Tag: IaaS

Oct152019October 15, 2019October 14, 20190Commentby Thomas Maurer
Deploy and Configure Windows Admin Center in Azure VM

Deploy and Install Windows Admin Center in an Azure VM

Posted in Cloud, Microsoft, Microsoft Azure, PowerShell, Windows Admin Center, Windows Server, Windows Server 2016, Windows Server 2019

The great thing about Windows Admin Center (WAC) you manage every Windows Server doesn’t matter where it is running. You can manage Windows Servers on-prem, in Azure or running at other cloud providers. Now if you want to use Windows Admin Center to manage your virtual machines running in Azure, you can use either an on-prem WAC installation and connecting it using a public IP address or a VPN connection, or you can deploy and install Windows Admin Center in Azure. This blog post will show you how you can deploy and install Windows Admin Center in an Azure virtual machine (VM).

How to deploy and install Windows Admin Center in an Azure virtual machine (VM)

With this guide, you can directly deploy and install a new Windows Admin Center gateway in an Azure VM. If you have already a VM deployed, you can also follow this guide to install Windows Admin Center manually. For the installation, we will use Azure Cloud Shell do run a PowerShell installation script.

Preparation

As mentioned we will run the installation script from Azure Cloud Shell. Optionally you can also install Azure PowerShell on your location machine and run the same steps for the installation on your local machine.

  1. Set up Azure Cloud Shell if you haven’t done it yet.
  2. Start the PowerShell experience in Cloud Shell.
  3. Optional: If you want to use your own existing certificate, upload the certificate to Azure Key Vault.

Installation

Now you can start with the installation process. First, you will need to download the installation script from the following URL. Navigate to your home directory and download the file using PowerShell.

Download Windows Admin Center with PowerShell in Cloud Shell

Download Windows Admin Center with PowerShell in Cloud Shell

# Navigate to your home directory
cd ~
 
# Download file
Invoke-WebRequest -Uri https://aka.ms/deploy-wacazvm -OutFile Deploy-WACAzVM.zip
 
# Expand Zip file
Expand-Archive ./Deploy-WACAzVM.zip
 
# Change Directory
cd Deploy-WACAzVM

After successfully downloading and unpacking the Windows Admin Center deployment script, you will need to modify a couple of parameters. I will use the default parameters to deploy a new Windows Server 2019 and generate a self-signed certificate. However, if you want to use other options, check out the script parameter list.

Configure Parameter

Configure Parameter

$ResourceGroupName = "demo-wac-rg"
$VirtualNetworkName = "wac-vnet"
$SecurityGroupName = "wac-nsg"
$SubnetName = "wac-subnet"
$VaultName = "wac-key-vault"
$CertName = "wac-cert"
$Location = "westeurope"
$PublicIpAddressName = "wac-public-ip"
$Size = "Standard_D4s_v3"
$Image = "Win2019Datacenter"
$Credential = Get-Credential
 
$scriptParams = @{
ResourceGroupName = $ResourceGroupName
Name = "wac-vm1"
Credential = $Credential
VirtualNetworkName = $VirtualNetworkName
SubnetName = $SubnetName
Location = $Location
Size = $Size
Image = $Image
GenerateSslCert = $true
}
./Deploy-WACAzVM.ps1 @scriptParams

This will deploy a new Azure virtual machine with Windows Admin Center installed and open the specific port 443 on the public IP address. You can find more install options and parameters to install WAC on an existing virtual machine or with an existing certificate on Microsoft Docs.

Deploy and Configure Windows Admin Center in Azure VM

Deploy and Configure Windows Admin Center in Azure VM

After the deployment has finished, simply click on the URL or IP address and it will open the Windows Admin Center portal.

Windows Admin Center Running in Microsoft Azure

Windows Admin Center Running in Microsoft Azure

I hope this gives you an overview about how you can deploy Windows Admin Center in an Azure VM. If you have any questions, please let me know in the comments.


Oct082019October 8, 2019October 7, 20194Commentsby Thomas Maurer
Azure IaaS VM enable Update Management

How to Manage Updates for Azure IaaS VMs

Posted in Cloud, Microsoft, Microsoft Azure, Microsoft Azure Stack, System Center, Virtualization, Windows, Windows Server

As a lot of customers are moving their workloads to Azure and specifically moving virtual machines to Azure Infrastructure-as-a-service (IaaS), the question is how do I manage my Azure virtual machines (VMs) efficiently. The great thing about Azure IaaS, it is not just another virtualization platform. Azure IaaS also offers a lot of other benefits versus classic virtualization. Azure IaaS and Azure Management provide a lot of functionality to it make it more efficient to run and manage virtual machines. One of them is Azure Update Management. In this blog post, I am going to show you how you can efficiently manage updates for your Azure IaaS VMs.

Overview and benefits Azure Update Management ☁

The Azure Update Management solution is part of Azure Automation. And with Azure Update Management you can manage operating system updates for your Windows and Linux computers in Azure, in on-premises environments, or in other cloud providers. That is right, it is not only for your Azure VMs, it also works with all your environment and provides you with a single pane of glass for your Update Management. It allows you to quickly assess the status of available updates on all virtual machines and servers, and manage the process of installing required updates for servers.

  • Azure Update Management works with Azure IaaS VMs, on-premise servers and even servers running at other cloud service providers.
  • Update Management supports Linux and Windows servers
  • It is directly integrated into the Azure portal and onboarding of Azure VMs is very simple.
  • It works with existing update sources like Microsoft Update, WSUS or on Linux with private and public update repositories.
  • Azure Update Management can be integrated into System Center Configuration Manager. You can learn more about Azure Update Management and System Center Configuration Manager integration on Microsoft Docs.
  • You can onboard new Azure VMs automatically to Update Management in multiple subscriptions in the same tenant.
Architecture

Architecture

How to onboard Azure IaaS VMs ✈

Onboarding Azure VMs to Azure Update Management is fairly simple and there are many different ways you can enable Update Management for an Azure VM.

One thing I want to highlight is, that you can set up automatic enablement for future virtual machines. With that Azure virtual machines, you create in the future, will automatically be added to the Update Mangement solution.

Onboarding

Onboarding

Since this blog post is all about managing updates for Azure VMs, I will keep it short, but if you want to add servers running on-premises or at other service providers, you can have a look how you can configure Azure Update management from Windows Admin Center. If you are running Azure Stack, you can also easily add your Azure Stack VMs to the Update Management solution.

Update Assesment 📃

Azure Update Management Compliant Assessment

Azure Update Management Compliant Assessment

After you have enabled and connected your virtual machines, Azure Log Analytics and Update Management start to collect data and analyze it and creates a continuous assessment of your Azure VM infrastructure and the additional servers you added. It will let you know which servers are compliant and which updates are missing. In the Azure documentation for Azure Update Management, you can find the schedules and time new updates will be added to the assessment.

Manage and deploy updates to Azure VMs 🔧

After you know which servers are compliant or not, you can schedule an update deployment, to update your servers.

Update Azure VMs using Update Deployment

Update Azure VMs using Update Deployment

An update deployment configuration is done very easily.

  1. Enter a name for the update deployment
  2. Select which operating system you want to target with the deployment (Linux or Windows)
  3. Choose the machines you want to update. You can select specific Azure virtual machines, non-Azure machines, groups, AD, WSUS, SCCM groups and filters.
  4. Select the Update Classifications you want to deploy
  5. Include or exclude updates
  6. Schedule the deployment. You can also create recurring update deployments for example for monthly patching.
  7. Configure pre- and post-scripts
  8. Configure the maintenance window size
  9. Configure the reboot update after the updates are installed

View update deployments ✔

Update Azure VMs Status

Update Azure VMs Status

During and after the duration of the update deployment, you can see an overview of the deployment, which updates on which machine were installed and if they were successful.

Pricing – What does it cost? 💵

Now I know what you are thinking now, this is great, but I am sure Microsoft is making me pay for this. No! there are no charges for the service, you only pay for log data stored in the Azure Log Analytics service. You can find more pricing information here.

Conclusion and Learn more 🎓

Update Management is a great solution to keep your environment up to date. If you want to know more, check out Microsoft Docs or follow this tutorial to onboard Azure VMs. There is also a very good blog series by Microsoft MVP Samuel Erskine. If you don’t have Azure today, create an Azure Free account.

Free Azure Account

Create free Azure Account ☁

Create your Azure free account today and get started with 12 months of free services!

If you have any questions, let me know in the comments.


Oct012019October 1, 2019October 1, 20191Commentby Thomas Maurer
Azure Mv2 Virtual Machines VMs

New Azure Mv2 Virtual Machines with 12TB Memory

Posted in Cloud, Microsoft, Microsoft Azure, Virtualization

Girish Bablani Corporate Vice President Microsoft Azure, just announced that the new huge Azure Mv2 virtual machines (VMs) with up to 12TB of memory and 415 vCPUs, which are optimized for SAP HANA. The new Mv2 size will become generally available and production certified in the coming weeks. You will get these new VM sizes in the US West 2, US East, US East 2, Europe North, Europe West, and Southeast Asia regions. And in addition, you also more M-series availability in other Azure regions up to 4TB in Brazil, France, Germany, South Africa, and Switzerland.

He also announces a couple of other improvements to SAP applications running in Microsoft Azure, like the private preview of Azure Monitor for SAP Solutions. These announcements make Microsoft Azure even a better place for SAP workloads.

A few months back, at SAP’s SAPPHIRE NOW event, we announced the availability of Azure Mv2 Virtual Machines (VMs) with up to 6 TB of memory for SAP HANA. We also reiterated our commitment to making Microsoft Azure the best cloud for SAP HANA. I’m glad to share that Azure Mv2 VMs with 12 TB of memory will become generally available and production certified in the coming weeks, in US West 2, US East, US East 2, Europe North, Europe West and Southeast Asia regions. In addition, over the last few months, we have expanded regional availability for M-series VMs, offering up to 4 TB, in Brazil, France, Germany, South Africa and Switzerland. Today, SAP HANA certified VMs are available in 34 Azure regions, enabling customers to seamlessly address global growth, run SAP applications closer to their customers and meet local regulatory needs.

– Girish Bablani Corporate Vice President, Microsoft Azure

You can read the full announcement blog post here.

If you want to learn more about Azure Mv2 VMs, check out the following Microsoft Docs. And if you have any questions, feel free to leave a comment.


Aug062019August 6, 2019August 5, 20190Commentby Thomas Maurer
Create Azure Dedicated Host

Azure Dedicated Host for your Azure VMs

Posted in Cloud, Hardware, Microsoft, Microsoft Azure, Virtualization, Windows Server, Work

Last week Ziv Rafalovich, Principal Program Manager in the Azure Compute team, announced the Azure Dedicated Host Public Preview. Azure Dedicated Host is a new Azure service which enables customers to run Windows and Linux virtual machines on single dedicated physical servers. Usually, the Azure host is used by multiple tenants, and the virtual machines are isolated using a multi-tenant hypervisor, with Azure Dedicated Host, the physical server only runs workloads from one tenant/customer. This gives customers the visibility and control on what physical hardware their virtual machines are running, and it allows to address corporate compliance and regulatory requirements.

Azure Dedicated Host Preview provides physical servers that host one or more Azure virtual machines. Your server is dedicated to your organization and workloads—capacity isn’t shared with other customers. This host-level isolation helps address compliance requirements. As you provision the host, you gain visibility into (and control over) the server infrastructure, and you determine the host’s maintenance policies.

You can find more information on Azure.com.

Azure Dedicated Host scenarios

The Azure Dedicated Host offers a couple of benefits and enables some new scenarios.

  • Host-level isolations for compliance requirements
  • Visibility and control over the server infrastructure to manage host maintenance policies, load on the server, fault domain count.
  • You get control over the full performance and capacity from a single Azure host which is not shared with other customers.
  • You get the advantage of unlimited virtualization for Windows Server and SQL Server with Azure Dedicated Hosts using the Azure Hybrid Benefit.

If you need these scenarios, then the Azure Dedicated host is an excellent option for you. However, if you don’t need them, you are more flexible with the shared Azure virtual machine experience.

Licensing and Pricing

Dedicated Hosts are charged at the host level and not on the number of Azure VMs you run on the host. However, software licenses are billed separately from compute resources at a VM level based on usage. There are no upfront costs or termination fees. Currently, the Azure Dedicated Host is a pay-as-you-go service, and you only pay for what you need.

You will have different dedicated host types and VM series/families available. During the preview period, you will be able to choose between Dsv3, Esv3, and Fsv2 VM series.

Dedicated Host Typ 1

Dedicated Host Type 1 is based on the 2.3 GHz Intel Xeon® E5-2673 v4 (Broadwell) processor and can achieve up to 3.5 gigahertz (GHz). Type 1 host has 64 available vCPUs.

    • Dsv3 Series
    • Esv3 Series

Dedicated Host Type 2

Dedicated Host Type 2 is based on the Intel Xeon® Platinum 8168 (Skylake) processor, which can achieve maximum single-core clock speeds of 3.7 GHz and sustained all core clock speeds as high as 3.4GHz with the Intel Turbo Boost Technology 2.0. Type 2 host has 72 available vCPUs.

    • Fsv2 Series

Dedicated Host configuration table

This is the Dedicated Host configuration table during the Public Preview. This might change later, and you can find the current pricing information on Azure.com.

Azure Dedicated Host configuration table

Azure Dedicated Host configuration table

Additional cost reduction

You can use your on-premises Windows Server and SQL Server licenses with Software Assurance benefits, or subscriptions with equivalent rights, when you migrate your workloads to Dedicated Host (Azure Hybrid Benefit).  Different the before is that with the dedicated host you get unlimited virtualization rights for Windows Server and SQL Server. For more information on the updated Microsoft licensing terms for dedicated hosted cloud services, check out this blog post. With this running Windows Server 2019 in Azure becomes even more attractive.

We are also expanding Azure Hybrid Benefit so you can take advantage of unlimited virtualization for Windows Server and SQL Server with Azure Dedicated Hosts. Customers with Windows Server Datacenter licenses and Software Assurance can use unlimited virtualization rights in Azure Dedicated Hosts. In other words, you can deploy as many Windows Server virtual machines as you like on the host, subject only to the physical capacity of the underlying server. Similarly, customers with SQL Server Enterprise Edition licenses and Software Assurance can use unlimited virtualization rights for SQL Server on their Azure Dedicated Hosts.

You’ll also get free extended security updates for Windows Server and SQL Server 2008 and 2008 R2.

Azure Reserved VM Instances are not available for purchase during the preview on Azure Dedicated Host.

Deploy VMs to an Azure Dedicated Hosts

To deploy a new Azure Dedicated Host, we first need to create a host group. After that, we can add hosts to this group, which will be used for our Azure virtual machines. In this blog post, I am going to show you how you can deploy a new host and after that, how you deploy Azure VMs on that host using the Azure portal. If you want to know more and if you want to see how you do this using Azure PowerShell, an Azure Resource Manager (ARM) template or the Azure CLI, check the Microsoft Docs.

Create a host group

Azure Host Groups

Azure Host Groups

You can find a new Azure resource called Host Group. Create a host group and configure the host group with specific settings like availability zones and fault domain count.

"<yoastmark

Deploy an Azure Dedicated Host

Azure Dedicated Hosts

Azure Dedicated Hosts

After you have created your host group, you can start creating new hosts and add them to your host group.

  • Select the location (region) of the host
  • Select the dedicated host VM family and hardware generation. You will only be able to provision VMs on this host in the same VM family. During the preview, we will support the following host SKU values: DSv3_Type1 and ESv3_Type1.
  • Configure the fault domain for the host.
  • Enable or disable of automatically replacing the host on a failure.
  • Configure cost savings like the Azure Hybrid Benefit.
Create Azure Dedicated Host

Create Azure Dedicated Host

Your host will be deployed in a couple of minutes. Important, your Azure subscription will need to have enough resources (CPU/Cores) enabled. Some subscriptions are limited to a specific amount of cores you can deploy in your subscription, in that case, you will need to open a support ticket, to raise the number of cores available in your subscription.

Create a VM

Now you can create a virtual machine on the Azure Dedicated Host. There area few things to consider about that VM. First, make sure the VM is created in the region you have created the host. Secondly, choose a virtual machine size of the VM family you had configured when you created the host.

During the creation process, you will find the section Host in the Advanced tab. Here you can select your host group and your host where the VM will be deployed on.

For more information, check out the Microsoft Docs.

Conclusion

The Azure Dedicated Host service enables new scenarios and addresses, especially customers with host-level isolations for compliance requirements. It makes the Azure IaaS platform even more exciting, and together with Azure Migrate, you can quickly move your virtual machines to Azure. If you have any questions, feel free to leave a comment.


Jul022019July 2, 2019July 2, 20191Commentby Thomas Maurer
Copy files to Azure VM using PowerShell Remoting

Copy Files to Azure VM using PowerShell Remoting

Posted in Cloud, Microsoft, Microsoft Azure, PowerShell, Virtualization, Windows, Windows 10, Windows Server, Windows Server 2016, Windows Server 2019

There are a couple of different cases you want to copy files to Azure virtual machines. To copy files to Azure VM, you can use PowerShell Remoting. This works with Windows and Linux virtual machines using Windows PowerShell 5.1 (Windows only) or PowerShell 6 (Windows and Linux). Check out my blog post at the ITOpsTalk.com about copying files from Windows to Linux using PowerShell Remoting.

Prepare your client machine

Prepare the client machine to create PowerShell Remote connections to a specific remote VM.

Set-Item WSMan:localhost\client\trustedhosts -value "AZUREVMIP"

You can also enable remoting to all machines by using an asterisk.

Set-Item WSMan:localhost\client\trustedhosts -value *

Copy Files to Windows Server Azure VM

If you want to copy files to an Azure VM running Windows Server, you have two options. If you are copying files from Windows to Windows, you can use Windows PowerShell Remoting; if you are copying files from Linux or macOS to Windows, you can use the cross-platform PowerShell 6 and PowerShell Remoting over SSH.

Using Windows PowerShell Remoting

To copy files from a Windows machine to a Windows Server running in Azure, you can use Windows PowerShell Remoting.

Prepare the host (Azure VM) to receive Windows PowerShell remote commands. The Enable-PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology.

Enable-PSRemoting -Force

Now you can create a new PowerShell Remoting session to the Azure VM.

$cred = Get-Credential
 
$s = New-PSSession -ComputerName "AZUREVMIPORNAME" -Credential $cred

After the session was successfully created, you can use the copy-item cmdlet with the -toSession parameter.

Copy-Item .\windows.txt C:\ -ToSession $s

Some important notes

  • You need to configure the Network Security Group for the Azure VM to allow port 5985 (HTTP) or 5986 (HTTPS)
  • You can use PowerShell Remoting over Public Internet or Private connectivity (VPN or Express Route). If you are using the Public Internet, I highly recommend that you use https. I also recommend that you use Just-in-time virtual machine access in Azure Security for public exposed ports.

Using PowerShell Core 6 PowerShell Remoting over SSH

If you are running PowerShell Core 6, you can use PowerShell Remoting over SSH. This gives you a simple connection and cross-platform support. First, you will need to install PowerShell 6. After that, you will need to configure and setup PowerShell SSH Remoting together with OpenSSH. You can follow my blog post to do this here: Setup PowerShell SSH Remoting in PowerShell 6

Now you can create a new PowerShell Remoting session to the Azure VM.

$s = New-PSSession -HostName "AZUREVMIPORNAME" -UserName

After the session was successfully created, you can use the copy-item cmdlet with the -toSession parameter.

Copy-Item .\windows.txt C:\ -ToSession $s

Some important notes

  • You need to configure the Network Security Group for the Azure VM to allow port 22 (SSH)
  • You can use PowerShell Remoting over Public Internet or Private connectivity (VPN or Express Route). Exposing the SSH port to the public internet maybe is not secure. If you still need to use a public SSH connection, I recommend that you use Just-in-time virtual machine access in Azure Security.

Copy Files to Linux Azure VM

Copy File Windows to Linux using PowerShell Remoting

If you want to copy files to a Linux VM running in Azure, you can make use of the cross-platform PowerShell capabilities of PowerShell 6, using PowerShell Remoting over SSH. As for the Windows virtual machines, you will need to install PowerShell 6. Next, you will need to configure and setup PowerShell SSH Remoting together with OpenSSH. You can follow my blog post to do this here: Setup PowerShell SSH Remoting in PowerShell 6

After installing and configuring PowerShell Remoting over SSH, you can create a new PowerShell Remoting session to the Azure VM.

$s = New-PSSession -HostName "AZUREVMIPORNAME" -UserName

After you successfully connected to your Azure VM, you can use the copy-item cmdlet with the -toSession parameter.

Copy-Item .\windows.txt /home/thomas -ToSession $s

I hope this gives you an overview about how you can copy files to Azure VMs using PowerShell Remoting. If you have any questions, let me know in the comments.


Jun182019June 18, 2019June 18, 201921Commentsby Thomas Maurer
Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Posted in Cloud, Microsoft, Microsoft Azure, Virtualization, Windows, Windows Server, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Work

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.


Jun112019June 11, 2019June 10, 20192Commentsby Thomas Maurer
Azure Generation 2 Virtual machine

Generation 2 VM support on Azure – and why should I care?

Posted in Cloud, Hyper-V, Microsoft, Microsoft Azure, PowerShell, Windows, Windows Server, Windows Server 2012 R2

A couple of days ago Microsoft announced the public preview of Generation 2 virtual machines on Azure. Generation 2 virtual machines support a bunch of new technologies like increased memory, Intel Software Guard Extensions (SGX), and virtual persistent memory (vPMEM), which are not supported on generation 1 VMs. But more on that later.

What are Hyper-V Virtual Machine Generations

Windows Server 2012 R2 Hyper-V introduced the concept of virtual machine generations. Not to be confused with Hyper-V configuration versions. The generation of a virtual machine defines the virtual hardware of a virtual machine and adds some additional and modern functionality. In Hyper-V, there are two virtual machine generations, generation 1 and generation 2. Generation 2 virtual machines support Unified Extensible Firmware Interface (UEFI) firmware instead of BIOS-based firmware. The Hyper-V team also removed a lot of the legacy devices and replaced them with a simplified virtual machine model.

On Windows Server Hyper-V Generation 2 VMs support features and improvements like

  • PXE boot by using a standard network adapter
  • Boot from a SCSI virtual hard disk
  • Boot from a SCSI virtual DVD
  • Secure Boot (enabled by default)
  • UEFI firmware support
  • OS disk > 2 TB
  • improved boot and installation times

However, an important note here, not all of these features are currently available on Azure Generation 2 virtual machines, and not all operating systems are supported in Generation 2 VMs. For example, in Windows7, Windows Server 2008 and Windows Server 2008 R2 and 32-bit Windows systems are not supported. You can find more information about Hyper-V Generation 2 VMs here.

Azure Generation 2 Virtual Machines Overview

Azure Generation 2 Virtual Machines are currently in public preview. To be honest, Generation 2 VMs in Azure aren’t that new, with the public preview of Azure Confidential Computing, we already used Generation 2 VMs. However, now we can start using it for other workloads as well. This means that you can now upload and use your local VHD (not VHDX) files based on Hyper-V Generation 2 virtual machines. Before you had to use Azure Site Recovery to replicate and convert your Hyper-V Generation 2 VMs to Azure Generation 1 VMs.

Azure Generation 1 vs. Generation 2 capabilities

Azure Generation 1 vs Generation 2 VM

Currently, Generation 2 VMs are in public preview, and that means next to not having a service level agreement (SLA), the features which are available can and are limited. If you look at features like ASR or Azure Backup, which are currently not supporting Generation 2 VMs.

CapabilityGeneration 1Generation 2
OS disk > 2 TB
Custom Disk/Image/Swap OS
Virtual machine scale set support
ASR/Backup
Shared Image Gallery
Azure Disk Encryption

You can find more information about Azure Generation 2 virtual machines with an updated list of capabilities on Microsoft Docs.

Hyper-V vs. Azure Generation 2 VMs

There are also differences between Hyper-V Generation 2 VMs and Azure Generation 2 VMs. Not all of the features provided in Hyper-V are currently present in the public preview version on Azure.

FeatureOn-prem Hyper-VAzure
Secure Boot
Shielded VM
vTPM
Virtualization-Based Security (VBS)
VHDX format

Again, you can find an up-to-date list on Microsoft Docs.

Getting started

You can get started using the Generation 2 VMs on the following VM Sizes on Azure Premium Storage and Ultra SSD:

Windows Server Azure Generation 2 Virtual Machine

In public preview, you can now also use the following Azure Marketplace images from the “windowsserver-gen2preview” offer.

  • Windows Server 2019 Datacenter (2019-datacenter-gen2)
  • Windows Server 2016 Datacenter (2016-datacenter-gen2)
  • Windows Server 2012 R2 Datacenter (2012-r2-datacenter-gen2)
  • Windows Server 2012 Datacenter (2012-datacenter-gen2)

Create a virtual machine

You can use the Azure Portal to create a new VM or the Azure CLI using the following commands:

 
az group create --name myGen2ResourceGroupVM --location eastus
az vm create \
--resource-group myGen2ResourceGroupVM \
--name myVM \
--image MicrosoftWindowsServer:windowsserver-gen2preview:2019-datacenter-gen2:latest \
--admin-username thomas \
--admin-password myPassword12

Conclusion

I hope this gives you an overview of the benefits and how you can run Generation 2 VMs on Azure. If you have any questions please let me know in the comments.



  • Follow Me

  • About

    Thomas Maurer

    My name is Thomas Maurer. I am a Senior Cloud Advocate at Microsoft. I am part of the Azure engineering team (Cloud + AI) and engage with the community and customers around the world. I am located in Switzerland. I am focusing on Microsoft technologies, especially cloud and datacenter solutions based on Microsoft Azure, Azure Stack and Windows Server. Opinions are my own.

  • Sponsor

  • Sponsor

    Starwind Virtual SAN

  • Sponsor

    Vembu BDR Suite

  • Sponsor

    Altaro Ad