Tag: Virtual Machine

Ubuntu VM on Windows 10

How to create an Ubuntu VM on Windows 10

Windows 10 is not just a modern desktop operating system, and it also has some great IT Pro and Developer related features build in. One of them is client Hyper-V. This is the same hypervisor which powers virtualization in Windows Server and the Microsoft Azure datacenters. With Hyper-V, you can create virtual machines running on Windows 10, without the need for third-party software. You can not just run Windows virtual machines, and you can also run Linux virtual machines. In this blog post, I am going to show you how you can create an Ubuntu VM on Windows 10 using Hyper-V.

If you want to know more about Hyper-V on Windows 10, check out the Microsoft Docs.

Install Hyper-V

First, you will need to install Hyper-V on your Windows 10 computer. Hyper-V on Windows 10 has the following requirements:

  • Windows 10 Enterprise, Professional, or Education (Home does not have the Hyper-V feature included)
  • 64-bit Processor with Second Level Address Translation (SLAT)
  • CPU support for VM Monitor Mode Extension (VT-c on Intel CPU’s)
  • Minimum of 4 GB memory

The easiest way to enable Hyper-V on Windows 10 is to run the following PowerShell command as an administrator:

Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All

After you have installed Hyper-V, you need to restart your computer.

Create an Ubuntu virtual machine on Windows 10

To create an Ubuntu virtual machine on Windows 10 Hyper-V, you could download the Ubuntu ISO file and install it like any operating system. However, there is a much easier way, using the Hyper-V Quick Create feature. In the Hyper-V VM Gallery, you will find not just two Windows 10 virtual machines; you will also currently find Ubuntu 18.04 LTS and Ubuntu 19.04. These are prepared Hyper-V virtual machines images, ready for you to download and install.

Ubuntu Hyper-V VM Images

Select the Ubuntu version you want to install and click on Create Virtual Machine. This will start downloading the virtual machine image.

Downloading Ubuntu Hyper-V VM Image

After the image is downloaded, you can either connect to the virtual machine and start it, or you can first modify the virtual machine settings.

Ubuntu 18.04 LTS Hyper-V VM

Optional: If you click on Edit settings, you will be able to configure the virtual machine hardware settings like vCPU or vRAM. You can also enable Secure Boot. If you enable Secure Boot for a Linux virtual machine, make sure you change the Secure Boot template to Microsoft UEFI Certificate Authority.

Ubuntu Hyper-V UEFI Secure Boot Settings

You can now start the Ubuntu VM.

Start Ubuntu hyper-V VM

 

This will boot you in the Ubuntu installation, where you can set up your Ubuntu operating system.

Install Ubuntu VM

All the specific Hyper-V drivers for Ubuntu, are already included in the image. This allows you to use features like Hyper-V Enhanced Session Mode, which enables you also to use copy-paste, and others.

Ubuntu VM on Windows 10

I hope this gives you a step-by-step guide, how you can create an Ubuntu VM on Windows 10 using Hyper-V. If you have any questions, please let me know in the comments.



Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



Azure Generation 2 Virtual machine

Generation 2 VM support on Azure – and why should I care?

A couple of days ago Microsoft announced the public preview of Generation 2 virtual machines on Azure. Generation 2 virtual machines support a bunch of new technologies like increased memory, Intel Software Guard Extensions (SGX), and virtual persistent memory (vPMEM), which are not supported on generation 1 VMs. But more on that later.

What are Hyper-V Virtual Machine Generations

Windows Server 2012 R2 Hyper-V introduced the concept of virtual machine generations. Not to be confused with Hyper-V configuration versions. The generation of a virtual machine defines the virtual hardware of a virtual machine and adds some additional and modern functionality. In Hyper-V, there are two virtual machine generations, generation 1 and generation 2. Generation 2 virtual machines support Unified Extensible Firmware Interface (UEFI) firmware instead of BIOS-based firmware. The Hyper-V team also removed a lot of the legacy devices and replaced them with a simplified virtual machine model.

On Windows Server Hyper-V Generation 2 VMs support features and improvements like

  • PXE boot by using a standard network adapter
  • Boot from a SCSI virtual hard disk
  • Boot from a SCSI virtual DVD
  • Secure Boot (enabled by default)
  • UEFI firmware support
  • OS disk > 2 TB
  • improved boot and installation times

However, an important note here, not all of these features are currently available on Azure Generation 2 virtual machines, and not all operating systems are supported in Generation 2 VMs. For example, in Windows7, Windows Server 2008 and Windows Server 2008 R2 and 32-bit Windows systems are not supported. You can find more information about Hyper-V Generation 2 VMs here.

Azure Generation 2 Virtual Machines Overview

Azure Generation 2 Virtual Machines are currently in public preview. To be honest, Generation 2 VMs in Azure aren’t that new, with the public preview of Azure Confidential Computing, we already used Generation 2 VMs. However, now we can start using it for other workloads as well. This means that you can now upload and use your local VHD (not VHDX) files based on Hyper-V Generation 2 virtual machines. Before you had to use Azure Site Recovery to replicate and convert your Hyper-V Generation 2 VMs to Azure Generation 1 VMs.

Azure Generation 1 vs. Generation 2 capabilities

Azure Generation 1 vs Generation 2 VM

Currently, Generation 2 VMs are in public preview, and that means next to not having a service level agreement (SLA), the features which are available can and are limited. If you look at features like ASR or Azure Backup, which are currently not supporting Generation 2 VMs.

CapabilityGeneration 1Generation 2
OS disk > 2 TB
Custom Disk/Image/Swap OS
Virtual machine scale set support
ASR/Backup
Shared Image Gallery
Azure Disk Encryption

You can find more information about Azure Generation 2 virtual machines with an updated list of capabilities on Microsoft Docs.

Hyper-V vs. Azure Generation 2 VMs

There are also differences between Hyper-V Generation 2 VMs and Azure Generation 2 VMs. Not all of the features provided in Hyper-V are currently present in the public preview version on Azure.

FeatureOn-prem Hyper-VAzure
Secure Boot
Shielded VM
vTPM
Virtualization-Based Security (VBS)
VHDX format

Again, you can find an up-to-date list on Microsoft Docs.

Getting started

You can get started using the Generation 2 VMs on the following VM Sizes on Azure Premium Storage and Ultra SSD:

Windows Server Azure Generation 2 Virtual Machine

In public preview, you can now also use the following Azure Marketplace images from the “windowsserver-gen2preview” offer.

  • Windows Server 2019 Datacenter (2019-datacenter-gen2)
  • Windows Server 2016 Datacenter (2016-datacenter-gen2)
  • Windows Server 2012 R2 Datacenter (2012-r2-datacenter-gen2)
  • Windows Server 2012 Datacenter (2012-datacenter-gen2)

Create a virtual machine

You can use the Azure Portal to create a new VM or the Azure CLI using the following commands:

 
az group create --name myGen2ResourceGroupVM --location eastus
az vm create \
--resource-group myGen2ResourceGroupVM \
--name myVM \
--image MicrosoftWindowsServer:windowsserver-gen2preview:2019-datacenter-gen2:latest \
--admin-username thomas \
--admin-password myPassword12

Conclusion

I hope this gives you an overview of the benefits and how you can run Generation 2 VMs on Azure. If you have any questions please let me know in the comments.



Setup VM Protection in Windows Admin Center_LI

Configure Azure Site Recovery from Windows Admin Center

With the Hybrid Cloud effort Microsoft invested heavy to make Windows Server and Hyper-V better connect to Microsoft Azure. One way of doing that is with Windows Admin Center and Azure Site Recovery. The Azure Site Recovery integration in Windows Admin Center, allows you to easily replicate Hyper-V virtual machines to Microsoft Azure. The technology is not new, ASR does exist for a long time and allows you to not only replicate Hyper-V VMs, but also VMware VMs and physical servers. However, with the integration in Windows Admin Center, setting up Azure Site Recovery became super easy.

Set up Azure Site Recovery from Windows Admin Center

Setup VM Protection in Windows Admin Center_LI

In the Virtual Machines extension, you can already see a recommendation to setup ASR: “Help protect your VMs from disasters by using Azure Site Recovery.” Which will guide you through the onboarding steps. If you don’t see that banner, just click on the VM you want to protect and replicate to Azure. Click on More and select “Set up VM Protection“, this will guide you through the same wizard.

If you haven’t connected your Windows Admin Center to Microsoft Azure yet, the wizard will help you to go through and set up this connection.

Setup up Hyper-V ASR Host with Windows Admin Cenetr

After your WAC is connected to Azure, you will now setup Azure Site Recovery for the Hyper-V host in Azure. This can directly be done from Windows Admin Center. For example, this will let you select the Azure Subscription you want ASR to connect to. It will let you create a new Resource Group and Recovery Services Vault or use an existing one. After you have done the configuration part, WAC will create the specific Azure resources and configure the Hyper-V host for Azure Site Recovery. This can take up to 10 minutes depending if you are using existing resources or creating new once.

If you have a look at the Hyper-V Replica settings in Hyper-V Manager, you will see that ASR is completely setup and configured.



Hyper-V VM Configuration Version

Hyper-V VM configuration version supported features

A couple of months ago, I wrote an article about the new Microsoft Hyper-V UEFI in Windows Server 2019 and Windows 10 virtual machines. With that version Microsoft also released a new Hyper-V VM configuration version 9.0. This is not unusual, the Hyper-V teams usually bumps up the version number from release to release, since new Hyper-V features are introduced. In the comments, the question came up, what is new in this version of the Hyper-V VM configuration, Since the version was still a preview release of Windows Server and Windows 10, Microsoft didn’t share the full list of features per configuration version. However, now the documentation is ready and you can find the documentation here.

Supported features

The following table shows the minimum virtual machine configuration version required to use some Hyper-V features.

Windows ServerWindows 10VersionFeature
Windows Server 2016 Technical Preview 3Windows 10 15076.2Hot Add/Remove Memory
Windows Server 2016 Technical Preview 3Windows 10 15076.2Secure Boot for Linux VMs
Windows Server 2016 Technical Preview 3Windows 10 15076.2Production Checkpoints
Windows Server 2016 Technical Preview 3Windows 10 15076.2PowerShell Direct
Windows Server 2016 Technical Preview 3Windows 10 15076.2Virtual Machine Grouping
Windows Server 2016 Technical Preview 4 Windows 10 15117.0Virtual Trusted Platform Module (vTPM)
Windows Server 2016 Technical Preview 57.1Virtual machine multi queues (VMMQ)
Windows Server 2016Windows 10 Anniversary Update8.0XSAVE support
Windows Server 2016Windows 10 Anniversary Update8.0Key storage drive
Windows Server 2016Windows 10 Anniversary Update8.0Guest virtualization-based security support (VBS)
Windows Server 2016Windows 10 Anniversary Update8.0Nested virtualization
Windows Server 2016Windows 10 Anniversary Update8.0Virtual processor count
Windows Server 2016Windows 10 Anniversary Update8.0Large memory VMs
Windows Server 1803Windows 10 April 2018 Update8.3Increase the default maximum number for virtual devices to 64 per device (e.g. networking and assigned devices)
Windows Server 2019/1809Windows 10 October 2018 Update9.0Allow additional processor features for Perfmon
Windows Server 2019/1809Windows 10 October 2018 Update9.0Automatically expose simultaneous multithreading configuration for VMs running on hosts using the Core Scheduler
Windows Server 2019/1809Windows 10 October 2018 Update9.0Hibernation support

Source: Microsoft Docs (Thanks to Rene Moergeli for the link)

How to list the supported VM configuration versions

You can list all supported VM configuration versions on your Hyper-V host using the Get-VMHostSupportedVersion cmdlet.

 
Get-VMHostSupportedVersion

Get-VM Hyper-V VM Configuration Version

If you want to see the version of a Hyper-V virtual machine, you can use Hyper-V Manager or the following PowerShell command:

 
Get-VM

Full list of Hyper-V VM versions

Here you have a full list of VM configuration versions of Hyper-V VMs together with the operating system.

Windows ClientWindows ServerVersion
Windows Server 20081.0
Windows Server 2008 SP12.0
Windows Server 2008 R23.0
Windows 8Windows Server 20124.0
Windows 8.1Windows Server 2012 R25.0
Windows 10 1507Windows Server 2016 Technical Preview 36.2
Windows 10 1511Windows Server 2016 Technical Preview 47.0
Windows Server 2016 Technical Preview 57.1
Windows 10 Anniversary UpdateWindows Server 20168.0
Windows 10 Creators Update8.1
Windows 10 Fall Creators UpdateWindows Server 17098.2
Windows 10 April 2018 UpdateWindows Server 18038.3
Windows 10 October 2018 UpdateWindows Server 2019 / 18099.0
Windows 10 April 2019 UpdateWindows Server 19039.1
PrereleasePrerelease254.0
ExperimentalExperimental255.0

How to upgrade Hyper-V VM configuration version

Hyper-V vNext Update VM Configuration Version

Upgrading the Hyper-V VM version is pretty straight forward. If the VM is running on a host supporting a newer version of Hyper-V VMs, you can right click the virtual machine in the Hyper-V Manager and click on upgrade or you can run the Update-VMVersion PowerShell cmdlet.

 
Update-VMVersion

I hope this blog was help full for understanding Hyper-V VM versions, let me know if you have any questions in the comments!



Windows Sandbox

Windows Sandbox – Isolated Windows Desktop

Today Microsoft announced a new feature called Windows Sandbox. Windows Sandbox is built based on Windows Container technology, which allows you to spin up an isolated, temporary, desktop environment where you can run untrusted software. The software you run and install in the Windows Sandbox does not affect the host. If you shut down the Windows Sandbox all changes and all software you installed in the Sandbox are gone again. This sounds very similar to the technology Windows Defender Application Guard already used to build a sandbox environment for Microsoft Edge.

Windows Sandbox Overview

Windows Sandbox

Windows Sandbox has the following properties:

  • Part of Windows – everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
  • Pristine – every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows
  • Disposable – nothing persists on the device; everything is discarded after you close the application
  • Secure – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host
  • Efficient – uses integrated kernel scheduler, smart memory management, and virtual GPU

Windows Sandbox brings the advantages of Windows Containers and also adds a desktop. If you compare this to a Windows 10 Virtual Machine, the Windows Sandbox will consume much fewer resources, it starts up match faster and will be much more efficient with hardware resources. You can think of it like a lightweight virtual machine, which can share the same hardware but also the same kernel and memory as the host system (like a container).



Azure Stack VM Update Management

Using Azure Update Management on Azure Stack

At Microsoft Ignite 2018, Microsoft announced the integration of Azure Update and Configuration Management on Azure Stack. This is a perfect example how Azure services from the public cloud can be extended into your datacenter using Azure Stack. Azure Update and Configuration Management brings Azure Update Management, Change Tracking and Inventory to your Azure Stack VMs. In the case of Azure Stack, the backend services and orchestrator like Azure Automation and Log Analytics, will remain to run in Azure, but it lets you connect your VMs running on Azure Stack.

Azure Update and Configuration Managemen Schemat

Today, the Azure Update and Configuration Management extension, gives you the following features:

  • Update Management – With the Update Management solution, you can quickly assess the status of available updates on all agent computers and manage the process of installing required updates for these Windows VMs.
  • Change Tracking – Changes to installed software, Windows services, Windows registry, and files on the monitored servers are sent to the Log Analytics service in the cloud for processing. Logic is applied to the received data and the cloud service records the data. By using the information on the Change Tracking dashboard, you can easily see the changes that were made in your server infrastructure.
  • Inventory – The Inventory tracking for an Azure Stack Windows virtual machine provides a browser-based user interface for setting up and configuring inventory collection.

If you want to use Azure Update Management and more on VMs on-premise (without Azure Stack) or running at another Cloud Provider, you can do this as well. Have a look at Windows Admin Center, which allows you to directly integrate with Azure Update Management. However, there will be a difference in pricing.