Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Apply #security principles to your #architecture to protect against attacks on your data and systems

Hope you started year 2022 in Good Health in a difficult pandemic time.

Starting 2022 by asking yourself, how is your Security by Design doing in 2022
Your Security is one of the most important aspects of any architecture for your Business.
It provides confidentiality, integrity, and availability assurances against attacks and abuse of your valuable data and systems. Losing these assurances can negatively impact your business operations and revenue, and your organization’s reputation.

Here you find Awesome information about Applying security principles to your architecture to protect against attacks on your data and systems:

Microsoft Architecture and Security Docs

Here you find more information about NIST Cybersecurity Framework

The Microsoft Cybersecurity Reference Architectures (MCRA) describe Microsoft’s cybersecurity capabilities. These References and diagrams can support you with implementing Security by design.

Microsoft Defender for Cloud

Microsoft Defender for Cloud (formerly known as Azure Security Center) community repository. This repository contains:

  • Security recommendations that are in private preview
  • Programmatic remediation tools for security recommendations
  • PowerShell scripts for programmatic management
  • Azure Policy custom definitions for at-scale management of Microsoft Defender for Cloud
  • Logic App templates that work with Defender for Cloud’s Logic App connectors (to automate response to Security alerts and recommendations)
  • Logic App templates that help you run regular tasks or reports within the scope of Microsoft Defender for Cloud
  • Custom workbooks to visualize Defender for Cloud data

Become a Microsoft Defender for Cloud Ninja

Security and Learning is a ongoing process, I always say Learning on the Job 😉 is important to keep Up-to-Date every day of the week. Microsoft Tech Community platform and Microsoft Learning can support you to get the knowledge.

Become a Microsoft Defender for Cloud Ninja here

Conclusion

Microsoft and the community has a lot of good security information to start with for your Data and Systems to keep your business solution as save as possible. Here they write New blogposts for the community about Defender for Cloud

Keep in Mind “Security is only as strong as the weakest component in the Chain”

So keep your Security up-to-date and do assessments on vulnerabilities to keep your data and systems secure. Monitoring => Alerting => Remediation is 24/7/365 Process with Security people in the business.


Leave a comment

#Microsoft Defender for Cloud videos with @yuridiogenes #Security

Here you will find all the Microsoft Defender for Cloud videos with Yuri

Here you find all the Azure Security Center in the Field Videos with Yuri

You can follow Yuri Diogenes also on Twitter

 


Leave a comment

JOIN Microsoft Ignite 2021 Event November 2-4 #MSIgnite #Azure #Winserv #Windows11 #Hybrid

Microsoft Ignite 2021

Join Microsoft and the Community November 2–4, 2021 to explore the latest tools, training sessions, technical expertise, networking opportunities, and more. You can register here

Here you find some great MSIgnite guidance on Microsoft Tech Community :

Check out what’s new in Security at Microsoft Ignite

Surface at Microsoft Ignite: November 2021

Your Guide to Microsoft Teams at Microsoft Ignite Fall 2021

Windows at Microsoft Ignite: November 2021

A developer’s guide to Ignite 2021

Bring Azure Kubernetes Services to a Hybrid Environment (The Blueprint Files)

Follow @MS_Ignite on Twitter

Of course you can make your own schedule from the session catalog here

Don’t forget your Registration and have a Great innovative Microsoft Ignite 2021 Event 😉

 


Leave a comment

#AzureArc Services with Docker for Windows #Kubernetes Cluster for Testing #DevOps #MSBuild

Microsoft Build 2021 Global virtual event

I Hope everyone had a Great Microsoft Build 2021 Online Conference this week. Microsoft announced a lot of new features and Hybrid Cloud Solutions at Build 2021 🙂 If you missed this Awesome Build 2021 event, you can watch the highlights on demand here.

Microsoft also launched MSBuild Book of News 2021

Build 2021 Resources: Build consistent hybrid and multicloud applications with Azure Arc

DevOps and developers are increasingly using microservices-based architectures with containerized applications for agility and flexibility. Azure Arc extends the single control plane from Azure to enable you to build apps consistently across hybrid and multi-cloud environments. With this information I was thinking, can I connect Microsoft Azure Arc Services to my Surface Book 3 with Windows 10 Preview Insiders Build 21390 and Docker for Windows with Kubernetes Cluster 1.19.7 active?

IMPORTANT: The following step-by-step guide is for testing purpose only.

Installing Docker for Windows with Kubernetes Cluster on Windows 10

First you need to have Docker for Windows 10.

System requirements

Your Windows machine must meet the following requirements to successfully install Docker Desktop.

WSL 2 backend

  • Windows 10 64-bit: Home, Pro, Enterprise, or Education, version 1903 (Build 18362 or higher).
  • Enable the WSL 2 feature on Windows. For detailed instructions, refer to the Microsoft documentation.
  • The following hardware prerequisites are required to successfully run WSL 2 on Windows 10:

Here you can download Docker Desktop for Windows

With docker desktop for Windows you can switch between Windows Containers and Linux Containers. When you want to have a Kubernetes Cluster on your Windows 10 device active you have to switch to Linux Containers in the taskbar like this :

It’s now active for Linux Containers. (Default)

Right Click on the Docker tray icon and go to Settings.
Then go to Kubernetes to enable your Cluster locally on your Windows 10 Device.
When you apply it take some minutes for the installation.

When you see the Kubernetes icon on green, then your Cluster is running.

When you do a lot of DevOps work you use Microsoft Visual Studio Code for Free, because here you can see your Kubernetes Cluster and try your own code or Apps.

Kubernetes Cluster is running locally on your Windows 10 device.

Installing Microsoft Azure Arc Agent

The next step is to install the Microsoft Azure Arc agent on your Windows 10 device.

Login in your Azure Subscription, if you don’t have one you can start here

Search for Azure Arc in your subscription.

Click on Servers and Click on Add.

Click on add a Single Server.
Click on Generate Script.

Prerequisites for the Azure Arc Agent.

Select your Azure Subscription and Resource Group
Choose your Region.
Operating System is Windows. ( your Windows10 device)
Click on Next.

You can add your TAG here.
More information about Azure Tags

Here you can download the Installation script or do a Copy of the Azure Arc Agent.

Open PowerShell ISE in Administrator mode.
Paste the Azure Arc Agent PowerShell Script.
Click on run.

When you see this message open your browser and go to
https://microsoft.com/devicelogin

Copy the Code in the last rule of PowerShell here and click on Next.

Enter your Azure Subscription account here and click on Next.

Connection is made with Azure you can close this screen.

Azure Arc Agent is connect with your Windows 10 Device.

Here you see my Azure Arc Enabled Machine.

Now your Windows 10 device, my Surface Book 3 is connected with Microsoft Azure Arc Services.

Register a Kubernetes Cluster with Azure Arc

The last step is to register your kubernetes Cluster with Microsoft Azure Arc Services.

Click on kubernetes Clusters on the left.
Click on Register a Kubernetes Cluster with Azure Arc.

The prerequisites to add your Kubernetes Cluster to Azure Arc

Select your Azure Subscription
Select your Resource Group
Give your Cluster a Name in Azure
Select Region.
Are you behind a Proxy Server? Yes or No

Here you can add your TAG to the Kubernetes Cluster.

The Next step is to run the Script, you can do that with PowerShell or Bash. I Did this via Azure CLI and with Helm 3.

Microsoft Azure CLI active with Helm 3

Copy the Bash commando into your Azure CLI like here.

This operation might take a couple of minutes.

Done, the Kubernetes Cluster is added to Azure Arc.

Dockkube was successfully connected to Azure.

Kubernetes Cluster with Azure Arc

Now you Have connected your Kubernetes Cluster to Azure Arc Services, you can start exploring the extensions :

Kubernetes Cluster – Azure Arc extensions

You can work with GitOps on your Kubernetes Cluster via Azure Arc Services

GitOps on your Kubernetes Cluster via Azure Arc.

More Features like Security, Monitoring, Automation :

Features for Kubernetes in Azure Arc Services.

Here you see in Visual Studio Code your Azure-Arc Helm Release.

Conclusion

“Learn how to write once and run anywhere using your preferred cloud-native application services. Ensure governance, compliance and security for your deployments, all through a single pane of glass management experience in Azure.”

With Microsoft Azure Arc Services you bring Azure Cloud Technology anywhere for your Apps, Containers, microservices.
I Hope this is a first start for exploring and testing your Hybrid Cloud solution. Wish you a lot of fun and happy coding 😉

 


Leave a comment

Today is Microsoft Ignite 2021 Event of the Year #MSIgnite #Azure #Cloud #AzureStackHCI #Winserv and More

JOIN Microsoft Ignite 2021 Event

You don’t want to miss this Live Awesome Virtual Global Event of Microsoft 😉


Leave a comment

Adding Windows Server 20H2 Core to Azure Arc Services with #WindowsAdminCenter #Winserv #Azure

Azure Arc Services

Azure Arc enabled servers allows you to manage your Windows and Linux machines hosted outside of Azure, on your On-premises network, or other cloud provider consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID, is included in a resource group, and benefits from standard Azure constructs such as Azure Policy and applying tags. Service providers who manage a customer’s on-premises infrastructure can manage their hybrid machines, just like they do today with native Azure resources, across multiple customer environments, using Azure Lighthouse with Azure Arc.

To deliver this experience with your hybrid machines hosted outside of Azure, the Azure Connected Machine agent needs to be installed on each machine that you plan on connecting to Azure. This agent does not deliver any other functionality, and it doesn’t replace the Azure Log Analytics agent. The Log Analytics agent for Windows and Linux is required when you want to proactively monitor the OS and workloads running on the machine, manage it using Automation runbooks or solutions like Update Management, or use other Azure services like Azure Security Center.

In earlier blogpost I wrote about Windows Admin Center and the Installation of Windows Server 20H2 Core version.

Now we have my Dark20H2.MVPLAB.LOCAL Windows Server Core managed by Windows Admin Center, I like to connect the Windows Server 20H2 Core to Azure Arc Services for Hybrid IT Management to get the benefits of the Cloud.

In the next step-by step guide we will enable Azure Arc Services by installing the agent on the Windows Server 20H2 Core.

Prerequisites

  • If you don’t have an Azure subscription, create a free account before you begin.
  • Deploying the Arc enabled servers Hybrid Connected Machine agent requires that you have administrator permissions on the machine to install and configure the agent. On Linux, by using the root account, and on Windows, with an account that is a member of the Local Administrators group.
  • Before you get started, be sure to review the agent prerequisites and verify the following:
    • Your target machine is running a supported operating system.
    • Your account is granted assignment to the required Azure roles.
    • If the machine connects through a firewall or proxy server to communicate over the Internet, make sure the URLs listed are not blocked.
    • Azure Arc enabled servers supports only the regions specified here.

Open Azure Arc in the Portal.

Because I have already Azure Arc Active for my Azure Stack HCI Cluster in my MVPLAB.LOCAL, I will click on Servers on the left.

Click on Add

We will Generate a Script for the Single Windows Server 20H2 Core.
You can Add also Servers at Scale.

HTTPS Access to Azure Services is Needed
and
Local Administrator permissions, Click Next

Select the right Azure Subscription and the Resource Group.
Select the Azure Region and Operating System.
and the URL when you are behind a Proxy Server.
Click Next.

You can add Tags for Administrative tasks like Costs.
Click Next.

Here you can Copy and Paste the Script or Download it.
I downloaded the PowerShell Script.
Click on Close.

Windows Admin Center in action on Windows Server 20H2 Core

The Windows Server Dark20H2.mvplab.local is a basic installation and managed by Windows Admin Center

Now we have to do the following steps :

  1. Copy the Azure Arc PowerShell Script to the Server with WAC.
  2. Install Azure PowerShell on the Server
  3. Run the Azure Arc PowerShell Script.

1. Copy the Azure Arc PowerShell Script to the Server with WAC

First we use Windows Admin Center to make a directory on the Server for uploading the Azure Arc PowerShell Script.

I have made a Azure Arc directory with Windows Admin Center.
Click on Upload.

Browse to your Azure Arc PowerShell Script.

Click on Submit.

The Azure Arc PowerShell Script is now on the Server.

2. Install Azure PowerShell on the Server

In the following steps we will install Microsoft Azure PowerShell on the Server via Windows Admin Center.

Type: $PSVersionTable.PSVersion
You need at least PowerShell 5.1

  1. Install .NET Framework 4.7.2 or later.
  2. Make sure you have the latest version of PowerShellGet. Run Install-Module -Name PowerShellGet -Force

Run the following script :

———————————————————————-

if ($PSVersionTable.PSEdition -eq ‘Desktop’ -and (Get-Module -Name AzureRM -ListAvailable)) {
Write-Warning -Message (‘Az module not installed. Having both the AzureRM and ‘ +
‘Az modules installed at the same time is not supported.’)
} else {
Install-Module -Name Az -AllowClobber -Scope CurrentUser
}

———————————————————————–

Type Y or A ( Yes or Yes to All)

Installing the Azure PowerShell Modules.

Now we are ready for the Azure Arc PowerShell Script.

3. Run Azure Arc PowerShell Script on the Server.

From here we are going to install the Microsoft Azure Arc PowerShell Script to join this server to Azure Arc Services with an Agent.

Run   .\OnboardingScript (1).ps1
It will ask for a Device login to Azure with a Code.
I did that on the Windows Admin Center Server.

When you Login to Azure with your Account you will see this Screen.

The Next screen is the completion in Windows Admin Center PowerShell of the Windows Server 20H2 Core.

This Dark20H2.mvplab.local Server is now connected with Azure Arc Services.
Azure Arc Enabled Server.

Here we see the Windows Server 202H2 Core in Azure Arc.

Azure Arc Services

Installing Azure Arc Insights

Here we start with one of the Azure Arc Services on the On-Premises Windows Server 20H2 Core called Azure Arc Insights.

Click on Insights on the Left of the Azure Arc Server.
Click on Enable.

Select your Azure Subscription and Log Analytics Workspace.
Click on Enable.

Installation of Azure Arc Insights in progress……

It’s Ready and waiting for data in Azure.

Performance View of On-Prem Servers.

Azure Arc Service Map will come available

Conclusion

With Microsoft Azure Arc Services you get the Azure Cloud Management services connected with On-Premises Servers. You get Azure Security Center, Log Analytics, Azure Monitoring and Alerting, Update Management, Change tracking and Automation tasks. This is the power of Hybrid IT Management and get the best of Tools there is like Windows Admin Center supporting me with Windows Server 20H2 Core. Azure Arc Services with Kubernetes and Azure Stack HCI Management is powerful and with a Single pain of Glass in IT Management. Hope this helpful for you, and Go for it yourself. 😉

 

 


Leave a comment

Running #Dapr in WSL2 Ubuntu 20-04 distro in #WindowsInsider Build 21277 RS and #VSCode

Working with Dapr in WSL2 Remote VSCode and Ubuntu 20.04 distro

Dapr is a portable, event-driven runtime that makes it easy for any developer to build resilient, stateless and stateful applications that run on the cloud and edge and embraces the diversity of languages and developer frameworks.

 

Developer language SDKs and frameworks

To make using Dapr more natural for different languages, it also includes language specific SDKs for Go, Java, JavaScript, .NET and Python. These SDKs expose the functionality in the Dapr building blocks, such as saving state, publishing an event or creating an actor, through a typed, language API rather than calling the http/gRPC API. This enables you to write a combination of stateless and stateful functions and actors all in the language of their choice. And because these SDKs share the Dapr runtime, you get cross-language actor and functions support.

SDKs

Dapr in Standalone version.

I’m using Windows Insider Build version 21277-RS with Docker for Windows Edge and Visual Studio Code.

Docker for Windows Edge Version Running.

Because Docker for Windows Edge support WSL2 Engine and Visual Studio Code too, brought me to an idea to build dapr into Ubuntu 20.04 WSL Distro on my Windows Insiders 21277 RS version on my Surface Book 3. There for you must activate the WSL2 integration with my default WSL distro Ubuntu-20.04.

Docker for Windows WSL 2 Integration.

In your Ubuntu-20.04 WSL2 version, you can install Dapr into your linux distro, more information you find here on dapr.io

Microsoft Windows Subsystem for Linux Installation Guide for Windows 10 with all kind of Linux distro’s 

Dapr init ( in the Ubuntu-20.04 WSL2 Linux distro )

Here you find the Dapr dev environment installation types for Dapr init, I did the standalone version. Dapr makes then the following containers :

Dapr Containers.

Then we have the following running :

  • Dapr Dashboard
  • Zipkin

Zipkin is a distributed tracing system. It helps gather timing data needed to troubleshoot latency problems in service architectures. Features include both the collection and lookup of this data.

Zipkin Traces

Dapr Dashboard

Now we have Dapr running in the WSL2 Ubuntu-20.04 distro, you can use Visual Studio Code on Windows Insiders using Remote WSL and work with your favourite dapr SDK like the list above 😉

Dapr Extension in VSCode

From here you can work with your dapr application.

In this guide dapr is running with Docker containers, but you can also install it on Kubernetes or K8s, AKS, Azure any where, see this overview :

Dapr with Kubenetes Containers.

Dapr Overview.

Important Note : Dapr is now production ready with version 1.0 ! Developers, DevOps, AzOps, you can start with it and Build and Test your own microservices and Container apps !  Hope you are having fun with it too 😉

 

 


Leave a comment

Happy Holidays and I wish you a Healthy 2021 #Azure #Cloud #MVPBuzz #Winserv #Security #Healthcare

It’s a year full of misery with the Covid-19 virus around the world. People who lose their loved one, It’s a very sad time for all of us! Microsoft technologies are still going on strong with new features in Azure Cloud Services but also supporting the people who are working in the healthcare, data analytics, Microsoft Teams for Collaboration and much more. But what I want to say to all HealthCare people over the world : THANK YOU SO MUCH FOR ALL THE WORK YOU DO 👍
I have deep respect for you all !
Community, Microsoft Product Teams, MVP Lead, WIndows Insiders, I wish you and your family happy holidays and a Healthy 2021 with lot of Success! 🎄😍

 


Leave a comment

Windows Admin Center and The Container Extension #WAC #Containers #Winserv

Windows Admin Center

Windows Admin Center is a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure, as well as Windows 10 PCs. It comes at no additional cost beyond Windows and is ready to use in production. If you want to work more secure with Windows Server Core images without the GUI or with Microsoft Azure Stack HCI operating system then Windows Admin Center is the tool for the Administrator to manage your workloads on-premises or in the Cloud. You have one web based interface for all your Server consoles (MMC) to manage your Hybrid Datacenter.
Here you can read more about Microsoft Windows Admin Center and download the free software.

Get the best with Windows Admin Center Extensions

Windows Admin Center and the Container Extension

When you have installed Microsoft Windows Admin Center you can configure the settings and extensions for your environment. When you want the benefits of the Microsoft azure Cloud Services you can configure your Azure subscription and add the extensions to your Windows Admin Center. There are also Third Party extensions like Dell, DataOn, Fujitsu and more.
Here you find more information about how extensions work.

Container Extension

In the following step-by-step guide we will work with the Container Extension of Windows Admin Center on a Windows Server 2019. You have already added the server in WAC and installed the Container extension. In my MVPLAB.CLOUD is that Windows Server 2019 datacenter Starship01.mvplab.cloud. When you open the server you will come in the Overview of the Windows Server:

Click on Containers.

Click on Install for the Docker installation on Starship01.mvplab.cloud.

This will install Docker on the Windows Server 2019 and reboot when it’s ready to use for Containers. From this moment you can work with Windows Containers on the host via Windows Admin Center.

Remote Desktop in Windows Admin Center, the docker host is installed with the Windows Filter by default.

When you want to use Docker Linux Containers with Windows Server 2019 host, you have to configure the Linux kit LCOW with a distro on the host. More info here

Containers on Starship01.mvplab.cloud

To start with containers you can create your own, or pull an image from Docker Hub with Windows Admin Center. In my case I pull Windows Server 2019 ltsc with IIS image.

mcr.microsoft.com/windows/servercore/iis  (Image)

windowsservercore-ltsc2019 (Tag)

Click then on Pull.

Select your image and click on Run.
Give your Container a name and set your settings.

Click on Run.

Click on Containers tab and you will see your running Container

More details you see the IP-Address of the Container.

IIS is running on Windows Server 2019 ltsc in a Docker Windows Container.
That was easy right 😉

Making your Own Docker file with Windows Admin Center Container Extension

When you have your own Github repository with your software, you can make your own docker file and make a docker image on your host for deployment. To show this I have used this sample on Microsoft docs, but you can clone also a github repository and copy the dockerfile on the host.

I copied the dockerfile on the host C:\BuildImage.

—————

# Sample Dockerfile

# Indicates that the windowsservercore image will be used as the base image.
FROM mcr.microsoft.com/windows/servercore:ltsc2019

# Metadata indicating an image maintainer.
LABEL maintainer=”jshelton@contoso.com”

# Uses dism.exe to install the IIS role.
RUN dism.exe /online /enable-feature /all /featurename:iis-webserver /NoRestart

# Creates an HTML file and adds content to this file.
RUN echo “Hello World – Dockerfile” > c:\inetpub\wwwroot\index.html

# Sets a command or process that will run each time a container is run from the new image.
CMD [ “cmd” ]


Here is the Microsoft docs website

Image Creation in progress

New Image Created with Windows Admin Center

Running your Own Container image

Container “Hello World – Dockerfile” running

Conclusion :

In Windows Admin Center comes ITpro world and DevOps world Together in One web based console like with the Container extension. Microsoft is developing really fast in Windows Admin Center to get all the right Feature for ITPro, DevOps and SecOps Administrators in one place. Awesome are the Windows Admin Center Extensions, developers makes these better and better to do the job for Administrators 🚀
Windows Server 2019 Core and Azure Stack HCI are Operating systems without a GUI, and with Windows Admin Center they are really good to manage, update and keeping in control of security.
I like Windows Admin Center a lot and it Rocks for managing your hybrid Datacenter 😉

Send your comments and feedback via Microsoft GitHub repo by opening a new issue for the Container Extension. Follow @vrapolinario on Twitter

 

You can Follow Windows Admin Center here on Twitter : @servermgmt


Leave a comment

JOIN #Microsoft Inspire 2020 Global Event July 21-22 #MSInspire #Azure #AzureStack #Cloud #MVPBuzz #Innovation

Microsoft Inspire 2020 Global Event 🚀

Innovation. Leadership. Partnership.

Now is the time. Join your global partner community for the Microsoft Inspire digital event experience. Register today and get ready to extend your partner network as we explore what’s coming in the year ahead and work together to find shared solutions for our customers. Join Microsoft Inspire 2020 Global Event on July 21-22 Now at no Cost!

You will be Inspired by Microsoft New Technologies and Innovations !