Tag: Windows

Last updated by at .

Windows Admin Center

Windows Admin Center – The Next Generation Windows Server Management Experience

Back in September Microsoft released Project Honolulu, which is the codename for a new Windows Server management experience. Today Microsoft announced the Windows Admin Center. Windows Admin Center is a flexible, locally-deployed, browser-based management platform and tools to manage Windows Server locally and remote. Windows Admin Center (WAC) gives IT Admins full control over all aspects of their Server infrastructure, and is particularly useful for management on private networks that are not connected to the Internet.

I had the chance to test and work with Windows Admin Center for a while in a private preview program. This give me the chance to test and work with WAC for quiet some time.

Windows Admin Center is the modern evolution of the “in-box” management tools of Windows Server, like Server Manager, MMC, and many others. It is complementary to other Microsoft Management solutions such as System Center and Operations Management Suite. And as Microsoft clearly states, WAC is not designed to replace these products and services. WAC is a replacement for the local only tools and is especially handy if you run Windows Server Core.

Windows Admin Center Deployment Overview

(Picture for Microsoft)

You might remember the Azure Server Management Tools (SMT). SMT were management tools hosted in Azure and allowed you to manage your servers in the cloud and on-primes. Basically a hosted services of Windows Admin Center. The feedback however was, that a lot of customer preferred a on-premise solution for their management experience. Microsoft took that feedback and created Windows Admin Center formally known as Project Honolulu.

Windows Admin Center Functionality

Windows Admin Center PowerShell

  • Simplified server management – WAC consolidates many distinct tools into one clean and simple web interface. Rather switching between different tools, you can final everything in one place.
  • Illuminate your datacenter infrastructure – With WAC you can manage Windows Server 2016, 2012/2012 R2, Hyper-V Server 2012 and higher. WAC not only allows you to manage standalone servers, but also complete solutions such a failover clusters, hyper-converged clusters based on Storage Spaces Direct and much more. And I am sure you can bet it will also support Windows Server 2019 when it arrives.
  • The tools you know, reimagined – Windows Admin Center provides the core familiar tools you have used in the past.
  • Manage Hyper-Converged Infrastructure –  WAC brings solutions to manage your Hyper-Converged systems. You get a single pane of glass to manage and operate your Storage Spaces Direct Clusters. You can easily get an overview about resources, performance, health and alerts.

Windows Admin Center Management Experience

Windows Admin Center Solutions

WAC has different solutions which give you different functionality. In the technical preview there are three solutions available, Server Manager, Failover Cluster Manager and Hyper-Converged Cluster Manager.

Server Manager

The server manager lets you is kind of like the Server Manager you know from Windows Server, but it also replaces some local only tools like Network Management, Process, Device Manger, Certificate and User Management, Windows Update and so on. The Server Manager Solution also adds management of Virtual Machines, Virtual Switches and Storage Replica.

Failover Cluster Manager

As you might think, this allows you to manage Failover Clusters.

Hyper-Converged Cluster Manager

The Hyper-Converged Cluster Manager is very interesting if you are running Storage Spaces Direct clusters in a Hyper-Converged design, where Hyper-V Virtual Machines run on the same hosts. This allows you to do management of the S2D cluster as well as some performance metrics.

WAC Deployment Options

Windows Admin Center Deployment

(Picture from Microsoft)

WAC can be deployed in several different ways, depending on your needs.

WAC Topology

Windows Admin Center On-Premise Architecture

Windows Admin Center leverages a three-tier architecture, a web server displaying web UI using HTML, a gateway service and the managed nodes. The web interface talks to the gateway service using REST APIs and the gateway connected to the managed nodes using WinRM and PowerShell remoting (Similar like the Azure Management Tools).

Windows Admin Center On-Premise and Public Cloud Architecture

You can basically access the Web UI from every machine running modern browsers like Microsoft Edge or Google Chrome. If you publish the webserver to the internet, you can also manage it remotely from everywhere. The installation and configuration of Windows Admin Center is straight forward and very simple.

The WAC Gateway Service can be installed on:

  • Windows Server 2016 (LTSC)
  • Windows Server, version 1709 (SAC)
  • and higher

You can manage the following operating systems

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016 and higher

Identity Provider and RBAC

Windows Admin Center Azure Active Directroy

In Project Honolulu during the preview time, one of the missing pieces was the missing RBAC (Role-Based Access Control). Windows Admin Center now comes with RBAC so you can configure it for your needs. Also new is the possibility to use Azure Active Directory as a Identity Provider. In this case you can use your Azure AD users and groups to access the Windows Admin Center.

Conclusion

In my opinion Windows Admin Center provides us with the Windows Server management tools we were looking for. It helps us to manage our systems form a centralized, modern HTML5 web application and makes managing GUI-less servers easy.

I still think the Server Management Tools hosted in Azure were a better overall solution. Since we only needed to deploy a gateway in our datacenter and we could access and manage our systems from the Azure portal. However a lot of customers didn’t like the dependency on the cloud, so the Windows Admin Center makes perfect sense as a on-premise solutions. Of course WAC brings right now much more functionality then SMT. And the possibility to extend it with solutions and extensions form third parties makes it even better.

You can download Windows Admin Center here: http://aka.ms/WindowsAdminCenter 



Ubuntu on Windows Server using WSL

Install Windows Subsystem for Linux on Windows Server

In 2017 Microsoft made it possible to run different Linux distribution on Windows 10, using a feature called the “Windows Subsystem for Linux“. With the latest official Semi-Annual Channel Windows Server release called Windows Server, version 1709 Microsoft also allowed to run the Windows Subsystem for Linux (WSL) on Windows Server. With the next release of Windows Server called Windows Server, version 1803, Microsoft will also add some improvements to the Windows Subsystem on Linux, which also apply to Windows 10 as well as Windows Server. This blog post shows you how you can do this.

First you have a Windows Server, version 1709 running. After that enable the Microsoft Windows Subsystem for Linux feature, running the following command (This will need a reboot)

You can download the appx packages for you favorite Linux distribution, this can be today:

  • Ubuntu
  • OpenSUSE
  • Suse Linux Enterprise Server

If you are running on Windows Server Core (which is highly likely), you can use the following command to download the Linux distributions.

You can then unpack the file:

Now you can open that folder and run the installer for example ubuntu.exe. The first time this will do the setup where you also define the UNIX username and password as well as the root password.

WSL on Windows Server

After that you can run updates for your distro and you can start using Linux.

If you want to know more about the WSL, check out the Microsoft Documentation: Windows Subsystem for Linux Documentation and have a look at my WSL post in for Windows 10: Crazy times – You can now run Linux on Windows 10 from the Windows Store



Hyper-V HVC SSH Direct for Linux VMs

HVC – SSH Direct for Linux VMs on Hyper-V

If you are running Hyper-V on Windows 10 or on Windows Server 2016, you probably know about a feature called PowerShell Direct. I also mentioned that PowerShell Direct is one of the 10 hidden features in Hyper-V you should know about. PowerShell Direct lets you remote connect to a Windows Virtual Machine running on a Hyper-V host, without any network connection inside the VM. PowerShell Direct uses the Hyper-V VMBus to connect inside the Virtual Machine. Of course this feature is really handy if you need it for automation and configuration for Virtual Machines. As this is great for Windows virtual machines, it does not work with Virtual Machines running Linux. In the latest Windows 10, Windows Server 1803 (RS4) and Windows Server 2019 (RS5) Insider Preview builds, Microsoft enabled a tool called HVC. HVC is at tool which allows you to do some command line VM management. HVC SSH is basically SSH Direct of Linux VMs.

This allows to connect to a Linux VM using SSH over the Hyper-V VMBus. You are also able to copy file inside a virtual machines using scp.

How to connect to Linux VMs using SSH Direct

HVC SSH on Hyper-V

To connect to Linux VMs using SSH Direct (HVC) simply type hvc.exe into the command line or PowerShell. This will give you all the possible command options. Of course SSH has to big configured inside the Linux virtual machine.

To make this work, the SSH server inside the VM needs to be configured.

Final Thoughts

Pretty cool tool which will be available in the official releases of Windows 10 and Windows Server 1803, released this spring. Later this year this feature will also be included in Windows Server 2019. If you want to try it out today, give the Windows Insider Preview builds a spin.

Thanks to Ben Armstrong for pointing this out 😉



Surface Book 2

My First Impressions of the Surface Book 2

Last week I got my early (or late) Christmas gift to myself. The Microsoft Surface Book 2 15-inch version was finally shipping to Switzerland. The 13-inch version of the Surface Book 2, was already available last year. I am a long time Surface user, since I got my first Surface and my first Surface Pro back in 2012. As you might remember I got a new Surface Pro 2017 as a new company device, back in July 2017. I picked the Surface Pro as a replacement for my Surface Book which I used quite a while and I am very happy with it. It is a light and mobile device, perfect when you are traveling. I think the new Surface Pro with LTE would even be better if you are on the road.

However, one thing I always knew, was that I am more productive with a larger screen. Even the 13” Surface Book, made a huge difference against the 12” Surface Pro. The thing is simple, it is mobility versus screen real estate. I am often working on the go, which means I like the mobility. On the other hand I am also working a couple of hours on the device with no extra screens. Having some extra space on the mobile device, makes me more productive.

Surface Book 2 and Surface Pro

When Microsoft announced the new Surface Book 2 13-inch and 15-inch, I knew I want a 15” version. It would give me more screen real estate, more productivity, paired with the Surface quality and design. The combination of a 15” screen in a 3:2 aspect ratio, together with a touch screen and pen support, will provide you with the best possible work setup.

The Surface Book 2 also comes with some performance improvements. With the higher end models, you get new 8th Gen Intel Core i7-8650U quad-core processor, and a Nvidia GeForce GTX 1060, which will provide you with the necessary performance. For me, these performance improvements are a nice addition, but not the reason I would upgrade. If you are a creator, designer, editor, you might highly benefit from the additional graphics performance. However, Microsoft also updated the disk to a faster NVMe SSD, and this you can see and feel in your day-to-day tasks.

Surface Book 2 – First Impressions

I haven’t used the Surface Book 2 long enough for a full review, but I want to share my first impressions.

  • Hardware and build quality are amazing as for all the Surface devices, no surprises here.
  • Performance improvements from the 8th Gen Intel Core i7-8650U quad-core processor, and the NVMe SSD are great. They are helping a lot if you are running Docker containers and Hyper-V on your machine. I can also imagine if you are doing graphic intensive work, you also benefit heavily from the Nvidia GeForce GTX 1060.
  • The amazing 15” PixelSense display with the 3:2 aspect ratio and a resolution of  3240 x 2160 is just stunning and really makes a difference if you need screen real estate. The quality of the display is also amazing and you can switch between “Enhanced Mode” and sRGB. And as always I am very happy with the Surface Pen support.
  • Yes you can still detach the screen from the keyboard to use it as a giant 15” tablet.
  • Microsoft now includes 2 x USB type-A (version 3.1 Gen 1), 1 x USB type-C (version 3.1 Gen 1 with USB Power Delivery revision 3.0), 3.5mm headphone jack, 2 x Surface Connect ports, Full-size SDXC card reader. The only thing missing is the Thunderbolt port, but to be honest I never missed it before, but of course it would be nice to have it.
  • Of course the Surface Book 2 15” version is huge if you compare it to the Surface Pro or the Surface Laptop. With 1.9kg also heavier, but with the performance improvements, battery life and the larger screen, what else can you expect. However, if you undock the screen from the keyboard, the tablet part is still very light.
  • It also provides you with the necessary modern Wi-Fi standards a/b/g/n/ac, Bluetooth Wireless 4.1 technology and built-in Xbox Wireless for the 15-inch version.
  • Since I am using it only since a couple of days, I cannot really talk about battery life. Microsoft claims up to 17 hours of video playback. To be honest the first Surface Book was already very good in terms of battery life. I think, with the Surface Book 2 I will make it trough a day.
  • Of course it also ships with a Windows Hello face authentication camera. A 5.0MP front-facing camera with 1080p HD video and a 8.0MP rear-facing autofocus camera with 1080p HD video.

Overall my first impression of the Surface Book 2 is amazing. The Surface Book 2 is the laptop I was waiting for, for a long time. I think this is the best notebook I have ever owned. Are you owning one, or thinking about buying one for yourself? Let me know in the comments.

 



What is in my bag for the Microsoft MVP Summit 2018

What is in my bag for the Microsoft MVP Summit 2018

Soon again I am on my way to the Microsoft MVP Summit 2018 in Redmond. The Microsoft MVP Summit is the yearly, multi-day event, which is hosted at the Microsoft headquarters in Redmond and in Bellevue. The event brings a large catalog of technical sessions and variety of networking opportunities. The Microsoft MVP Global Summit enables MVPs from around the world to connect with each other, build relationships with Microsoft product managers, learn about upcoming technology and products, and provide feedback on Microsoft products and services.

If I remember correctly this I my 7th MVP Summit, which I can attend. I am really looking forward as always and I am sure it is going to be great fun.

Obviously you need to pack some stuff, to make the best out of the week. Especially since you need to take a lot of notes, and also work on some projects remotely. Besides my clothes and my running shoes, I also pack my latest tech stuff.

What is in my bag for the Microsoft MVP Summit 2018

What is in my bag for the Microsoft MVP Summit 2018

  • Surface Pro – As my daily driver I will bring my Microsoft Surface Pro, which is a perfect travel companion, since it is a small and light devices. As you may know, I also love to take notes in OneNote using the Surface Pen. The battery life should bring me more less through a day of work at the event.
  • The Surface Pen  – The Surface Pen is one of my favorite Surface peripherals to take handwritten notes during sessions.
  • Samsung Galaxy Note 8 – After Microsoft really holds back on the Windows 10 Mobile investments. I decided to Switch to a Samsung Galaxy Note 8. The Note 8 looks beautiful, has a great camera, a Pen for OneNote. It also has enough battery life to bring me trough a long day.
  • Microsoft Arc Touch Mouse – The Microsoft Arc Touch Mouse is my absolut favorite travel mouse. I am using a Microsoft Arc mouse since the first version and I am happy with the integrations Microsoft made.
  • Bose Quiet Comfort 35 – The best travel Headphones I have ever owned. I like the new wireless capabilities and the noise canceling is perfect when you are stuck on a long flight.
  • Samsung Gear S3 Frontier – Around my wrist I am currently wearing a Samsung Gear S3 Frontier smartwatch, which helps me track my runs on Samsung health
  • Microsoft Surface Adapters – Of course I bring a bunch of Surface Pro adapters, since you never know if you need to connect your Surface to a big screen.
  • Microsoft Surface Power Adapter – This is a thing I really started to like. The Surface Power Adapter not only allows you to charge your Surface, but the extra USB port also allows you to charger your phone or another USB device at the same time.
  • Next to that, I will bring some cables, sunglasses, even I might not really need them in the Seattle area this time of the year, and a bunch of other stuff you need during an event.

Old Times

By the way it is funny to see, how the inside of my bag change over the years. I wrote a similar blog post for the Microsoft MVP Summit in 2013. When I was carrying a Lenovo Thinkpad X1 and a Lumia 920.

Bag for Microsoft MVP Summit



Microsoft Modern Keyboard

Mini Review of the Microsoft Modern Keyboard with Fingerprint ID

As you may know I am a big fan of the Microsoft peripherals like the Microsoft Arc Mouse, Surface Pen, Surface Precision Mouse, Surface Dial and the Surface Keyboard. The last one I have just upgraded to the Microsoft Modern Keyboard. The Microsoft Modern Keyboard almost looks the same when you compare it to the Surface Keyboard, except for some minor changes, like the on/off button, the USB charging port or the integrated Fingerprint reader.

As like the Surface Keyboard, the Microsoft Modern Keyboard feels extremely comfortable to type on, and in my opinion also looks perfect on your desk. It is thin and light and matches the style of the other Surface products. Microsoft Modern Keyboard with Fingerprint ID’s aluminum frame makes it not only of the highest quality, but heavy and virtually indestructible. The keyboard not only supports Bluetooth Low Energy  4.0 / 4.1 / 4.2, it also supports USB as a wired connection, which allows it to be a great choice even at work.

Microsoft Modern Keyboard Fingerprint Reader

One of the main new advantages of the Microsoft Modern Keyboard is the new integrated Fingerprint reader. This allows you to use it together with Windows Hello, to easily login to your computer, without the need of a password.

Microsoft Modern Keyboard On Off Button

You also get a on off switch for they keyboard, which is really handy, especially when you are traveling and storing the keyboard in your bag.

Microsoft Modern Keyboard USB Charger

The Surface Keyboard came with batteries which you needed to replaces after a while. The Microsoft Modern Keyboard brings a rechargeable battery, which can be easily recharged using the included USB cable, which also lets you connect the keyboard not only using Bluetooth, but also using the wired USB connection. Microsoft promises up to 4 months battery life on full charge.

After using the Surface Keyboard and before the Microsoft Designer Bluetooth Desktop since 2015, the Microsoft Modern Keyboard with Fingerprint ID is a great successor.



Microsoft Edge Windows Defender Application Guard

Enable Windows Defender Application Guard on Windows 10 using PowerShell

A couple of days back I saw a tweet form Stefan Stranger (Consultant at Microsoft) which reminded me of a feature called Windows Defender Application Guard, which is included in Windows 10 Enterprise since the Fall Creators Update (1709). If you have never heard of Application Guard, you might want to check out this blog post: Introducing Windows Defender Application Guard for Microsoft Edge

Basically Windows Defender Application Guard starts Microsoft Edge in a Hyper-V Container and uses Hyper-V isolation. So if a user browses on a malicious site, the site is separate from the host operating system.

Application Guard Hardware Isolation

What is Windows Defender Application Guard and how does it work?
Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can’t get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can’t get to your employee’s enterprise credentials.

Source: Windows Defender Application Guard overview

Usually Windows Defender Application Guard is configured using a Enterprise devices management tool like System Center Configuration Manager, Microsoft Intune or another third-party tool. But if you want to use this on your standalone Windows 10 PC you can also do this using PowerShell.

The only thing you need to run this is:

  • Windows 10 Enterprise 1709 (Fall Creators Update) or higher
  • A computer which supports Hyper-V
    • A 64-bit computer with minimum 4 cores is required for hypervisor and virtualization-based security (VBS)
    • Extended page tables, also called Second Level Address Translation (SLAT)
    • One of the following virtualization extensions for VBS:
      • Intel VT-x
      • AMD-V
    • Microsoft recommends 8GB RAM for optimal performance
    • 5 GB free space, solid state disk (SSD) recommended
    • Input/Output Memory Management Unit (IOMMU) support is strongly recommended
  •  Microsoft Edge and Internet Explorer

Enable Windows Defender Application Guard using PowerShell

You can simply install Application Guard using the following command:

New Application Guard Windows in Microsoft Edge

This will reboot your computer and after this you will be able to open a new Microsoft Edge windows in Application Guard.

Microsoft Edge Windows Defender Application Guard

This does added some extra security, however it does not really protect against like the Meltdown and Spectre attacks.

Application Guard Virtual Machine Worker Process

If you have a look at the processes running on your computer you can now see that there is a new Virtual Machine Worker Process which is used by the Application Guard.

This is a great example how the Hyper-V isolation can not only be used for Hyper-V Virtual Machines but also other features like Hyper-V Containers or for example on the Xbox One.