Category: Windows Server 2016

Migrate Hyper-V VMs to Azure using Azure Migrate

Assess and Migrate Hyper-V VMs with Azure Migrate

Today, the Azure Migrate team launched an update to the Azure Migrate service, which can help you discover, assess, and migrate applications, infrastructure, and data from your on-prem environment to Microsoft Azure. This is excellent timing since we all know that Windows Server 2008 and Windows Server 2008 R2 are soon out of support and you get free extended security updates if you migrate your VMs to Azure. With Azure Migrate, you can now centrally track the progress of your migration journey across multiple thrid-party and Microsoft tools. In addition, Azure Migrate can now assess and migrate your Hyper-V virtual machines (VMs).

With the latest release of Azure Migrate you can now:

  • Extensible approach with choice across Microsoft and popular ISV assessment and migration tools
  • Integrated experience for discovery, assessment, and migration with end-to-end progress tracking for servers and databases
  • Server Assessment and Server Migration for large-scale VMware, Hyper-V, and physical server migrations
  • Database Assessment and Database Migration across various database targets including Azure SQL Database and Managed Instance

You can find more about the Azure Migrate capabilities on Microsoft Docs. For more information on Azure Migration, check out my blog post about Azure Migration on the Nigel Frank International blog. In this post, I am going to show you how you can step-by-step assess and migrate Hyper-V VMs to Azure using Azure Migrate.

Preparation

First, you need to prepare your Azure to set the right permissions and prepare the on-premises Hyper-V hosts and VMs for server assessment and migration. You can find more about the details for permissions and host preparations on Microsoft Docs.

Next, you will need to create a new Migration project for servers. Click on Asses and migrate servers.

Azure Portal Azure Migrate

Azure Portal Azure Migrate

Now you will need to add the tools you want to use for the assessment as well as for the migration, click on “add tools”.

Getting started

Getting started

You will need to create a new Azure Migrate project. Enter the details for your subscription, resource group, and a name for the project. You will also need to choose a region where your project is going to be deployed. No worries, this will only store the assessment data, you can still select another region for the migration.



PowerShell 7 Installer

How to Install and Update PowerShell 7

Currently, you can install the cross-platform version PowerShell Core 6 on Linux, macOS, and Windows. Early April the PowerShell team announced the next release called PowerShell 7. PowerShell 7 is built on .NET Core 3 and brings back many APIs required by modules built on .NET Framework so that they work with .NET Core runtime. While PowerShell Core 6 was focusing on bringing cross-platform compatibility, PowerShell 7 will focus on making it a viable replacement for Windows PowerShell 5.1 and bringing near parity with Windows PowerShell. Here is how you can install and update PowerShell 7 (preview) on Windows and Linux using a simple one-liner.

If you want to know more about the roadmap, check out Steves blog post.

One great example of how cross-platform PowerShell can work, check out my blog post: How to set up PowerShell SSH Remoting.

Install PowerShell 7 (Preview)

As mentioned PowerShell 7 is currently in preview. You can download and install it manually from GitHub. However, the easiest way to install it is to use the following one-liners created by Steve Lee (Microsoft Principal Software Engineer Manager in the PowerShell Team). You can also use the same one-liners with different parameters to install the current GA version of PowerShell 6.

If you are installing the PowerShell 7 Preview, this will be a side by side installation with PowerShell 6. You can use the pwsh-preview command to run version 7.

One-liner to install or update PowerShell 7 on Windows 10

Install and Update PowerShell 7

You can use this single command in Windows PowerShell to install PowerShell 7. The difference between the installation of version 6 versus version 7 is the -Preview flag.

iex "& { $(irm https://aka.ms/install-powershell.ps1) } -UseMSI -Preview"

There are additional switches to, for example, install daily builds of the latest PowerShell previews.

-Destination
The destination path to install PowerShell Core to.

-Daily
Install PowerShell Core from the daily build.
Note that the ‘PackageManagement’ module is required to install a daily package.

-Preview
Install the latest preview, which is currently version 7. This will

-UseMSI
Use the MSI installer.

-Quiet
The quiet command for the MSI installer.

-DoNotOverwrite
Do not overwrite the destination folder if it already exists.

-AddToPath
On Windows, add the absolute destination path to the ‘User’ scope environment variable ‘Path’;
On Linux, make the symlink ‘/usr/bin/pwsh’ points to “$Destination/pwsh”;
On MacOS, make the symlink ‘/usr/local/bin/pwsh’ points to “$Destination/pwsh”.

One-liner to install or update PowerShell 7 on Linux

Install PowerShell 7 on Linux

You can use this as a single command to install PowerShell 7 on Linux

wget https://aka.ms/install-powershell.sh; sudo bash install-powershell.sh -preview; rm install-powershell.sh

Depending on your distro you are using, this will register Microsoft’s pkg repos and install that package (deb or rpm).

You can also use the following switches:

-includeide
Installs VSCode and VSCode PowerShell extension (only relevant to machines with a desktop environment)

-interactivetesting
Do a quick launch test of VSCode (only applicable when used with -includeide)

-skip-sudo-check
Use sudo without verifying its availability (hard to accurately do on some distros)

-preview
Installs the latest preview release of PowerShell side-by-side with any existing production releases

To currently run the PowerShell Preview, you can run the following command:

pwsh-preview

After Installing

After you have installed PowerShell 7, also make sure to update PowerShellGet and the PackageManagement module.

Remember PowerShell 7 is still currently in preview, if you have any questions, please let me know in the comments.



Copy files to Azure VM using PowerShell Remoting

Copy Files to Azure VM using PowerShell Remoting

There are a couple of different cases you want to copy files to Azure virtual machines. To copy files to Azure VM, you can use PowerShell Remoting. This works with Windows and Linux virtual machines using Windows PowerShell 5.1 (Windows only) or PowerShell 6 (Windows and Linux). Check out my blog post at the ITOpsTalk.com about copying files from Windows to Linux using PowerShell Remoting.

Prepare your client machine

Prepare the client machine to create PowerShell Remote connections to a specific remote VM.

Set-Item WSMan:localhost\client\trustedhosts -value "AZUREVMIP"

You can also enable remoting to all machines by using an asterisk.

Set-Item WSMan:localhost\client\trustedhosts -value *

Copy Files to Windows Server Azure VM

If you want to copy files to an Azure VM running Windows Server, you have two options. If you are copying files from Windows to Windows, you can use Windows PowerShell Remoting; if you are copying files from Linux or macOS to Windows, you can use the cross-platform PowerShell 6 and PowerShell Remoting over SSH.

Using Windows PowerShell Remoting

To copy files from a Windows machine to a Windows Server running in Azure, you can use Windows PowerShell Remoting.

Prepare the host (Azure VM) to receive Windows PowerShell remote commands. The Enable-PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology.

Enable-PSRemoting -Force

Now you can create a new PowerShell Remoting session to the Azure VM.

$cred = Get-Credential
 
$s = New-PSSession -ComputerName "AZUREVMIPORNAME" -Credential $cred

After the session was successfully created, you can use the copy-item cmdlet with the -toSession parameter.

Copy-Item .\windows.txt C:\ -ToSession $s

Some important notes

  • You need to configure the Network Security Group for the Azure VM to allow port 5985 (HTTP) or 5986 (HTTPS)
  • You can use PowerShell Remoting over Public Internet or Private connectivity (VPN or Express Route). If you are using the Public Internet, I highly recommend that you use https. I also recommend that you use Just-in-time virtual machine access in Azure Security for public exposed ports.

Using PowerShell Core 6 PowerShell Remoting over SSH

If you are running PowerShell Core 6, you can use PowerShell Remoting over SSH. This gives you a simple connection and cross-platform support. First, you will need to install PowerShell 6. After that, you will need to configure and setup PowerShell SSH Remoting together with OpenSSH. You can follow my blog post to do this here: Setup PowerShell SSH Remoting in PowerShell 6

Now you can create a new PowerShell Remoting session to the Azure VM.

$s = New-PSSession -HostName "AZUREVMIPORNAME" -UserName

After the session was successfully created, you can use the copy-item cmdlet with the -toSession parameter.

Copy-Item .\windows.txt C:\ -ToSession $s

Some important notes

  • You need to configure the Network Security Group for the Azure VM to allow port 22 (SSH)
  • You can use PowerShell Remoting over Public Internet or Private connectivity (VPN or Express Route). Exposing the SSH port to the public internet maybe is not secure. If you still need to use a public SSH connection, I recommend that you use Just-in-time virtual machine access in Azure Security.

Copy Files to Linux Azure VM

Copy File Windows to Linux using PowerShell Remoting

If you want to copy files to a Linux VM running in Azure, you can make use of the cross-platform PowerShell capabilities of PowerShell 6, using PowerShell Remoting over SSH. As for the Windows virtual machines, you will need to install PowerShell 6. Next, you will need to configure and setup PowerShell SSH Remoting together with OpenSSH. You can follow my blog post to do this here: Setup PowerShell SSH Remoting in PowerShell 6

After installing and configuring PowerShell Remoting over SSH, you can create a new PowerShell Remoting session to the Azure VM.

$s = New-PSSession -HostName "AZUREVMIPORNAME" -UserName

After you successfully connected to your Azure VM, you can use the copy-item cmdlet with the -toSession parameter.

Copy-Item .\windows.txt /home/thomas -ToSession $s

I hope this gives you an overview about how you can copy files to Azure VMs using PowerShell Remoting. If you have any questions, let me know in the comments.



Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



Azure File Sync Windows Admin Center

Sync File Servers with Azure File Sync in Windows Admin Center

One of the biggest challenges a lot of customers are facing, is the capability to provide access to files everywhere and have DR plans in place. This becomes especially true when you are dealing with classic file server infrastructures. Where it is difficult to manage capacity, availability, replication and much more. The Azure Storage team is addressing that need with Azure File Sync. Azure File Sync allows you to sync your file servers with an Azure Files. Azure File is a simple, secure, and fully managed cloud file share solution, using SMB 3.0 and HTTPS.

Azure File Sync

In addtion the service allows customer to use functionality like:

  • Cloud Tiering
  • Cloud Access
  • Multi-site Sync
  • Cloud Backup
  • Rapid File Server DR

In this post I will cover how, Windows Admin Center will help you to deploy Azure File Sync, if you want to know more, check out the Azure File Sync documentation page.



Setup VM Protection in Windows Admin Center_LI

Configure Azure Site Recovery from Windows Admin Center

With the Hybrid Cloud effort Microsoft invested heavy to make Windows Server and Hyper-V better connect to Microsoft Azure. One way of doing that is with Windows Admin Center and Azure Site Recovery. The Azure Site Recovery integration in Windows Admin Center, allows you to easily replicate Hyper-V virtual machines to Microsoft Azure. The technology is not new, ASR does exist for a long time and allows you to not only replicate Hyper-V VMs, but also VMware VMs and physical servers. However, with the integration in Windows Admin Center, setting up Azure Site Recovery became super easy.

Set up Azure Site Recovery from Windows Admin Center

Setup VM Protection in Windows Admin Center_LI

In the Virtual Machines extension, you can already see a recommendation to setup ASR: “Help protect your VMs from disasters by using Azure Site Recovery.” Which will guide you through the onboarding steps. If you don’t see that banner, just click on the VM you want to protect and replicate to Azure. Click on More and select “Set up VM Protection“, this will guide you through the same wizard.

If you haven’t connected your Windows Admin Center to Microsoft Azure yet, the wizard will help you to go through and set up this connection.

Setup up Hyper-V ASR Host with Windows Admin Cenetr

After your WAC is connected to Azure, you will now setup Azure Site Recovery for the Hyper-V host in Azure. This can directly be done from Windows Admin Center. For example, this will let you select the Azure Subscription you want ASR to connect to. It will let you create a new Resource Group and Recovery Services Vault or use an existing one. After you have done the configuration part, WAC will create the specific Azure resources and configure the Hyper-V host for Azure Site Recovery. This can take up to 10 minutes depending if you are using existing resources or creating new once.

If you have a look at the Hyper-V Replica settings in Hyper-V Manager, you will see that ASR is completely setup and configured.



Windows Admin Center Azure Monitor Setup

Connect Windows Admin Center to Azure Monitor

As mentioned in blogs posts before, Windows Admin Center allows admins to extend there on-prem environments with hybrid Azure services. The latest addition is the integration of Azure Monitor in Windows Admin Center. This allows you to collect events and performance counters from Windows Server to run analytics and reporting in Azure and take action when a particular condition is detected. This can then be a notification (SMS, email, push notification) and/or a direct action using Azure Logic Apps, Azure Functions, Azure Automation Runbooks, webhooks or integration into ITSM tools.

Setup monitoring and alerts in Windows Admin Center with Azure Monitor

Windows Admin Center Azure Monitor Setup

Setting up the Azure Monitor connection in Windows Admin Center is simple. Select the server you want to connect to Azure Monitor. Go to Settings and then Monitoring Alerts.

Windows Admin Center Azure Monitor Connect to Azure Monitor

Here you will be able to configure the server with the right Azure subscription, resource group and log analytics workspace.