Category: Web

Windows Server Insider Preview Build 17074

Sneak Peak of Windows Server 1803 (RS4) – Windows Server Insider Preview Build 17074

Yesterday, Microsoft announced a new Windows Server Insider Preview Build (17074) which will be released as the next Semi-Annual Channel release for Windows Server. This release will likely be called Windows Server 1803 (Codename: Restone 4), which is aligned to the Windows Client releases.

Microsoft talked about improvements in the next Windows Server releases and the investments in Containers and Storage Spaces Direct at Microsoft Ignite 2017, and we already got some early Windows Server Insider Preview builds to see what is coming next. The official list is not to big right now, but we can expect Microsoft to add and announce more features in the comment weeks and months.

What is new in Windows Server 1803 (RS4)

  • Storage Spaces Direct (S2D)
    • Microsoft adds Data Deduplication support Storage Spaces Direct and ReFS
    • Microsoft removed the requirement for SCSI Enclosure Service (SES) on the hardware, which enables more hardware to work with S2D
    • Storage Spaces Direct adds support for Persistent Memory (Storage Class Memory), which brings very fast and very low latency storage to S2D. The prices for this devices is still pretty high, but we can expect this to change in the future and we can also see them as a great use as caching devices.
    • Storage Spaces Direct now also supports Direct-connect SATA devices to AHCI controller, which also make more hardware work with S2D
    • CSV Cache is now enabled by default, which delivers an in-memory write-through cache that can dramatically boost VM performance, depending on your workload.
  • Failover Clustering
    • Azure enlightened Failover Cluster – This is a very exciting feature if you run Windows Server Failover Clusters in Microsoft Azure. This feature will let the Windows Server cluster know if there is Azure host maintenance going on and will exclude the specific cluster node from placing workloads on it.

      By making high availability software running inside of an Azure IaaS VM be aware of maintenance events of the host, it can help deliver the highest levels of availability for your applications.

  • Container
    • Microsoft promised to add more Container feature and provide updated Windows Server Container Images. One feature which made it already into this and early Preview builds is a long waited feature which caused some confusion before. Developers can now use localhost or loopback (127.0.0.1) to access services running in containers on the host.
  • Other Improvements

As mentioned before we can expect Microsoft to add and announce new feature for the next Windows Server release in the next couple of weeks and months.

How to download the Windows Server Insider Preview

You can download the Windows Server Insider Previews from the Windows Server Insider Preview download page. If you are not yet an Insider, check out how to get one on the Windows Insider for Business portal.

Careful, this is pre-release software and it is not supported in production.

Test and Provide Feedback to Windows Server

For Microsoft it is very important that they get feedback about the latest releases. To send feedback use the Feedback Hub application in Windows 10, and choose the Server category with the right subcategory for your feedback.

 

 

 



Microsoft Edge Windows Defender Application Guard

Enable Windows Defender Application Guard on Windows 10 using PowerShell

A couple of days back I saw a tweet form Stefan Stranger (Consultant at Microsoft) which reminded me of a feature called Windows Defender Application Guard, which is included in Windows 10 Enterprise since the Fall Creators Update (1709). If you have never heard of Application Guard, you might want to check out this blog post: Introducing Windows Defender Application Guard for Microsoft Edge

Basically Windows Defender Application Guard starts Microsoft Edge in a Hyper-V Container and uses Hyper-V isolation. So if a user browses on a malicious site, the site is separate from the host operating system.

Application Guard Hardware Isolation

What is Windows Defender Application Guard and how does it work?
Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can’t get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can’t get to your employee’s enterprise credentials.

Source: Windows Defender Application Guard overview

Usually Windows Defender Application Guard is configured using a Enterprise devices management tool like System Center Configuration Manager, Microsoft Intune or another third-party tool. But if you want to use this on your standalone Windows 10 PC you can also do this using PowerShell.

The only thing you need to run this is:

  • Windows 10 Enterprise 1709 (Fall Creators Update) or higher
  • A computer which supports Hyper-V
    • A 64-bit computer with minimum 4 cores is required for hypervisor and virtualization-based security (VBS)
    • Extended page tables, also called Second Level Address Translation (SLAT)
    • One of the following virtualization extensions for VBS:
      • Intel VT-x
      • AMD-V
    • Microsoft recommends 8GB RAM for optimal performance
    • 5 GB free space, solid state disk (SSD) recommended
    • Input/Output Memory Management Unit (IOMMU) support is strongly recommended
  •  Microsoft Edge and Internet Explorer

Enable Windows Defender Application Guard using PowerShell

You can simply install Application Guard using the following command:

New Application Guard Windows in Microsoft Edge

This will reboot your computer and after this you will be able to open a new Microsoft Edge windows in Application Guard.

Microsoft Edge Windows Defender Application Guard

This does added some extra security, however it does not really protect against like the Meltdown and Spectre attacks.

Application Guard Virtual Machine Worker Process

If you have a look at the processes running on your computer you can now see that there is a new Virtual Machine Worker Process which is used by the Application Guard.

This is a great example how the Hyper-V isolation can not only be used for Hyper-V Virtual Machines but also other features like Hyper-V Containers or for example on the Xbox One.



Azure Cloud Shell

Azure Cloud Shell – shell.azure.com and in Visual Studio Code

Back in May Microsoft made the Azure Cloud Shell available in the Microsoft Azure Portal. Now you can use it even quicker by just go to shell.azure.com. First you login with your Microsoft account or Work and School account, and if your account is in multiple Azure Active Directory tenants, you select the right tenant and you will be automatically logged in. So even if you are on a PC where you can not install the Azure CLI or the Azure PowerShell module, you can still easily fire up a shell where you can run the Azure CLI, Azure PowerShell and other CLI tools like Docker, Kubectl, emacs, vim, nano, git and more.

In addition you can also open up Azure Cloud Shell directly from Visual Studio Code

Azure Cloud Shell Visual Studio Code

With that, enjoy your holidays and I wish you a good start in the new year!



Surface Precisiaon Mouse Box

Microsoft Surface Precision Mouse Review

Last week I got the Microsoft Surface Precision Mouse delivered. The Surface Precision Mouse will become the replacement mouse for my Microsoft Sculpt Mouse, which I used for the last couple of years. Now I want to give you some impressions about the Surface Precision Mouse, since I am very happy and very surprised about the feature set.

Surface Precision Mouse

First of all the Microsoft Surface Precision Mouse feels awesome, very high quality and it is very comfortable in your hand. It feels very precise and you get very quickly used to it.

Now let me write about some extra features you might didn’t know about. You first get a button to configure the scroll wheel in two different speeds, one feels very light and fast and the other one is slower and is more resistant, so you can choose what you like more and switch between them, depending on your task.

Microsoft Surface Percision Mouse Settings

Of course you get some extra buttons which you can customize with different shortcuts, for example to open the Windows 10 Tasks View or other applications. You can also customize the buttons depending on the application you are working with.

Surface Precision Mouse Bottom

By already having the perfect mouse, in terms of feeling, comfort, precision and customizability, you get a really cool extra feature. The Surface Precision Mouse gives you more multi-tasking power by allowing you to work seamlessly across up to three computers, supports both Bluetooth and wired USB connections. You can pair your Surface Precision Mouse with three different devices and you can manually switch between them with the button on the bottom of the mouse, or you can use something called Smart Switch.

Microsoft Surface Percision Mouse Smart Switch

Smart Switch on the Surface Precision Mouse can be enabled by using the Microsoft Mouse and Keyboard Center. It allows you to setup the workplace layout in the app and now you can move the cursor to the border of the screen and the mouse will seamlessly switch to the other device. So if you are working on your desktop and you have your notebook right next to it, you can easily move the mouse from one device to the other.

Overall I am super happy with the new device!

 

Surface Precision Mouse Specs

The mouse also works with Windows 7, Windows 10, Windows 8.1 and macOS devices as long as they support Bluetooth 4.0 or higher.

 
InterfaceUSB 2.1, Bluetooth® Low Energy 4.0/4.1/4.2Dimensions4.8 x 3.05 x 1.7 (122.6 mm x 77.6 mm x 43.3 mm)
Wireless Frequency2.4GHz frequency rangeWeight4.76 ounces (135 grams) including rechargeable batteries
Buttons6 buttons, including right and left click and scroll wheel buttonBatteryRechargeable lithium ion battery (included)
DesignErgonomic design with side gripsBattery LifeUp to 3 months
ScrollingSmooth or magnetic detent customizable horizontal and vertical scrolling1ColorGray


Windows Server Semi-annual Channel Overview

Windows Server – Semi-Annual Channel (SAC) vs Long-Term Servicing Channel (LTSC)

Update March 2018: Microsoft Updated some of the information about the use cases of the Semi-Annual Channel and the LTSC for Windows Server. In short the Semi-Annual Channel releases are focusing on Container innovation and the infrastructure feature and roles are now features and roles of the LTSC.

I was already blogging about the new Windows Server servicing options including the Long-Term Servicing Channel (LTSC) and the new Semi-Annual Channel (SAC) options. It seems that there is a lot of confusion about what the purpose and the advantages of the Semi-Annual Channel releases. With that blog post I will try to explain what both servicing options are and when which servicing option should be used. Especially since SAC releases, like Windows Server 1709, will only be available as Windows Server Core. Spoiler alert: Windows Server Semi-Annual Channel releases are not for everyone and everything.

Windows Server Long-Term Servicing Channel (LTSC)

The Long-term Servicing Channel is the release model you’re already familiar with (currently called the “Long-term Servicing Branch”) where a new major version of Windows Server is released every 2-3 years. Users are entitled to 5 years of mainstream support, 5 years of extended support, and optionally 6 more years with Premium Assurance. This channel is appropriate for systems that require a longer servicing option and functional stability. Deployments of Windows Server 2016 and earlier versions of Windows Server will not be affected by the new Semi-annual Channel releases. The Long-term Servicing Channel will continue to receive security and non-security updates, but it will not receive the new features and functionality.

Example for Long-Term Servicing Channel releases

  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

Long-Term Servicing Channel installation options

  • Windows Server Core
  • Windows Server with Desktop Experience
  • Windows Server Core as a container Image

Use cases for Long-Term Servicing Channel releases

As use cases for the Long-Term Servicing Channel releases you can basically count everything in which need predictable long term support, do not support Windows Server Core and where you don’t use the new features included in the Semi-Annual Servicing Channel releases and you prefer less updating.

  • General Purpose File Server – Traditional information worker file server which need long term support
  • Legacy Software – Legacy software which do not support server core
  • Static Software – Software which does not leverage any of the new features of Semi-Annual Channel releases, which need predictable long term support
  • Legacy Hardware – End of life hardware
  • SQL Server – Traditional databases with long lifecycles which need predictable long term support
  • Active Directory and other infrastructure roles – which benefit from long term support
  • Hyper-V and Cluster nodes for Hyper-converged scenarios
  • Hyper-V hosts which are benefiting from continuous innovation

Semi-Annual Channel (SAC)

Windows Server 1709

The Semi-annual Channel releases will deliver new functionality for customers who are moving at a “cloud cadence,” such as those on rapid development cycles or service providers keeping up with the latest Hyper-V and Storage investments. Windows Server products in the Semi-annual Channel will have new releases available twice a year, in spring and fall. Each release in this channel will be supported for 18 months from the initial release.

Most of the features introduced in the Semi-annual Channel will be rolled up into the next Long-term Servicing Channel release of Windows Server. The editions, functionality, and supporting content might vary from release to release depending on customer feedback.

The Semi-annual Channel will be available to volume-licensed customers with Software Assurance, as well as via the Azure Marketplace or other cloud/hosting service providers and loyalty programs such as MSDN.

Example for Semi-annual Channel releases

  • Windows Server 2016 Nano Server
  • Windows Server 1709
  • Windows Server 1803

Semi-annual Channel installation options

  • Windows Server Core
  • Windows Server Core Container Image
  • Windows Server Nano Server Container Image

Use cases for Semi-annual Channel releases

Use cases for the Semi-annual Channel releases right now are application and services which leverage new feature very quickly and go with cloud cadence.

  • Lift and Shift applications into Containers
  • New cloud-based applications
  • Applications which can be quickly and easily redeployed
  • Linux containers on Windows Server
  • Hyper-V and Cluster nodes for Hyper-converged scenarios
  • Hyper-V hosts which are benefiting from continuous innovation

Semi-Annual Channel (SAC) vs Long-Term Servicing Channel (LTSC) Overview

To make it a little easier, here is a quick overview of the two servicing channels:

 Long-Term Servicing ChannelSemi-Annual Channel
Recommend ScenariosGeneral purpose File Servers, SQL Servers, Active Directory and other infrastructure rolesContainerized applications and container hosts, Hyper-converged hosts benefiting form faster innovation
New ReleasesEvery 2-3 yearsEvery 6 months
Support5 years of Mainstream support +5 years of Extended support18 months
EditionsAll available Windows Server editionsStandard and Datacenter
Installation OptionsServer Core and Server with Desktop ExperienceServer Core only
LicensingAll customer through all channelsSoftware Assurance and Cloud customers only

Conclusion

As you can see, Windows Server Semi-annual channel are not designed for everyone. And if you don’t feel comfortable with Windows Server Core (btw you should check out Microsoft Project Honolulu), the fast release cadence or the short support life cycle you should go with the Windows Server Long-Term Servicing Channel. You will not lose anything you had today, you still will get new versions every 2-3 years with all the options you had today. If you need the fast innovation and you get something out of the new features the Semi-annual channel will provide you with 2 releases a year. But make sure, that your deployment, configuration and management is automated, otherwise you will suffer from the fast release cadence. I have three other very important points I want to make sure you know about:

  • Not all your servers have to go with LTSC only or SAC only – as long as you have the right licensing in place you can choose for each server, which ever fits your needs best.
  • You don’t have to switch now – you can also decided to go with LTSC today and switch to a SAC release as soon as you benefit from it. You can also switch back to LTSC from SAC if you don’t like it. (With Switch I mean redeploy)
  • Upgrades are not in-place – It doesn’t matter which servicing channel you are using, servers need to be redeployed. (Not like in Windows 10 where you can leverage in-place upgrades)

I hope this helps to understand the point about Windows Server Semi-Annual Channel (SAC) vs Long-Term Servicing Channel (LTSC). The Semi-Annual Channel releases are a new offer from Microsoft for customers to get their hands on new features much quicker, this offers a huge benefit if you can make use of it. But Microsoft is not forcing you to use SAC, LTSC for some scenarios and customers is still the better option. So both solutions are having huge value in different scenarios.



Microsoft Azure Backup Agent

Download the Azure Backup Agent

Microsoft works heavily on their Microsoft Azure Recovery Services and releases new features for its Azure Backup software. Some of these new features need a new version of the Azure Backup Agent, or MARS Agent, to work.

Now if you install a new recovery vault in Azure to get started with Azure Backup you will find a link to download the Azure Backup Agent or sometimes you will see warnings in the Azure Backup MMC console with a link to a newer version of the Azure Backup Agent. But if you just want to download the latest MARS Agent, sometimes it is pretty hard to find, so let me help you with this link:

Download Azure Backup Agent

You can also use that file to updated an existing Azure Backup Agent.

By the way, Microsoft Azure Backup now supports Windows System State Backups to Azure.



Windows Server 1709 Server Core Sconfig

How to install Windows Server 1709

Microsoft just released the new Windows Server version 1709 in the Semi-Annual Channel. This blog post is for beginners which want to do their first step setting up Windows Server Core.

First you boot your server or virtual machine form the Windows Server 1709 ISO file. and select which Operating System you want to install. You can choose between Windows Server Standard or Windows Server Datacenter. As you might see, there is only Server Core available. The Server with Desktop Experience or Full Server is only available in the LTSC (Long-Term Servicing Channel) in Windows Server 2016.

Windows Server 1709 Operating System

After accepting the license terms, you can choose the installation type. Even there is an upgrade option, you should choose Custom which will be a new install. Since an in-place upgrade from older Windows Server versions is not supported.

Windows Server 1709 Installation Type

Choose which drive you want to install and the partitioning you want to use

Windows Server 1709 Choose Disk

After that Windows Server will install itself, and reboot for a couple of times.

Windows Server 1709 Installation

After the installation is finished you have to set the default Administrator password.

Windows Server 1709 Admin Password

When you login for the first time, it runs the Windows command prompt with the common Windows commands, or you can run PowerShell, or if you need the magic key to the server core configuration you can run “sconfig” which allows you quickly to do configuration changes, install updates and more.

Windows Server 1709 Server Core Sconfig