Tag: install

Azure Automatic VM Guest OS Patching

How to configure Azure Automatic VM guest OS patching

If you want to keep your Azure virtual machines (VMs) up-to-date, then there is a service called Azure Update Management, which helps you to manage updates on your Azure VM guest operating system. However, this needed some additional planning and configuration. To make patching of your Azure virtual machines (VMs) easier, there is a new option called Automatic VM guest patching, which helps ease update management by safely and automatically patching virtual machines to maintain security compliance.

Automatic VM guest patching is now available in public preview for Windows virtual machines on Azure.

With Azure automatic VM guest patching enabled, the VM is assessed periodically to check for available operating system patches for that Azure VM. Updates classified as ‘Critical’ or ‘Security’ are automatically downloaded and installed on the VM during off-peak hours. This patch orchestration is managed and handled by Azure and patches are applied following availability-first principles.

In a nutshell, Azure automatic VM guest patching has the following capabilities:

  • Patches classified as Critical or Security are automatically downloaded and applied on the VM.
  • Patches are applied during off-peak hours in the VM’s time zone.
  • Patch orchestration is managed by Azure and patches are applied following availability-first principles.
  • Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
  • Works for all VM sizes.

Patches are installed within 30 days of the monthly Windows Update release, following availability-first orchestration described below. Patches are installed only during off-peak hours for the VM, depending on the time zone of the VM. The VM must be running during the off-peak hours for patches to be automatically installed. If a VM is powered off during a periodic assessment, the VM will be automatically assessed and applicable patches will be installed automatically during the next periodic assessment when the VM is powered on.

You can find more information on Azure automatic VM guest patching on Microsoft Docs.

How to enable Azure Automatic VM guest OS patching

To enable Azure automatic VM guest OS (operating system) patching, we currently have a couple of requirements.

  • Currently, only Windows VMs are supported (Preview). Currently, Windows Server 2012 R2, 2016, 2019 Datacenter SKUs are supported. (and more are added periodically).
  • Only VMs created from certain OS platform images are currently supported in the preview. Which means custom images are currently not supported in the preview.
  • The virtual machine must have the Azure VM Agent installed.
  • The Windows Update service must be running on the virtual machine.
  • The virtual machine must be able to access Windows Update endpoints. If your virtual machine is configured to use Windows Server Update Services (WSUS), the relevant WSUS server endpoints must be accessible.
  • Use Compute API version 2020-06-01 or higher.

These requirements might change in the future during the preview phase (for the current requirements check out Microsoft Docs).

During the preview, this feature requires a one-time opt-in for the feature InGuestAutoPatchVMPreview per subscription. You can run the following Azure PowerShell or Azure CLI command.

Azure PowerShell:

# Register AzProvider
Register-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Check the registration status
Get-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Once the feature is registered for your subscription, complete the opt-in process by changing the Compute resource provider.
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute

Now you can enable automatic VM guest patching for your Azure virtual machines within that subscription. To do that you can currently use the REST API, Azure PowerShell, or the Azure CLI.

With Azure CLI, you can use the az vm get-instance-view .

az vm update --resource-group test-autopatch-rg--name azwinvm01 --set osProfile.windowsConfiguration.enableAutomaticUpdates=true osProfile.windowsConfiguration.patchSettings.patchMode=AutomaticByPlatform

You can see that there are two important parameters for this cmdlet. First the -enableAutoUpdate and secondly the -PatchMode. There are currently three different patch orchestration modes you can configure.

AutomaticByPlatform

  • This mode enables automatic VM guest patching for the Windows virtual machine and subsequent patch installation is orchestrated by Azure.
  • Setting this mode also disables the native Automatic Updates on the Windows virtual machine to avoid duplication.
  • This mode is only supported for VMs that are created using the supported OS platform images above.

AutomaticByOS

  • This mode enables Automatic Updates on the Windows virtual machine, and patches are installed on the VM through Automatic Updates.
  • This mode is set by default if no other patch mode is specified.

Manual

  • This mode disables Automatic Updates on the Windows virtual machine.
  • This mode should be set when using custom patching solutions.

If you need more control, I recommend that you have a look at Azure Update Management, which is already publicly available and also supports Windows and Linux servers running in Azure or on-premises.

To verify whether automatic VM guest patching has completed and the patching extension is installed on the VM, you can review the VM’s instance view.

az vm get-instance-view --resource-group test-autopatch-rg --name azwinvm01

This will show you the following result:

Azure Automatic VM Guest OS Patching Status

Azure Automatic VM Guest OS Patching Status

You can also create the patch assessment on-demand.

Invoke-AzVmPatchAssessment -ResourceGroupName "myResourceGroup" -VMName "myVM"

I hope this provides you with an overview of the new Azure automatic VM guest patching feature. If you want to have some advanced capabilities to manage updates for your Azure VMs and even your servers running on-premises, check out Azure Update Management. This will provide you with some advanced settings and your own maintenance schedules. If you have any questions, feel free to leave a comment.



Add Microsoft Monitoring Agent Extension

How to Add the Microsoft Monitoring Agent to Azure Arc Servers

To use some of the functionality with Azure Arc enabled servers, like Azure Update Management, Inventory, Change Tracking, Logs, and more, you will need to install the Microsoft Monitoring Agent (MMA). In this blog post, we are going to have a look at how you can install the Microsoft Monitoring Agent (MMA) on an Azure Arc enabled server using extensions.

Introducing Azure Arc
For customers who want to simplify complex and distributed environments across on-premises, edge and multicloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.
Learn more about Azure Arc here.

You can learn more about the manual MMA setup on Microsoft Docs.

How to install the Microsoft Monitoring Agent on Azure Arc enabled servers

To install the Microsoft Monitoring Agent (MMA) you can use the new extension in Azure Arc. You open the server you want to install the MMA agent in the Azure Arc server overview. Navigate to Extensions and click on Add, and select the Microsoft Monitoring Agent – Azure Arc. This works for Windows and Linux servers.

Add Microsoft Monitoring Agent Extension

Add Microsoft Monitoring Agent Extension

Now you can enter the Azure Log Analytics workspace ID and the key. This will create a job and install the Microsoft Monitoring Agent on the server.

Create Microsoft Monitoring Agent - Azure Arc

Workspace ID and Key

After that, you can start using features like Azure Log Analytics, Inventory, Change Tracking, Update Management, and more. You can also do this manually for Windows and Linux machines.

Conclusion

Azure Arc for servers makes it super simple to deploy the Microsoft Monitoring Agent to servers running on-premises or at other cloud providers.

You can learn more about how Azure Arc provides you with cloud-native management technologies for your hybrid cloud environment here, and you can find the documentation for Azure Arc enabled servers on Microsoft Docs.

If you have any questions or comments, feel free to leave a comment below.



Windows 10 on ARM PowerShell 7 Windows Terminal ARM64

How to Install PowerShell 7 on Windows 10 on ARM

As you know I am running Surface Pro X as my daily driver, which comes with Windows 10 on ARM. With the release of PowerShell 7.0.2, I want to show you how you can install PowerShell 7 on Windows 10 on ARM and the Surface Pro X. The ARM64 release is still marked as a preview. The PowerShell team is working on bringing PowerShell 7 to the Microsoft Store, which will create a much ns smoother experience. However, if you are like me and want to try out PowerShell 7 on your Surface Pro X today, you can do that.

Windows 10 on ARM runs on PCs powered by ARM processors, like the Surface Pro X. And if you want to know more about what’s new in PowerShell 7, check out my blog post. ℹ

How to Install PowerShell 7 on Windows 10 on ARM and the Surface Pro X

With the release 7.0.2 of PowerShell 7, the ARM64 build arrived again. You can download a new .msix file with an ARM64 version from the GitHub release page.

PowerShell 7 on Windows 10 on ARM Surface Pro X

PowerShell 7 on Windows 10 on ARM Surface Pro X

If your Windows 10 machine has developer mode enabled, you can now add the MSIX package to your Windows installation. You can use the Add-AppxPackage to add the .msix package.

Add-AppxPackage .\PowerShell-7.0.2-win-arm64.msix

After that, you can find PowerShell 7 in your start menu, or directly in the new Windows Terminal.

Windows 10 on ARM PowerShell 7 Windows Terminal ARM64

Windows 10 on ARM PowerShell 7 Windows Terminal ARM64

Conclusion

I hope this helped you an explained to you how you can install PowerShell 7 on Windows 10 on ARM. If you want to know more about installing and updating PowerShell 7, check out my blog post. And if you need more information, here is the official documentation on Microsoft Docs.

You can find more information about what’s new in PowerShell 7 on my blog. If you have any questions, please let me know in the comments.



How to Install a Windows Server Container Host

How to Install a Windows Server Container Host

In this blog post, I want to quickly guide you through how you can install a Windows Server Container Host running Docker. This guide will help you set up, install, and run Windows Containers on Windows Server. In my example, I will install a container host on a Windows Server, version 2004, which is a Semi-Annual Channel (SAC) release. Windows Server SAC releases are released twice a year and are optimized for containers. In the Windows Server, version 2004 release, the team continued improving fundamentals for the core container platform such as performance and reliability.

If you want to learn more about the differences of Windows Server Semi-Annual Channel (SAC) vs. Long-Term Servicing Channel (LTSC), check out my blog post.

Requirements

  • A virtual or physical server running Windows Server 2016 or higher (Also including Semi-Annual Channel (SAC) releases. In my blog post, I will use the latest available releases and run the latest Windows Server SAC release, which offers the latest enhancements on the container host.
  • You can also use the Windows Server 2019 LTSC version

Set up and install the Windows Server Container Host

Since I am using the latest SAC release of Windows Server, the server is available as Windows Server Core only. This means I am going to use a tool called “sconfig” to set up my server for the first time. Of course, you can also use existing methods like unattend.xml files or PowerShell scripts to set up your server.

Windows Server Core

Windows Server Core

With sconfig, you can run all the simple configuration tasks to configure your Windows Server.

Windows Server SCONFIG

Windows Server SCONFIG

After the Windows Server is configured and patched, we can now install Docker, which is required to work with Windows containers. Docker consists of the Docker Engine and the Docker client. You can simply install Docker on Windows Server using the following commands.

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider

Install Docker on Windows Server

Install Docker on Windows Server

After these commands, you will need to restart the server.

Restart-Computer -Force

If you want to learn more about installing Docker on Windows Server, check out Microsoft Docs.

Run Windows Container Docker Images on Windows Server

Run Windows Container Docker Images on Windows Server

Now you can start pulling your docker container images to your Windows Server. I will use the latest Windows Container images, which came with Windows Server, version 2004. You can read more about the improved container images here.

docker pull mcr.microsoft.com/windows/servercore:2004 
docker pull mcr.microsoft.com/windows/nanoserver:2004 
docker pull mcr.microsoft.com/windows:2004

You can now use the docker client to manage your containers on your Windows Server, or you can also use the new Windows Admin Center Container extension, which was released a couple of weeks ago.

Manage Windows Server Containers with Windows Admin Center

Manage Windows Server Containers with Windows Admin Center

And yes, if you have a standalone Windows Server Core, you can also directly install Windows Admin Center on your Windows Server Core.

Conclusion

I hope this blog post gives you a great overview of how to install and set up a Windows Server container host. If you have any questions, feel free to leave a comment.



Install WinGet - Windows Package Manager

How to Install WinGet Windows Package Manager

For a long time, people have been asking for a package manager on Windows. Today at Microsoft Build, Microsoft announced the preview of the Windows Package Manager called WinGet. A package manager can help you to save time and quickly install software and tools on to your machine. Developers and IT Pros have wanted a native package manager in Windows for a long time and with WinGet, you will get that.

You can read more about the Windows Package Manager Preview announcement here.

How to install WinGet Windows Package Manager

The Windows Package Manager is currently in preview. To install the preview of Windows Package Manager, you basically have two options. Since WinGet is open source, you can clone, build, run, and test the code from the GitHub repository (https://github.com/microsoft/winget-cli). You can also become a Windows Insider an join the Windows Package Manager Insider program by sending your Microsoft Account (MSA) to [email protected] and request to be included in the preview.

App Installer in the Windows Store

App Installer in the Windows Store

After you have joined either Insider program, head over to the Microsoft Store and get the App Installer. The Windows Package manager will be available after you get the update.

How to install software using the Windows Package Manager

Now you can start using winget in the Windows Terminal, Windows command line, or PowerShell. The command line client “winget.exe” is already pre-configured to point to the Microsoft community repository.

winget install Windows Package Manager

winget install Windows Package Manager

Search for available packages

winget search APPLICATION

Display information about the packages

winget show APPLICATION

Install packages

winget install APPLICATION

Manage sources for packages

winget source (add/list/update/remove/reset)

Here is a quick look at some of the packages in the Microsoft Community repository.

winget show

winget show

Contribute and Feedback

Since the Windows Package Manager is open source, you can also contribute by sharing your feedback and suggestions on GitHub.

More information

You can find more information about the WinGet Windows Package Manager check out the Microsoft Docs and the preview announcement blog post. If you have any questions, feel free to leave a comment below.

 



Deploy and Configure Windows Admin Center in Azure VM

Deploy and Install Windows Admin Center in an Azure VM

The great thing about Windows Admin Center (WAC) you manage every Windows Server doesn’t matter where it is running. You can manage Windows Servers on-prem, in Azure or running at other cloud providers. Now if you want to use Windows Admin Center to manage your virtual machines running in Azure, you can use either an on-prem WAC installation and connecting it using a public IP address or a VPN connection, or you can deploy and install Windows Admin Center in Azure. This blog post will show you how you can deploy and install Windows Admin Center in an Azure virtual machine (VM).

How to deploy and install Windows Admin Center in an Azure virtual machine (VM)

With this guide, you can directly deploy and install a new Windows Admin Center gateway in an Azure VM. If you have already a VM deployed, you can also follow this guide to install Windows Admin Center manually. For the installation, we will use Azure Cloud Shell do run a PowerShell installation script.

Preparation

As mentioned we will run the installation script from Azure Cloud Shell. Optionally you can also install Azure PowerShell on your location machine and run the same steps for the installation on your local machine.

  1. Set up Azure Cloud Shell if you haven’t done it yet.
  2. Start the PowerShell experience in Cloud Shell.
  3. Optional: If you want to use your own existing certificate, upload the certificate to Azure Key Vault.

Installation

Now you can start with the installation process. First, you will need to download the installation script from the following URL. Navigate to your home directory and download the file using PowerShell.

Download Windows Admin Center with PowerShell in Cloud Shell

Download Windows Admin Center with PowerShell in Cloud Shell

# Navigate to your home directory
cd ~
 
# Download file
Invoke-WebRequest -Uri https://aka.ms/deploy-wacazvm -OutFile Deploy-WACAzVM.zip
 
# Expand Zip file
Expand-Archive ./Deploy-WACAzVM.zip
 
# Change Directory
cd Deploy-WACAzVM

After successfully downloading and unpacking the Windows Admin Center deployment script, you will need to modify a couple of parameters. I will use the default parameters to deploy a new Windows Server 2019 and generate a self-signed certificate. However, if you want to use other options, check out the script parameter list.

Configure Parameter

Configure Parameter

$ResourceGroupName = "demo-wac-rg"
$VirtualNetworkName = "wac-vnet"
$SecurityGroupName = "wac-nsg"
$SubnetName = "wac-subnet"
$VaultName = "wac-key-vault"
$CertName = "wac-cert"
$Location = "westeurope"
$PublicIpAddressName = "wac-public-ip"
$Size = "Standard_D4s_v3"
$Image = "Win2019Datacenter"
$Credential = Get-Credential
 
$scriptParams = @{
ResourceGroupName = $ResourceGroupName
Name = "wac-vm1"
Credential = $Credential
VirtualNetworkName = $VirtualNetworkName
SubnetName = $SubnetName
Location = $Location
Size = $Size
Image = $Image
GenerateSslCert = $true
}
./Deploy-WACAzVM.ps1 @scriptParams

This will deploy a new Azure virtual machine with Windows Admin Center installed and open the specific port 443 on the public IP address. You can find more install options and parameters to install WAC on an existing virtual machine or with an existing certificate on Microsoft Docs.

Deploy and Configure Windows Admin Center in Azure VM

Deploy and Configure Windows Admin Center in Azure VM

After the deployment has finished, simply click on the URL or IP address and it will open the Windows Admin Center portal.

Windows Admin Center Running in Microsoft Azure

Windows Admin Center Running in Microsoft Azure

I hope this gives you an overview about how you can deploy Windows Admin Center in an Azure VM. If you have any questions, please let me know in the comments.



Windows Subsystem for Linux 2 WSL2 on Windows Server

How to Install WSL 2 on Windows Server

A couple of months ago Microsoft announced the Windows Subsystem for Linux 2 (WSL 2), which is a successor of the Windows Subsystem for Linux shipped a couple of years ago. WSL 2 is currently available for Windows Insiders running Windows 10 Insider Preview Build 18917 or higher and with the Docker Tech Preview, you can now even run Docker Linux Container directly on WSL 2. With the latest Windows Server Insider Preview build 18945, you are also able to run WSL 2 on Windows Server. In this blog post, I am going to show you how you can install the Windows Subsystem for Linux 2 (WSL 2) on Windows Server. The Windows Subsystem for Linux was already available in earlier versions of Windows Server; however, WSL 2 brings a lot of new advantages.

The Windows Subsystem for Linux was in Windows 10 for a while now and allowed you to use different versions of Linux on your Windows 10 machine. With WSL 2, the architecture will change drastically and will bring increased file system performance and full system call compatibility. WSL 2 is now using virtualization technology (based on Hyper-V) and uses a lightweight utility VM on a real Linux kernel. You can find out more about WSL 2 in the release blog or on the Microsoft Docs Page for WSL 2.

Install Windows Subsystem for Linux 2 (WSL 2) on Windows Server

Here is how you can install WSL 2 on Windows Server.

Prerequisites:

After you have installed a new Windows Server with the Windows Server Preview build, you will need to add the following features:

  • Microsoft-Windows-Subsystem-Linux
  • VirtualMachinePlatform

To enable these features, run the following command:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
 
Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform

These commands will need a restart to complete.

Windows Subsystem for Linux 2 WSL2 on Windows Server

Windows Subsystem for Linux 2 (WSL2) on Windows Server

Now you can install your Linux distribution which is available in WSL. You can also find the links to the Linux distro packages here: WSL distro packages. In my case, I am going to use Ubuntu 18.04, which is currently working with WSL 2.

Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1804 -OutFile ~/Ubuntu1804.zip -UseBasicParsing
md C:\Distros\Ubuntu1804
Expand-Archive ~/Ubuntu1804.zip C:\Distros\Ubuntu1804

Before you start and configure your WSL distro, I recommend that you set the WSL default version to 2. This will make the setup of your distro much faster.

wsl --set-default-version 2

Now you can start ubuntu.exe to run WSL.

C:\Distros\Ubuntu1804\ubuntu1804.exe

I hope this gives you a step-by-step guide on how you can install WSL 2 on Windows Server. Remember this is currently in preview, and not for production use. If you want to install the Windows Subsystem for Linux on Windows Server 2019, check out this blog post: Install Windows Subsystem for Linux on Windows Server.