Category: Uncategorized

SSH access to your servers running anywhere using Azure Arc

SSH access to servers running anywhere using Azure Arc

With Azure Arc, you can remotely manage your Linux and Windows Servers using the Azure control plane and management services, such as Azure Policy, Update Management, Security Center, Azure Monitor, and many more. This allows you to manage servers running on-premises, at the edge, or in mutlicloud environments at scale. However, in some cases, you will need to have direct access to your servers for troubleshooting for example using an SSH connection. In many of these hybrid and mutlicloud environments, direct network connectivity can be a challenge, that is why you now can get SSH access to your Linux and Windows Servers running anywhere using Azure Arc enabled servers.

Imagine a scenario where you as an IT Pro or developer need to access a server remotely using SSH, to troubleshoot a system or install or configure an application or the server. However, you might don’t have direct network access to the server since you are working remotely or you don’t have a VPN set up. Azure Arc enabled server now allows you to use the Azure CLI SSH extension to connect to the Azure control plane and from there to securely connect to the Azure Arc enabled server using the Azure Connected Machine Agent without opening additional ports or firewall configurations. In addition, to enable the connection you can also use Azure AD for role-based access control.

SSH access to Azure Arc-enabled servers offers the following benefits:

  • Create interactive and automated SSH connections to Arc-enabled Servers
  • Securely access hybrid servers without any additional ports or a public IP address
  • Access to Windows and Linux machines
  • Leverage different authentication options: AAD login based on RBAC roles (Linux only), Key-based authentication, and username & password authentication
  • Connect as a local user or as an Azure user
  • Connect with existing SSH clients using a config file
  • Connect to servers using Azure Cloud Shell
  • Leverage existing workflows & scripts for Azure IaaS Virtual Machines on Arc-enabled Servers
SSH access to Linux and Windows Servers running anywhere using Azure Arc
SSH access to Linux and Windows Servers running anywhere using Azure Arc

You can read more on the official Tech Community blog.

How to set up SSH access for Azure Arc enabled servers

Prerequisites

Setting up this new feature (which is currently in preview) is very simple. If you haven’t already connected your Linux or Windows Server to Azure using Azure Arc, you need to first install the Azure Arc agent. You can find a simple blog post and video on how to install the Azure Arc agent here. If you are already using Azure Arc, make sure your servers hybrid agent version is “1.13.21320.014” or higher. You can check this by running the following command:

azcmagent show

Importantly your server needs to have SSH configured and working, otherwise, Azure Arc cannot use it. If you want to set up SSH on a Windows Server, check out Microsoft Docs or follow my blog.

Supported Operating Systems

  • Windows: Windows 7+ and Windows Server 2012+
  • Linux: Supported Linux distros and versions can be found on the Azure Documentation page.

After you have connected your server, and it shows up in the Azure portal. You now need to add the port to your server, for that you can run the following command on your server.

Enable the SSH capability on the Arc-enabled servers

Run the following in an elevated terminal on the Arc-enabled server:

azcmagent config set incomingconnections.ports 22<,other open ports,…>

Note: If you would like to use a custom port for the SSH connection, change the above command to use the custom port.

To view existing ports

azcmagent config list

Linux Server Azure Arc SSH setup
Linux Server Azure Arc SSH setup

Create default connectivity endpoint

Run the following commands for each of your Azure Arc enabled servers, replace subscription, resource group, and arc enabled server name.

az rest --method put --uri https://management.azure.com/subscriptions/<subscription>/resourceGroups/<resourcegroup>/providers/Microsoft.HybridCompute/machines/<arc enabled server name>/providers/Microsoft.HybridConnectivity/endpoints/default?api-version=2021-10-06-preview --body '{\"properties\": {\"type\": \"default\"}}'

az rest --method get --uri https://management.azure.com/subscriptions/<subscription>/resourceGroups/<resourcegroup>/providers/Microsoft.HybridCompute/machines/<arc enabled server name>/providers/Microsoft.HybridConnectivity/endpoints/default?api-version=2021-10-06-preview

Install and update the Azure CLI extension

On the client, you will need to add or update the Azure CLI SSH extension.

Add Az CLI SSH extension

az extension add --name ssh

Update Az CLI SSH extension

az extension update --name ssh

Optional: Enable Azure AD login on Linux

You can also use Azure AD to log in to the Linux server. For that, you can simply run the following command on your Linux machine

sudo apt-get install aadsshlogin

sudo apt-get install aadsshlogin
sudo apt-get install aadsshlogin

To enable the Azure AD user or group to log in you need to follow the “Configure role assignments for the VM” instructions on the AAD Login for Linux documentation.

Configure role assignments Azure RBAC
Configure role assignments Azure RBAC

SSH connect to Azure Arc enabled servers using the Azure CLI

Now after you have done that setup and have the right version of the Azure CLI SSH extension, you can now SSH connect to your Azure Arc enable server. Now you have multiple options, depending on how you want to connect. You can learn more by running: az ssh arc --help.

Give a resource group and Arc Server Name to SSH using AAD issued certificates

az ssh arc --resource-group myResourceGroup --vm-name myArcServer

az ssh arc connect using Azure AD
az ssh arc connect using Azure AD

Give the Resource ID of an Arc Server to SSH using AAD issued certificates

az ssh arc --resource-id /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.HybridCompute/machines/myArcServer

Using a custom private key file

az ssh arc --resource-group myResourceGroup --vm-name myArcServer --private-key-file key --public-key-file key.pub

Give a local user name to SSH to a local user using certificate-based authentication

az ssh arc --resource-group myResourceGroup --vm-name myArcServer --certificate-file cert.pub --private-key key --local-user name

Give a local user name to SSH to a local user using key-based authentication

az ssh arc --resource-group myRG --vm-name myVM --local-user name --private-key-file key

Give a local user name to SSH to a local user using password-based authentication

az ssh arc --resource-id /subscriptions/mySubsription/resourceGroups/myRG/providers/Microsoft.HybridCompute/machines/myArcServer --local-user username

Azure Arc SSH Access local User
Azure Arc SSH Access local User

If you want to learn more check out Microsoft Docs and the Azure CLI help command.

az ssh arc --help
az ssh arc –help

Conclusion

For more information check out the documentation page here on Microsoft Docs. I hope this provides you with a great overview of how you can manage and SSH access your Linux and Windows Servers anywhere using Azure Arc. If you have any questions, feel free to leave a comment.



ITOps Talks All Things Hybrid

Speaking at ITOps Talks – All Things Hybrid

I am sure you might already have heard of our upcoming event called ITOps Talks – All Things Hybrid starting February 2nd. ITOps Talks – All Things Hybrid is an initiative of our Cloud Advocacy AzOps team, to bring you Hybrid Cloud deep dive sessions from your favorite speakers and program managers at Microsoft. You can learn directly from the people behind the products how you can make your on-premises environment better using build-in technologies in Windows Server, Microsoft Azure, and many more!

Now, you might think, not again another online event where I need to wait for the sessions coming up. Well, we do things a little differently. On February 2nd, we will have a keynote by no one else than Microsoft Azure CTO (Chief Technology Officer) Mark Russinovich. After that all the deep-dive sessions are becoming available on-demand, so you can watch them when you have time for it. But how about Q&A? To also allow you not only to watch these sessions but also to interact with others and ask your questions, we have set up a community discord server, where you will have channels for all the different sessions to ask questions. In addition to that, we will also host live Q&As with the speakers a week later.

There is no need for registration to attend this event. However, you might want to make sure you don’t miss it! Here’s a handy landing page where you can quickly/conveniently download an iCal reminder for the Europe/Eastern NorthAmerica livestream OR Asia Pacific/Western NorthAmerica livestream.

The ITOps Talks – All Things Hybrid Keynote

Mark Russinovich was an obvious choice to ask. As a Technical Fellow and CTO of Azure paired with his deep technical expertise in the Microsoft ecosystem – Mark brings a unique perspective to the table. He’s put together this exclusive session about Microsoft Hybrid Solutions and has agreed to join us for a brief interview and live Q&A following the keynote. I’ve had a quick peek at what he has in store for us and I’m happy to report: it’s really cool.

Mark Russinovich Microsoft Azure CTO Keynote

You can find out more about Mark Russinovich’s keynote here.

ITOps Talks – Sessions

As promised, for the ITOps Talks – All Things Hybrid event, we have a list of awesome speakers who will provide deep-dive sessions on some of our best Hybrid Cloud technologies, which will help you to make your hybrid and multi-cloud environment even better!

ITOps Talks Speakers

Check this out the list of ITOps Talks sessions:

OPS101 – Securing your Hybrid environment Part 1 – Azure Security Center
Sarah Young (@_sarahyo) – Sr. Program Manager
Now more than ever, organizations are challenged with keeping their employees productive working remotely and interacting with their customers over digital channels. At the same time there has been an increase in evolving digital security threats as bad actors recognize an opportunity to disrupt your business. Moreover, security resources are stretched, and prioritization is important.

OPS103 – Securing your Hybrid environment Part 2 – Azure Sentinel
Sarah Young (@_sarahyo) – Sr. Program Manager
Sit down with Azure Sentinel Sr. PM Sarah Young to discuss new features, functionality, and best practices on harnessing the AI enabled security solution.

OPS104 – Securing SMB from within and without
Ned Pyle (@nerdPyle) – Principal Program Manager
Learn specific strategies to secure SMB from lateral movement and external interception attacks! Watch interesting demos of the steps you can take to protect your organization! See the often unpredictable Ned Pyle struggle to be professional on camera!

OPS105 – Virtualized and Hybrid Backup Deep Dive
Ben Armstrong (@vBenArmstrong) – Principal Program Manager
Ben Armstrong does a deep dive on Virtualized and Hybrid Backup

OPS106 – How to be an AD Hybrid Health Hero
Mark Morowczynski (@markmorow) – Principal Program Manager, Grace Picking – Program Manager
Once you’ve connected your identity to Azure AD, how do you ensure it continues to function as expected? In this session, you’ll learn how to keep your hybrid identity environment healthy, across different Active Directory and Azure Active Directory scenarios.

OPS107 – Hybrid as a management plane
Jeff Woolsey (@WSV_GUY)- Principal Program Manager
Jeff, Orin & Sonia discuss how cloud makes on-prem environments better, including cloud tiering & management tools, and what the future looks like for IT Pros.

OPS108 – Windows Authentication Internals in a Hybrid World
Steve Syfuhs (@SteveSyfuhs) – Senior Software Engineer
Have you ever wondered what happens when you type your password into Windows? With the cloud becoming a major part of our world, we find ourselves having to talk to both on-premises and cloud-native resources, which dramatically affects what happens when you do type your password into Windows. Follow along as Steve Syfuhs gives a guided tour of how Windows handles logons internally and secures your authentication in a hybrid world.

OPS109 – Getting started with Azure Kubernetes Service (AKS) on Azure Stack HCI
Matt McSpirit (@mattmcspirit) – Senior Program Manager
In this session, you’ll learn about the new Azure Kubernetes Service on Azure Stack HCI, how you can use it to run your containerized Windows and Linux apps, how it integrates with Azure, and how it provides the best platform to run additional Azure services, including Arc-enabled Data Services. This will help you to modernize your existing applications on our Azure Stack HCI Hybrid Cloud Platform

OPS101 – Windows Virtual Desktop Road Map Deep Dive
Tom Hickling (@tomhickling) – WVD Global Black Belt
Dive into the forthcoming WVD roadmap and how it can help be part of your hybrid cloud strategy.

OPS111 – Learn the 5 key areas to consider for your hybrid workloads
David Kurth (@TheDaveKurth) – Senior Product Marketing Manager
In this whiteboard session (after a few slides for context), we will discuss the 5 key areas of any hybrid cloud workload, connectivity, application, data, identity, security & management.

OPS112 – Azure Stack HCI Hybrid is built-in: How does it really work?
Kerim Hanif (@kerimhanif) – Senior Program Manager
Ready to deploy Azure Stack HCI, the new hyperconverged infrastructure operating system delivered as an Azure service? Join this session to learn everything you need to know about how Azure Stack HCI’s hybrid connectivity works. Is it hard to register? (Hint: no.) Is there an agent? (Hint: no.) Does Azure see my VMs and their data? (Hint: no.) Do I need to open my firewall to freely allow Internet traffic? (Hint: no.) All these answers and more.

OPS113 – From WS2008 to Azure with containers – An Ops view on how to modernize existing applications with Windows Admin Center
Vinicius Apolinario (@vrapolinario) – Senior Program Manager
ITPros around the globe are trying to figure out how to modernize existing applications. End of Support for Windows Server 2008, how to move applications to the cloud, and how to leverage new technologies such as Kubernetes have become a daunting process for Ops teams. In this session, we will cover how to containerize existing applications from the perspective of an ITPro. We will use tools that you are used to – such as Windows Admin Center to jumpstart your modernization process and show how to move an application from Windows Server 2008 to Azure Kubernetes Service.

OPS114 – Governing baselines such as STIG in hybrid server environments using Azure Policy Guest Configuration
Michael Greene (@migreene) – Principal Program Manager
Learn to use services in Azure to audit the state of servers across private and public clouds and upcoming plans to expand capabilities in this area.

OPS115 – Log Analytics workspace design deep dive
Meir Mendelovich (@MMendelovich) – Principal Program Manager
in this session we will cover

  1. Proper Workspace design: resource-centric and RBAC.
  2. Resource-centric alerts.
  3. Enterprise features: Dedicated cluster, high scale, AZ, DE, CMK
  4. OneAgent, Query Packs and infrastructure as code
  5. Workspace data Export and proper data placement
  6. Workspace Optimization

OPS116 – Monitoring and Responding to alerts in hybrid environments using Azure Monitor
Erik Namtvedt (@ErikN_MSFT) – Senior Service Engineer
A deep dive of the framework Microsoft Retail has leveraged over the last 3-4 years to monitor all their on-prem system, including in-store Video walls and others. It’s based on Azure Public-Offering technologies. It leverages Application Insights, OMS (SCOM too), Log Analytics, Azure Storage (Blob/Tables), Azure Automation, and PowerShell.

OPS117 – PowerShell Deep dive
Joey Aiello (@joeyaiello) – Senior Program Manager
We will use this time to take a deep dive on migrating\adapting old PowerShell scripts from previous versions and making them work in PowerShell 7 and PowerShell Core.
We’ll also take a serious look at secret management with PowerShell to avoid the ever annoying problem of hardcode creds or use prompts.

OPS118 – Deep dive on Onboarding customers into Lighthouse
Archana Balakrishnan (@Archun0505) – Principal Program Manager
In this session we will demystify the intricacies of onboarding customers in Azure Lighthouse from a service provider’s perspective – soup to nuts.

OPS119 – Databases are cattle too! Running highly available databases consistently on any infrastructure using Arc data services
Travis Wright (@radtravis) – Principal Group Program Manager
Have you heard people say ‘containers or Kubernetes is not for databases’? Let me show you how that is definitely not the case in 2021. Kubernetes provides an abstraction layer over any infrastructure and an orchestration engine that powers Arc enabled data services so DevOps, DBAs, and developers can provision and manage highly available SQL and PostrgreSQL database instances on any infrastructure – on-prem, AWS, or Google. In this session, I’ll dive deep into the technical weeds with nearly 100% demos that show you exactly how it all works and you can manage it all with GUI, CLI, Azure-native tools, or Kubernetes-native tools.

OPS121 – Modernize how you manage hybrid servers with Azure Arc
Ryan Puffer – Senior Program Manager
Think the cloud is just for things that are…in the cloud? Come learn how you can use Azure Arc to simplify IT operations across your entire fleet, no matter where your servers run. We’ll start with a deep dive into the architecture and benefits of Azure Arc followed by a demonstration of how Azure Arc can help you monitor, secure, and simplify management of a multi-tier on-premises application.

You can find out more about the agenda here.

Conclusion

I was recording sessions within the last couple of weeks and days, and trust me I can wait for you to see them! So make sure you block your calendars and join us for our ITOps Talks All Things Hybrid starting February 2nd! I know that the whole team has worked very hard to provide you with some awesome sessions!

The AzOps Team

If you have any questions, feel free to leave a comment or ping us with a tweet using the #AzOps hashtag on Twitter. I hope you will enjoy ITOps Talks All Things Hybrid!



Windows Server 2019

Which Windows Server 2019 Installation Option should I choose?

Windows Server 2019 will bring several installation options and tuning options for virtual machines, physical servers as well as container images. In this blog post, I want to give an overview of the different installation options of Windows Server 2019.

To compare the different Windows Server 2019 editions, check out the Microsoft Docs.

Installation Options for Windows Server 2019 Physical Servers and Virtual Machines

As always, you can install Windows Server 2019 in virtual machines or directly on physical hardware, depending on your needs and requirements. For example, you can use Windows Server 2019 as physical hosts for your Hyper-V virtualization server, Container hosts, Hyper-Converged Infrastructure using Hyper-V and Storage Spaces Direct, or as an application server. In virtual machines, you can obviously use Windows Server 2019 as an application platform, infrastructure roles or container host. And of course, you could also use it as Hyper-V host inside a virtual machine, leveraging the Nested Virtualization feature.

Installation OptionScenario
Windows Server CoreServer Core is the best installation option for production use and with Windows Admin Center remote management is highly improved.
Windows Server Core with Server Core App Compatibility FODWorkloads, and some troubleshooting scenarios, if Server Core doesn’t meet all your compatibility requirements. You can add an optional package to get past these issues. Try the Server Core App Compatibility Feature on Demand (FOD).
Windows Server with Desktop ExperienceWindows Server with Desktop Experience is still an option and still meets like previous releases. However, it is significantly larger than Server Core. This includes larger disk usage, more time to copy and deploy and larger attack surface. However, if Windows Server Core with App Compatibility does not support the App, Scenario or Administrators still need the UI, this is the option to install.



ThomasMaurer HTTPS

ThomasMaurer.ch now forcing https SSL encryption

Well this time it is just a small post about this blog here. ThomasMaurer.ch is available using SSL encryption (https) for quite a while, it was available for most of the content but it was not forced and not all of the content was available through SSL. This has changed a couple of days ago. ThomasMaurer.ch is now not only reachable using https, it is also forced to use https://www.thomasmaurer.ch.

This has several reasons, but mostly it should protect your data while visiting my website.

Since this was not as easy as you might think, there could be still some issues with the site. If you find any issues or have any problems accessing the site, leave a comment or use the contact form to contact me.



5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.

Architecture

The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers

Impressions

5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.

5nine-switch-extension

 

Conclusion

Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.

 

 



System Center Universe Europe 2014

My sessions from System Center Universe Europe 2014 available on Channel9

As I already posted I was presenting at System Center Universe Europe 2014 (SCU Europe) in Basel this year. Microsoft now made the recordings available on Channel9 and you can now watch them for free.

Disaster Recovery with Azure Site Recovery

Together with Michel Lüscher (Architect at Microsoft) I was showing how you can deploy a fully automated Disaster Recovery solution based on Microsoft Hyper-V Replica, System Center Virtual Machine Manager and Windows Azure Hyper-V Recovery Manager.

Software Defined Networking – Comparison of different solutions

Together with Walter Dey (Former Cisco Distinguished Engineer) I held the session about different SDN (Software Defined Networking) solutions on the market. This session will provide an overview about Software-Defined Networking and compare different solutions such as Microsoft Hyper-V Network Virtualization based on NVGRE and Cisco VXLAN and VMware NSX.



Configuring IIS for Silverlight Applications

You can simply add Silverlight support to your IIS6 webserver running on Windows Server 2003.

To enable IIS 6.0 in Windows Server 2003 or IIS7 in Windows Vista RTM with the appropriate MIME Types, add:

  • .xap     application/x-silverlight-app
  • .xaml    application/xaml+xml
  • .xbap    application/x-ms-xbap

Adding MIME Types by a simple VB script:

  • Here is a VBS script you could run to enable each of these types:


Const ADS_PROPERTY_UPDATE = 2
'
if WScript.Arguments.Count < 2 then
WScript.Echo "Usage: " + WScript.ScriptName + " extension mimetype"
WScript.Quit
end if
'
'Get the mimemap object.
Set MimeMapObj = GetObject("IIS://LocalHost/MimeMap")
'
'Get the mappings from the MimeMap property.
aMimeMap = MimeMapObj.GetEx("MimeMap")
'
' Add a new mapping.
i = UBound(aMimeMap) + 1
Redim Preserve aMimeMap(i)
Set aMimeMap(i) = CreateObject("MimeMap")
aMimeMap(i).Extension = WScript.Arguments(0)
aMimeMap(i).MimeType = WScript.Arguments(1)
MimeMapObj.PutEx ADS_PROPERTY_UPDATE, "MimeMap", aMimeMap
MimeMapObj.SetInfo
'
WScript.Echo "MimeMap successfully added: "
WScript.Echo " Extension: " + WScript.Arguments(0)
WScript.Echo " Type: " + WScript.Arguments(1)

  • If you copy and paste the code above into a VBS file and save it as ADDMIMETYPE.VBS the syntax to add each type would be:

ADDMIMETYPE.VBS .xap application/x-silverlight-app ADDMIMETYPE.VBS .xaml application/xaml+xmlADDMIMETYPE.VBS .xbap application/x-ms-xbap

or you could add it very simple over the IIS Manager.