Category: Windows Server 2012 R2

Speaking at Deploy by ShareGate Online Event

Speaking at Deploy by ShareGate Online Event

I am happy to let you know that I will be speaking online at Deploy by ShareGate. Deploy is an expert-led online event focused on Microsoft Azure Governance. On May 7th, at Deploy, I’ll be talking about Manage and govern your hybrid servers using Azure Arc, to help you stay on top of your Azure hybrid environment. This full-day virtual event, led by me and seven other Azure experts, is all about helping you implement Azure governance best practices.

Manage and govern your hybrid servers using Azure Arc

Thomas Maurer shows you how you can manage and govern your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud provider, similarly to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Azure Arc provides you with the familiar cloud-native Azure management experience, like RBAC, Tags, Azure Policy, Log Analytics and more.

If you’re interested in learning how to implement Azure governance best practices, join me (virtually) at Deploy by ShareGate on May 7! Save your free seat now and join me (virtually) at Deploy. I hope to see you there!



Secure your Server with Azure Security Center

Use Azure Security Center with Windows Server on-premises

Windows Admin Center makes it easy to connect Azure Hybrid Cloud services to your on-premises Windows Server environment. For a while now we can connect services like Azure Monitor, Azure File Sync, Azure Update Management and many more to Windows Server. This helps us to make our on-premises environment even better, by using Azure Cloud Services. At Microsoft Ignite we also announced Azure Arc, which brings cloud-native management to your on-premises environment. With the latest version of the Windows Admin Center, we can now easily connect Windows Servers to Azure Security Center. Azure Security Center will help you to quickly strengthen your security posture and protect against threats. It will not just scan your Azure resources but also your hybrid resources, for example, servers running on-premises or at other cloud providers. You can add Linux and Windows servers to Azure Security Center, and Windows Admin Center makes it easy to onboard your Windows Server.

Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.

Keeping your resources safe is a joint effort between your cloud provider, Azure, and you, the customer. You have to make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service). Azure Security Center provides you the tools needed to harden your network, secure your services and make sure you’re on top of your security posture.

You can find more about Azure Security Center here.

Add an on-premises Windows Server to Azure Security Center

To add an on-premises Windows Server to Azure Security Center you can install an agent or you can use Windows Admin Center.

Secure your Server with Azure Security Center

Secure your Server with Azure Security Center

Open Windows Admin Center and click on Azure Security Center in the menu. Click on Sign into Azure and set up. This will open the wizard to onboard the server.

Onboard Server to Azure Security Center with Windows Admin Center

Onboard Server to Azure Security Center with Windows Admin Center

The wizard will ask you to with Azure subscription, resource group and log analytics workspace the server should be connected to. After a couple of minutes, you will get recommendations which you can review in the Azure Security Center or directly for the Windows Server in Windows Admin Center.

Azure Security Center Recommendations

Azure Security Center Recommendations

Get Windows Admin Center

Windows Admin Center is a free download to use with your Windows Servers, you can download Windows Admin Center here. If you want to know more about the Hybrid capabilities, check out my blog post on ITOpsTalk.com. If you want to know more about Azure Hybrid Cloud, check out azure.com/hybrid.

I hope this gives you an overview of how you add Windows Servers to Azure Security Center using Windows Admin Center. Let me know if you have any questions in the comments.



Azure Advent Calendar Azure Arc

Azure Advent Calendar 2019 – Azure Arc for Servers

The Azure Advent Calendar is a great initiative by Microsoft MVPs Gregor Suttie and Richard Hooper. Over the course of 25 days, the community creates and released 75 videos about Azure technologies and topics. I am happy to be part of the community and release an Azure Advent Calendar 2019 video on Azure Arc for Servers.

 

Azure Arc for servers allows customers to manage and govern servers across their hybrid cloud environment, Windows and Linux servers running in Azure, on-premises, at the edge, and in a multi-cloud environment. You can use the Azure cloud-native management technologies included in Azure Resource Manager to manage and govern server on any infrastructure.

Azure Arc consists of a set of different technologies and components like:

  • Organize and govern all your servers – Azure Arc extends Azure management to physical and virtual servers anywhere. Govern and manage servers from a single scalable management pane. You can learn more about Azure Arc for servers here.
  • Manage Kubernetes apps at scale – Deploy and configure Kubernetes applications consistently across all your environments with modern DevOps techniques.
  • Run data services anywhere – Deploy Azure data services in moments, anywhere you need them. Get simpler compliance, faster response times, and better security for your data. You can learn more here.
  • Adopt cloud technologies on-premises – Bringing cloud-native management to your hybrid environment. You can learn more about Azure Arc for servers here.

Watch Azure Arc Video

Here you can watch the Azure Arc Video from the Azure Advent Calendar 2019.

You can find and watch the video about Azure Arc for servers here. If you want to see more Azure Advent Calendar videos, you can check the Azure Advent Calendar website and the Youtube channel.

I hope you enjoy the video if you have any question about the Azure Advent Calendar 2019 video and Azure Arc for servers, please feel free to leave a comment.



Azure Cloud Shell in Windows Admin Center

Run Azure Cloud Shell in Windows Admin Center

As you know Windows Admin Center enables you to not just manage Windows Server machines with a web-based user interface, but also to easily connect Azure Hybrid services to your on-premises Windows Server environment. Windows Admin Center allows you to connect services like Azure File Sync, Azure Update Management, Azure Backup, Azure Site Recovery and many more to your Windows Server and Azure Stack HCI environment. With the latest release of Windows Admin Center (WAC) which was announced at Microsoft Ignite 2019, we get another hybrid cloud feature. We get a new Azure Cloud Shell extension in Windows Admin Center. Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. We are able to use Cloud Shell directly from the Azure portal, shell.azure.com, in Visual Studio Code, in the new Windows Terminal or even in the Azure mobile app. Now with the new solution/extension, administrators can also run Cloud Shell directly within WAC.

How to run Azure Cloud Shell in Windows Admin Center

First, you will need to enable and install the new Azure Cloud Shell solution. For that open Windows Admin Center, go to Settings and in the menu click on Extensions.

Extensions

Extensions

Under available extensions, you will find the new Azure Cloud Shell (Preview) extension. Click on Install, the WAC portal will refresh automatically.

After the page has refreshed, the Cloud Shell option will show up in the top menu.

Start Cloud Shell in Windows Admin Center

Start Cloud Shell in Windows Admin Center

If you start Azure Cloud Shell for the first time, you will need to login to Azure.

After that, you can run the PowerShell or Bash experience, depending on what you prefer. You also have access to the clouddrive which comes with Cloud Shell.

Azure Cloud Shell in Windows Admin Center

Azure Cloud Shell in Windows Admin Center

In that, you can run tools like the Azure CLI, Azure PowerShell and much more. If you want to learn more about Azure Cloud Shell, check out my blog post, Mastering Azure with Cloud Shell. Windows Admin Center is a free download to use with your Windows Servers, you can download Windows Admin Center here. If you want to know more about the Hybrid capabilities, check out my blog post on ITOpsTalk.com.

I hope this gives you an overview of how you can run Azure Cloud Shell in Windows Admin Center. Let me know if you have any questions in the comments.



New Windows Server Performance Monitor

New Performance Monitor for Windows Server

In this blog post, I am going to show you the new Windows Performance Monitor feature in Windows Admin Center. This feature was announced publicly at Microsoft Ignite 2019. But before we are going to have a look at the new Windows Admin Center Performance Monitor extension, it is time for some history. If you have worked with Windows or Windows Server in the past, you almost certainly have used a tool called perfmon.exe, or Windows Performance Monitor.

You can use Windows Performance Monitor to examine how programs affect your computer’s performance, both in real-time and by collecting log data for later analysis. It uses performance counters, event trace data, and configuration information, which can be combined into Data Collector Sets. Perfmon exists already for a long time. It is super powerful for troubleshooting Windows. However, it is definitely if you look at the classic MMC user-interface and the user-experience in general, probably not your favorite tool to use. That is why we needed something better.

Perfmon

Perfmon.exe

Windows Reliability and Performance Monitor is a Microsoft Management Console (MMC) snap-in that provides tools for analyzing system performance. From a single console, you can monitor application and hardware performance in real time, customize what data you want to collect in logs, define thresholds for alerts and automatic actions, generate reports, and view past performance data in a variety of ways.

You can find more about the classic perfmon.exe here.

A couple of weeks ago, I was contacted by Windows Server Program Manager Cosmos Darwin, who works at great features in Windows Server like Storage Spaces Direct. He asked me if I remember my feedback item in user voice, which I created a couple of years ago.

Windows Server Windows Admin Center User Voice Feedback

Windows Server Windows Admin Center User Voice Feedback

Back then, I wasn’t working for Microsoft, but I was working in a couple of different projects where we were using Windows Server and needed to build a real-time performance monitoring system. Which allowed us to monitor remote servers and clusters.

And here it is, the shiny new Windows Admin Center Performance Monitor extension. This new UI is integrated into the web-based Windows Admin Center management tool.

Windows Admin Center Performance Monitor

Windows Admin Center Performance Monitor

Using the Performance Monitor extension in Windows Admin Center uses the same performance data as perfmon, like performance counters, which means that it will just work with your existing configuration. However, it adds a couple of benefits. No worries, the classic perfmon.exe is still there for you to use it.

  • Easy Remoting ✔ – You can easily use it on your remote machine. Windows Admin Center uses PowerShell remoting in the background to connect to the remote computer.
  • Share Workspaces ✔ – You can create workspaces that you can save and use for multiple systems within the same Windows Admin Center instance. But you can also export them and import them on other Windows Admin Center gateway installations.
    Upload and Download Workspaces

    Upload and Download Workspaces

  • Search and highlighting ✔ – You can easily search for objects and counters. Performance Monitor also highlights the useful objects for your system. So you don’t have to guess which counter to use.
    Performance Monitor Search Counter

    Performance Monitor Search Counter

  • Different Graph Types ✔ – You can use different types of graphs, which make it easier to find and compare the right information depending on your scenario.
    Min-Max View

    Min-Max View

    Windows Server Performance Monitor Heatmap

    Windows Server Performance Monitor Heatmap

     

I hope this gives you a quick overview of the new Performance Monitor extension in Windows Admin Center. You can get Windows Admin Center from here. If you have any questions, feel free to leave a comment. There is also a short survey, about different tools like perfmon, this will directly influence the work on Windows Admin Center. You can check out the official announcement blog here.

By the way, Windows Admin Center also offers a great set of Azure Hybrid services integration. Check out my blog post and videos about the Azure Hybrid services in Windows Admin Center.



Connect Azure VMs with Windows Admin Center

How to manage Azure VMs with Windows Admin Center

Windows Admin Center is a browser-based management tool to manage your servers, clusters, hyper-converged infrastructure, and Windows 10 PCs. You can deploy it anywhere you want. If you run on-prem, you can install it on a Windows Server running in your infrastructure, or you can also install Windows Admin Center on an Azure virtual machine (VM). In this post, we want to address scenarios where you have deployed Windows Admin Center on-premises, and you want to manage some Azure VMs. In this post, I am going to show you how you can manage Azure VMs with Windows Admin Center (WAC).

If you want to know more about Windows Admin Center in general, check out my blog post.

How to manage Azure IaaS VMs with your on-premises Windows Admin Center gateway

As mentioned before, you can also install a Windows Admin Center server running on Azure IaaS virtual machine, but more on that in another post. In this post, I will cover how you can connect to an Azure VM from your on-prem Windows Admin Center (WAC) installation. There are two ways you can connect from WAC to Azure VMs.

The first one would be using the public IP address of a virtual machine running in Azure. This would mean that you need to open the PowerShell remoting port in the network security group (NSG), to be able to connect. I wouldn’t recommend this scenario since this exposes your virtual machines to the public internet. However, if you want to know more about that solution, check out the Microsoft Docs.

What I wound recommend is that you use a VPN connection to connect to your Azure virtual network where your VM is running. However, I know that in a lot of cases, you might not have a Site-2-Site VPN connection to your Azure virtual network. To still be able to connect form Windows Admin Center to an Azure VM, you can use the Azure Network Adapter feature. The Azure Network Adapter will create a Point-2-Site VPN connection from your Windows Server to Azure. And we are going to use this feature on our WAC gateway, so the WAC gateway is able to reach the virtual machine in Azure.

Add Azure Network Adapter

Add Azure Network Adapter

First, you will need to add a new Azure Network Adapter. This can be done in the Network extension in Windows Admin Center. This will open up a wizard that will guide you through the setup and if needed also helps you to register WAC in Microsoft Azure.

Create Azure Network Adapter

Create Azure Network Adapter

The setup can take a while, depending on if you already have a VPN gateway in Azure or not. WAC will create all the necessary resources in Azure, and create the Point-to-Site VPN connection for you. Also, keep in mind that the VPN gateway is an additional resource and will have an additional cost.

Connect to an Azure Virtual network

Connect to an Azure Virtual network

Now you can add and connect to your virtual machine running in Azure, using the private IP address of the machine.

Connect Azure VMs with Windows Admin Center

Connect Azure VMs with Windows Admin Center

You add a server by directly entering the IP address or you can use the Add Azure Virtual Machine wizard, to discover the VM in your Azure subscription.

Add Azure VM in Windows Admin Center

Add Azure VM in Windows Admin Center

I hope this helps you to connect your Azure virtual machines security without exposing ports to the public internet. If you have a site-to-site VPN connection to your Azure virtual network, you can use this as well without the need of setting up Azure Network Adapter.

If you are interested in other Azure Hybrid services in Windows Admin Center, check out the following blog post including the video series: Configure Azure Hybrid Services in Windows Admin Center

Besides, you can also have a look at my other blog post about how to set up Azure hybrid cloud services.

If you want to download Windows Admin Center, check out the download page. If you have any questions, feel free to leave a comment.



Run Windows Admin Center on Windows Server Core

Run Windows Admin Center on Windows Server Core

Windows Admin Center is a locally deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs. If you ever asked yourself if Windows Admin Center (WAC) runs on Windows Server Core, the answer is yes. Run and install Windows Admin Center on Windows Server Core, simply copy the MSI installer to the Windows Server, or download it directly. If you are running Windows Server in a Hyper-V virtual machine, PowerShell Direct and be very handy to copy files using the VMBus from the Hyper-V host to the virtual machine.

Copy Windows Admin Center MSI to Windows Server Core VM PowerShell Direct

Copy Windows Admin Center MSI to Windows Server Core VM PowerShell Direct

Download Windows Admin Center (WAC) from here. You can simply use the following commands on your Hyper-V host to copy a file using PowerShell Direct.

$cred = Get-Credential
$s = New-PSSession -VMName WindowsServerInsider -Credential $cred
Copy-Item -Path .\WindowsAdminCenterPreview1908.msi -ToSession $s -Destination "C:\Users\Administrator"

Now you can run the MSI installer for Windows Admin Center. There is also an unattended option for WAC on Windows Server Core. You can find more about installing WAC here.

Install Windows Admin Center on Windows Server Core

Install Windows Admin Center on Windows Server Core

After the installation has finished you can now remotely access the Windows Admin Center web portal form your workstation. However, if you install the new Microsoft Edge Insider Preview, which runs on Windows Server Core as well. You can access the console form your local machine. Don’t do that in production, but it is great if you are running demos or you need to troubleshoot the installation.

Install Microsoft Edge on Windows Server Core

Install Microsoft Edge on Windows Server Core

You can download the Microsoft Edge Insider from here. Thanks to Jeff Woolsey for the tip.

If you want to know more about Windows Admin Center check out my blog post and the Microsoft Docs. If you have any questions, please let me know in the comments. By the way, also make sure that you check out the Windows Admin Center Hybrid features, which allows you to easily connect Azure services.