Tag: IaaS

Copy files to Azure VM using PowerShell Remoting

Copy Files to Azure VM using PowerShell Remoting

There are a couple of different cases you want to copy files to Azure virtual machines. To copy files to Azure VM, you can use PowerShell Remoting. This works with Windows and Linux virtual machines using Windows PowerShell 5.1 (Windows only) or PowerShell 6 (Windows and Linux). Check out my blog post at the ITOpsTalk.com about copying files from Windows to Linux using PowerShell Remoting.

Prepare your client machine

Prepare the client machine to create PowerShell Remote connections to a specific remote VM.

Set-Item WSMan:localhost\client\trustedhosts -value "AZUREVMIP"

You can also enable remoting to all machines by using an asterisk.

Set-Item WSMan:localhost\client\trustedhosts -value *

Copy Files to Windows Server Azure VM

If you want to copy files to an Azure VM running Windows Server, you have two options. If you are copying files from Windows to Windows, you can use Windows PowerShell Remoting; if you are copying files from Linux or macOS to Windows, you can use the cross-platform PowerShell 6 and PowerShell Remoting over SSH.

Using Windows PowerShell Remoting

To copy files from a Windows machine to a Windows Server running in Azure, you can use Windows PowerShell Remoting.

Prepare the host (Azure VM) to receive Windows PowerShell remote commands. The Enable-PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology.

Enable-PSRemoting -Force

Now you can create a new PowerShell Remoting session to the Azure VM.

$cred = Get-Credential
 
$s = New-PSSession -ComputerName "AZUREVMIPORNAME" -Credential $cred

After the session was successfully created, you can use the copy-item cmdlet with the -toSession parameter.

Copy-Item .\windows.txt C:\ -ToSession $s

Some important notes

  • You need to configure the Network Security Group for the Azure VM to allow port 5985 (HTTP) or 5986 (HTTPS)
  • You can use PowerShell Remoting over Public Internet or Private connectivity (VPN or Express Route). If you are using the Public Internet, I highly recommend that you use https. I also recommend that you use Just-in-time virtual machine access in Azure Security for public exposed ports.

Using PowerShell Core 6 PowerShell Remoting over SSH

If you are running PowerShell Core 6, you can use PowerShell Remoting over SSH. This gives you a simple connection and cross-platform support. First, you will need to install PowerShell 6. After that, you will need to configure and setup PowerShell SSH Remoting together with OpenSSH. You can follow my blog post to do this here: Setup PowerShell SSH Remoting in PowerShell 6

Now you can create a new PowerShell Remoting session to the Azure VM.

$s = New-PSSession -HostName "AZUREVMIPORNAME" -UserName

After the session was successfully created, you can use the copy-item cmdlet with the -toSession parameter.

Copy-Item .\windows.txt C:\ -ToSession $s

Some important notes

  • You need to configure the Network Security Group for the Azure VM to allow port 22 (SSH)
  • You can use PowerShell Remoting over Public Internet or Private connectivity (VPN or Express Route). Exposing the SSH port to the public internet maybe is not secure. If you still need to use a public SSH connection, I recommend that you use Just-in-time virtual machine access in Azure Security.

Copy Files to Linux Azure VM

Copy File Windows to Linux using PowerShell Remoting

If you want to copy files to a Linux VM running in Azure, you can make use of the cross-platform PowerShell capabilities of PowerShell 6, using PowerShell Remoting over SSH. As for the Windows virtual machines, you will need to install PowerShell 6. Next, you will need to configure and setup PowerShell SSH Remoting together with OpenSSH. You can follow my blog post to do this here: Setup PowerShell SSH Remoting in PowerShell 6

After installing and configuring PowerShell Remoting over SSH, you can create a new PowerShell Remoting session to the Azure VM.

$s = New-PSSession -HostName "AZUREVMIPORNAME" -UserName

After you successfully connected to your Azure VM, you can use the copy-item cmdlet with the -toSession parameter.

Copy-Item .\windows.txt /home/thomas -ToSession $s

I hope this gives you an overview about how you can copy files to Azure VMs using PowerShell Remoting. If you have any questions, let me know in the comments.



Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



Azure Generation 2 Virtual machine

Generation 2 VM support on Azure – and why should I care?

A couple of days ago Microsoft announced the public preview of Generation 2 virtual machines on Azure. Generation 2 virtual machines support a bunch of new technologies like increased memory, Intel Software Guard Extensions (SGX), and virtual persistent memory (vPMEM), which are not supported on generation 1 VMs. But more on that later.

What are Hyper-V Virtual Machine Generations

Windows Server 2012 R2 Hyper-V introduced the concept of virtual machine generations. Not to be confused with Hyper-V configuration versions. The generation of a virtual machine defines the virtual hardware of a virtual machine and adds some additional and modern functionality. In Hyper-V, there are two virtual machine generations, generation 1 and generation 2. Generation 2 virtual machines support Unified Extensible Firmware Interface (UEFI) firmware instead of BIOS-based firmware. The Hyper-V team also removed a lot of the legacy devices and replaced them with a simplified virtual machine model.

On Windows Server Hyper-V Generation 2 VMs support features and improvements like

  • PXE boot by using a standard network adapter
  • Boot from a SCSI virtual hard disk
  • Boot from a SCSI virtual DVD
  • Secure Boot (enabled by default)
  • UEFI firmware support
  • OS disk > 2 TB
  • improved boot and installation times

However, an important note here, not all of these features are currently available on Azure Generation 2 virtual machines, and not all operating systems are supported in Generation 2 VMs. For example, in Windows7, Windows Server 2008 and Windows Server 2008 R2 and 32-bit Windows systems are not supported. You can find more information about Hyper-V Generation 2 VMs here.

Azure Generation 2 Virtual Machines Overview

Azure Generation 2 Virtual Machines are currently in public preview. To be honest, Generation 2 VMs in Azure aren’t that new, with the public preview of Azure Confidential Computing, we already used Generation 2 VMs. However, now we can start using it for other workloads as well. This means that you can now upload and use your local VHD (not VHDX) files based on Hyper-V Generation 2 virtual machines. Before you had to use Azure Site Recovery to replicate and convert your Hyper-V Generation 2 VMs to Azure Generation 1 VMs.

Azure Generation 1 vs. Generation 2 capabilities

Azure Generation 1 vs Generation 2 VM

Currently, Generation 2 VMs are in public preview, and that means next to not having a service level agreement (SLA), the features which are available can and are limited. If you look at features like ASR or Azure Backup, which are currently not supporting Generation 2 VMs.

CapabilityGeneration 1Generation 2
OS disk > 2 TB
Custom Disk/Image/Swap OS
Virtual machine scale set support
ASR/Backup
Shared Image Gallery
Azure Disk Encryption

You can find more information about Azure Generation 2 virtual machines with an updated list of capabilities on Microsoft Docs.

Hyper-V vs. Azure Generation 2 VMs

There are also differences between Hyper-V Generation 2 VMs and Azure Generation 2 VMs. Not all of the features provided in Hyper-V are currently present in the public preview version on Azure.

FeatureOn-prem Hyper-VAzure
Secure Boot
Shielded VM
vTPM
Virtualization-Based Security (VBS)
VHDX format

Again, you can find an up-to-date list on Microsoft Docs.

Getting started

You can get started using the Generation 2 VMs on the following VM Sizes on Azure Premium Storage and Ultra SSD:

Windows Server Azure Generation 2 Virtual Machine

In public preview, you can now also use the following Azure Marketplace images from the “windowsserver-gen2preview” offer.

  • Windows Server 2019 Datacenter (2019-datacenter-gen2)
  • Windows Server 2016 Datacenter (2016-datacenter-gen2)
  • Windows Server 2012 R2 Datacenter (2012-r2-datacenter-gen2)
  • Windows Server 2012 Datacenter (2012-datacenter-gen2)

Create a virtual machine

You can use the Azure Portal to create a new VM or the Azure CLI using the following commands:

 
az group create --name myGen2ResourceGroupVM --location eastus
az vm create \
--resource-group myGen2ResourceGroupVM \
--name myVM \
--image MicrosoftWindowsServer:windowsserver-gen2preview:2019-datacenter-gen2:latest \
--admin-username thomas \
--admin-password myPassword12

Conclusion

I hope this gives you an overview of the benefits and how you can run Generation 2 VMs on Azure. If you have any questions please let me know in the comments.



Azure Stack Familiy - Azure Stack HCI

Azure Stack HCI – A new member of the Azure Stack family

Today, the Azure team is proud to announce a new member to the Azure Stack family, the Azure Stack HCI solutions. Azure Stack HCI is Microsoft’s hyper-converged solution available from a wide range of hardware partners. Azure Stack shipped in 2017, and it is the only solution in the market today for customers to run cloud applications using consistent IaaS and PaaS services across public cloud, on-premises, and in disconnected environments. With adding the Azure Stack HCI solutions, Microsoft is offering customers a great new choice for their traditional virtualized workloads.

Today, I am pleased to announce Azure Stack HCI solutions are available for customers who want to run virtualized applications on modern hyperconverged infrastructure (HCI) to lower costs and improve performance. Azure Stack HCI solutions feature the same software-defined compute, storage, and networking software as Azure Stack, and can integrate with Azure for hybrid capabilities such as cloud-based backup, site recovery, monitoring, and more.

Adopting hybrid cloud is a journey and it is important to have a strategy that takes into account different workloads, skillsets, and tools. Microsoft is the only leading cloud vendor that delivers a comprehensive set of hybrid cloud solutions, so customers can use the right tool for the job without compromise.

It is built on a hyper-converged Windows Server 2019 cluster that uses validated and certified hardware to run virtual machines and workloads on-premises. Azure Stack HCI also allows you to optionally connect Azure services for BCDR, management and more. Azure Stack HCI solutions use Microsoft-validated hardware to ensure optimal performance and reliability. It includes support for technologies such as NVMe drives, persistent memory, and remote-direct memory access (RDMA) networking, to get the best possible performance if needed.

What is behind Azure Stack HCI

Azure Stack HCI Product Overview

Azure Stack HCI is based on Windows Server 2019, parried with validated hardware from OEM partners. With the Windows Server 2019 Datacenter edition, customer get Software Defined Infrastructure and Software Defined Datacenter technologies like Hyper-V, Storage Spaces Direct and many more, which are the base of Azure Stack HCI. Paired with Windows Admin Center, you can use existing skills, gain hyperconverged efficiency, and connect to Azure services.



Azure IaaS Webinar

Join me for a Azure IaaS Masterclass Webinar!

This Wednesday, Altaro have invited me to give a webinar on Infrastructure as a Service with Microsoft Azure and you’re invited – it’s free to join!

Implementing Infrastructure as a Service is a great way of streamlining and optimizing your IT environment by utilizing virtualized resources from the cloud to complement your existing on-site infrastructure. It enables a flexible combination of the traditional on-premises data center alongside the benefits of cloud-based subscription services. If you’re not making use of this model, there’s no better opportunity to learn what it can do for you than in this upcoming webinar.

I’ll be joined by me good friend from Altaro, Technical Evangelist and Microsoft MVP Andy Syrewicze. I’ve done a few webinars with Andy over the years and it’s always a fun experience to work with him. We have also received great feedback from attendees saying they learnt a lot and enjoy the format in which we present.

The webinar will be primarily focused on showing how Azure IaaS solves real use cases by going through the scenarios live on air. Three use cases have been outlined already, however, the webinar format encourages those attending to suggest their own use cases when signing up and the two most popular suggestions will be added to the list. To submit your own use case request, simply fill out the suggestion box in the sign up form when you register!

Like all Altaro webinars, this will be presented live twice on the day (Wednesday 13th February). So if you can’t make the earlier session (2pm CET / 8am EST / 5am PST), just sign up for the later one instead (7pm CET / 1pm EST / 10am PST) – or vice versa. Both sessions cover the same content but having two live sessions gives more people the opportunity to ask their questions live on air and get instant feedback from us.

Save your seat for the webinar and learn more about Azure IaaS

Altaro Webinar Azure IaaS VMs



Azure Nested Virtualization

How to setup Nested Virtualization in Microsoft Azure

At the Microsoft Build Conference this year, Microsoft announced Nested Virtualization for Azure Virtual Machines, and last week Microsoft announced the availability of these Azure VMs, which support Nested Virtualization. Nested Virtualization basically allows you to run a Hypervisor in side a Virtual Machine running on a Hypervisor, which means you can run Hyper-V within a Hyper-V Virtual Machine or within a Azure Virtual Machine, kind a like Inception for Virtual Machines.

Azure Nested Virtualization

You can use Nested Virtualization since Windows Server 2016 or the same release of Windows 10, for more details on this, check out my blog post: Nested Virtualization in Windows Server 2016 and Windows 10

With the release of the Azure Dv3 and Ev3 VM sizes:

  • D2-64 v3 instances are the latest generation of General Purpose Instances. D2-64 v3 instances are based on the 2.3 GHz Intel XEON ® E5-2673 v4 (Broadwell) processor and can achieve 3.5GHz with Intel Turbo Boost Technology 2.0. D2-64 v3 instances offer the combination of CPU, memory, and local disk for most production workloads.
  • E2-64 v3 instances are the latest generation of Memory Optimized Instances. E2-64 v3 instances are based on the 2.3 GHz Intel XEON ® E5-2673 v4 (Broadwell) processor and can achieve 3.5GHz with Intel Turbo Boost Technology 2.0. E2-64 v3 instances are ideal for memory-intensive enterprise applications.

With the upgrade to new Intel Broadwell processors, Microsoft enabled Nested Virtualization, which will allows a couple of different scenarios, when you create a Virtual Machine running Windows Server 2016 or Windows Server 2019.

  • You can run Hyper-V Containers (Windows Containers with additional isolation) inside an Azure VM. With future releases we will also be able to run Linux Containers in Hyper-V Containers running on a Windows Server OS.
  • You can quickly spin up and shut down new demo and test environments, and you only pay when you use them (pas-per-use)

How to Setup Nested Virtualization in Azure

Deploy Azure VM

To setup Nested Virtualization inside an Azure Virtual Machine, you first need to create a new Virtual Machines using one of the new instance sizes like Ev3 or Dv3 and Windows Server 2016.I also recommend to install all the latest Windows Server patches to the system.

Optional: Optimize Azure VM Storage

This step is optional, but if you want to better performance and more storage for your Nested Virtual Machines to run on, this makes sense.

Azure VM Data Disks

In my case I attached 2 additional data disks to the Azure VM. Of course you can choose more or different sizes. Now you can see 2 new data disk inside your Azure Virtual Machine. Do not format them, because we gonna create a new storage spaces pool and a simple virtual disk, so we get the performance form both disks at the same time. In the past this was called disk striping.

Azure VM Storage Spaces

With that you can create a new Storage Spaces Storage Pool and a new Virtual Disk inside the VM using the storage layout “Simple” which basically configures it as striping.

Azure VM Storage Spaces PowerShell

I also formatted the disk and set the drive letter to V:, this will be the volume where I will place my nested virtual machines.

Install Hyper-V inside the Azure VM

Install Hyper-V on Windows Server using PowerShell

The next step would be to install the Hyper-V role in your Azure Virtual Machine. You can use PowerShell to do this since this is a regular Windows Server 2016.This command will install Hyper-V and restart the virtual machine.

 
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart

Azure VM Hyper-V

After the installation you have Hyper-V installed and enabled inside your Azure Virtual Machine, now you need to configure the networking for the Hyper-V virtual machines. For this we will use NAT networking.

Configure Networking for the Nested Environment

Hyper-V NAT Network inside Azure VM

To allow the nested virtual machine to access the internet, we need to setup Hyper-V networking in the right why. For this we use the Hyper-V internal VM Switch and NAT networking. I described this here: Set up a Hyper-V Virtual Switch using a NAT Network

Create a new Hyper-V Virtual Switch

First create a internal Hyper-V VM Switch

 
New-VMSwitch -SwitchName "NATSwitch" -SwitchType Internal

Configure the NAT Gateway IP Address

The Internal Hyper-V VM Switch creates a virtual network adapter on the host (Azure Virtual Machine), this network adapter will be used for the NAT Gateway. Configure the NAT gateway IP Address using New-NetIPAddress cmdlet.

 
New-NetIPAddress –IPAddress 172.21.21.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)"

Configure the NAT rule

After that you have finally created your NAT network and you can now use that network to connect your virtual machines and use IP Address from 172.21.21.2-172.21.21.254.

 
New-NetNat –Name MyNATnetwork –InternalIPInterfaceAddressPrefix 172.21.21.0/24

Now you can use these IP Addresses to assign this to the nested virtual machines. You can also setup a DHCP server in one of the nested VMs to assign IP addresses automatically to new VMs.

Optional: Create NAT forwards inside Nested Virtual Machines

To forward specific ports from the Host to the guest VMs you can use the following commands.

This example creates a mapping between port 80 of the host to port 80 of a Virtual Machine with an IP address of 172.21.21.2.

 
Add-NetNatStaticMapping -NatName "MyNATnetwork" -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.21.21.2 -InternalPort 80 -ExternalPort 80

This example creates a mapping between port 82 of the Virtual Machine host to port 80 of a Virtual Machine with an IP address of 172.21.21.3.

 
Add-NetNatStaticMapping -NatName "MyNATnetwork" -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.16.0.3 -InternalPort 80 -ExternalPort 82

Optional: Configure default Virtual Machine path

Since I have created an extra volume for my nested virtual machines, I configure this as the default path for Virtual Machines and Virtual Hard Disks.

 
Set-VMHost -VirtualHardDiskPath V:\VMs -VirtualMachinePath V:\VMs

Create Nested Virtual Machines inside the Azure VM

Azure Nested Virtualization

Now you can basically start to create Virtual Machines inside the Azure VM. You can for example use an existing VHD/VHDX or create a new VM using an ISO file as you would do on a hardware Hyper-V host.

Some crazy stuff to do

There is a lot more you could do, not all of it makes sense for everyone, but it could help in some cases.

  • Running Azure Stack Development Kit – Yes Microsoft released the Azure Stack Development Kit, you could use a large enough Azure virtual machine and run it in there.
  • Configure Hyper-V Replica and replicate Hyper-V VMs to your Azure VM running Hyper-V.
  • Nested a Nested Virtual Machine in a Azure VM – You could enable nesting on a VM running inside the Azure VM so you could do a VM inside a VM inside a VM. Just follow my blog post to created a nested Virtual Machine: Nested Virtualization in Windows Server 2016 and Windows 10

In my opinion Nested Virtualization is mostly help full if you run Hyper-V Containers, but it also works great, if you want to run some Virtual Machines inside a Azure VM, for example to run a lab or test something.



Veeam FastSCP for Microsoft Azure

Veeam FastSCP for Microsoft Azure

Veeam does some great products for your virtualization and datacenter environment such as their Veeam Backup & Replication suite, Veeam Endpoint Backup FREE and Management Packs for System Center Operations Manager. Now a couple of weeks ago Veeam released a cool free tool call Veeam FastSCP fro Microsoft Azure. With Veeam FastSCP (Secure Copy Protocol) for Microsoft Azure, IT Pros and Azure Developers can simply and reliably copy local files to Azure VMs, and copy files in Azure VMs to on-premises.

Veeam FastSCP for Microsoft Azure Diagram

The utility makes your life way easier when dealing with Virtual Machines running on Microsoft Azure IaaS.

  • Secure file copy with no independent encryption or VPN needed
  • Manual file copy to/from Azure VMs without the need to keep the UI open until the file copy completes
  • Automatic scheduling of file copy jobs for nightly or weekly copies to/from Azure VMs
  • A wizard-driven UI to copy files in just a few clicks – with no scripting needed

If you want to download it, check out the Veeam Website.

To set it up the tool connects to the PowerShell endpoint for your IaaS VM. Just add the Virtual Machine and you are ready to go! With that you can do some great things, like simply copy a file to an Azure IaaS VM or even doing scheduled backups of files from inside Azure VMs like Didier Van Hoye did.