Tag: IaaS

Jul182017July 18, 2017August 18, 201816 Commentsby Thomas Maurer

How to setup Nested Virtualization in Microsoft Azure

Posted in Cloud, Containers, Hosting, Hyper-V, Microsoft, Microsoft Azure, Microsoft Azure Stack, PowerShell, Virtualization, Windows, Windows 10, Windows Server, Windows Server 2016, Work

At the Microsoft Build Conference this year, Microsoft announced Nested Virtualization for Azure Virtual Machines, and last week Microsoft announced the availability of these Azure VMs, which support Nested Virtualization. Nested Virtualization basically allows you to run a Hypervisor in side a Virtual Machine running on a Hypervisor, which means you can run Hyper-V within a Hyper-V Virtual Machine or within a Azure Virtual Machine, kind a like Inception for Virtual Machines.

You can use Nested Virtualization since Windows Server 2016 or the same release of Windows 10, for more details on this, check out my blog post: Nested Virtualization in Windows Server 2016 and Windows 10

With the release of the Azure Dv3 and Ev3 VM sizes:

D2-64 v3 instances are the latest generation of General Purpose Instances. D2-64 v3 instances are based on the 2.3 GHz Intel XEON ® E5-2673 v4 (Broadwell) processor and can achieve 3.5GHz with Intel Turbo Boost Technology 2.0. D2-64 v3 instances offer the combination of CPU, memory, and local disk for most production workloads.
E2-64 v3 instances are the latest generation of Memory Optimized Instances. E2-64 v3 instances are based on the 2.3 GHz Intel XEON ® E5-2673 v4 (Broadwell) processor and can achieve 3.5GHz with Intel Turbo Boost Technology 2.0. E2-64 v3 instances are ideal for memory-intensive enterprise applications.

With the upgrade to new Intel Broadwell processors, Microsoft enabled Nested Virtualization, which will allows a couple of different scenarios, when you create a Virtual Machine running Windows Server 2016.

You can run Hyper-V Containers (Windows Containers with additional isolation) inside an Azure VM. With future releases we will also be able to run Linux Containers in Hyper-V Containers running on a Windows Server OS.
You can quickly spin up and shut down new demo and test environments, and you only pay when you use them (pas-per-use)

How to Setup Nested Virtualization in Azure

Deploy Azure VM

To setup Nested Virtualization inside an Azure Virtual Machine, you first need to create a new Virtual Machines using one of the new instance sizes like Ev3 or Dv3 and Windows Server 2016.I also recommend to install all the latest Windows Server patches to the system.

Optional: Optimize Azure VM Storage

This step is optional, but if you want to better performance and more storage for your Nested Virtual Machines to run on, this makes sense.

In my case I attached 2 additional data disks to the Azure VM. Of course you can choose more or different sizes. Now you can see 2 new data disk inside your Azure Virtual Machine. Do not format them, because we gonna create a new storage spaces pool and a simple virtual disk, so we get the performance form both disks at the same time. In the past this was called disk striping.

With that you can create a new Storage Spaces Storage Pool and a new Virtual Disk inside the VM using the storage layout “Simple” which basically configures it as striping.

I also formatted the disk and set the drive letter to V:, this will be the volume where I will place my nested virtual machines.

Install Hyper-V inside the Azure VM

The next step would be to install the Hyper-V role in your Azure Virtual Machine. You can use PowerShell to do this since this is a regular Windows Server 2016.This command will install Hyper-V and restart the virtual machine.

Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart

1	Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart

After the installation you have Hyper-V installed and enabled inside your Azure Virtual Machine, now you need to configure the networking for the Hyper-V virtual machines. For this we will use NAT networking.

Configure Networking for the Nested Environment

To allow the nested virtual machine to access the internet, we need to setup Hyper-V networking in the right why. For this we use the Hyper-V internal VM Switch and NAT networking. I described this here: Set up a Hyper-V Virtual Switch using a NAT Network

Create a new Hyper-V Virtual Switch

First create a internal Hyper-V VM Switch

New-VMSwitch -SwitchName "NATSwitch" -SwitchType Internal

1	New-VMSwitch -SwitchName "NATSwitch" -SwitchType Internal

Configure the NAT Gateway IP Address

The Internal Hyper-V VM Switch creates a virtual network adapter on the host (Azure Virtual Machine), this network adapter will be used for the NAT Gateway. Configure the NAT gateway IP Address using New-NetIPAddress cmdlet.

New-NetIPAddress –IPAddress 172.21.21.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)"

1	New-NetIPAddress –IPAddress 172.21.21.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)"

Configure the NAT rule

After that you have finally created your NAT network and you can now use that network to connect your virtual machines and use IP Address from 172.21.21.2-172.21.21.254.

New-NetNat –Name MyNATnetwork –InternalIPInterfaceAddressPrefix 172.21.21.0/24

1	New-NetNat –Name MyNATnetwork –InternalIPInterfaceAddressPrefix 172.21.21.0/24

Now you can use these IP Addresses to assign this to the nested virtual machines. You can also setup a DHCP server in one of the nested VMs to assign IP addresses automatically to new VMs.

Optional: Create NAT forwards inside Nested Virtual Machines

To forward specific ports from the Host to the guest VMs you can use the following commands.

This example creates a mapping between port 80 of the host to port 80 of a Virtual Machine with an IP address of 172.21.21.2.

Add-NetNatStaticMapping -NatName "MyNATnetwork" -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.21.21.2 -InternalPort 80 -ExternalPort 80

1	Add-NetNatStaticMapping -NatName "MyNATnetwork" -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.21.21.2 -InternalPort 80 -ExternalPort 80

This example creates a mapping between port 82 of the Virtual Machine host to port 80 of a Virtual Machine with an IP address of 172.21.21.3.

Add-NetNatStaticMapping -NatName "MyNATnetwork" -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.16.0.3 -InternalPort 80 -ExternalPort 82

1	Add-NetNatStaticMapping -NatName "MyNATnetwork" -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.16.0.3 -InternalPort 80 -ExternalPort 82

Optional: Configure default Virtual Machine path

Since I have created an extra volume for my nested virtual machines, I configure this as the default path for Virtual Machines and Virtual Hard Disks.

Set-VMHost -VirtualHardDiskPath V:\VMs -VirtualMachinePath V:\VMs

1	Set-VMHost -VirtualHardDiskPath V:\VMs -VirtualMachinePath V:\VMs

Create Nested Virtual Machines inside the Azure VM

Now you can basically start to create Virtual Machines inside the Azure VM. You can for example use an existing VHD/VHDX or create a new VM using an ISO file as you would do on a hardware Hyper-V host.

Some crazy stuff to do

There is a lot more you could do, not all of it makes sense for everyone, but it could help in some cases.

Running Azure Stack Development Kit – Yes Microsoft released the Azure Stack Development Kit, you could use a large enough Azure virtual machine and run it in there.
Configure Hyper-V Replica and replicate Hyper-V VMs to your Azure VM running Hyper-V.
Nested a Nested Virtual Machine in a Azure VM – You could enable nesting on a VM running inside the Azure VM so you could do a VM inside a VM inside a VM. Just follow my blog post to created a nested Virtual Machine: Nested Virtualization in Windows Server 2016 and Windows 10

In my opinion Nested Virtualization is mostly help full if you run Hyper-V Containers, but it also works great, if you want to run some Virtual Machines inside a Azure VM, for example to run a lab or test something.

Aug202015August 20, 2015September 2, 20180 Commentby Thomas Maurer

Veeam FastSCP for Microsoft Azure

Posted in Cloud, Microsoft, Microsoft Azure, PowerShell, Private Cloud, Virtualization, Web, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Server, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Work

Veeam does some great products for your virtualization and datacenter environment such as their Veeam Backup & Replication suite, Veeam Endpoint Backup FREE and Management Packs for System Center Operations Manager. Now a couple of weeks ago Veeam released a cool free tool call Veeam FastSCP fro Microsoft Azure. With Veeam FastSCP (Secure Copy Protocol) for Microsoft Azure, IT Pros and Azure Developers can simply and reliably copy local files to Azure VMs, and copy files in Azure VMs to on-premises.

The utility makes your life way easier when dealing with Virtual Machines running on Microsoft Azure IaaS.

Secure file copy with no independent encryption or VPN needed
Manual file copy to/from Azure VMs without the need to keep the UI open until the file copy completes
Automatic scheduling of file copy jobs for nightly or weekly copies to/from Azure VMs
A wizard-driven UI to copy files in just a few clicks – with no scripting needed

If you want to download it, check out the Veeam Website.

To set it up the tool connects to the PowerShell endpoint for your IaaS VM. Just add the Virtual Machine and you are ready to go! With that you can do some great things, like simply copy a file to an Azure IaaS VM or even doing scheduled backups of files from inside Azure VMs like Didier Van Hoye did.

Apr292015April 29, 2015April 29, 20150 Commentby Thomas Maurer

Windows Azure Pack Archtiecture Overview

What’s new Windows Azure Pack Update Rollup 6

Posted in Cloud, Hyper-V, Microsoft, Private Cloud, System Center, Virtualization, Web, Windows Azure Pack, Windows Server, Windows Server 2012, Windows Server 2012 R2, Work

Microsoft just released Update Rollup 6 for Windows Azure Pack on April 28. Microsoft fixes some bugs and added some highly requested features from User Voice as well.

Tenants can now create a checkpoint of a Virtual Machine and restore it at will when needed.
VMM Users can now deploy and manage Generation 2 VMs through VM Roles using WAP and the corresponding UR6 SPF Resource Provider
Added support to maintain Data Consistency between the SQL Resource Provider configured properties for resources with the actual provisioned resources on the SQL Server Hosting machine(s).
Added support for Webjobs in Windows Azure Pack Websites. This functionality offers creation of Webjobs to be executed manually or continuously in the background.
Tenants can now use deployment slots associated to their websites. Web app content and configurations elements can be swapped between two deployment slots, including the production slot.
Administrator can take advantage of DSC to deploy the update across a distributed environment.
Windows Azure Pack Websites can now take advantage of the HttpPlatformHandler to host Java and other runtimes.
Updates to Management Pack
- Synthetic Transactions
- Resource Governor Error Monitors
- Monitor Certificate Validation Disabled
High Priority Bug Fixes

Apr242015April 24, 2015April 24, 20150 Commentby Thomas Maurer

VMM 2012 R2 Update Rollup 6 Azure IaaS Management

Generation 2 Virtual Machine in Service Templates and Managing Azure IaaS VMs in VMM with UR6

Posted in Cloud, Hyper-V, Microsoft, Microsoft Azure, PowerShell, Private Cloud, System Center, Virtual Machine Manager, Virtualization, Windows Server, Windows Server 2012, Windows Server 2012 R2, Work

Microsoft just announced System Center 2012 R2 Virtual Machine Manager Update Rollup 6 with some highly requested features. Two of them are support for VMM Service Templates with Generation 2 Virtual Machines and managing Microsoft Azure IaaS Virtual Machines directly from the Virtual Machine Manager Console.

If you want to know more checkout that video:

Feb132015February 13, 2015January 13, 20194 Commentsby Thomas Maurer

Passed Microsoft Exam 70-533 Implementing Microsoft Azure Infrastructure Solutions

Posted in Active Directory, Certification, Cloud, Microsoft, Microsoft Azure, PowerShell, Private Cloud, Virtualization, Web, Work

A couple of weeks ago I passed Microsoft Exam 70-533 Implementing Microsoft Azure Infrastructure Solutions, which is focused on implementing and designing Microsoft Azure Infrastructure solutions such as Azure Websites or Azure Virtual Machines (IaaS). I think taking this exam and preparing for it was a great idea. Even if I have already done a couple of projects on Azure I still learned a lot during the preparation and you can find some of the best practices. Since Azure is a huge beast and the rapid deployment of new features, you will definitely find some new stuff you didn’t know before during the preparation for the exam. And of course taking new Microsoft Certifications early helps you to stand out in the IT Pro or Developer world. Of course passing exams alone does not make you an expert, but if you have know-how on a topic it’s is always got to have some kind of paper to prove it.

So what are the skills measured for this exam. The exam 70-533 focuses on 6 topics, Azure Websites, Virtual Machines, Cloud Services, Storage, Azure Active Directory and Virtual Networks. To my surprise I got a really good score on Azure Websites and of course Virtual Machines, since I used to run several of them on Azure. I also found out that Azure Active Directory is one of the parts I have to invest a little more.

Skills measured

Implement websites (15-20%)

Deploy websites
- Define deployment slots; roll back deployments, configure and deploy packages, deploy web jobs, schedule web jobs
Configure websites
- Configure app settings, connection strings, handlers, and virtual directories; configure certificates, custom domains, and traffic manager; configure SSL bindings and runtime configurations; manage websites by using Windows PowerShell and Xplat-CLI
Configure diagnostics, monitoring, and analytics
- Retrieve diagnostics data; view streaming logs; configure endpoint monitoring, alerts, and diagnostics; monitor website resources
Configure scale and resilience
- Configure auto-scale using built-in and custom schedules; configure by metric; change the size of an instance
Manage hosting plans
- Create hosting plans; migrate websites between hosting plans; create a website within a hosting plan

Implement virtual machines (15-20%)

Deploy workloads on Azure virtual machines (VMs)
- Identify supported Microsoft workloads; deploy and connect to a Linux VM; create VMs
Implement images and disks
- Create specialized and generalized images for Windows and Linux; copy images between storage accounts and subscriptions; upload VHDs
Perform configuration management
- Automate configuration management by using PowerShell Desired State Configuration and custom script extensions; enable puppet and chef extensions
Configure VM networking
- Settings include reserved IP addresses, access control list (ACL), internal name resolution, DNS at the cloud service level, load balancing endpoints, HTTP and TCP health probes, public IPs, firewall rules, direct server return, and Keep Alive
Configure VM resiliency
- Scale up and scale down VM sizes; auto-scale; configure availability sets
Design and implement VM storage
- Configure disk caching; plan storage capacity; configure operating system disk redundancy; configure shared storage using Azure File service; configure geo-replication; encrypt disks
Monitor VMs
- Configure endpoint monitoring, alerts, and diagnostics

Implement cloud services (15-20%)

Configure cloud services and roles
- Configure instance count and size, operating system version and family, upgrade and fault domains, ACLs, reserved IPs, and network access rules; configure local storage; configure dedicated and co-located caching, local and cloud configurations, and local disks; configure multiple websites; configure custom domains
Deploy and manage cloud services
- Upgrade a deployment; VIP swap a deployment; package a deployment; modify configuration files; perform in-place updates; perform runtime configuration changes using the portal; scale a cloud service; create service bus namespaces and choose a tier; apply scalability targets
Monitor cloud services
- Monitor service bus queues, topics, relays, and notification hubs; configure diagnostics

Implement storage (15-20%)

Implement blobs and Azure files
- Read data; change data; set metadata on a container; use encryption (SSL); perform an async blob copy; configure a Content Delivery Network (CDN); implement storage for backup and disaster recovery; configure Azure Backup; define blob hierarchies; configure custom domains; configure the Import and Export Service
Manage access
- Create and manage shared access signatures; use stored access policies; regenerate keys
Configure diagnostics, monitoring, and analytics
- Configure retention policies and logging levels; analyze logs
Implement SQL databases
- Choose the appropriate database tier and performance level; configure point in time recovery and geo-replication; import and export data and schema; design a scaling strategy
Implement recovery services
- Create a backup vault; deploy a backup agent; back up and restore data

Implement an Azure Active Directory (15-20%)

Integrate an Azure AD with existing directories
- Implement DirSync, O365 integration, and single sign-on with on-premises Windows Server 2012 R2; add custom domains; monitor Azure AD
Configure the Application Access Panel
- Configure single sign-on with SaaS applications using federation and password based; add users and groups to applications; revoke access to SaaS applications; configure access; federation with Facebook and Google ID
Integrate an app with Azure AD
- Web apps (WS-federation); desktop apps (OAuth); graph API

Implement virtual networks (15-20%)

Configure a virtual network
- Deploy a VM into a virtual network; deploy a cloud service into a virtual network; configure static IPs; configure internal load balancing; design subnets
Modify a network configuration
- Modify a subnet; import and export a network configuration
Design and implement a multi-site or hybrid network
- Choose the appropriate solution between ExpressRoute, site-to-site, and point-to-site; choose the appropriate gateway; identify supported devices and software VPN solutions; identify networking prerequisites; configure regional virtual networks and multi-site virtual networks

Preparation

To prepare for the exam I used several different resources such as Microsoft Virtual Academy, TechNet, Channel9 and of course Microsoft Azure it self. I also found some great community blogs which have some link summaries:

If you are going to take this exam I wish you good luck.

Update: Microsoft retired some of the Azure exams and replace them by new ones. One of the is the AZ-100 series, which will give you the Microsoft Certified: Azure Administrator, and is addressing the 70-533.

Jul142014July 14, 2014July 14, 20140 Commentby Thomas Maurer

Virtual Machines IaaS now available in the Azure preview portal

Posted in Cloud, Hardware, Hosting, Hyper-V, Microsoft, Microsoft Azure, Private Cloud, StorSimple, Virtualization, Web, Windows Server, Windows Server 2012 R2, Work

Some months ago Microsoft lunched a new preview portal for Microsoft Azure, with a cool new design and features. The IaaS or Virtual Machine services was missing from the portal. A week ago Microsoft announced to add some enhancements to the preview portal including Virtual Machines. Now today Microsoft rolled out the enhancements to the portal. with other improvements:

IaaS Functionality: Create, deploy, monitor and manage rich virtual machines’ based applications, and manage virtual networks within a fully customizable Portal experience. In addition to creating simple virtual machines, we are adding the ability to automate the deployment of rich multi-machine application templates with a few clicks. With this, deploying a multi-tier, highly-available SharePoint farm from the portal will be a few clicks away!
Resource Group enhancements: Manage infrastructure services like virtual machines and virtual networks along with platform services like web sites and databases, all within the same Resource Group, as a single application. This level of flexibility and control is an example of how Azure is leading the way in blurring the lines between infrastructure and platform services, giving customers the choice to pick the best platform for their application needs.
Azure Image Gallery Updates: The completely re-imagined Azure Gallery is more powerful with the addition of several new virtual machine images that enable you to provision dev/test servers or production applications in minutes. The new virtual machine images and templates take the guesswork out of building, orchestrating and deploying complex applications, thus letting you focus on creating business value instead of managing the infrastructure.
Azure SQL Database: Customers can manage their Azure SQL Databases within the Portal, consistent with other Azure services. This includes provisioning databases across Web and Business (currently in general availability) and Basic, Standard, and Premium (currently in preview).

Checkout the blog from Vibhor Kapoor Director, Product Marketing, Microsoft Azure to learn more.

Apr042014April 4, 2014April 4, 20140 Commentby Thomas Maurer

Microsoft Azure Update at Build 2014

Posted in Cloud, Microsoft, Microsoft Azure, Office365, PowerShell, Private Cloud, Software, System Center, Virtualization, Web, Web, Windows, Windows 8.1, Windows Phone, Windows Server, Windows Server 2012 R2, Work, Xbox

At the Build Conference 2014 Microsoft already announced a lot of new stuff for the whole Microsoft or IT ecosystem. There is absolutely no time to cover all the changes and announcements Microsoft has made in the past 2 days. So I will just focus on the things I care about.

Prior to the Build Conference Microsoft announced that Windows Azure will be renamed to Microsoft Azure. This will show how Microsoft is not only building on top of the Windows platform, they also have opened up for other platforms an solutions a long time ago. One example for that maybe was the announcement of supporting Oracle Software in Microsoft Azure around a year ago.
Mark Russinovich announced some great new changes to Microsoft Azure IaaS. You can now capture and deploy images, you can Puppet and Chef as well as PowerShell DSC support, to configure you server environment. An this is great for developers, some of the features will show up directly in Visual Studio. Microsoft also did some work on the Networking site which was really important, for example you can now change the subnet for Virtual Machines.
Microsoft also launched a lot of new preview features like Azure Cache and a lot more. What I love the most is the new Microsoft Azure feature called Azure Automation. Azure Automation allows you to automate the creation, monitoring, deployment, and maintenance of resources in your Azure environment using a highly-available workflow execution engine. Orchestrate time-consuming, error-prone, and frequently repeated tasks against Azure and third party systems to decrease time to value for your cloud operations. This is basically Service Management Automation (SMA), which was released with System Center 2012 R2 as a on premise version, now running up in Microsoft Azure. For those how haven’t heard about SMA, SMA is a new automation engine and Runbooks in Service Management Automation and Microsoft Azure Automation are Windows PowerShell workflows.
Microsoft also release a new preview of the Microsoft Azure portal. Since Microsoft released a huge number of new features in Azure, the “old” management portal didn’t really fit the requirements anymore. The new Azure management portal helps you to be much more organized and is using a lot of new concept like “blades” to help you navigate through your Azure environment. The new dashboard also gives you a quick overview about the Microsoft Azure datacenters and there service status, and the new touch friendly dashboard also allows you to customize it for your need. You can check it out on portal.azure.com
I am not a developer but I was really impressed what Microsoft did for developers. They are just generating a huge numbers of new opportunities with their new platforms not only in Microsoft Azure using IaaS, mobile Services or PaaS, Microsoft also announced a new concept of Universal Apps which allows developers to write apps which run on Windows Phone, Windows and Xbox One. Some days ago Microsoft also showed the new Kinect v2 hardware which I hope developers will use to write some really cool stuff. If we have a lot back at Microsoft Azure, what I really liked about the new Portal is the integration of Team Foundation Server or “team projects”.