Tag: VMM

Last updated by at .

System Center release cadence

System Center 2019 – What’s new

Microsoft just launched Windows Server 2019 and Windows Admin Center, which also raised the interest in System Center 2019. At Microsoft Ignite, Microsoft was talking about what is new in System Center 2019, the future of System Center, and how it fits in with Windows Admin Center and other management tools.

Microsoft Cloud and Datacenter Management Story

Microsoft Cloud and Datacenter Management Overview

With Microsoft now offering a range of products to manage your Cloud and Datacenter environments, the question comes up “which is the best solution?”. It is not only depending on the size of your company, it also depends on which services you are using and what your job role is. Coming from the Azure site, you have Azure Security and Management, which allows you not only to manage your Azure resources but also integrates and extends with your on-premises environment. System Center is aimed to manage fatacenter environments at scale, and Windows Admin Center helps you to dig deeper to manage individual servers or single cluster management. Both Windows Admin Center and System Center 2019, can be used side by side and both are integrated into Microsoft Azure.

System Center Windows Admin Center better together

System Center vs Windows Admin Center

I often get the question, does Windows Admin Center replace System Center? The answer to this is no, System Center is aimed to do management at a datacenter scale, while Windows Admin Center is giving you deep management access to a single server or clusters. In small environments you might end up using Windows Admin Center only, but in larger datacenter deployments, you are likely to use a combination of System Center and Windows Admin Center.

System Center 2019 Suite Improvements

System Center 2019 Focus

The System Center 2019 release focuses on three main areas. First of all, it adds more capabilities to the existing components and features which were requested by customers. Secondly, it brings integration for the next version of Windows Server, Windows Server 2019 and brings new Windows Server features to life in System Center. Last but not least, System Center 2019 adds more Hybrid Cloud integrations with Microsoft Azure.



System Center

Microsoft released System Center 1801 Semi-Annual Channel

Microsoft just release the first Semi-Annual Channel release for System Center, called System Center, version 1801. This is the first release which now comes out to support the Windows Server Semi-Annual Channel releases like 1709 and also brings some new features and performance improvements.

System Center, version 1801 is the first of our Semi-Annual Channel releases delivering new capabilities at a faster cadence. Semi-Annual Channel releases have an 18-month support policy. In addition, we will continue to release in the Long-Term Servicing Channel (LTSC) at a lower frequency. The LTSC will continue to provide 5 years of mainstream support followed by 5 more years of extended support.

What’s in System Center, version 1801?

System Center, version 1801 focuses on enhancements and features for System Center Operations Manager, Virtual Machine Manager, and Data Protection Manager. Additionally, security and bug fixes, as well as support for TLS 1.2, are available for all System Center components including Orchestrator, Service Management Automation, and Service Manager.

I am pleased to share the capabilities included in this release:

 

  • Support for additional Windows Server features in Virtual Machine Manager: Customers can now setup nested virtualization, software load balancer configuration, and storage QoS configuration and policy, as well as migrate VMware UEFI VM to Hyper-V VM. In addition to supporting Windows Server, version 1709, we have added support for host monitoring, host management, fall back HGS, configuration of encrypted SDN virtual network, Shielded Linux VMs on Hyper-V management, and backup capabilities.
  • Linux monitoring in Operations Manager: Linux monitoring has been significantly improved with the addition of a customizable FluentD-based Linux agent. Linux log file monitoring is now on par with that of Windows Server (Yes, we heard you! Kick the tires, it really works).
  • Improved web console experience in Operations Manager: The System Center Operations Manager web console is now built on HTML5 for a better experience and support across browsers.
    Updates and recommendations for third-party Management Packs: System Center Operations Manager has been extended to support the discovery and update of third-party MPs.
  • Faster, cost-effective VMware backup: Using our Modern Backup Storage technology in Data Protection Manager, customers can backup VMware VMs faster and cut storage costs by up to 50%.
  • And much more including Linux Kerberos support and improved UI responsiveness when dealing with many management packs in Operations Manager. In Virtual Machine Manager, we have enabled SLB guest cluster floating IP support, added Storage QoS at VMM cloud, added Storage QoS extended to SAN storage, enabled Remote to VMs in Enhanced Session mode, added seamless update of non-domain host agent, and made host Refresher up to 10X faster.

You can get System Center, version 1801 from the Evaluation Center or the Volume Licensing Service Center.



Microsoft Exam 70-745

Passed Microsoft Exam 70-745 Implementing a Software-Defined Datacenter

This summer I took the Microsoft beta exam 70-745 Implementing a Software-Defined Datacenter, which focuses on implementing Software-Defined Datacenter solutions, based on Hyper-V, Windows Server, Software Defined Networking and Storage, System Center Virtual Machine Manager, System Center Operations Manager and everything around it.

  • Plan and Implement System Center Virtual Machine Manager (VMM) Core Infrastructure
  • Implement Software-Defined Networking (SDN)
  • Implement Software-Defined Storage
  • Implement Datacenter Compute Solutions with Virtual Machine Manager (VMM)
  • Secure your Software-Defined Datacenter
  • Monitor and Maintain the Software-Defined Datacenter

Passing Exam 745: Implementing a Software-Defined Datacenter validates the skills and knowledge to implement a software-defined datacenter (SDDC) with Windows Server 2016 and Microsoft System Center 2016 Virtual Machine Manager (SCVMM). Candidates have experience implementing and managing highly available SCVMM infrastructures as well as implementing software-defined storage, compute, and networking components.

This week I finally got the message that I passed the Beta exam. If you want to take that exam you should really be familiar with the products and solutions mentioned above, otherwise you will have a hard time passing the exam.

If you want to know more about the exam, check out this link: Microsoft Learning Exam 70-745 Implementing a Software-Defined Datacenter

Also big congrats to all the others who passed the exam like Charbel Nemnom.



VCNRW Nano Server and Container

Nano Server – The future of Windows Server – Just enough OS

Finally, Microsoft released Windows Server 2016 and with Windows Server 2016 we also get the first version of Nano Server. I had the opportunity to speak on several different events and conferences about Nano Server, so I tried to create a quick summary of my presentation in this blog post.

Nano Server installation option Just enough OS

Nano Server - Just enough OS

Nano Server is a redesign version of Windows Server which is very lightweight, very small footprint and fully remote managed and it is designed to solve some of the datacenter challenges we have today. Nano Server is a headless, 64-bit only deployment option of Windows Server. Microsoft basically removed all components from the base image. Roles and feature are not directly included in the base image and they have to be added while creating a new Nano Server Image or online using PowerShell Package Management. Not even the drivers are included in the base image, since you don’t want the physical drivers in a virtual machines, and you don’t want the virtual drivers on a physical machine This is also the reason why Nano Server does not show up during the installation dialog when you boot the Windows Server 2016 ISO file.

Nano Server Key Scenarios

The first version of Nano Server is designed for the following key scenarios:

  1. Born-in-the-cloud applications – support for multiple programming languages and runtimes. (e.g. ASP.NET Core, C#, Java, Node.js, Python, etc.) running in containers, virtual machines, or on physical servers.
  2. Microsoft Cloud Platform infrastructure – support for compute clusters running Hyper-V and storage clusters running Scale-out File Server and Storage Spaces Direct.
  3. But Microsoft also added some other roles like DNS and IIS to the Nano Server and we can expect more roles and features in the future.

In this version Nano Server will of course not replace Windows Server Core and Windows Server (Full or Server with Desktop Experience), but it will be definitely be they way going forward.

Nano Server Footprint

Nano Server has a very small foot print, The default WIM file has a size around 170 MB and if you create a Nano Server VHD or VHDX file it can be only around 400 MB in size. If you add more roles, features and drivers the size of the image gets bigger, but even if you add more stuff the size will be around 800 MB for an Hyper-V server including the Hyper-V role, Failover Clustering Feature, DCB feature, Physical OEM drivers and additional network adapter and storage controller drivers. If you compare Nano Server to Windows Server you can see some of the following changes:

  • 93 percent lower VHD size
  • 92 percent fewer critical bulletins
  • 80 percent fewer reboots

Nano Server Servicing Improvements

Nano Server Servicing Improvments

Nano Server Deployment Improvements

Nano Server Deployment Improvments

This not only reduced deployment time and gives you some operational improvements, it also reduces the attack surface by a lot and this is a huge security improvement.

To achieve these results, Microsoft removed some parts of Windows Server such as:

  • GUI stack
  • 32 bit support (WOW64)
  • MSI support
  • RDP
  • Some default Server Core components
  • Basic OEM Drivers
  • and more

Nano Server Management

By removing the User Interface stack, Microsoft made this server to a true headless server, without any login screen or RDP support. By removing the Graphic User Interface, Windows Administrator have to learn new ways how they manage servers, or better use existing ways to manage a Nano Server environment. The answer is simple and is the best practice for managing servers for a long time called Remote Management. Nano Server will offer some advanced remote Management features such as:

  • WMI
  • PowerShell Remoting
  • PowerShell Direct
  • PowerShell Desired State Configuration
  • RSAT Tools (Server Manager, Hyper-V Manager, Failover Cluster Manager, …)
  • System Center and other Management tools
  • Server Management Tools (Azure Web-based management tools to replace local inbox management tools)

With that, existing Remote Management Tools, such as Server Manager and other RSAT tools, will continue to work. But Microsoft also improved PowerShell Remoting and introduces the Azure Serivce for Server Management Tools.

Server Management Tools

Microsoft Azure Server Management Tools Topology

This service allows you to manage your servers directly from Azure using a web-based HTML5 portal. I personally think that this could also replace Server Manager and allows you to easily manage non-GUI servers such as Windows Server Core and Nano Server.

Azure Remote Server Management Nano Server

If you want to know more about the Sever Management Tools, check out my blog post: Manage Nano Server and Windows Server from Azure using Remote Server Management Tools

The Server Management Tools do not only support Nano Server, they also support Windows Server 2016, Windows Server 2012 R2 and Windows Server 2012 with WMF 5.0 and higher.

Remote Manage Nano Server with PowerShell

Nano Server PowerShell Remoting

The simplest way to manage Nano Server is by using PowerShell Remoting using for exmaple the following command.

If you are directly on a Hyper-V Server you can also use PowerShell Direct which allows you to directly connect to a Virtual Machine using the Hyper-V VMBus.

If you want to know more about Managing Nano Server check out the following blog posts How to Remote Manage your Nano Server using PowerShell or Hyper-V PowerShell Direct.

Manage Nano Server using System Center

Nano Server can also be managed using System Center Virtual Machine Manager and System Center Operations Manager. With SCVMM you can deploy new Hyper-V and Storage Spaces Direct hosts as well as Virtual Machines.

Deploy Nano Server

To deploy Nano Server as a virtual machine or as a physical host you have to create a new Nano Server Image. For this you have basically have two option. The first one is using the built in Nano Server Image Generator PowerShell module and the second option is the Nano Server Image Builder UI wizard.

Nano Server Image Generator PowerShell module

New-NanoServerImage

The Nano Server Image Generator PowerShell module allows you to create new Nano Server Images. You can find this on the Windows Server 2016 media in the Nano Server folder. Here is a quick example how to create a new VHDX using the PowerShell module.

Nano Server Image Builder

Nano Server Image Builder

The Nano Server Image Builder is a UI based wizard to create Nano Server Images in VHDX, VHD, WIM or ISO to install Nano Server on all possible systems.

The Nano Server Image Builder can help you with the following tasks:

  • Graphical UI to create Nano Server Images
  • Adding drivers
  • Choose Windows Server Edition
  • Adding roles and features
  • Adding drivers
  • Adding updates
  • Configuration of Network Settings
  • Configuration of Domain settings
  • Set Remoting Options
  • Create an ISO file to boot from DVD or BMC (remote connection like HP ILO)

First download and install the Windows Assessment and Deployment Kit (ADK) and the Nano Server Image Builder.

If you need more information about deploying Nano Server check my blog post about Create a Nano Server using the Nano Server Image Builder and How to create a Nano Server Image using PowerShell.

Nano Server Packages

Nano Server Packages

Roles, Features and Drivers live outside of the basic Nano Server Image have to be added while creating the Nano Server Image or after that using PowerShell Package Management.

You can find and install Windows Packages from the online package repository by using the NanoServerPackage provider of PackageManagement (OneGet) PowerShell module.

Troubleshooting Nano Server

Nano Server Recovery Console

Hyper-V Nano Server Console

When you boot Nano Server you can not really login to Nano Server and browse the file system. What you can do is login to the Nano Server Recovery Console which allows you to do some basic tasks:

  • Shows computer info like Name, IP Configuration, OS Version and more
  • Reset Networking to DHCP
  • Reset basic Windows Firewall rules
  • If the Server is a Hyper-V Server you can see the VM running on the system and remove the Virtual Switch

Sysinternals for Nano Server

Sysinternals for Nano Server

There is also a Sysinternals version for Nano Server.

Nano Server over a serial port with Emergency Management Services

Emergency Management Services (EMS) lets you perform basic troubleshooting, get network status, and open console sessions (including CMD/PowerShell) by using a terminal emulator over a serial port. This replaces the need for a keyboard and monitor to troubleshoot a server.

You can include this using the following cmdlets

Nano Server Servicing

Nano Server Servicing

Windows Server are usually from the Long Term Servicing Branch and have 5 + 5 years of servicing and only get security and quality fixes, no new features. In Windows Server 2016 Server Core and Server with Desktop Experience follow this traditional servicing model. Nano Server on the other hand will be in a new servicing branch called Current Branch for Business (CBB).

  • Nano Server will not have an LTSB with Windows Server 2016 and therefore not have 5+5 years of servicing
  • Nano Server installations will have to move forward to future CBB releases of Nano Server to continue to be serviced
  • Licensing Nano Server will require Software Assurance (SA)
  • Installation of new CBBs are always controlled by administrators, no forced upgrades

Nano Server Key Wins

  • Easy and fast to deploy
  • Lightweight
  • Easily integrates with our automated approach
  • Reduces attack surface
  • Works with existing deployment tools (WDS, SCVMM, SCCM and boot from VHDX)
  • Reduces operational overhead
  • Highly stable
  • Delivers on scale and performance

Conclusion

In my opinion the effort Microsoft does with Nano Server really makes sense and will help Service Providers as well as Enterprise companies to deploy clouds even faster, more secure, more efficient and with less management overhead. Of course it is still early and Nano Server may not fit every case and scenario today, but definitely in the future.

 

 

 



5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.

Architecture

The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers

Impressions

5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.

5nine-switch-extension

 

Conclusion

Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.

 

 



Webinar PowerShell Scripting and Automation for Hyper-V

Recording: Scripting & Automation in Hyper-V without SCVMM now available

Last week I had the chance to do a Webinar together with Altaro about Scripting & Automation in Hyper-V without SCVMM. Now you can watch the recording from this online webinar.

System Center Virtual Machine Manager (SCVMM) provides some great automation benefits for those organizations that can afford the hefty price tag. However, if SCVMM isn’t a cost effective solution for your business, what are you to do? While VMM certainly makes automation much easier, you can achieve a good level of automation with PowerShell and the applicable PowerShell modules for Hyper-V, clustering, storage, and more.

Are you looking to get grips with automation and scripting?

Join Thomas Maurer, Microsoft Datacenter and Cloud Management MVP, who will use this webinar to show you how to achieve automation in your Hyper-V environments, even if you don’t have SCVMM.

Remember, any task you have to do more than once, should be automated. Bring some sanity to your virtual environment by adding some scripting and automation know-how to your toolbox.

 



Webinar PowerShell Scripting and Automation for Hyper-V

Webinar: Scripting & Automation in Hyper-V without SCVMM

There are some great Webinars coming up and I am proud to speak in one of them with Andrew Syrewicze (Altaro Software and Microsoft MVP) about PowerShell Scripting and Automation in Hyper-V.

System Center Virtual Machine Manager (SCVMM) provides some great automation benefits for those organizations that can afford the hefty price tag. However, if SCVMM isn’t a cost effective solution for your business, what are you to do? While VMM certainly makes automation much easier, you can achieve a good level of automation with PowerShell and the applicable PowerShell modules for Hyper-V, clustering, storage, and more.

Are you looking to get grips with automation and scripting?

Join Thomas Maurer, Microsoft Datacenter and Cloud Management MVP, who will use this webinar to show you how to achieve automation in your Hyper-V environments, even if you don’t have SCVMM.

Remember, any task you have to do more than once, should be automated. Bring some sanity to your virtual environment by adding some scripting and automation know-how to your toolbox.

We’re live on Thursday, 10th December 2015 at 10am EST / 4PM CET (30-45mins + live Q&A!)

Register for the webinar here

Free Webinar about Scripting & Automation in Hyper-V without SCVMM