Category: Windows Server 2016

Automanage for Azure virtual machines

Automanage for Azure virtual machines

For me, one of the most impressive announcements at Microsoft Ignite, next to many of the Azure Arc and Azure Stack announcements, was the announcement of the Azure Automanage for virtual machines (VMs) public preview. As you know, Microsoft Azure offers many management services for Azure virtual machines (VMs). However, finding and configured these services can be some work. Azure Automanage for virtual machines helps to address precisely that. Azure Automanage for virtual machines is a service that eliminates the need to discover, know how to onboard, and how to configure certain services in Azure that would benefit your virtual machine.

In summary, Azure Automanage provides the following features to reduced cost by automating Windows Server management, improved workload uptime with optimized operations, and implementation of security best practices.

  • Intelligently onboards virtual machines to select best practices Azure services
  • Automatically configures each service per Azure best practices.
  • Monitors for drift and corrects for it when detected.
  • Provides a simple experience (point, click, set, forget)

You can find more information on Microsoft Docs.



Azure Automatic VM Guest OS Patching

How to configure Azure Automatic VM guest OS patching

If you want to keep your Azure virtual machines (VMs) up-to-date, then there is a service called Azure Update Management, which helps you to manage updates on your Azure VM guest operating system. However, this needed some additional planning and configuration. To make patching of your Azure virtual machines (VMs) easier, there is a new option called Automatic VM guest patching, which helps ease update management by safely and automatically patching virtual machines to maintain security compliance.

Automatic VM guest patching is now available in public preview for Windows virtual machines on Azure.

With Azure automatic VM guest patching enabled, the VM is assessed periodically to check for available operating system patches for that Azure VM. Updates classified as ‘Critical’ or ‘Security’ are automatically downloaded and installed on the VM during off-peak hours. This patch orchestration is managed and handled by Azure and patches are applied following availability-first principles.

In a nutshell, Azure automatic VM guest patching has the following capabilities:

  • Patches classified as Critical or Security are automatically downloaded and applied on the VM.
  • Patches are applied during off-peak hours in the VM’s time zone.
  • Patch orchestration is managed by Azure and patches are applied following availability-first principles.
  • Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
  • Works for all VM sizes.

Patches are installed within 30 days of the monthly Windows Update release, following availability-first orchestration described below. Patches are installed only during off-peak hours for the VM, depending on the time zone of the VM. The VM must be running during the off-peak hours for patches to be automatically installed. If a VM is powered off during a periodic assessment, the VM will be automatically assessed and applicable patches will be installed automatically during the next periodic assessment when the VM is powered on.

You can find more information on Azure automatic VM guest patching on Microsoft Docs.

How to enable Azure Automatic VM guest OS patching

To enable Azure automatic VM guest OS (operating system) patching, we currently have a couple of requirements.

  • Currently, only Windows VMs are supported (Preview). Currently, Windows Server 2012 R2, 2016, 2019 Datacenter SKUs are supported. (and more are added periodically).
  • Only VMs created from certain OS platform images are currently supported in the preview. Which means custom images are currently not supported in the preview.
  • The virtual machine must have the Azure VM Agent installed.
  • The Windows Update service must be running on the virtual machine.
  • The virtual machine must be able to access Windows Update endpoints. If your virtual machine is configured to use Windows Server Update Services (WSUS), the relevant WSUS server endpoints must be accessible.
  • Use Compute API version 2020-06-01 or higher.

These requirements might change in the future during the preview phase (for the current requirements check out Microsoft Docs).

During the preview, this feature requires a one-time opt-in for the feature InGuestAutoPatchVMPreview per subscription. You can run the following Azure PowerShell or Azure CLI command.

Azure PowerShell:

# Register AzProvider
Register-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Check the registration status
Get-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Once the feature is registered for your subscription, complete the opt-in process by changing the Compute resource provider.
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute

Now you can enable automatic VM guest patching for your Azure virtual machines within that subscription. To do that you can currently use the REST API, Azure PowerShell, or the Azure CLI.

With Azure CLI, you can use the az vm get-instance-view .

az vm update --resource-group test-autopatch-rg--name azwinvm01 --set osProfile.windowsConfiguration.enableAutomaticUpdates=true osProfile.windowsConfiguration.patchSettings.patchMode=AutomaticByPlatform

You can see that there are two important parameters for this cmdlet. First the -enableAutoUpdate and secondly the -PatchMode. There are currently three different patch orchestration modes you can configure.

AutomaticByPlatform

  • This mode enables automatic VM guest patching for the Windows virtual machine and subsequent patch installation is orchestrated by Azure.
  • Setting this mode also disables the native Automatic Updates on the Windows virtual machine to avoid duplication.
  • This mode is only supported for VMs that are created using the supported OS platform images above.

AutomaticByOS

  • This mode enables Automatic Updates on the Windows virtual machine, and patches are installed on the VM through Automatic Updates.
  • This mode is set by default if no other patch mode is specified.

Manual

  • This mode disables Automatic Updates on the Windows virtual machine.
  • This mode should be set when using custom patching solutions.

If you need more control, I recommend that you have a look at Azure Update Management, which is already publicly available and also supports Windows and Linux servers running in Azure or on-premises.

To verify whether automatic VM guest patching has completed and the patching extension is installed on the VM, you can review the VM’s instance view.

az vm get-instance-view --resource-group test-autopatch-rg --name azwinvm01

This will show you the following result:

Azure Automatic VM Guest OS Patching Status

Azure Automatic VM Guest OS Patching Status

You can also create the patch assessment on-demand.

Invoke-AzVmPatchAssessment -ResourceGroupName "myResourceGroup" -VMName "myVM"

I hope this provides you with an overview of the new Azure automatic VM guest patching feature. If you want to have some advanced capabilities to manage updates for your Azure VMs and even your servers running on-premises, check out Azure Update Management. This will provide you with some advanced settings and your own maintenance schedules. If you have any questions, feel free to leave a comment.



Eject ISO from Hyper-V VM using PowerShell

Eject ISO from Hyper-V VM using PowerShell

This is one of these quick and dirty blog posts mostly as a note for myself. Hyper-V offers the capability to add an ISO image to a virtual CD/DVD drive and you can use Hyper-V Manager to do that, or you can also use PowerShell. Here is how you can eject or remove an ISO from a Hyper-V virtual machine (VM) using PowerShell.

This works with Hyper-V on Windows Server and on Windows 10.

Remove or eject ISO from Hyper-V VM using PowerShell

To remove or eject the ISO file from a Hyper-V VM virtual DVD drive, you can use the following PowerShell command:

Find the right DVD drive

Get-VMDvdDrive -VMName "Windows10"

Eject the ISO file from the Hyper-V VM

Get-VMDvdDrive -VMName "Windows10" | Set-VMDvdDrive -Path $null

You can also pipe these commands

Get-VM -VMName "Windows10" | Get-VMDvdDrive | Set-VMDvdDrive -Path $null

If you have multiple DVD drives and controllers on VM, you can also use the following command to be more specific on which ISO to eject.

Set-VMDvdDrive -VMName Windows10 -ControllerNumber 0 -ControllerLocation 1 -Path $null

You can also simply add an ISO to the Hyper-V virtual DVD drive:

Get-VMDvdDrive -VMName "Windows10" | Set-VMDvdDrive -Path "C:\ISO\myisofile.iso"

Be aware that it takes a moment until the ISO file is removed from the virtual DVD drive. You can find more information on the Set-VMDvdDrive cmdlet on Microsoft Docs.

Conclusion

If you want to build some automation around Hyper-V on Windows 10 or on Windows Server, PowerShell is the way to go. If you have any questions feel free to leave a comment.



Add ISO DVD Drive to a Hyper-V VM using PowerShell

Add ISO DVD Drive to a Hyper-V VM using PowerShell

Hyper-V offers the capability to add an ISO image to a virtual CD/DVD drive and you can use Hyper-V Manager to do that, or you can also use PowerShell. Here is how you can add an ISO to a Hyper-V virtual machine (VM) using PowerShell. There are two ways of doing it if you already have a virtual DVD drive attached to the VM or if you need to add a virtual DVD drive.

This works with Hyper-V on Windows Server and on Windows 10.

Attach ISO to an existing DVD Drive on a Hyper-V VM using PowerShell

To attach an ISO file to an existing virtual DVD drive on a Hyper-V virtual machine (VM) using PowerShell, you can use the following command:

Set-VMDvdDrive -VMName Windows10 -Path "C:\Users\thoma\Downloads\ubuntu-18.04.4-live-server-amd64.iso"

Add ISO file and DVD Drive to a Hyper-V VM using PowerShell

If your Hyper-V virtual machine doesn’t have a virtual DVD drive attached to it, you can add a virtual DVD drive including the ISO file with the following PowerShell command:

Add-VMDvdDrive -VMName "Windows10" -Path "C:\Users\thoma\Downloads\ubuntu-18.04.4-live-server-amd64.iso"

If you run this command on a virtual machine, which already has a virtual DVD drive attached, you will simply add a second virtual DVD drive to this machine. You can find more information on the Add-VMDvdDrive cmdlet on Microsoft Docs.

Conclusion

If you want to build some automation around Hyper-V on Windows 10 or on Windows Server, PowerShell is the way to go. If you have any questions feel free to leave a comment.



How to Manage Hyper-V VM Checkpoints with PowerShell

How to Manage Hyper-V VM Checkpoints with PowerShell

In this blog post we are going to have a look at how you can create, manage, apply, and remove VM Checkpoints in Hyper-V using PowerShell. Hyper-V virtual machine (VM) checkpoints are one of the great benefits of virtualization. Before Windows Server 2012 R2, they were known as virtual machine snapshots. VM Checkpoints in Hyper-V allow you to save the system state of a VM to a specific time and then revert back to that state if you need to. This is great if you are testing software and configuration changes, or if you have a demo environment, which you want to reset.

Hyper-V VM Checkpoint Types

Before we got on how you can manage Hyper-V VM Checkpoints with PowerShell, let me first explain the two different types. Since Windows Server 2016 and Windows 10, Hyper-V includes two types of checkpoints, Standard Checkpoints, and Production Checkpoints.

  • Standard Checkpoints: takes a snapshot of the virtual machine and virtual machine memory state at the time the checkpoint is initiated. A snapshot is not a full backup and can cause data consistency issues with systems that replicate data between different nodes such as Active Directory. Hyper-V only offered standard checkpoints (formerly called snapshots) prior to Windows 10.
  • Production Checkpoints: uses Volume Shadow Copy Service or File System Freeze on a Linux virtual machine to create a data-consistent backup of the virtual machine. No snapshot of the virtual machine memory state is taken.

You can set up these settings in Hyper-V Manager or in PowerShell.

Hyper-V VM Checkpoint Types

Hyper-V VM Checkpoint Types

If you are using PowerShell to configure Checkpoints for virtual machines these commands may help you.

Configure and set VM for Standard Checkpoints

Set-VM -Name "Windows10" -CheckpointType Standard

Set VM to Production Checkpoints, if the production checkpoint fails a Standard Checkpoint is created

 Set-VM -Name "Windows10" -CheckpointType Production

Set VM to only use Production Checkpoints

 Set-VM -Name "Windows10" -CheckpointType ProductionOnly

Disable VM Checkpoints for the Hyper-V virtual machine

 Set-VM -Name "Windows10" -CheckpointType Disabled

Managing Hyper-V VM Checkpoints using PowerShell

Create VM Checkpoints

You can create a new VM Checkpoint with PowerShell, you can round the following command:

Checkpoint-VM -Name "Windows10"

You can find more on the cmdlet on Microsoft Docs.

You can list the VM Checkpoints of a Hyper-V VM:

Get-VMCheckpoint -VMName "Windows10"
How to Manage Hyper-V VM Checkpoints with PowerShell

How to Manage Hyper-V VM Checkpoints with PowerShell

Applying Hyper-V VM checkpoints using PowerShell

If you want to revert your virtual machine state to a previous point-in-time, you can apply an existing checkpoint, using the following PowerShell command.

Restore-VMCheckpoint -Name "checkpoint name" -VMName "Windows10" -Confirm:$false

You can find more information about the cmdlet here.

Renaming checkpoints

To rename a checkpoint you can use the following command

Rename-VMCheckpoint -VMName "Windows10" -Name "Checkpointname" -NewName "MyNewCheckpointName"

Deleting checkpoints

You can also delete or remove a Hyper-V VM checkpoint with the following PowerShell command. This will merge the .avhdx files in the background.

Remove-VMCheckpoint -VMName "Windows10" -Name "Checkpointname"

Conclusion

I hope this blog post gives you a great overview on how you can manage, apply, restore, and remove Hyper-V VM Checkpoints using PowerShell. You can learn more about Hyper-V virtual machine checkpoints on Microsoft Docs. If you have any questions, feel free to leave a comment.



Speaking at Deploy by ShareGate Online Event

Speaking at Deploy by ShareGate Online Event

I am happy to let you know that I will be speaking online at Deploy by ShareGate. Deploy is an expert-led online event focused on Microsoft Azure Governance. On May 7th, at Deploy, I’ll be talking about Manage and govern your hybrid servers using Azure Arc, to help you stay on top of your Azure hybrid environment. This full-day virtual event, led by me and seven other Azure experts, is all about helping you implement Azure governance best practices.

Manage and govern your hybrid servers using Azure Arc

Thomas Maurer shows you how you can manage and govern your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud provider, similarly to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Azure Arc provides you with the familiar cloud-native Azure management experience, like RBAC, Tags, Azure Policy, Log Analytics and more.

If you’re interested in learning how to implement Azure governance best practices, join me (virtually) at Deploy by ShareGate on May 7! Save your free seat now and join me (virtually) at Deploy. I hope to see you there!



Add a PowerShell Remoting Session in the Windows Terminal Menu

Add a PowerShell Remote Session in Windows Terminal

I am sure you have heard about the new Windows Terminal, which is in preview, and you can get it from the Windows Store. In this blog post, I want to share how you can add a PowerShell remote session to the drop-down menu in the Windows Terminal when you open a new tab. The new Windows Terminal is highly customizable and it allows you to run different shells like the classic command prompt, Windows PowerShell, PowerShell 7, and also Windows Subsystem for Linux shells (I am using, for example, Ubuntu with the Windows Subsystem for Linux 2 (WSL 2)).

Scott Hanselman wrote a great blog post on how you can add tabs to open an SSH connection directly, so why not do the same thing with PowerShell? In my example, I will add a tab in Windows Terminal, which opens up a PowerShell remoting session (using WS-Management WSMan) to an Azure virtual machine (VM). However, this would work with every other machine which you can access using PowerShell Remoting.

Add a PowerShell Remote Session in Windows Terminal Tab

To get started, we need to open up the settings of the Windows Terminal. This will open up a settings.json file, which you can edit in your favorite editor, for example, Visual Studio Code. To add new “menu items,” you will need to add a profile to the profiles array in the JSON file. In my case, I will add two to different menu items, once I am going to do a PowerShell remoting session to an Azure VM using Windows PowerShell and in the other, I am going to use PowerShell 7.

Windows Terminal Settings profiles

Windows Terminal Settings profiles

You can see here the following to profile entries:

Remote Session using Windows PowerShell 5.1

{
"name":  "PS Thomas AzureVM",
"tabTitle": "PS Thomas Maurer AzureVM",
"commandline": "powershell.exe -NoProfile -NoExit -Command Enter-PSSession -ComputerName azurevmps.westeurope.cloudapp.azure.com -Credential thomas",
"icon": "C:/Users/thoma/Downloads/AzureVMIcon32.png"
},

Remote Session using PowerShell 7

{
"name":  "PS Thomas AzureVM",
"tabTitle": "PS Thomas Maurer AzureVM",
"commandline": "pwsh.exe -NoProfile -NoExit -Command Enter-PSSession -ComputerName azurevmps.westeurope.cloudapp.azure.com -Credential thomas",
"icon": "C:/Users/thoma/Downloads/AzureVMIcon32.png"
},

As you can see, we define the profile name and the tab title in for the Windows Terminal entry. We have the command line command here, which starts the PowerShell remoting session. The command opens a PowerShell session to a specific computer or server using the ComputerName parameter and the Credential parameter for the credentials. In my case, I am connecting to an Azure VM with the name azurevmps.westeurope.cloudapp.azure.com (could also be an IP address) and the username Thomas. The last thing I add is a small icon (32×32 pixel) since I am connecting to an Azure VM, I took the Azure VM icon.

In this scenario, I am using PowerShell Remoting over HTTP, you can use the same thing for your connections using PowerShell Remoting over HTTPS or even PowerShell Remoting over SSH which are way more secure, and should be used for your connections. If you are looking to create the same Windows Terminal menu entry using a simple SSH connection, check out my blog post here.

Now your Windows Terminal drop-down menu will look like this:

Add a PowerShell Remote Session in Windows Terminal Tab

Add a PowerShell Remote Session in Windows Terminal Tab

By selecting one of these profiles, you will automatically open a PowerShell remoting session to a specific computer or server in Windows Terminal.

Windows Terminal - Azure virtual machine VM PS Remote Session

Windows Terminal – Azure virtual machine VM PS Remote Session

I hope this gives you an idea of how you can add a PowerShell remote session in Windows Terminal menu. If you want to know more about the Windows Terminal, check out the following blog, and if you have any questions, please feel free to leave a comment.

If you want to know more about what’s new in PowerShell 7, or if you want to learn more about how to customize the Windows Terminal, check out my blog.