Category: Virtualization

Ping Azure VM Public IP address

How to enable Ping (ICMP echo) on an Azure VM

This is just a very quick blog post because I got the question from a couple of people. In this blog post want to show you how you can enable ping (ICMP) on a public IP address of an Azure virtual machine (VM). First, just let me say that assigning a public IP address to a virtual machine can be a security risk. So if you do that, make sure you know what you are doing. If you need admin access to virtual machines only for a specific time, there are services like Azure Just-in-Time VM Access (JIT) and Azure Bastion you should have a look at. Now back to the topic, Azure by default denies and blocks all public inbound traffic to an Azure virtual machine, and also includes ICMP traffic. This is a good thing since it improves security by reducing the attack surface.

Azure Network Security Group Port Rules Deny All Inbound Traffic to Azure VM

Azure Network Security Group Port Rules Deny All Inbound Traffic to Azure VM

This also applies to pings or ICMP echo requests sent to Azure VMs.

Ping Azure VM failed

Ping Azure VM failed

However, if you need to access your application from a public IP address, you will need to allow the specific ports and protocols. The same applies to the ICMP (Internet Control Message Protocol) protocol. The ICMP protocol is typically used for diagnostic and is often used to troubleshoot networking issues. One of the diagnostic tools using ICMP is ping, which we all know and love.

What do I need to do to be able to ping my Azure virtual machines (VMs)

Overall we need to do two main steps:

Configure Network Security Group (NSG) to allow ICMP traffic

So here is how you enable or allow ping (ICMP) to an Azure VM. Click on add a new inbound port rule for the Azure network security group (NSG).

Enable Ping ICMP in a NSG on an Azure VM

Enable Ping ICMP in an NSG on an Azure VM

Change the protocol to ICMP. As you can see, you can also limit the sources which can make use of that rule, as well as change the name and description. You can also use the following Azure PowerShell commands to add the inbound security rule to your NSG.

Get-AzNetworkSecurityGroup -Name "AzureVM-WIN01-nsg" | Add-AzNetworkSecurityRuleConfig -Name ICMP-Ping -Description "Allow Ping" -Access Allow -Protocol ICMP -Direction Inbound -Priority 100 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange * | Set-AzNetworkSecurityGroup
Configure Network Security Group PowerShell

Configure Network Security Group PowerShell

Set up the operating system to answer to Ping/ICMP echo request

If you haven’t already configured the operating system that way, you will need to allow ICMP traffic, so the operating system response to a ping. On Windows Server, this is disabled by default, and you need to configure the Windows Firewall. You can run the following command to allow ICMP traffic in the Windows Server operating system. In the Windows Firewall with Advanced Security, you can enable the Echo Request – ICMPv4-In or Echo Request ICMPv6-In rules, depending on if you need IPv4 or IPv6.

Windows Firewall Enable Ping

Windows Firewall Enable Ping

You can also run the following command to do that:

# For IPv4
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol="icmpv4:8,any" dir=in action=allow
 
#For IPv6
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol="icmpv6:8,any" dir=in action=allow

After doing both steps, you should be able to ping your Azure Virtual Machine (VM) using a public IP address.

Ping Azure VM Public IP address

Ping Azure VM Public IP address

I hope this helps you be able to ping your Azure VMs. If you have any questions, please let me know in the comments.



Run Windows Admin Center on Windows Server Core

Run Windows Admin Center on Windows Server Core

Windows Admin Center is a locally deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs. If you ever asked yourself if Windows Admin Center (WAC) runs on Windows Server Core, the answer is yes. Run and install Windows Admin Center on Windows Server Core, simply copy the MSI installer to the Windows Server, or download it directly. If you are running Windows Server in a Hyper-V virtual machine, PowerShell Direct and be very handy to copy files using the VMBus from the Hyper-V host to the virtual machine.

Copy Windows Admin Center MSI to Windows Server Core VM PowerShell Direct

Copy Windows Admin Center MSI to Windows Server Core VM PowerShell Direct

Download Windows Admin Center (WAC) from here. You can simply use the following commands on your Hyper-V host to copy a file using PowerShell Direct.

$cred = Get-Credential
$s = New-PSSession -VMName WindowsServerInsider -Credential $cred
Copy-Item -Path .\WindowsAdminCenterPreview1908.msi -ToSession $s -Destination "C:\Users\Administrator"

Now you can run the MSI installer for Windows Admin Center. There is also an unattended option for WAC on Windows Server Core. You can find more about installing WAC here.

Install Windows Admin Center on Windows Server Core

Install Windows Admin Center on Windows Server Core

After the installation has finished you can now remotely access the Windows Admin Center web portal form your workstation. However, if you install the new Microsoft Edge Insider Preview, which runs on Windows Server Core as well. You can access the console form your local machine. Don’t do that in production, but it is great if you are running demos or you need to troubleshoot the installation.

Install Microsoft Edge on Windows Server Core

Install Microsoft Edge on Windows Server Core

You can download the Microsoft Edge Insider from here. Thanks to Jeff Woolsey for the tip.

If you want to know more about Windows Admin Center check out my blog post and the Microsoft Docs. If you have any questions, please let me know in the comments. By the way, also make sure that you check out the Windows Admin Center Hybrid features, which allows you to easily connect Azure services.



Windows Subsystem for Linux 2 WSL2 on Windows Server

How to Install WSL 2 on Windows Server

A couple of months ago Microsoft announced the Windows Subsystem for Linux 2 (WSL 2), which is a successor of the Windows Subsystem for Linux shipped a couple of years ago. WSL 2 is currently available for Windows Insiders running Windows 10 Insider Preview Build 18917 or higher and with the Docker Tech Preview, you can now even run Docker Linux Container directly on WSL 2. With the latest Windows Server Insider Preview build 18945, you are also able to run WSL 2 on Windows Server. In this blog post, I am going to show you how you can install the Windows Subsystem for Linux 2 (WSL 2) on Windows Server. The Windows Subsystem for Linux was already available in earlier versions of Windows Server; however, WSL 2 brings a lot of new advantages.

The Windows Subsystem for Linux was in Windows 10 for a while now and allowed you to use different versions of Linux on your Windows 10 machine. With WSL 2, the architecture will change drastically and will bring increased file system performance and full system call compatibility. WSL 2 is now using virtualization technology (based on Hyper-V) and uses a lightweight utility VM on a real Linux kernel. You can find out more about WSL 2 in the release blog or on the Microsoft Docs Page for WSL 2.

Install Windows Subsystem for Linux 2 (WSL 2) on Windows Server

Here is how you can install WSL 2 on Windows Server.

Prerequisites:

After you have installed a new Windows Server with the Windows Server Preview build, you will need to add the following features:

  • Microsoft-Windows-Subsystem-Linux
  • VirtualMachinePlatform

To enable these features, run the following command:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
 
Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform

These commands will need a restart to complete.

Windows Subsystem for Linux 2 WSL2 on Windows Server

Windows Subsystem for Linux 2 (WSL2) on Windows Server

Now you can install your Linux distribution which is available in WSL. You can also find the links to the Linux distro packages here: WSL distro packages. In my case, I am going to use Ubuntu 18.04, which is currently working with WSL 2.

Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1804 -OutFile ~/Ubuntu1804.zip -UseBasicParsing
md C:\Distros\Ubuntu1804
Expand-Archive ~/Ubuntu1804.zip C:\Distros\Ubuntu1894

Before you start and configure your WSL distro, I recommend that you set the WSL default version to 2. This will make the setup of your distro much faster.

wsl --set-default-version 2

Now you can start ubuntu.exe to run WSL.

C:\Distros\Ubuntu1894\ubuntu1804.exe

I hope this gives you a step-by-step guide on how you can install WSL 2 on Windows Server. Remember this is currently in preview, and not for production use. If you want to install the Windows Subsystem for Linux on Windows Server 2019, check out this blog post: Install Windows Subsystem for Linux on Windows Server.



Create Azure Dedicated Host

Azure Dedicated Host for your Azure VMs

Last week Ziv Rafalovich, Principal Program Manager in the Azure Compute team, announced the Azure Dedicated Host Public Preview. Azure Dedicated Host is a new Azure service which enables customers to run Windows and Linux virtual machines on single dedicated physical servers. Usually, the Azure host is used by multiple tenants, and the virtual machines are isolated using a multi-tenant hypervisor, with Azure Dedicated Host, the physical server only runs workloads from one tenant/customer. This gives customers the visibility and control on what physical hardware their virtual machines are running, and it allows to address corporate compliance and regulatory requirements.

Azure Dedicated Host Preview provides physical servers that host one or more Azure virtual machines. Your server is dedicated to your organization and workloads—capacity isn’t shared with other customers. This host-level isolation helps address compliance requirements. As you provision the host, you gain visibility into (and control over) the server infrastructure, and you determine the host’s maintenance policies.

You can find more information on Azure.com.

Azure Dedicated Host scenarios

The Azure Dedicated Host offers a couple of benefits and enables some new scenarios.

  • Host-level isolations for compliance requirements
  • Visibility and control over the server infrastructure to manage host maintenance policies, load on the server, fault domain count.
  • You get control over the full performance and capacity from a single Azure host which is not shared with other customers.
  • You get the advantage of unlimited virtualization for Windows Server and SQL Server with Azure Dedicated Hosts using the Azure Hybrid Benefit.

If you need these scenarios, then the Azure Dedicated host is an excellent option for you. However, if you don’t need them, you are more flexible with the shared Azure virtual machine experience.

Licensing and Pricing

Dedicated Hosts are charged at the host level and not on the number of Azure VMs you run on the host. However, software licenses are billed separately from compute resources at a VM level based on usage. There are no upfront costs or termination fees. Currently, the Azure Dedicated Host is a pay-as-you-go service, and you only pay for what you need.

You will have different dedicated host types and VM series/families available. During the preview period, you will be able to choose between Dsv3, Esv3, and Fsv2 VM series.

Dedicated Host Typ 1

Dedicated Host Type 1 is based on the 2.3 GHz Intel Xeon® E5-2673 v4 (Broadwell) processor and can achieve up to 3.5 gigahertz (GHz). Type 1 host has 64 available vCPUs.

    • Dsv3 Series
    • Esv3 Series

Dedicated Host Type 2

Dedicated Host Type 2 is based on the Intel Xeon® Platinum 8168 (Skylake) processor, which can achieve maximum single-core clock speeds of 3.7 GHz and sustained all core clock speeds as high as 3.4GHz with the Intel Turbo Boost Technology 2.0. Type 2 host has 72 available vCPUs.

    • Fsv2 Series

Dedicated Host configuration table

This is the Dedicated Host configuration table during the Public Preview. This might change later, and you can find the current pricing information on Azure.com.

Azure Dedicated Host configuration table

Azure Dedicated Host configuration table

Additional cost reduction

You can use your on-premises Windows Server and SQL Server licenses with Software Assurance benefits, or subscriptions with equivalent rights, when you migrate your workloads to Dedicated Host (Azure Hybrid Benefit).  Different the before is that with the dedicated host you get unlimited virtualization rights for Windows Server and SQL Server. For more information on the updated Microsoft licensing terms for dedicated hosted cloud services, check out this blog post. With this running Windows Server 2019 in Azure becomes even more attractive.

We are also expanding Azure Hybrid Benefit so you can take advantage of unlimited virtualization for Windows Server and SQL Server with Azure Dedicated Hosts. Customers with Windows Server Datacenter licenses and Software Assurance can use unlimited virtualization rights in Azure Dedicated Hosts. In other words, you can deploy as many Windows Server virtual machines as you like on the host, subject only to the physical capacity of the underlying server. Similarly, customers with SQL Server Enterprise Edition licenses and Software Assurance can use unlimited virtualization rights for SQL Server on their Azure Dedicated Hosts.

You’ll also get free extended security updates for Windows Server and SQL Server 2008 and 2008 R2.

Azure Reserved VM Instances are not available for purchase during the preview on Azure Dedicated Host.

Deploy VMs to an Azure Dedicated Hosts

To deploy a new Azure Dedicated Host, we first need to create a host group. After that, we can add hosts to this group, which will be used for our Azure virtual machines. In this blog post, I am going to show you how you can deploy a new host and after that, how you deploy Azure VMs on that host using the Azure portal. If you want to know more and if you want to see how you do this using Azure PowerShell, an Azure Resource Manager (ARM) template or the Azure CLI, check the Microsoft Docs.

Create a host group

Azure Host Groups

Azure Host Groups

You can find a new Azure resource called Host Group. Create a host group and configure the host group with specific settings like availability zones and fault domain count.

"<yoastmark

Deploy an Azure Dedicated Host

Azure Dedicated Hosts

Azure Dedicated Hosts

After you have created your host group, you can start creating new hosts and add them to your host group.

  • Select the location (region) of the host
  • Select the dedicated host VM family and hardware generation. You will only be able to provision VMs on this host in the same VM family. During the preview, we will support the following host SKU values: DSv3_Type1 and ESv3_Type1.
  • Configure the fault domain for the host.
  • Enable or disable of automatically replacing the host on a failure.
  • Configure cost savings like the Azure Hybrid Benefit.
Create Azure Dedicated Host

Create Azure Dedicated Host

Your host will be deployed in a couple of minutes. Important, your Azure subscription will need to have enough resources (CPU/Cores) enabled. Some subscriptions are limited to a specific amount of cores you can deploy in your subscription, in that case, you will need to open a support ticket, to raise the number of cores available in your subscription.

Create a VM

Now you can create a virtual machine on the Azure Dedicated Host. There area few things to consider about that VM. First, make sure the VM is created in the region you have created the host. Secondly, choose a virtual machine size of the VM family you had configured when you created the host.

During the creation process, you will find the section Host in the Advanced tab. Here you can select your host group and your host where the VM will be deployed on.

For more information, check out the Microsoft Docs.

Conclusion

The Azure Dedicated Host service enables new scenarios and addresses, especially customers with host-level isolations for compliance requirements. It makes the Azure IaaS platform even more exciting, and together with Azure Migrate, you can quickly move your virtual machines to Azure. If you have any questions, feel free to leave a comment.



Techmentor 2019 Redmond

Speaking at Techmentor 2019

I am currently on the Microsoft Redmond campus for some internal meetings and training, during the same time, there will be the Techmentor 2019 Microsoft HQ conference in Redmond. I am happy to announce that I will be one of the speakers during that conference. Since I am already on the Microsoft campus it is great to take some time to speak about some cool Azure things. Techmentor 2019 is a 5-day conference from August 5-9, 2019 on the Microsoft Headquarters in Redmond.

My Sessions at Techmentor 2019

I will be delivering two sessions about Cloud Shell and Azure Stack, as well as being part of a panel discussion.

A Look into the Hybrid Cloud Lifestyle of an Azure Stack Operator

Microsoft released Azure Stack as an Azure appliance for your datacenter. Learn what Azure Stack is, what challenges it solves, how you deploy, manage and operate Azure Stack in your datacenter. Learn about the features and services you will get by offering Azure Stack to your customers and how you can build a true Hybrid Cloud experience. In this presentation, Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations and experiences during the Azure Stack Early Adaption Program and Azure Stack Technology Adoption Program (TAP). You will learn: How to integrate Azure Stack into your Datacenter How to operate Azure Stack and how it is managed How to troubleshoot Azure Stack installations

Mastering Azure Using Cloud Shell, PowerShell, and Bash!

Azure can be managed in many different ways. Learn your command line options like Azure PowerShell, Azure CLI and Cloud Shell to be more efficient in managing your Azure infrastructure. Become a hero on the shell to manage the cloud!

You will learn:

What cloud Shell is
Some new things in PowerShell Az
Tips and tricks on Azure command line options

Supercharging Hyper-V with quantum computing

Okay, I am not really talking about quantum computing, but hey there are some cool features in Hyper-V you should definitely know about! In this session, Thomas Maurer will talk about “hidden” Hyper-V features everyone should know about. This covers different features for Hyper-V on Windows Server as well as on Windows 10, like Containers, Windows Sandbox, WSL 2, VM Gallery and much more. Be prepared for a lot of demos!

Panel Discussion: The Future of IT

If something is certain in IT it’s change. With the current pace of getting new operating system versions twice a year and keeping the management tools around them up to date it’s no wonder one feels a little dizzy with the amount of things to learn. Take this opportunity to hear from industry experts what is most important to focus on and how to deal with this rapid change in real life. The panel includes experts on multiple technologies and topics and will include a Q&A portion to get all your questions answered.

Want to experience IT training at the mothership? Join TechMentor this August as it heads to Microsoft Headquarters for a full week of training, featuring our NEW full-day Hands-On Labs. I hope to see you there!



Docker Desktop WSL 2 Tech Preview

Run Linux Containers with Docker Desktop and WSL 2

Today, Docker launched the first Tech Preview of the Docker Desktop WSL 2. This means you can now use Docker Desktop and the Windows Subsystem for Linux 2 (WSL2) which is using the hypervisor in the background to run Linux containers on Windows 10. With the significant changes to the Windows Subsystem for Linux 2, you can now take advantage of these improvements with your Docker Desktop client.

Docker Desktop WSL 2 is currently in Tech Preview, and it also requires the Windows 10 Insider Preview builds. That means you should only use for not production environments.

WSL 2 introduces a significant architectural change as it is a full Linux kernel built by Microsoft, allowing Linux containers to run natively without emulation. With Docker Desktop WSL 2 Tech Preview, users can access Linux workspaces without having to maintain both Linux and Windows build scripts.

Docker Desktop also leverages the dynamic memory allocation feature in WSL 2 to greatly improve the resource consumption. This means, Docker Desktop only uses the required amount of CPU and memory resources, enabling CPU and memory-intensive tasks such as building a container to run much faster.

You can find more information about the Tech Preview here.

Prerequisites

To run the Docker Desktop WSL 2 Tech Preview, you will need to set up the Windows Subsystem for Linux 2 (WSL 2) first. You can do that using the following guide, or follow these steps:

Install Windows 10 Insider Preview build 18932 or later.

Install the Windows WSL feature and the Windows Virtual Machine Platform feature running the following commands:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
 
Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform

Download WSL Linux distribution based on Ubuntu 18.04 from the Microsoft Store. You can read more about Linux on Windows 10 here. The distribution needs to be set as the default WSL distro.

Enable Virtual Machine Platform

Enable Virtual Machine Platform

Make sure that the WSL distro is running in WSL 2 mode. You can check the list of distros installed on your Windows 10 machine, with the following PowerShell command:

wsl -l -v

To set the distro to WSL 2, you can run the following command. Change the name of the distro:

wsl --set-version DistroName 2
Install WSL 2

Install WSL 2

To find out more about installing WSL 2, check out the Microsoft Docs page.

How to set up Docker and WSL 2

First, you will need to download the Docker Desktop WSL 2 Tech Preview here. Make sure you already configured all the WSL 2 steps described in the prerequisites, before you install the Docker WSL 2 Tech preview. If you are prompted if you want to use Linux containers or Windows containers during the installation, select Windows containers. If you choose Linux containers, you will have the classic Docker experience with a Hyper-V VM.

Docker Desktop WSL 2 Tech Preview Menu

Docker Desktop WSL 2 Tech Preview Menu

Run the installation wizard, and after a successful installation, the Docker Desktop menu displays the WSL 2 Tech Preview option. You can select WSL 2 Tech Preview from that menu to start and configure the daemon running WSL 2.

Docker Desktop WSL 2 Tech Preview

Docker Desktop WSL 2 Tech Preview

You can switch between the classic daemon or the Windows Subsystem for Linux 2 with the following commands:

# Switch to classic deamon
 
docker context use default
 
# Switch to WSL 2
 
docker context use wsl
Linux Container on Windows 10

Linux Containers on Windows 10

You can now also do crazy things like run SQL Server on Linux in a Docker container on Windows 10.

SQL Server on Linux Docker Container Windows 10 WSL 2

SQL Server on Linux Docker Container Windows 10 WSL 2

I hope this gives you a good overview of how you will be able to run Linux containers on Windows in the future. Again this is still a Tech Preview, and we might see many changes to that feature. If you want to know more, read the full blog post on the Docker page. Also, check out the current Linux Container on Windows documentation. If you any questions, feel free to leave a comment.