TB
Custom Disk/Image/Swap OS
Virtual machine scale set support
ASR/Backup
Shared Image Gallery
Azure Disk Encryption

You can find more information about Azure Generation 2 virtual machines with an updated list of capabilities on Microsoft Docs.

Hyper-V vs. Azure Generation 2 VMs

There are also differences between Hyper-V Generation 2 VMs and Azure Generation 2 VMs. Not all of the features provided in Hyper-V are currently present in the public preview version on Azure.

FeatureOn-prem Hyper-VAzure
Secure Boot
Shielded VM
vTPM
Virtualization-Based Security (VBS)
VHDX format

Again, you can find an up-to-date list on Microsoft Docs.

Getting started

You can get started using the Generation 2 VMs on the following VM Sizes on Azure Premium Storage and Ultra SSD:

Windows Server Azure Generation 2 Virtual Machine

In public preview, you can now also use the following Azure Marketplace images from the “windowsserver-gen2preview” offer.

  • Windows Server 2019 Datacenter (2019-datacenter-gen2)
  • Windows Server 2016 Datacenter (2016-datacenter-gen2)
  • Windows Server 2012 R2 Datacenter (2012-r2-datacenter-gen2)
  • Windows Server 2012 Datacenter (2012-datacenter-gen2)

Create a virtual machine

You can use the Azure Portal to create a new VM or the Azure CLI using the following commands:

 
az group create --name myGen2ResourceGroupVM --location eastus
az vm create \
--resource-group myGen2ResourceGroupVM \
--name myVM \
--image MicrosoftWindowsServer:windowsserver-gen2preview:2019-datacenter-gen2:latest \
--admin-username thomas \
--admin-password myPassword12

Conclusion

I hope this gives you an overview of the benefits and how you can run Generation 2 VMs on Azure. If you have any questions please let me know in the comments.