Category: Windows Server

Windows Sandbox

Windows Sandbox – Isolated Windows Desktop

Today Microsoft announced a new feature called Windows Sandbox. Windows Sandbox is built based on Windows Container technology, which allows you to spin up an isolated, temporary, desktop environment where you can run untrusted software. The software you run and install in the Windows Sandbox does not affect the host. If you shut down the Windows Sandbox all changes and all software you installed in the Sandbox are gone again. This sounds very similar to the technology Windows Defender Application Guard already used to build a sandbox environment for Microsoft Edge.

Windows Sandbox Overview

Windows Sandbox

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

Windows Sandbox brings the advantages of Windows Containers and also adds a desktop. If you compare this to a Windows 10 Virtual Machine, the Windows Sandbox will consume much less resources, it starts up match faster and will be much more efficient with hardware resources. You can think of it as a lightweight virtual machine, which can share the same hardware but also the same kernel and memory as the host system (like a container).



Azure Stack VM Update Management

Using Azure Update Management on Azure Stack

At Microsoft Ignite 2018, Microsoft announced the integration of Azure Update and Configuration Management on Azure Stack. This is a perfect example how Azure services from the public cloud can be extended into your datacenter using Azure Stack. Azure Update and Configuration Management brings Azure Update Management, Change Tracking and Inventory to your Azure Stack VMs. In the case of Azure Stack, the backend services and orchestrator like Azure Automation and Log Analytics, will remain to run in Azure, but it lets you connect your VMs running on Azure Stack.

Azure Update and Configuration Managemen Schemat

Today, the Azure Update and Configuration Management extension, gives you the following features:

  • Update Management – With the Update Management solution, you can quickly assess the status of available updates on all agent computers and manage the process of installing required updates for these Windows VMs.
  • Change Tracking – Changes to installed software, Windows services, Windows registry, and files on the monitored servers are sent to the Log Analytics service in the cloud for processing. Logic is applied to the received data and the cloud service records the data. By using the information on the Change Tracking dashboard, you can easily see the changes that were made in your server infrastructure.
  • Inventory – The Inventory tracking for an Azure Stack Windows virtual machine provides a browser-based user interface for setting up and configuring inventory collection.

If you want to use Azure Update Management and more on VMs on-premise (without Azure Stack) or running at another Cloud Provider, you can do this as well. Have a look at Windows Admin Center, which allows you to directly integrate with Azure Update Management. However, there will be a difference in pricing.



System Center release cadence

System Center 2019 – What’s new

Microsoft just launched Windows Server 2019 and Windows Admin Center, which also raised the interest in System Center 2019. At Microsoft Ignite, Microsoft was talking about what is new in System Center 2019, the future of System Center, and how it fits in with Windows Admin Center and other management tools.

Microsoft Cloud and Datacenter Management Story

Microsoft Cloud and Datacenter Management Overview

With Microsoft now offering a range of products to manage your Cloud and Datacenter environments, the question comes up “which is the best solution?”. It is not only depending on the size of your company, it also depends on which services you are using and what your job role is. Coming from the Azure site, you have Azure Security and Management, which allows you not only to manage your Azure resources but also integrates and extends with your on-premises environment. System Center is aimed to manage fatacenter environments at scale, and Windows Admin Center helps you to dig deeper to manage individual servers or single cluster management. Both Windows Admin Center and System Center 2019, can be used side by side and both are integrated into Microsoft Azure.

System Center Windows Admin Center better together

System Center vs Windows Admin Center

I often get the question, does Windows Admin Center replace System Center? The answer to this is no, System Center is aimed to do management at a datacenter scale, while Windows Admin Center is giving you deep management access to a single server or clusters. In small environments you might end up using Windows Admin Center only, but in larger datacenter deployments, you are likely to use a combination of System Center and Windows Admin Center.

System Center 2019 Suite Improvements

System Center 2019 Focus

The System Center 2019 release focuses on three main areas. First of all, it adds more capabilities to the existing components and features which were requested by customers. Secondly, it brings integration for the next version of Windows Server, Windows Server 2019 and brings new Windows Server features to life in System Center. Last but not least, System Center 2019 adds more Hybrid Cloud integrations with Microsoft Azure.



Geeksprech Podcast Windows Server 2019 with Thomas Maurer

GeekSprech Podcast – Windows Server 2019 (German)

Microsoft just released Windows Server 2019 to the public and with that I was invited to be a guest in the GeekSprech Podcast from Microsoft MVPs Eric Berg and Alexander Benoit. We talked about the Windows Server 2019 release and what great new features in this release. We also got off topic and had some chats about security, Azure Stack and more.

If you want to listen to it (it is in German), you can do this on the GeekSprech website or here:

It was an honor and a lot of fun talking with Eric and Alexander!



Azure Live Migration

Azure uses Live Migration for VMs

If you have worked with Azure in the past, you might have been aware that Azure didn’t have live migration for VMs hosted in Azure for a long time. This had an impact for customers in terms of VM up-time during host maintenance. You basically got emails, that the host your VMs were running is going into maintenance during a specific time, and you will have a possible outage. Microsoft Hyper-V, which is the Hypervisor in Azure, had Live Migration for a long time. Today, Microsoft revealed that they are using Live Migration in Azure since early 2018 to move virtual machines in cases of rack maintenance and software and BIOS updates, as well as hardware faults.

But Microsoft didn’t stop there, they made even better using Machine Learning. Predictive ML helps Microsoft to detect proactively failure and do failure predictions. And in case a hardware failure is predicted, Microsoft can move the virtual machines from that host without downtime, using live migration.

To further push the envelope on live migration, we knew we needed to look at the proactive use of these capabilities, based on good predictive signals. Using our deep fleet telemetry, we enabled machine learning (ML)-based failure predictions and tied them to automatic live migration for several hardware failure cases, including disk failures, IO latency, and CPU frequency anomalies.

 

We partnered with Microsoft Research (MSR) on building our ML models that predict failures with a high degree of accuracy before they occur. As a result, we’re able to live migrate workloads off “at-risk” machines before they ever show any signs of failing. This means VMs running on Azure can be more reliable than the underlying hardware.

Microsoft talks in a blog post more about Live Migration in Azure and goes more in details about the challenges and how live migration in Azure works. It is great to see Microsoft adding features to improve VM resiliency with features like live migration and machine learning technology.



Intel NUC Windows Server

Building a Windows Server Lab with an Intel NUC

With the release of Windows Server 2019, which includes a ton of Hybrid Cloud integration features, it was time to build a new lab environment. The plan is to create a lab and demo environment for my presentations and workshops. Until today, I was still using my hardware from 2011, which was built from Cisco C200 and HPE ProLiant servers. This was, more or less, datacenter grade hardware, it was using a lot of electricity and made a lot of noise. Not really the thing for a home lab on your desk. With some pretty good deals out there, I decided to buy a brand-new Intel NUC. NUC stands for Next Unit of Computing, which is a small, light, cheap and not very noisy computer, which gives you the latest Intel CPUs and ports. Mostly used as desktop or media computers. However, the price and the features, are also making it a great option for a lab running Hyper-V.

If I look at the hardware our customers are using today, there is not really a good way to build a cheap home lab based on datacenter hardware. And with my workloads mostly running in Azure anyway, the Intel NUC seems to be a great option. For most of my demos a single server running Hyper-V should be enough. For demos on Storage Spaces Direct or Clustering I can still use Azure with Nested Virtualization.

Intel NUC Windows Server LAB

I decided to get an Intel NUC NUC8i7BEH – Bean Canyon with the following specs:

  • Intel Core i7-8559U
  • 32GB DDR4 RAM
  • 1TB M.2 Samsung 970 EVO
  • Intel Wireless-AC 9560 + Bluetooth 5.0
  • Gigabit LAN
  • USB-A and USB-C ports
  • Thunderbolt 3 port

Unfortunately, the Intel NUC is limited to 32GB of RAM and this version does not have a TPM chip. The good thing, it runs Windows Server 2019 and Windows Admin Center just fine. So far I don’t have any issues, except that there are some missing drivers for Windows Server 2019. We will see how it works out in the next couple of months.

Let me know if you have any questions in the comments.



Azure Update Management Resource Group

Azure Update Management using Windows Admin Center

I already posted a couple of blogs about the Windows Admin Center. For example how you can use and configure Azure Backup or how you can configure the Azure Network Adapter directly from Windows Admin Center. Windows Admin Center does also allow you to manage Windows Updates on your Windows Server. However, if you want to have some more control over your updates and have a centralized orchestration for updates, Azure Update Management can help you. You can use the Update Management solution in Azure Automation to manage operating system updates for your Windows and Linux computers that are deployed in Azure, in on-premises environments, or in other cloud providers. With Windows Admin Center you will get a direct integration with Azure Update Management.

Setup Azure Update Management in Windows Admin Center

Windows Admin Center Windows Update Management

Setting up Azure Update management in Windows Admin Center is very simple. First you will need to register your WAC installation with Azure, if you haven’t done this already. After that you go to the Update extension and you will find a button to Set up now.

Windows Admin Center Setup Azure Update Management

Now you can configure Azure Update Management from Windows Admin Center. You can select your Azure Subscription where you want to deploy the solution. You can select an existing Resource Group and Log Analytics Workspace, or you can create a complete new setup.

Windows Admin Center Configured Azure Update Management

This will install the Microsoft Monitoring Agent on your Windows Server, which is used for the Azure Update Management.

Azure Update Management Resource Group

If you create a new setup, this will also create all the resources in Azure, like the Resource Group, Log Analytics Workspace, Azure Automation Account and adding the Update Solution.

Azure Update Management

Now you can start managing the Windows Updates centralized from Azure Update Management.

Azure Update Management supports not only Windows Server 2019 and Windows Server 2016, it supports Windows Server 2008 R2 SP1 and later.

This again shows Microsoft efforts to build Hybrid Cloud functionality directly into Windows Server and Windows Admin Center. This should help especially administrators, which are mostly managing on-premises environments, to extend and benefit from Microsoft Azure.