Tag: Windows Server 2016

Last updated by at .

Azure Confidential Compute VM Deployment

Protect Workloads with Azure Confidential Computing

A year ago Microsoft announced that they were working on a new technology in Azure to protect and encrypt data in use, called Azure Confidential Computing. If you are moving sensitive data to the cloud, you also want to encrypt it. Today, you can do this for data in transit and data at rest, however data in use is a challenge. Azure Confidential Computing addresses exactly that scenario, and helps you to encrypt data in use. Microsoft was running a private preview program in the last year, and at Microsoft Ignite this year, Microsoft opened up a public preview.

What is Azure Confidential Computing

Azure Confidential Computing together with Intel SGX technology addresses the following threads:

  • Malicious insiders with administrative privilege or direct access to hardware on which it is being processed
  • Hackers and malware that exploit bugs in the operating system, application, or hypervisor
  • Third parties accessing it without their consent

There are ways to secure data at rest and in transit, but you need to protect your data from threats as it’s being processed. Now you can. Confidential computing adds new data security capabilities using trusted execution environments (TEEs) or encryption mechanisms to protect your data while in use. TEEs are hardware or software implementations that safeguard data being processed from access outside the TEE. The hardware provides a protected container by securing a portion of the processor and memory. Only authorized code is permitted to run and to access data, so code and data are protected against viewing and modification from outside of TEE.



Install SNMP Feature on Windows Server Core

Install SNMP on Windows Server Core

If you run Windows Server as Core Installation, like Windows Server 2016 Core or any Microsoft Hyper-V Server edition and you want to use SNMP (Simple Network Management Protocol) on that system, you first have to install the SNMP feature on that Core Server. After that you can use the MMC to remotely connect to the services list on the Core Server.

Install SNMP on Windows Server Core

First lets see if the SNMP feature is installed, using PowerShell:

By default the SNMP feature is not installed. To install the SNMP feature on Windows Server Core, you can run the following command:



Windows Server FTP

Install FTP Server on Windows Server

Windows Server has IIS build in, which also offers a FTP server option. The File Transfer Protocol (FTP) is still a very popular protocol that allows users to simply upload and download files. Of course today you have more modern options, however it is still very often used and a lot of legacy applications still support it.

In this blog post I wanna quickly go rough how you can install the FTP Server on Windows Server. I do this on a brand new Windows Server 2019 operating system, however it didn’t really change since early Windows Server versions.

Install FTP Server Feature on Windows Server

Install FTP on Windows Server using PowerShell

First you will need to install the FTP feature. I usually simply do that using PowerShell to install the FTP Server feature in Windows Server. You can also do that using the Server Manager. However, if you want to use PowerShell, you can use the following command:



Windows Admin Center Azure Backup

Setup Azure Backup in Windows Admin Center

With Windows Admin Center you have a great new web-based management experience for Windows Server. With Microsoft efforts to bring Hybrid Cloud capabilities closer to your on-premises systems, they added support for Azure Backup in Windows Admin Center. This allows you to simply configure Azure Backup for your Windows Server with a couple of clicks.

Setting up a cloud backup of a server is simple and safes you a lot of time and resources. It is especially great, if you have a small environment in your datacenter or hosted at a different service provider, where having an own backup infrastructure doesn’t make much sense.

Configure Azure Backup in Windows Admin Center

Windows Admin Center Azure Backup

First you will need to register your Windows Admin Center to Microsoft Azure. This can be done in the settings of Windows Admin Center. If you haven’t done this yet, the wizard will guide you through. After this is done you can go to the Azure Backup Extension in Windows Admin Center and sign in. You can now configure Azure Backup directly in Windows Admin Center.

Configure Azure Backup in Windows Admin Center

This will Azure Backup client on Windows Server and as well as in Microsoft Azure. It will create the Recovery Services Vault and the necessary resources

Windows Admin Center Setting up Azure Backup

Register Recovery Services Resource Provider

If you get the error message “Error Failed to create Microsoft Azure Recovery Services Vault. Detailed error: Das Abonnement ist nicht für die Verwendung des Namespace  Microsoft.RecoveryServices” registriert.” You will need to register the Recovery Services Resource Provider in you Azure Subscription.

Register Azure Recovery Services Resource Provider

Configure and Recover from Azure Backup

Windows Admin Cenetr Azure Backup Settings

After Azure Backup is fully configured, you can see the configuration, the latest recovery points and you also will be able to recover data.

I hope this post was helpful and showed you how simple it is to back up your servers to the cloud using Windows Admin Center and Azure Backup. If you have any questions, feel free to leave a comment.

Also check out my blog post about Microsoft investments in Windows Server 2019.



Windows Server 2019 Upgrade

Windows Server 2019 In-place Upgrade

As another part of my series for Windows Server 2019, this blog post covers the in-place upgrade feature. In-place upgrade allows you to upgrade your existing LTSC versions of Windows Server 2012 R2 or Windows Server 2016 servers to Windows Server 2019. Windows Server 2019 In-place Upgrade allows businesses to quicker update to the latest version. Especially, if you have servers which you might needed to install some dependencies for the applications. I saw a lot of customers which not have documented their server installations and neither used infrastructure as code to deploy them. For these customers it can be hard to upgrade to newer versions of Windows Server. With the Windows Server 2019 In-Place Upgrade feature, this should get a lot easier. Especially since Windows Server 2019 bring a lot of improvements.

You can in place upgrade to Windows Server 2019 from

How to in place upgrade to Windows Server 2019

Windows Server 2016 upgrade to Windows Server 2019

To in place upgrade to Windows Server 2019, just insert the Windows Server 2019 media into the existing server, by attaching an ISO file, copying the sources, inserting a USB drive or even a DVD drive and start the setup.exe.

Installing Windows Server 2019

The setup will discover the existing installation and will let you perform an in place upgrade. The installation will run for a couple of minutes, it will take quiet some time depending of the speed of your server hardware and of the installed roles and features. Microsoft MVP Didier Van Hoye, did write a great blog post about Windows Server 2019 In-Place Upgrade testing. In that blog post he has a quick look on upgrading to Windows Server 2019.

You can also find a overview about what is coming new in Windows Server 2019, in my blog: Windows Server 2019 – What’s coming next.



OpenSSH Server on Windows Server

Install OpenSSH Server on Windows Server

Back in 2017 Microsoft made OpenSSH available on Windows 10. Shorty after OpenSSH was also available for Windows Server, version 1709. This blog post should give you a simple step by step guy how you install OpenSSH Server on Windows Server. OpenSSH is available for Windows Server, version 1709 and higher. If you are running Windows Server 2016, and you want to stay in the long-term servicing branch, you will need to wait for the next Windows Server LTSC build.

Install OpenSSH Server on Windows Server

If you are running a Windows Server 1709 or higher, you can simply use PowerShell to install the OpenSSH Client and Server.

OpenSSH on Windows Server

You can use the following PowerShell commands to install the OpenSSH Server on Windows Server.

After the installation you can find the OpenSSH Server files and some more configuration options under “C:\Windows\System32\OpenSSH”

Next you need to configure the OpenSSH Server (sshd)

To enable authentication into an SSH server on Windows, you first have to generate host keys and repair the ACL on the host keys.

Configure OpenSSH Server on Windows

To configure the OpenSSH Server on Windows Server, just run the following PowerShell commands:

Now you should be able to access your Windows Server using an SSH client.

OpenSSH Server on Windows Server

Remember if you run your server in Microsoft Azure, you might also need to configure the Network Security Group to allow SSH Remoting on port 22.



Windows Admin Center

Windows Admin Center – The Next Generation Windows Server Management Experience

Back in September Microsoft released Project Honolulu, which is the codename for a new Windows Server management experience. Today Microsoft announced the Windows Admin Center. Windows Admin Center is a flexible, locally-deployed, browser-based management platform and tools to manage Windows Server locally and remote. Windows Admin Center (WAC) gives IT Admins full control over all aspects of their Server infrastructure, and is particularly useful for management on private networks that are not connected to the Internet.

I had the chance to test and work with Windows Admin Center for a while in a private preview program. This give me the chance to test and work with WAC for quiet some time.

Windows Admin Center is the modern evolution of the “in-box” management tools of Windows Server, like Server Manager, MMC, and many others. It is complementary to other Microsoft Management solutions such as System Center and Operations Management Suite. And as Microsoft clearly states, WAC is not designed to replace these products and services. WAC is a replacement for the local only tools and is especially handy if you run Windows Server Core.

Windows Admin Center Deployment Overview

(Picture for Microsoft)

You might remember the Azure Server Management Tools (SMT). SMT were management tools hosted in Azure and allowed you to manage your servers in the cloud and on-primes. Basically a hosted services of Windows Admin Center. The feedback however was, that a lot of customer preferred a on-premise solution for their management experience. Microsoft took that feedback and created Windows Admin Center formally known as Project Honolulu.

Windows Admin Center Functionality

Windows Admin Center PowerShell

  • Simplified server management – WAC consolidates many distinct tools into one clean and simple web interface. Rather switching between different tools, you can final everything in one place.
  • Illuminate your datacenter infrastructure – With WAC you can manage Windows Server 2016, 2012/2012 R2, Hyper-V Server 2012 and higher. WAC not only allows you to manage standalone servers, but also complete solutions such a failover clusters, hyper-converged clusters based on Storage Spaces Direct and much more. And I am sure you can bet it will also support Windows Server 2019 when it arrives.
  • The tools you know, reimagined – Windows Admin Center provides the core familiar tools you have used in the past.
  • Manage Hyper-Converged Infrastructure –  WAC brings solutions to manage your Hyper-Converged systems. You get a single pane of glass to manage and operate your Storage Spaces Direct Clusters. You can easily get an overview about resources, performance, health and alerts.

Windows Admin Center Management Experience

Windows Admin Center Solutions

WAC has different solutions which give you different functionality. In the technical preview there are three solutions available, Server Manager, Failover Cluster Manager and Hyper-Converged Cluster Manager.

Server Manager

The server manager lets you is kind of like the Server Manager you know from Windows Server, but it also replaces some local only tools like Network Management, Process, Device Manger, Certificate and User Management, Windows Update and so on. The Server Manager Solution also adds management of Virtual Machines, Virtual Switches and Storage Replica.

Failover Cluster Manager

As you might think, this allows you to manage Failover Clusters.

Hyper-Converged Cluster Manager

The Hyper-Converged Cluster Manager is very interesting if you are running Storage Spaces Direct clusters in a Hyper-Converged design, where Hyper-V Virtual Machines run on the same hosts. This allows you to do management of the S2D cluster as well as some performance metrics.

WAC Deployment Options

Windows Admin Center Deployment

(Picture from Microsoft)

WAC can be deployed in several different ways, depending on your needs.

WAC Topology

Windows Admin Center On-Premise Architecture

Windows Admin Center leverages a three-tier architecture, a web server displaying web UI using HTML, a gateway service and the managed nodes. The web interface talks to the gateway service using REST APIs and the gateway connected to the managed nodes using WinRM and PowerShell remoting (Similar like the Azure Management Tools).

Windows Admin Center On-Premise and Public Cloud Architecture

You can basically access the Web UI from every machine running modern browsers like Microsoft Edge or Google Chrome. If you publish the webserver to the internet, you can also manage it remotely from everywhere. The installation and configuration of Windows Admin Center is straight forward and very simple.

The WAC Gateway Service can be installed on:

  • Windows Server 2016 (LTSC)
  • Windows Server, version 1709 (SAC)
  • and higher

You can manage the following operating systems

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016 and higher

Identity Provider and RBAC

Windows Admin Center Azure Active Directroy

In Project Honolulu during the preview time, one of the missing pieces was the missing RBAC (Role-Based Access Control). Windows Admin Center now comes with RBAC so you can configure it for your needs. Also new is the possibility to use Azure Active Directory as a Identity Provider. In this case you can use your Azure AD users and groups to access the Windows Admin Center.

Conclusion

In my opinion Windows Admin Center provides us with the Windows Server management tools we were looking for. It helps us to manage our systems form a centralized, modern HTML5 web application and makes managing GUI-less servers easy.

I still think the Server Management Tools hosted in Azure were a better overall solution. Since we only needed to deploy a gateway in our datacenter and we could access and manage our systems from the Azure portal. However a lot of customers didn’t like the dependency on the cloud, so the Windows Admin Center makes perfect sense as a on-premise solutions. Of course WAC brings right now much more functionality then SMT. And the possibility to extend it with solutions and extensions form third parties makes it even better.

You can download Windows Admin Center here: http://aka.ms/WindowsAdminCenter