Category: Uncategorized

Mar072019March 7, 2019July 7, 20192Commentsby Thomas Maurer
Windows Server 2019

Which Windows Server 2019 Installation Option should I choose?

Posted in Cloud, Containers, Docker, Hyper-V, Kubernetes, Microsoft, Microsoft Azure, Microsoft Azure Stack, Nano Server, PowerShell, Server Core, Uncategorized, Virtualization, Windows, Windows 10, Windows Server, Windows Server 2019, Work

Windows Server 2019 will bring several installation options and tuning options for virtual machines, physical servers as well as container images. In this blog post, I want to give an overview of the different installation options of Windows Server 2019.

To compare the different Windows Server 2019 editions, check out the Microsoft Docs.

Installation Options for Windows Server 2019 Physical Servers and Virtual Machines

As always, you can install Windows Server 2019 in virtual machines or directly on physical hardware, depending on your needs and requirements. For example, you can use Windows Server 2019 as physical hosts for your Hyper-V virtualization server, Container hosts, Hyper-Converged Infrastructure using Hyper-V and Storage Spaces Direct, or as an application server. In virtual machines, you can obviously use Windows Server 2019 as an application platform, infrastructure roles or container host. And of course, you could also use it as Hyper-V host inside a virtual machine, leveraging the Nested Virtualization feature.

Installation OptionScenario
Windows Server CoreServer Core is the best installation option for production use and with Windows Admin Center remote management is highly improved.
Windows Server Core with Server Core App Compatibility FODWorkloads, and some troubleshooting scenarios, if Server Core doesn’t meet all your compatibility requirements. You can add an optional package to get past these issues. Try the Server Core App Compatibility Feature on Demand (FOD).
Windows Server with Desktop ExperienceWindows Server with Desktop Experience is still an option and still meets like previous releases. However, it is significantly larger than Server Core. This includes larger disk usage, more time to copy and deploy and larger attack surface. However, if Windows Server Core with App Compatibility does not support the App, Scenario or Administrators still need the UI, this is the option to install.
Read More

Oct052016October 5, 2016November 1, 20180Commentby Thomas Maurer
5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

Posted in Cloud, Hyper-V, Microsoft, PowerShell, Private Cloud, Server Core, System Center, Uncategorized, Virtual Machine Manager, Virtualization, Windows Azure Pack, Windows Server, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Work

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.

Architecture

The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers

Impressions

5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.

5nine-switch-extension

 

Conclusion

Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.

 

 


Oct232014October 23, 2014October 23, 20140Commentby Thomas Maurer
System Center Universe Europe 2014

My sessions from System Center Universe Europe 2014 available on Channel9

Posted in Uncategorized

As I already posted I was presenting at System Center Universe Europe 2014 (SCU Europe) in Basel this year. Microsoft now made the recordings available on Channel9 and you can now watch them for free.

Disaster Recovery with Azure Site Recovery

Together with Michel Lüscher (Architect at Microsoft) I was showing how you can deploy a fully automated Disaster Recovery solution based on Microsoft Hyper-V Replica, System Center Virtual Machine Manager and Windows Azure Hyper-V Recovery Manager.

Software Defined Networking – Comparison of different solutions

Together with Walter Dey (Former Cisco Distinguished Engineer) I held the session about different SDN (Software Defined Networking) solutions on the market. This session will provide an overview about Software-Defined Networking and compare different solutions such as Microsoft Hyper-V Network Virtualization based on NVGRE and Cisco VXLAN and VMware NSX.


Jan142010January 14, 2010July 5, 20194Commentsby Thomas Maurer

Configuring IIS for Silverlight Applications

Posted in Hosting, IIS, Microsoft, Uncategorized, Web, Windows Server, Windows Server 2003

You can simply add Silverlight support to your IIS6 webserver running on Windows Server 2003.

To enable IIS 6.0 in Windows Server 2003 or IIS7 in Windows Vista RTM with the appropriate MIME Types, add:

  • .xap     application/x-silverlight-app
  • .xaml    application/xaml+xml
  • .xbap    application/x-ms-xbap

Adding MIME Types by a simple VB script:

  • Here is a VBS script you could run to enable each of these types:


Const ADS_PROPERTY_UPDATE = 2
'
if WScript.Arguments.Count < 2 then
WScript.Echo "Usage: " + WScript.ScriptName + " extension mimetype"
WScript.Quit
end if
'
'Get the mimemap object.
Set MimeMapObj = GetObject("IIS://LocalHost/MimeMap")
'
'Get the mappings from the MimeMap property.
aMimeMap = MimeMapObj.GetEx("MimeMap")
'
' Add a new mapping.
i = UBound(aMimeMap) + 1
Redim Preserve aMimeMap(i)
Set aMimeMap(i) = CreateObject("MimeMap")
aMimeMap(i).Extension = WScript.Arguments(0)
aMimeMap(i).MimeType = WScript.Arguments(1)
MimeMapObj.PutEx ADS_PROPERTY_UPDATE, "MimeMap", aMimeMap
MimeMapObj.SetInfo
'
WScript.Echo "MimeMap successfully added: "
WScript.Echo " Extension: " + WScript.Arguments(0)
WScript.Echo " Type: " + WScript.Arguments(1)

  • If you copy and paste the code above into a VBS file and save it as ADDMIMETYPE.VBS the syntax to add each type would be:

ADDMIMETYPE.VBS .xap application/x-silverlight-app ADDMIMETYPE.VBS .xaml application/xaml+xmlADDMIMETYPE.VBS .xbap application/x-ms-xbap

or you could add it very simple over the IIS Manager.


  • Follow Me

  • About

    Thomas Maurer

    My name is Thomas Maurer. I am a Senior Cloud Advocate at Microsoft. I am part of the Azure engineering team (Cloud + AI) and engage with the community and customers around the world. I am located in Switzerland. I am focusing on Microsoft technologies, especially cloud and datacenter solutions based on Microsoft Azure, Azure Stack and Windows Server. Opinions are my own.

  • Sponsor

  • Sponsor

    Starwind Virtual SAN

  • Sponsor

    Vembu BDR Suite

  • Sponsor

    Altaro Ad