With Microsoft Prerelease Software like Windows Server Insider Preview Builds, you can experience and test the new features in your Test environment before it’s GA and in your production datacenter(s). First you have to register for the Windows Server Insider program here
Then you can download the Windows Server Insider Preview Build.
I’m updating my mvplab.local domain.
With this you can Build your own test environment and experience the new features in Windows Server Insider Preview Builds.
The Microsoft Windows Server Insider Team is also on Microsoft Tech Community.
Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only.
Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only.
Microsoft Server Languages and Optional Features Preview
Keys: Keys are valid for preview builds only
Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH
Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67
Azure Edition does not accept a key
Expiration: This Windows Server Preview will expire September 15, 2023.
Installing Windows Server Insider Preview Build 25314
For the Microsoft Product Group it’s important to give your feedback when you have ideas or experience some issues with these Windows Server Insider Preview Builds. Here you find more information about the Feedback Hub.
With this you can build great Hybrid Solutions with Windows Server Insider Preview Build Clusters which is connected with
Microsoft Azure Arc Services for Azure Hybrid IT Solutions. In this way you can test new experiences before you go into production and learn a lot of what you can do! Here you can read more about Azure Arc enabled Servers
My Domain Controller is Up-to-date with the Newest Windows Server Insider Preview Build 25314 for now 😉
With Windows Server Insider Preview Build you can make your own environment, with your own domain, Clusters, Hybrid Servers or build your environment for Containers. You can experience and test for example Windows Server Insider Preview Azure edition with Hot Patching feature on. Start today with Microsoft Windows Server Insider Preview Builds and Share your feedback with Microsoft.
When you have your Servers Azure Arc enabled, you will work with Azure Arc extensions to work with Azure hybrid features like Defender for Cloud, Azure Monitor, Windows Admin Center and more. For each Azure Arc extension you can get updates, and it’s important to keep them up-to-date for new functionality and security. You have Azure Arc extensions for Windows Servers but also for Linux Servers.
Some of the Azure Arc extensions will automatic upgrade when you have enabled it and some must go manually from the Azure Portal.
More information about Azure Arc extensions you can find them here
In the next steps you will see the Update management of the Azure Arc enabled extensions :
Here I update one extension.
Inside the WindowsOsUpdateExtension
Here you can see that the WindowsOsUpdateExtension is up-to-date
and Status Succeeded
On the right of this screenshot you see Automatic Upgrade and some extensions are enabled, but some are not supported.
That’s why it’s important to check these updates.
Here you can see in the Status that two Azure Arc extensions are updating
And sometimes it failed to update.
But you can see what you can do best with this failed Status.
Here you see the error message and the Tips.
And when you can’t fix it yourself you can make a Support ticket right away.
Here you can see that all the Azure Arc extensions are updated successfully
So I selected all my Azure Arc enabled Servers and updated them all.
Conclusion
With Microsoft Azure Arc enabled Servers you have do some IT management to keep your Azure Arc extensions up-to-date.
I did this without rebooting Servers, just from the Azure Portal update Azure Arc extension.
Here you find more information about Microsoft Azure Arc for Azure Hybrid IT
I like to thank you Community for Supporting, Sharing and Reading New Microsoft technologies on my Blog, Twitter, Facebook and
LinkedIn Community Groups 💗 I wish you all happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! 🎄🥂
I’m very proud and Honored on the Microsoft Global MVP Awards 2022-2023 !
MVP Award for Cloud and Datacenter Management
MVP Award for Windows Insiders
MVP Award for Azure Hybrid
Thank you Microsoft Product Groups, MVP Award Program, Windows Insider Team, Azure Hybrid Team, Windows Server and Azure Stack HCI Team for all your support, NDA PGI sessions, and for the Awesome software, Features, solutions you are building 🙂
Wish you all Happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! 🎄🥂
Here are some Great links for Reading and Sharing :
JOIN these LinkedIn Community Groups for free and Share New Microsoft Technologies Together:
To keep your Business running, It’s important to secure and monitor your data. One of the security measures is doing Vulnerability assessments in your datacenter(s) to see the status and results for remediation. With Microsoft Azure Arc Defender for Cloud you can do a SQL Server vulnerability assessment in your on-premises datacenter or anywhere with the Azure Arc agent running. Here you find more information about Azure Arc enabled SQL Server
Microsoft Defender for Cloud on Azure Arc enabled SQL Server
Here I activated Microsoft Defender for Cloud on Azure Arc enabled SQL Server, and Azure Defender for Cloud is doing a SQL vulnerability assessment to get the security status and results for remediation.
On this same Azure portal page you will see the Vulnerability assessment findings.
When you Open a Vulnerability finding, you get more information and the remediation for the issue.
Here you see the complete Resource Health of the Azure Arc enabled SQL Server.
Look at the Status of each severity.
Here you see all the vulnerability findings on these four databases.
When you do the remediation you will see the healthy status.
on the Passed tab.
Here I open only the OperationsManager database.
Now you see only the Vulnerability findings on this database.
Here you see a vulnerability finding on the SCOM database with the Remediation 🙂
You can make your Own Workbooks or use them from the Gallery.
Workbook example of Vulnerability Assessment findings.
Conclusion
With Azure Defender for Cloud vulnerability assessment and management you will learn a lot to set your Security Baseline on a higher level in your datacenter(s). Getting the right remediation of Microsoft to solve security issues is Great! You can do your assessments frequently to show your current status on demand. I Really like these Azure Hybrid Tools to make my work easier and the data more secure for the business.
Baseline security is very important to have that in place to keep your Servers more secure in your datacenter. You want Hybrid Servers like Azure Arc enabled servers for example to be secure running in your datacenter. This begins to secure and have up-to-date Server hardware running in your datacenter. Monitor for security updates and install Server hardware based on best practices from the vendor.
Then the Operating System like Windows Server 2022 standard needs the OS Baseline security. This is called:
When your Windows Servers are security compliant by the rules of the company and/or Security Officer, then we can have a look at the Well Architected Framework (WAF) for Azure Arc Enabled Servers. Here you find an
This security baseline applies guidance from the Microsoft cloud security benchmark version 1.0 to Azure Arc-enabled servers. The Microsoft cloud security benchmark provides recommendations on how you can secure your cloud solutions on Azure. The content is grouped by the security controls defined by the Microsoft cloud security benchmark and the related guidance applicable to Azure Arc-enabled servers.
When you have read about Azure Arc Well Architected Framework (WAF) and you have your security in place, we can start with Microsoft Azure Arc.
Before you start implementing Azure Arc, you must have seen this Awesome website of Azure Arc Jumpstart!
The Azure Arc Jumpstart is designed to provide a “zero to hero” experience so you can start working with Azure Arc right away!
The Jumpstart provides step-by-step guides for independent Azure Arc scenarios that incorporate as much automation as possible, detailed screenshots and code samples, and a rich and comprehensive experience while getting started with the Azure Arc platform.
Our goal is for you to have a working Azure Arc environment spun-up in no time so you can focus on the core values of the platform, regardless of where your infrastructure may be, either on-premises or in the cloud.
You can manage your compliance and security policies with Azure Arc enabled Servers, Kubernetes, or SQL Managed instances to make your hybrid solutions with
the Microsoft Azure Cloud in a secure environment. When you work with security by design based on OSI model with 7 security layers and use Microsoft Arc enabled servers, you get also more Azure Hybrid security features like Azure Defender for Cloud, and much more.
Don’t forget the Microsoft Azure Arc Community Monthly Meetup
In the following steps I will install some containers (Pods) on my Azure Arc enabled Kubernetes so I have some data to work with in my MVP LAB. I did that with Microsoft Visual Studio Code and with Helm predefined templates. Install the VSCode and install the Kubernetes extension, more information here
In the following steps we install DAPRand Redis on the Azure Arc enabled Kubernetes.
When you open your Kubernetes Cluster
Click then on Helm Repos
There you see Dapr repo.
Click on version 1.6.0.
Right click on version 1.6.0
Click on Install.
Dapr is installed by default on the Azure Arc enabled Kubernetes.
Type in Powershell : dapr status -k You will see the running pods of Dapr.
Dapr Dashboard is running Important: This is running in a test environment and is now http.
For production you have to make it save! Azure Arc Services and Azure Defender for Containers will help you with that.
But next to these security best practices from the software vendor, we also have Microsoft Azure Arc Security (Preview) on this kubernetes Cluster active. In the following steps you will see Security rules, Fixes and Azure Policies for Azure Arc Kubernetes to make your environment more secure and compliant.
Click on your Azure Arc enabled Kubernetes Cluster
This is my Dockkube. Click then on Security (preview)
Here you see that I don’t have Azure Policy active to be compliant
on my Azure Arc enabled Kubernetes Cluster.
A lot of security issues are managed by policies. Click on View Additional recommendations in Defender for Cloud
See Related recommendation (17)
Here you see all the dependent policies for your Azure Arc enabled Kubernetes Cluster.
Select your Azure Arc Enabled Kubernetes Cluster (Dockkube) Click on Fix
Confirm and click on Fix 1 resource.
Remediation in progress.
Remediation Successful.
It can take some minutes to see your resources in the Healthy state.
Just refresh 😉
In Azure Policy you will see how Compliant you are with your
Azure Arc enabled Kubernetes. Click on the ASC compliance.
Here you see the 10 Policies that are not Compliant.
Select a policy which is not compliant like here Kubernetes Cluster containers should only use allowed images Click on Details
Here you see the Component ID’s on my Azure Arc enabled Kubernetes Cluster
which are not compliant on this policy 😉 See the Tab bar, you are now on Component Compliance
Click on Policies tab
Dubbel click on the policy.
From here you can Assign the policy to your Azure Arc enabled Kubernetes Cluster.
A New example and you can see the Affected Components
on my Azure Arc enabled Kubernetes Cluster Dockkube.
Conclusion
When you work in a DevOps way with Kubernetes containers and microservices, you want them as secure as possible. With application security and best practices from the software vendors. Security monitoring and compliance are important to keep you in control and to keep your environment safe. With Azure Arc enabled Kubernetes you get Azure Defender for Containers and Azure policy for security compliance to your Kubernetes Cluster.
Important: This is still in preview and should not be used in production environment yet until Microsoft makes it General Available for the world. Now you can test it in your test environment like me in my MVPLAB.
Microsoft Azure Arc allows you to manage the following resource types hosted outside of Azure:
Servers: Manage Windows and Linux physical servers and virtual machines hosted outside of Azure.
Kubernetes clusters: Attach and configure Kubernetes clusters running anywhere, with multiple supported distributions.
Azure data services: Run Azure data services on-premises, at the edge, and in public clouds using Kubernetes and the infrastructure of your choice. SQL Managed Instance and PostgreSQL Hyperscale (preview) services are currently available.
SQL Server: Extend Azure services to SQL Server instances hosted outside of Azure.
I have a Kubernetes Cluster enabled with Azure Arc Services in my MVP LAB:
It’s Called Dockkube.
The Kubernetes Cluster is running on-premises and is enabled with Microsoft Azure Arc Services. With that said we get Azure Services available for management in the Cloud in a hybrid way. In the following step by step guide we activate Azure Monitor Insights for Containers on the Azure Arc enabled Kubernetes Cluster.
Container Insights Alerts / Actions on Azure Arc Enabled Kubernetes
Dockkube Insights
When you open Dockkube Azure Arc enabled Kubernetes, you will see on the left Monitoring Insights.
Then you have the options :
What’s New
Cluster
Nodes
Controllers
Containers.
Click on Containers, and you will see all the containers on the Azure Arc enabled kubernetes.
Then you have recommended Alerts (Preview) at the top, when you Click on it you will see all the predefined recommended alerts in preview. I have selected Node CPU % and Enabled the alert. With that you see on the above screenshot there is no action group assigned. That is the next step, click on No Action Group Assigned.
Click on Create a new action group.
Select the Azure Subscription, Resource group and give the
Action Group a name.
Click on Next: Notifications
Here you can select your type of Alert communication.
I have selected the option Email.
Setting the Name : Dock Kube Notify.
The next step you can select an action type :
Automation Runbook
Azure Function
Event Hub
ITSM
Logic App
Secure webhook
Webhook
In my MVP LAB, I don’t need an action but just a notification by email.
You can set a TAG here
Before you create the Alert rule with the action group, you get the option
to test the action group.
Click on Test Action Group.
Select a sample type.
I did Resource health alert
Click on Test.
The test is running.
I’m getting the Alert email in my box from Microsoft Azure.
Test is successful and click on Done.
Click on Create
Select the Action group for me is that DockKube CPU.
Click on Apply to Rule.
Now this Alert is active on my Azure Arc enabled Kubernetes 😉
When you go to Alert Rules, you will see the new Alert rule.
Here you can modify it if necessary.
For example, I want the severity from 3 Information to 2 Warning.
I made a severity 2 Warning.
Don’t forget to click on Save at the left top.
More Container Insights information on Microsoft docs :
Microsoft Azure Arc enabled kubernetes is Awesome for management in a hybrid way. I just showed you the power of Alert rules with action groups from the Azure Cloud to get Container Insights. Of course there are more Azure features for your Azure Arc enabled Kubernetes like Security (Preview) Kubernetes Resources, Policies, Gitops and more. Making your own dashboard with Container Insight information. Go for hybrid IT Management with Azure Arc enabled Kubernetes!
I’m working with Windows Admin Center every day to manage our datacenter and to mange my MVP LAB. When you have to install Windows Server Core
or Microsoft Azure Stack HCI Operating system, then Windows Admin Center is the right tool for you as an Administrator. You can use all the Server Manager tools via WAC
and you don’t have to work with Command-line tools only like CMD and PowerShell.
In my MVP LAB I have a Microsoft Windows Server 2022 Datacenter Edition Hyper-V Host, and I like to make a Docker Host Server for my Containers.
With Windows Admin Center it’s easy to roll out a Docker host Server for your Containers.
In the following steps I will Install a Docker Host Server on Windows Server 2022.
Open Windows Admin Center and connect to your Server.
I Have Container Extension installed version 1.150.0
Click on Containers and Click on Install Windows Admin Center will Restart your Server for the Docker Installation!
Hang on while Docker Host will be Installed on Windows Server 2022.
Docker Host Installed Successfully.
Docker Host Container Overview Screen on Windows Server 2022.
From here you can Pull containers images to the Docker Host.
This is what I did but…..
Instead of pulling a Container Image you can also Create your Own Container Image.
Here I’m Pulling a ASP.NET Container Image from Microsoft.
Pulled Container Image Successfully.
The ASP.NET Container Image is now Available on the Docker Host.
Select the Container Image and Click on Run.
Give the Docker Container a name.
You can Manage the ports,
Hyper-V Isolation,
Memory,
CPU
And add addition Docker Run options,
Click on Run.
The ASP.NET Docker Container is running on Windows Server 2022.
When you Click on the running Container you will get options like :
Stats, Details, Logs, Console and Events.
When you Click on Console you will go remote by PowerShell to the Docker Host.
Here you got all the Docker commands 😉
And of course when you want to develop Containers as a developer you can use Microsoft Visual Studio Code as well.
(I’m using Visual Studio Code Insiders version in my MVP LAB)
Microsoft Azure Container Instances
Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.
Azure Container Instances is a great solution for any scenario that can operate in isolated containers, including simple applications, task automation, and build jobs. For scenarios where you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, we recommend Azure Kubernetes Service (AKS).
For my MVP LAB Azure Container Instances (ACI) is a great way to run Containers fast in the Cloud and have a overview with Windows Admin Center for :
Here you have a overview of your Azure Container Instances in Windows Admin Center.
In the following steps I will create an Azure Container Instance via the Microsoft Azure Portal and show it in Windows Admin Center. For this you need to integrate Windows Admin Center with your Microsoft Azure Subscription. This you can do in settings of WAC:
When you have your Azure Account active in Windows Admin Center, go to the Microsoft Azure Portal and search for Container instances.
Click on Create Container Instances
Here you set the basics of your Azure Container Instance
Here you set the following items for your Azure Container Instance (ACI) :
Select your Azure Subscription which is integrated with your Microsoft Windows Admin Center.
Select or Create the Resource Group for your Azure Container Instance.
Give your Container a name.
Select the Region in Microsoft Azure where you want your Azure Container Instance to run.
Availability zones to select.
Select your Image Source, I selected Quickstart images of Microsoft, but you can also select your own Container image.
Then select the size for vcpu, memory, gpus for your Azure Container Instance application.
Click on Next for Networking.
I Selected Public for testing but here you can select private too
with your own DNS name Label with the
right ports and protocols.
At Advanced settings you can configure additional container properties and variables
here you can TAG the Owner of the Azure Container Instance.
Click on Review + Create.
Now you can Click Create or Download the template for Automation.
Have a look at the Options here what you can do with the Template from here.
Microsoft Azure Container Instance is Deployed and running.
Nginx Container Instance is running on Azure.
Now we have the Microsoft Azure Container Instance with Nginx running in the Cloud, we can see that in Windows Admin Center.
Azure Container Instance in Windows Admin Center in running state.
When you don’t need it anymore you can end it here or in the Azure Portal.
Azure Container Instance is stopped by Windows Admin Center.
Run your Own Azure Container Instances from the ACR via
Windows Admin Center.
Manage Kubernetes Clusters and Containers with Windows Admin Center
Azure Kubernetes Service (AKS) on Azure Stack HCI is an on-premises implementation of Azure Kubernetes Service, which automates running containerized applications at scale. Azure Kubernetes Service is available on Azure Stack HCI, Windows Server 2019 Datacenter, and Windows Server 2022 Datacenter, making it quicker to get started hosting Linux and Windows containers in your datacenter. This is the High Available Container Solution on-premises from Microsoft, where you can run Containers and microservices in a isolated way in your datacenter with your DevOps Team. But you can also make your Azure Stack HCI Cluster hybrid with Azure integration and Azure Arc Services to benefit of Azure Hybrid Services.
Create your Own locally Azure Stack HCI Cluster with Azure Kubernetes Services
Conclusion
Microsoft product team of Windows Admin Center | Windows Server | Azure Stack HCI are working hard to make the Windows Admin Center Tool better and better to install and manage Container / microservices solutions. With Microsoft Azure extensions in Windows Admin Center and Azure Arc Services, Microsoft features from the Azure Cloud becomes available for your Containers like Azure Defender for Cloud with Container Insights, Azure Monitor, Azure App Services and much more.
Windows Admin Center is a Great Server Manager tool for your Windows Servers in your Datacenter. Especially when you use Windows Server Core or Azure Stack HCI.
Hope you started year 2022 in Good Health in a difficult pandemic time.
Starting 2022 by asking yourself, how is your Security by Design doing in 2022
Your Security is one of the most important aspects of any architecture for your Business.
It provides confidentiality, integrity, and availability assurances against attacks and abuse of your valuable data and systems. Losing these assurances can negatively impact your business operations and revenue, and your organization’s reputation.
Here you find Awesome information about Applying security principles to your architecture to protect against attacks on your data and systems:
Security recommendations that are in private preview
Programmatic remediation tools for security recommendations
PowerShell scripts for programmatic management
Azure Policy custom definitions for at-scale management of Microsoft Defender for Cloud
Logic App templates that work with Defender for Cloud’s Logic App connectors (to automate response to Security alerts and recommendations)
Logic App templates that help you run regular tasks or reports within the scope of Microsoft Defender for Cloud
Custom workbooks to visualize Defender for Cloud data
Become a Microsoft Defender for Cloud Ninja
Security and Learning is a ongoing process, I always say Learning on the Job 😉 is important to keep Up-to-Date every day of the week. Microsoft Tech Community platform and Microsoft Learning can support you to get the knowledge.
Microsoft and the community has a lot of good security information to start with for your Data and Systems to keep your business solution as save as possible. Here they write New blogposts for the community about Defender for Cloud
Keep in Mind “Security is only as strong as the weakest component in the Chain”
So keep your Security up-to-date and do assessments on vulnerabilities to keep your data and systems secure. Monitoring => Alerting => Remediation is 24/7/365 Process with Security people in the business.
Cloud and Datacenter Management Blog 