Tag: VM

Azure Bastion Windows VM

Azure Bastion – Private RDP and SSH access to Azure VMs

Azure Bastion is a new service which enables you to have private and fully managed RDP and SSH access to your Azure virtual machines. If you wanted to access your Azure virtual machines using RDP or SSH today, and you were not using a VPN connection, you had to assign a public IP address to the virtual machine. You were able to secure the connection using Azure Just in Time VM access in Azure Security Center. However, this had still some drawbacks. With Azure Bastion you get a private and fully managed service, which you deploy to your Virtual Network, which then allows you to access your VMs directly from the Azure portal using your browser over SSL.

Azure Bastion Architecture

Source: Microsoft Docs

Azure Bastion brings a couple of advantages

  • Removes requirement for a Remote Desktop (RDP) client on your local machine
  • Removes element for a local SSH client
  • No need for local RDP or SSH ports (handy when your company blocks it)
  • Uses secure SSL/TLS encryption
  • No need to assign public IP addresses to your Azure Virtual Machine
  • Works in basically any modern browser on any device (Windows, macOS, Linux, etc.)
  • Better hardening and more straightforward Network Security Group (NSG) management
  • Can remove the need for a Jumpbox

If you want to know more directly here is the link to the Azure Bastion announcement blog and the Microsoft Docs.

Public Preview

Azure Bastion is currently in public preview. The public preview is limited to the following Azure public regions:

  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East

To participate in this preview, you need to register. Use these steps to register for the preview:

Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
 
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
 
Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

To use the Azure Bastion service, you will also need to use the Azure Portal – Preview.

How to set up an Azure Bastion host for a private RDP and SSH access to Azure VMs

Create Azure Bastion Host

First, you will need to deploy Bastion Host in your virtual network (VNet). The Azure Bastion Host will need at least a /27 subnet.

AzureBastionSubnet

Access Azure virtual machines using Azure Bastion

Azure Bastion integrates natively in the Azure portal. The platform will automatically be detected if Bastion is deployed to the virtual network your virtual machine is in. To connect to a virtual machine, click on the connect button for the virtual machine. Now you can enter your username and password for the virtual machine.

Azure Portal connect to Linux VM SSH

This will now open up a web-based SSL RDP session in the Azure portal to the virtual machine. Again, there is no need to have a public IP address assigned to your virtual machine.

Private access to Azure Linux VM

 

Roadmap – more to come

As Yousef Khalidi (CVP Azure Networking) mentions in his preview announcement blog, the team will add more great capabilities, like Azure Active Directory and MFA support, as well as support for native RDP and SSH clients.

The Azure networking and compute team are doing more great work on creating a great Azure IaaS experience. I hope this gives you an overview of how you can get a private RDP or SSH access to your Azure VM. If you want to know more about the Azure Bastion service, check out the Microsoft Docs for more information. If you have any questions, feel free to leave a comment.



Microsoft Hyper-V Server 2019

Download Hyper-V Server 2019 now

A lot of people have been waiting for this. After the release of Windows Server 2019 back in October 2018, you were able to download Windows Server 2019 Standard, Datacenter and Essentials. Today you can also download Microsoft Hyper-V Server 2019. This is the free version of the Hyper-V role which you can find in Windows Server 2019. It includes all the great Hyper-V virtualization features like the Datacenter Edition. This is especially interesting if you don’t need to license Windows Server VMs, and is ideal when you run Linux Virtual Machines or VDI VMs.

This version of Hyper-V also comes with a lower footprint, since it is only available as Server Core and doesn’t include any other roles and features, which are not related to virtualization. That said, it does not come with other Software Defined Datacenter features like Storage Spaces Direct (S2D). These features are only included in the Windows Server Datacenter edition.

Microsoft Hyper-V Server is a free product that delivers enterprise-class virtualization for your datacenter and hybrid cloud. Microsoft Hyper-V Server 2019 provides new and enhanced features that can help you deliver the scale and performance needs of your mission-critical workloads.

The Windows hypervisor technology is the same as what’s in the Hyper-V role on Windows Server 2019. It is a stand-alone product that contains only the Windows hypervisor, a Windows Server driver model, and virtualization components. It provides a simple and reliable virtualization solution to help you improve your server utilization and reduce costs.

You can download Microsoft Hyper-V Server 2019 ISO from the Microsoft Evaluation Center. You should also have a look at the Windows Admin Center, which is a locally deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs

If you want to learn more about the new Hyper-V and Windows Server 2019 features, check out my blog: Windows Server 2019 – What’s coming next



Azure IaaS Webinar

Join me for a Azure IaaS Masterclass Webinar!

This Wednesday, Altaro have invited me to give a webinar on Infrastructure as a Service with Microsoft Azure and you’re invited – it’s free to join!

Implementing Infrastructure as a Service is a great way of streamlining and optimizing your IT environment by utilizing virtualized resources from the cloud to complement your existing on-site infrastructure. It enables a flexible combination of the traditional on-premises data center alongside the benefits of cloud-based subscription services. If you’re not making use of this model, there’s no better opportunity to learn what it can do for you than in this upcoming webinar.

I’ll be joined by me good friend from Altaro, Technical Evangelist and Microsoft MVP Andy Syrewicze. I’ve done a few webinars with Andy over the years and it’s always a fun experience to work with him. We have also received great feedback from attendees saying they learnt a lot and enjoy the format in which we present.

The webinar will be primarily focused on showing how Azure IaaS solves real use cases by going through the scenarios live on air. Three use cases have been outlined already, however, the webinar format encourages those attending to suggest their own use cases when signing up and the two most popular suggestions will be added to the list. To submit your own use case request, simply fill out the suggestion box in the sign up form when you register!

Like all Altaro webinars, this will be presented live twice on the day (Wednesday 13th February). So if you can’t make the earlier session (2pm CET / 8am EST / 5am PST), just sign up for the later one instead (7pm CET / 1pm EST / 10am PST) – or vice versa. Both sessions cover the same content but having two live sessions gives more people the opportunity to ask their questions live on air and get instant feedback from us.

Save your seat for the webinar and learn more about Azure IaaS

Altaro Webinar Azure IaaS VMs



Hyper-V VM Configuration Version

Hyper-V VM configuration version supported features

A couple of months ago, I wrote an article about the new Microsoft Hyper-V UEFI in Windows Server 2019 and Windows 10 virtual machines. With that version Microsoft also released a new Hyper-V VM configuration version 9.0. This is not unusual, the Hyper-V teams usually bumps up the version number from release to release, since new Hyper-V features are introduced. In the comments, the question came up, what is new in this version of the Hyper-V VM configuration, Since the version was still a preview release of Windows Server and Windows 10, Microsoft didn’t share the full list of features per configuration version. However, now the documentation is ready and you can find the documentation here.

Supported features

The following table shows the minimum virtual machine configuration version required to use some Hyper-V features.

Windows ServerWindows 10VersionFeature
Windows Server 2016 Technical Preview 3Windows 10 15076.2Hot Add/Remove Memory
Windows Server 2016 Technical Preview 3Windows 10 15076.2Secure Boot for Linux VMs
Windows Server 2016 Technical Preview 3Windows 10 15076.2Production Checkpoints
Windows Server 2016 Technical Preview 3Windows 10 15076.2PowerShell Direct
Windows Server 2016 Technical Preview 3Windows 10 15076.2Virtual Machine Grouping
Windows Server 2016 Technical Preview 4 Windows 10 15117.0Virtual Trusted Platform Module (vTPM)
Windows Server 2016 Technical Preview 57.1Virtual machine multi queues (VMMQ)
Windows Server 2016Windows 10 Anniversary Update8.0XSAVE support
Windows Server 2016Windows 10 Anniversary Update8.0Key storage drive
Windows Server 2016Windows 10 Anniversary Update8.0Guest virtualization-based security support (VBS)
Windows Server 2016Windows 10 Anniversary Update8.0Nested virtualization
Windows Server 2016Windows 10 Anniversary Update8.0Virtual processor count
Windows Server 2016Windows 10 Anniversary Update8.0Large memory VMs
Windows Server 1803Windows 10 April 2018 Update8.3Increase the default maximum number for virtual devices to 64 per device (e.g. networking and assigned devices)
Windows Server 2019/1809Windows 10 October 2018 Update9.0Allow additional processor features for Perfmon
Windows Server 2019/1809Windows 10 October 2018 Update9.0Automatically expose simultaneous multithreading configuration for VMs running on hosts using the Core Scheduler
Windows Server 2019/1809Windows 10 October 2018 Update9.0Hibernation support

Source: Microsoft Docs (Thanks to Rene Moergeli for the link)

How to list the supported VM configuration versions

You can list all supported VM configuration versions on your Hyper-V host using the Get-VMHostSupportedVersion cmdlet.

 
Get-VMHostSupportedVersion

Get-VM Hyper-V VM Configuration Version

If you want to see the version of a Hyper-V virtual machine, you can use Hyper-V Manager or the following PowerShell command:

 
Get-VM

Full list of Hyper-V VM versions

Here you have a full list of VM configuration versions of Hyper-V VMs together with the operating system.

Windows ClientWindows ServerVersion
Windows Server 20081.0
Windows Server 2008 SP12.0
Windows Server 2008 R23.0
Windows 8Windows Server 20124.0
Windows 8.1Windows Server 2012 R25.0
Windows 10 1507Windows Server 2016 Technical Preview 36.2
Windows 10 1511Windows Server 2016 Technical Preview 47.0
Windows Server 2016 Technical Preview 57.1
Windows 10 Anniversary UpdateWindows Server 20168.0
Windows 10 Creators Update8.1
Windows 10 Fall Creators UpdateWindows Server 17098.2
Windows 10 April 2018 UpdateWindows Server 18038.3
Windows 10 October 2018 UpdateWindows Server 2019 / 18099.0
Windows 10 April 2019 UpdateWindows Server 19039.1
PrereleasePrerelease254.0
ExperimentalExperimental255.0

How to upgrade Hyper-V VM configuration version

Hyper-V vNext Update VM Configuration Version

Upgrading the Hyper-V VM version is pretty straight forward. If the VM is running on a host supporting a newer version of Hyper-V VMs, you can right click the virtual machine in the Hyper-V Manager and click on upgrade or you can run the Update-VMVersion PowerShell cmdlet.

 
Update-VMVersion

I hope this blog was help full for understanding Hyper-V VM versions, let me know if you have any questions in the comments!



Azure Stack VM Update Management

Using Azure Update Management on Azure Stack

At Microsoft Ignite 2018, Microsoft announced the integration of Azure Update and Configuration Management on Azure Stack. This is a perfect example how Azure services from the public cloud can be extended into your datacenter using Azure Stack. Azure Update and Configuration Management brings Azure Update Management, Change Tracking and Inventory to your Azure Stack VMs. In the case of Azure Stack, the backend services and orchestrator like Azure Automation and Log Analytics, will remain to run in Azure, but it lets you connect your VMs running on Azure Stack.

Azure Update and Configuration Managemen Schemat

Today, the Azure Update and Configuration Management extension, gives you the following features:

  • Update Management – With the Update Management solution, you can quickly assess the status of available updates on all agent computers and manage the process of installing required updates for these Windows VMs.
  • Change Tracking – Changes to installed software, Windows services, Windows registry, and files on the monitored servers are sent to the Log Analytics service in the cloud for processing. Logic is applied to the received data and the cloud service records the data. By using the information on the Change Tracking dashboard, you can easily see the changes that were made in your server infrastructure.
  • Inventory – The Inventory tracking for an Azure Stack Windows virtual machine provides a browser-based user interface for setting up and configuring inventory collection.

If you want to use Azure Update Management and more on VMs on-premise (without Azure Stack) or running at another Cloud Provider, you can do this as well. Have a look at Windows Admin Center, which allows you to directly integrate with Azure Update Management. However, there will be a difference in pricing.



Azure Live Migration

Azure uses Live Migration for VMs

If you have worked with Azure in the past, you might have been aware that Azure didn’t have live migration for VMs hosted in Azure for a long time. This had an impact for customers in terms of VM up-time during host maintenance. You basically got emails, that the host your VMs were running is going into maintenance during a specific time, and you will have a possible outage. Microsoft Hyper-V, which is the Hypervisor in Azure, had Live Migration for a long time. Today, Microsoft revealed that they are using Live Migration in Azure since early 2018 to move virtual machines in cases of rack maintenance and software and BIOS updates, as well as hardware faults.

But Microsoft didn’t stop there, they made even better using Machine Learning. Predictive ML helps Microsoft to detect proactively failure and do failure predictions. And in case a hardware failure is predicted, Microsoft can move the virtual machines from that host without downtime, using live migration.

To further push the envelope on live migration, we knew we needed to look at the proactive use of these capabilities, based on good predictive signals. Using our deep fleet telemetry, we enabled machine learning (ML)-based failure predictions and tied them to automatic live migration for several hardware failure cases, including disk failures, IO latency, and CPU frequency anomalies.

 

We partnered with Microsoft Research (MSR) on building our ML models that predict failures with a high degree of accuracy before they occur. As a result, we’re able to live migrate workloads off “at-risk” machines before they ever show any signs of failing. This means VMs running on Azure can be more reliable than the underlying hardware.

Microsoft talks in a blog post more about Live Migration in Azure and goes more in details about the challenges and how live migration in Azure works. It is great to see Microsoft adding features to improve VM resiliency with features like live migration and machine learning technology.



Azure Stack Backup with Azure Backup Server

Protect Azure Stack Tenant Workloads with Azure Backup Server

If you are running Azure Stack in your datacenter, you also want to backup workloads running on Azure Stack. This blog post covers how you can backup Azure Stack tenant workloads with Azure Backup Server. Azure Backup allows you to protect on-premise workloads running on different platforms as well as on Azure Stack and store long-term data in Azure.

Why protecting Azure Stack workloads with Azure Backup Server

Microsoft Azure Backup Server is included as a free download with Azure Backup that enables cloud backups and disk backups for workloads like SQL, SharePoint and Exchange regardless if these workloads are running on Hyper-V, VMware, Physical servers or Azure Stack. It also provides a central console to protect these workloads. If you compare this to the Azure Backup Agent, where you have to configure the agent on every single server. The Azure Backup Server also allows you to not only do file backup, but also backup of applications like SharePoint, SQL Server, Exchange and more. This gives you flexibility and centralized management to back up your infrastructure as a service (IaaS) workloads on Azure Stack.