Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Security by Design with #Azure Security Center and Azure Defender #ASC #Security #SecOps

Azure Architecture

Security by Design is increasingly becoming the mainstream development approach to ensure security of software systems. Security architectural design decisions are based on well-known security tactics, and patterns defined as reusable techniques for achieving specific quality concerns. In the following steps we will make a security baseline for Windows Servers with different tools.

1.Microsoft Security Compliance Toolkit

The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs).  Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects. A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. A lot of hacks are based on registry settings, so that’s why Windows Server Security Baseline is important.
You can download the Microsoft Security Compliance Toolkit here

2. Windows Defender Firewall with Advanced Security

Windows Defender Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Defender Firewall blocks unauthorized network traffic flowing into or out of the local device. Windows Defender Firewall also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Defender Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Defender Firewall, so Windows Defender Firewall is also an important part of your network’s isolation strategy. So set only the firewall ports you need end to end.

Windows Security Setting Firewall & Network Protection
Select Advanced settings

Windows Defender Firewall Advanced settings
Set only active what you need!

3. Windows Defender Security Virus & Threat Protection

Schedule a Full Scan in the Night for Threats
and Set the Windows Security options.
Keep your Defender and Virus definition files up-to-date.

4. Windows Updates

When your Windows Server is ready for production, you have to keep it Up-to-Date with Windows Updates. It’s not only the Windows Security patches, but all the software that’s running on your Server. One software leak is enough for a hacker to compromise your Server.

Windows Updates

Have a look at the Microsoft Update Catalog

Lot of Companies are using Microsoft WSUS Services or Microsoft Endpoint Configuration Manager to deploy the software Life cycle Management Security updates to Servers to keep them secure as possible. These are not only Microsoft Security Updates but also from third party Software vendors, like adobe, Google, etc.

5. Security Monitoring and Remediation

This Cycle is important for Security!

IT departments have multiple teams with different disciplines, so when the Windows Server is ready
for the Administrator it goes to the Application Admin in a different IT Team. They will install the Application software and maybe
some software connections with other Servers by a third IT Team. To get in control of those security steps is important, because when a IT Consultant of a third party vendor is installing old legacy software you will have hacker leaks again and that’s making your Server vulnerable. Here is where Azure Security Center and Azure Defender will support you in monitoring and remediation of security issues.

It doesn’t matter where your Windows Server is installed, in Azure Cloud or On-premises in your datacenter, it can connect securely via internet for monitoring the Server. When it’s on-premises you can install the Microsoft Arc agent

Microsoft Azure Arc Connected Machine Agent.

Azure Arc enabled Server from On-premises

When the Microsoft Azure Arc Agent is installed on the Server, you can use these Azure Services for example :

  • Azure Update Management
  • Azure Monitoring
  • Azure Security Center with Azure Defender
  • Azure Policies for Compliance
  • Change Tracking and Inventory
  • Insights
  • Automation of Tasks

These Microsoft Azure features are supporting you to keep your Server as safe as possible and your security Up-to-Date.

From here you can add the Windows Server to Microsoft Azure Security Center with the right log analytics workspace.

Microsoft Azure Security Center Recommendations

Remediate Security Configurations on the Arc enabled Server

Remediation of Vulnerabilities on your Windows Server (Arc Enabled)

Azure Defender is a built-in tool that provides threat protection for workloads running in Azure, on premises, and in other clouds. Integrated with Azure Security Center, Azure Defender protects your hybrid data, cloud-native services, and servers and integrates with your existing security workflows, such as SIEM solutions and vast Microsoft threat intelligence, to streamline threat mitigation.

Workflow of Azure Defender for Vulnerability Scanning.

When Azure Security Center and Azure Defender are installed, you can do a Vulnerability Assessment on your Azure Arc enabled Server which is on-premises datacenter before your Windows Server is going in Production.

Vulnerabilities after Assessment on Windows Server with Arc enabled with remediation
This happens a lot when there is third party software installed on the Server.

To get a list of your high security vulnerabilities, you can use the Azure Resource Graph explorer.

Azure Resource Graph Explorer
Here you can download your high risks into a CSV or Pin to a Dashboard.

6. Compliance and Security Policies

Learn how Microsoft products and services help your organization meet regulatory compliance standards.
When you have to manage a lot of Windows Servers or Linux Servers, you want them compliant with the right security policies.

Here you find all the Microsoft Compliance Offerings

Regulatory Compliance of your environment.

With Azure Security Policy you can configure your Compliance.

in the following steps you will see an Sample alert :

Sample Alerts with Mitre ATT&CK Tactics

Take Action on the Security Alert.

Related entities

Mitigate the Threat
Prevent future attacks
Trigger automated response
or
Suppress similar Alerts.

Security by Design Conclusion

Before you begin with deploying Windows Servers in your datacenter or in the Azure Cloud, it’s good to make a High Level design with your security set for the right compliance of your new Windows Server. You can use all the security On-Premises for Windows Server but with Azure Security Center, Azure Monitor, Azure Arc Services, Azure Defender you get all the security Insights and remediation options when a vulnerability is discovered. Windows Server and Azure Security Center is better together for Security Management.

Microsoft Security

If you want to keep your Windows Servers secure as possible, you need to keep doing these steps above. Continuous Monitoring and remediate vulnerabilities is a on-going process for SecOps and Administrators. Make it hackers difficult to add ransomware on your Servers.  One more important IT Service, is your Backup / Disaster Recovery solution. This should be secure from hackers and from ransomware encryption. I always say think of this rule :

More information

Microsoft Azure Security Center on GitHub

Overview of the Azure Security Benchmark (V2)

Become an Azure Security Center Ninja

Azure Security Center in the Field by Yuri Diogenes

Introduction to Azure Defender

Join the Microsoft Azure Monitor & Security for Hybrid IT Community Group on LinkedIn

 


Leave a comment

Windows Admin Center v2103 Available! What’s New #Winserv #Azure #Management #WindowsAdminCenter #MVPBuzz

Windows Admin Center v2103

With Windows Admin Center you can remotely manage Windows Server running anywhere—physical, virtual, on-premises, in Azure, or in a hosted environment.
The tool, available with your Windows Server license at no additional charge, consolidates and reimagines Windows OS tools in a single, browser-based, graphical user interface.
At Microsoft Ignite 2021 Global Virtual Event they launched Windows Admin Center version 2103. Here you find the download.

What’s New in Windows Admin Center v2103

WAC Updates Automatically

Events Tool ReDesign (Preview)

Great Overview of the Server Events 😉

Azure IoT Edge for Linux on Windows

Windows Admin Center in The Azure Portal 

Set Proxy Server in Windows Admin Center Settings.

Open in a Separate Window

This is a Separate Window on my Second Screen, this works Awesome!

Windows Admin Center Virtual Tool improvements 🙂

Conclusion

Microsoft is working hard to make Hybrid IT Management better for Administrators to manage Hybrid Cloud datacenters. Windows Admin Center is a must have for managing
Windows Server Core, AzureStack HCI, and Cluster Services. I can say: I love to work with Windows Admin Center 🙂

 

When you have feedback for the Product Team please do that here at User Voice


Leave a comment

Today is Microsoft Ignite 2021 Event of the Year #MSIgnite #Azure #Cloud #AzureStackHCI #Winserv and More

JOIN Microsoft Ignite 2021 Event

You don’t want to miss this Live Awesome Virtual Global Event of Microsoft 😉


Leave a comment

Windows Server 2022 Insider Preview Build 10.0.20298 Available! #Winserv #WindowsServer2022 #WIMVP #WindowsInsiders #MSIgnite

Windows Server 2022 Insider Preview Build 10.0.20298

Microsoft Windows Server Insider Team Released Windows Server 2022 Insider Preview Build 10.0.20298, here you find more information on Tech Community

This Build is Available with :

  • Windows Server 2022 Standard (Core)
  • Windows Server 2022 Standard ( Desktop Experience)
  • Windows Server 2022 Datacenter ( Core)
  • Windows Server 2022 Datacenter ( Desktop Experience)

I Installed Windows Server 2022 Insider Preview with Windows Admin Center.

Windows Server 2022 Insider Preview Build 10.0.20298 is Running 😉

And in Control of Windows Admin Center.

Download Windows Server 2022 Insider Preview here

Don’t forget this Awesome session at MSIgnite 2021 Event!

 


Leave a comment

Running #Dapr in WSL2 Ubuntu 20-04 distro in #WindowsInsider Build 21277 RS and #VSCode

Working with Dapr in WSL2 Remote VSCode and Ubuntu 20.04 distro

Dapr is a portable, event-driven runtime that makes it easy for any developer to build resilient, stateless and stateful applications that run on the cloud and edge and embraces the diversity of languages and developer frameworks.

 

Developer language SDKs and frameworks

To make using Dapr more natural for different languages, it also includes language specific SDKs for Go, Java, JavaScript, .NET and Python. These SDKs expose the functionality in the Dapr building blocks, such as saving state, publishing an event or creating an actor, through a typed, language API rather than calling the http/gRPC API. This enables you to write a combination of stateless and stateful functions and actors all in the language of their choice. And because these SDKs share the Dapr runtime, you get cross-language actor and functions support.

SDKs

Dapr in Standalone version.

I’m using Windows Insider Build version 21277-RS with Docker for Windows Edge and Visual Studio Code.

Docker for Windows Edge Version Running.

Because Docker for Windows Edge support WSL2 Engine and Visual Studio Code too, brought me to an idea to build dapr into Ubuntu 20.04 WSL Distro on my Windows Insiders 21277 RS version on my Surface Book 3. There for you must activate the WSL2 integration with my default WSL distro Ubuntu-20.04.

Docker for Windows WSL 2 Integration.

In your Ubuntu-20.04 WSL2 version, you can install Dapr into your linux distro, more information you find here on dapr.io

Microsoft Windows Subsystem for Linux Installation Guide for Windows 10 with all kind of Linux distro’s 

Dapr init ( in the Ubuntu-20.04 WSL2 Linux distro )

Here you find the Dapr dev environment installation types for Dapr init, I did the standalone version. Dapr makes then the following containers :

Dapr Containers.

Then we have the following running :

  • Dapr Dashboard
  • Zipkin

Zipkin is a distributed tracing system. It helps gather timing data needed to troubleshoot latency problems in service architectures. Features include both the collection and lookup of this data.

Zipkin Traces

Dapr Dashboard

Now we have Dapr running in the WSL2 Ubuntu-20.04 distro, you can use Visual Studio Code on Windows Insiders using Remote WSL and work with your favourite dapr SDK like the list above 😉

Dapr Extension in VSCode

From here you can work with your dapr application.

In this guide dapr is running with Docker containers, but you can also install it on Kubernetes or K8s, AKS, Azure any where, see this overview :

Dapr with Kubenetes Containers.

Dapr Overview.

Important Note : Dapr is now production ready with version 1.0 ! Developers, DevOps, AzOps, you can start with it and Build and Test your own microservices and Container apps !  Hope you are having fun with it too 😉

 

 


Leave a comment

Happy Holidays and I wish you a Healthy 2021 #Azure #Cloud #MVPBuzz #Winserv #Security #Healthcare

It’s a year full of misery with the Covid-19 virus around the world. People who lose their loved one, It’s a very sad time for all of us! Microsoft technologies are still going on strong with new features in Azure Cloud Services but also supporting the people who are working in the healthcare, data analytics, Microsoft Teams for Collaboration and much more. But what I want to say to all HealthCare people over the world : THANK YOU SO MUCH FOR ALL THE WORK YOU DO 👍
I have deep respect for you all !
Community, Microsoft Product Teams, MVP Lead, WIndows Insiders, I wish you and your family happy holidays and a Healthy 2021 with lot of Success! 🎄😍

 


Leave a comment

#WindowsAdminCenter – Installing Windows Server version 20H2 Core Build 10.0.19042 #Winserv #HybridIT #Azure

Windows Admin Center Hyper-V Host

Simplify server management

Manage all your server environments with familiar yet modernized tools, such as the reimagined Server Manager and streamlined MMC tools, from a single, browser-based, graphical user interface. Admins can manage Windows Server instances anywhere: on-premises, in Azure, or in any cloud.

Operate hybrid seamlessly

Extend on-premises deployments of Windows Server to the cloud by using the Azure hybrid services found in Windows Admin Center. Use Azure for:

  • Backup and disaster recovery
  • Additional capacity for compute, file servers and storage
  • Centralized management for monitoring, threat protection and update management

You can download Windows Admin Center here

In the following steps we will install Windows Server Core 20H2 version Build 10.0.19042 via Windows Admin Center on my Hyper-V Host called Starship01.mvplab.cloud.
I have Windows Admin Center already running for my MVPLAB with a Windows Server 2019 Hypervisor host. From here I will install a New Windows Server Core 20H2 Machine.

Click in the Left toolbar on Virtual Machines 
and then on Add New

Deployment settings for the New Virtual Machine.

Here we set the following settings :

  • Virtual Machine Name
  • Generation VM ( gen 2 is recommended )
  • The path of the VM settings and Disk
  • Virtual Processors
  • a mark for nested virtualization ( for the Hyper-V feature )
  • Memory
  • Network / Virtual Switch
  • Storage

 

When you Add Storage you can select also the new ISO file for Installation.

I changed the Size of the Operating Disk from 127GB to 50GB
And I selected the path to the Windows Server Core 20H2 ISO.
Then Click on Create.

Windows Admin Center will create the Virtual Machine really fast.

Now the Window Virtual Machine Dark20H2 is created by Windows Admin Center on the Hyper-V Host, we can do the Windows Server Core 20H2 Installation by starting the Virtual Machine.

Before you Start running the VM, have a look at the settings

If you want you can set more Security features here.
You can set Encryption and Security Policy.

Start the Virtual Machine here for Installation of Windows Server Core 20H2
( The ISO is connected )

Installation of Windows Server Core 20H2 version Build 10.0.19042

The virtual Machine is running and now we can connect it via Windows Admin Center to do the installation of Windows Server.

Click on Connect

Use your Windows Admin Center account and mark
for the certificate. Then Click on Connect

Here we see the Console for the Windows Server Installation.

Install Now.

The Windows Server Core 20H2 is Installed.

Of course you can now configure the Machine via SConfig.exe, I only gave the Server name and a static IP address with DNS.

Via Windows Admin Center ( Manage) you can add the Machine to the domain.

Add the Server to the domain with your account and Click on Join

Server will Restart, Click on Yes

Dark20H2 Joined the Domain MVPLAB.CLOUD Successfully

 Adding the Windows Server Core 20H2 to Windows Admin Center

Add Dark20H2.mvplab.cloud to Windows Admin Center.

Of course I want to manage the server with Windows Admin Center and use all the tools I need to securely manage this Server.

Windows Server Core 20H2 in Windows Admin Center.

First thing what I do in my MVPLAB is Windows Updates.

December Updates for Windows Server Core 20H2

Updates Installed Successfully 🙂

Azure Hybrid Services

Azure Hybrid Services

You can extend on-premises deployments of Windows Server to the cloud by using Azure hybrid services. These cloud services provide an array of useful functions, both for extending on-premises into Azure, and for centrally managing from Azure. Think of :

  • Azure Backup Services
  • Azure Monitoring Services
  • Disaster Recovery
  • Azure File Sync Services
  • Azure Security Center / Azure Defender Services

Here you find more information about Azure Hybrid Services

Conclusion

Windows Admin Center is a must have when you have to manage Windows Server Core versions, you don’t have to worry about all the Commands of Windows Server Core. With Windows Admin Center it becomes easy to do the complete installation of the server and this include also all features of Windows Server Core 202H2 Build 10.0.19042. It becomes really powerful when you use it in a Hybrid way by connecting to Microsoft Azure Cloud Services. Earlier I wrote a blogpost about Windows Admin Center and Azure Security Center

I Hope this is useful for you, and start your journey with Windows Admin Center & Windows Server Core versions 😉

JOIN the Windows Admin Center Community Group on LinkedIn


Leave a comment

Deploying Azure Stack HCI Cluster with Windows Admin Center #WAC #AzureStackHCI #WindowsAdminCenter #Hyperv #AKS

Azure Stack HCI is a Hyper-Converged Infrastructure (HCI) cluster solution that hosts virtualized Windows and Linux workloads and their storage in a hybrid on-premises environment. Azure hybrid services enhance the cluster with capabilities such as cloud-based monitoring, Site Recovery, and VM backups, as well as a central view of all of your Azure Stack HCI deployments in the Azure portal. You can manage the cluster with your existing tools including Windows Admin Center, System Center, and PowerShell.

Azure Stack HCI, version 20H2 is a new operating system now in Public Preview and available for download. It’s intended for on-premises clusters running virtualized workloads, with hybrid-cloud connections built-in. As such, Azure Stack HCI is delivered as an Azure service and billed on an Azure subscription. Azure Stack HCI also now includes the ability to host the Azure Kubernetes Service; for details, see Azure Kubernetes Service on Azure Stack HCI.

Get Started with Azure Stack HCI and Windows Admin Center

Windows Admin Center is a locally deployed, browser-based app for managing Azure Stack HCI. The simplest way to install Windows Admin Center is on a local management PC (desktop mode), although you can also install it on a server (service mode).

If you install Windows Admin Center on a server, tasks that require CredSSP, such as cluster creation and installing updates and extensions, require using an account that’s a member of the Gateway Administrators group on the Windows Admin Center server. For more information, see the first two sections of Configure User Access Control and Permissions.

Before you begin, you have to know that Azure Stack HCI is still in Preview and not for Production usage ready. But I’m installing it in my MVPLAB for testing purpose only and learn all the New Features.

What’s New in Azure Stack HCI

Clusters running Azure Stack HCI, version 20H2 have the following new features as compared to Windows Server 2019-based solutions:

  • New capabilities in Windows Admin Center: With the ability to create and update hyper-converged clusters via an intuitive UI, Azure Stack HCI is easier than ever to use.
  • Stretched clusters for automatic failover: Multi-site clustering with Storage Replica replication and automatic VM failover provides native disaster recovery and business continuity to clusters that use Storage Spaces Direct.
  • Affinity and anti-affinity rules: These can be used similarly to how Azure uses Availability Zones to keep VMs and storage together or apart in clusters with multiple fault domains, such as stretched clusters.
  • Azure portal integration: The Azure portal experience for Azure Stack HCI is designed to view all of your Azure Stack HCI clusters across the globe, with new features in development.
  • GPU acceleration for high-performance workloads: AI/ML applications can benefit from boosting performance with GPUs.
  • BitLocker encryption: You can now use BitLocker to encrypt the contents of data volumes on Azure Stack HCI, helping government and other customers stay compliant with standards such as FIPS 140-2 and HIPAA.
  • Improved Storage Spaces Direct volume repair speed: Repair volumes quickly and seamlessly.

In the Following Step-by-Step guide we install Azure Stack HCI Cluster with Windows Admin Center.

 

Click on Add and then Create New Server Cluster.

Choose for Azure Stack HCI.

Here you can also choose for both Azure Stack HCI nodes are in the same Site or you have more Azure Stack HCI Nodes in Two Sites for disaster Recovery and Business Continuity.
In my MVPLAB I have all Azure Stack HCI nodes in One Site. More information about Microsoft Azure Stack HCI Stretching Clusters can be found here.

Prerequisites before you begin with Windows Admin Center wizard for Creating Azure Stack HCI Cluster.

This is what I like about Windows Admin Center, supporting you in all steps and choices for making an Azure Stack HCI Cluster with Storage Spaces Direct.

 

Specify your administrator Account and password and add the Azure Stack HCI Node Servers

Add the Nodes to the Domain.

Install Required Features on the Azure Stack HCI Node Servers

Install Updates on the Azure Stack HCI Node Servers

Here you get options from your hardware vendor
I don’t get this because it’s virtual.

Restart the Azure Stack HCI Node Servers and Click Next Networking

Networking adapters are UP and Running.

When you have Enough Nics in your Azure Stack HCI Node Server, you can choose here for a Teamed Management NIC.
I choose for a single management NIC.
Plan your Azure Stack HCI Node network

Configure your Production and Storage network

Here you can configure different Switches for your workloads.
Windows Admin Center will work with Software Defined Networking (SDN)
I Skipped this in my MVPLAB.

Before creating the Azure Stack HCI Cluster, we have to Validate the Cluster first.

When the Cluster Validation is done, you can download the Cluster Validation report.

Here we give the Cluster a Name and a static IP.
Click Create Cluster.

Microsoft Azure Stack HCI Cluster is created 😉
Click Next for Storage.

Click Next

I Got some small disks Click Next.

Storage is validated and suitable for Storage Spaces Direct.

Storage Spaces Direct is enabled on your Azure Stack HCI Cluster.
Click Next for SDN

Here you can configure the Network Controller for the Azure Stack HCI Cluster

Done your Azure Stack HCI Cluster is made 🙂

Here we have the Dashboard in Windows Admin Center of my Azure Stack HCI Cluster

Management of your Azure Stack HCI Cluster

Managing your Azure Stack HCI Cluster with Windows Admin Center is important, because I have connected WAC with my Azure Subscription I can use Azure Monitor.
From here the Cluster is also connected with my Analytics workspace of Azure Monitor.

Azure Stack HCI Cluster Nodes connected with Azure Monitor.

With Windows Admin Center you can manage the Azure Stack HCI updates with Cluster Aware Updating (CAU) without any downtime for your workloads.


Start Cluster Aware Updating

Click on Install

One Azure Stack HCI Node is waiting and the other is Installing.

Now the other Azure Stack HCI Node is Installing the Update.

Updates Succeeded on both Azure Stack HCI Nodes.

Microsoft Azure Stack HCI Cluster is Running

Create your Virtual Machine on Azure Stack HCI Cluster.

Conclusion

Windows Admin Center supports you all the way for making your Microsoft Azure Stack HCI Cluster in easy steps deployment wizard. Of course you can make also your own PowerShell deployment scripts when you have to make more Azure Stack HCI Clusters for different platforms like Deploying virtual machines or AKS Kubernetes Clusters for Container Applications or a SQL environment.
Here you find more information about PowerShell commands

After deploying Azure Stack HCI Clusters with your own PowerShell Script, you can add the Cluster into Windows Admin Center for IT Management.
The Installation time of the Cluster is really fast. I hope this will give you more inside information about the Preview of Microsoft Azure Stack HCI Cluster and Windows Admin Center better Together!
Next Step is AKS Kubernetes on Azure Stack HCI 😉

Kubernetes Containers on your Azure Stack HCI


Leave a comment

Windows Admin Center with Azure Security Center integration #ASC #WindowsAdminCenter #Winserv #Azure

Windows Admin Center for Hybrid IT Management

As an Administrator, I like to work with Microsoft Windows Admin Center, It’s a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure, as well as Windows 10 PCs. You can download Windows Admin Center here and use it for Free in your Production environment. What is Windows Admin Center? What are my benefits? Here you see Windows Admin Center Architecture how it works.

Windows Admin Center Architecture.

So you can use Windows Admin Center everywhere, you can Install it on a Server on-premises without any internet connections, or in a hybrid way with a internet connection for Cloud
services integrations like Azure Backup, Azure Security Center, Azure Monitor or Azure File Sync and to manage your Virtual Machines in the Cloud.
Microsoft is now busy with Windows Admin Center in the Azure Portal in Preview to manage your Hybrid Datacenter. Here you find a blogpost about it in the Microsoft Tech Community.

Manage Internet Access in Windows Admin Center.

Datacenter Administrators want to manage Windows Servers in an Easy way but it must be secure. Microsoft has some user access options for using Windows Admin Center.
The one I like most is Microsoft Azure MFA (Two-Factor-Authentication) on your Windows Admin Center environment. Here you find more information about User Access WAC.

Choose the right Windows Admin Center installation for your environment:

Windows Admin Center Installation types.
These are Production Ready.

But don’t forget the Microsoft Windows Admin Center in the Azure Portal Preview :

Windows Admin Center in the Azure Portal Preview.

Windows Admin Center | Management | Azure Security Center Integration.

The Power of a Modern Management tool like Windows Admin Center is the Extensions feature to integrate with external Services like Azure Cloud Services, or third party vendors like Dell EMC or HP, Fujitsu, Data-On with great management solutions. An other example of a Windows Admin Center Extension are Containers. 

In the following steps you will see how easy it is to manage and integrate Azure Security Center into Windows Admin Center for your Servers.

When you have installed Windows Admin Center, you have to add your Microsoft Azure Subscription into WAC.

Azure Registration in Windows Admin Center.

In the upper right you have the settings icon of Windows Admin Center, from there you can select Azure and do the registration. What it will do is making a API with your Microsoft Azure subscription:

Here you see the Registration in Microsoft Azure.

When that is completed successfully, you can add the Microsoft Azure Services via Extensions in Settings. We are going to Select Azure Security Center.

Install the Microsoft Azure Security Center Extension.

From here you have installed the basics for your Servers, now the Microsoft Azure Security Center feature is added in the left management bar at each Server in Windows Admin Center.
Now we only have to register the Servers into Azure Security Center with Windows Admin Center.

Here you see my MVPLAB Machines.

I have two Azure Stack HCI virtual Machines and I like to know if they are secure. ( Skywalker01 and Skywalker02) I start with the Azure Security Center Installation on Skywalker01 VM.

Azure Stack HCI VM called Skywalker01.mvplab.cloud
Sign into Azure.

Select your Azure Subscription, Create or Use existing workspace.
Select Region, and Create or use existing Resource Group.
Click on Setup.

The Virtual Machine will be added to Azure Security Center.

From here it need some time to do the job with doing assessments, getting the metadata of the server with log analytics. Microsoft Azure Security Center will come with security recommendations like:

Here you can do a Quick Fix and do Remediation.

 

After a view minutes the Security issues are also coming into Windows Admin Center.

Here I get some Security advice in Windows Admin Center for Skywalker01 VM

Here you see the Power of the Azure Cloud with Log Analytics and the
Azure Security Center baselines for Skywalker01 Azure Stack HCI VM.

I forgot Skywalker02 VM to do the monthly security updates and that is a Security Risk too of course :

Skywalker02 Azure Stack HCI VM at High Security Risk.
(No updates)

Of course we have Windows Updates in Windows Admin Center, Just have to select and approve the updates for Skywalker02 to solve this high Risk issue.

Skywalker02 Azure Stack HCI VM Security Risk Solved 😉

Conclusion

In a Hybrid IT world today is Better Together my motto with Windows Admin Center and Microsoft Azure Security Center you have a Great solution. You can make your own Azure Security Center Baseline policy to deploy on your Windows Servers to make them more Secure. Get a High Security Score ! And don’t worry you can add all your Windows Servers into Windows Admin Center if they are on-premises or in the Cloud.
With Azure MFA Two-Factor access authentication, you make your Management tool Windows Admin Center more Secure for your environment. If you don’t use Windows Admin Center yet, start Today !

More Information :

Windows Admin Center on Twitter : @servermgmt

Windows Admin Center Docs 

Windows Admin Center Website

Follow The Windows Admin Center Blog on Microsoft Tech Community

Join the Windows Admin Center Community


Leave a comment

Windows Admin Center and The Container Extension #WAC #Containers #Winserv

Windows Admin Center

Windows Admin Center is a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure, as well as Windows 10 PCs. It comes at no additional cost beyond Windows and is ready to use in production. If you want to work more secure with Windows Server Core images without the GUI or with Microsoft Azure Stack HCI operating system then Windows Admin Center is the tool for the Administrator to manage your workloads on-premises or in the Cloud. You have one web based interface for all your Server consoles (MMC) to manage your Hybrid Datacenter.
Here you can read more about Microsoft Windows Admin Center and download the free software.

Get the best with Windows Admin Center Extensions

Windows Admin Center and the Container Extension

When you have installed Microsoft Windows Admin Center you can configure the settings and extensions for your environment. When you want the benefits of the Microsoft azure Cloud Services you can configure your Azure subscription and add the extensions to your Windows Admin Center. There are also Third Party extensions like Dell, DataOn, Fujitsu and more.
Here you find more information about how extensions work.

Container Extension

In the following step-by-step guide we will work with the Container Extension of Windows Admin Center on a Windows Server 2019. You have already added the server in WAC and installed the Container extension. In my MVPLAB.CLOUD is that Windows Server 2019 datacenter Starship01.mvplab.cloud. When you open the server you will come in the Overview of the Windows Server:

Click on Containers.

Click on Install for the Docker installation on Starship01.mvplab.cloud.

This will install Docker on the Windows Server 2019 and reboot when it’s ready to use for Containers. From this moment you can work with Windows Containers on the host via Windows Admin Center.

Remote Desktop in Windows Admin Center, the docker host is installed with the Windows Filter by default.

When you want to use Docker Linux Containers with Windows Server 2019 host, you have to configure the Linux kit LCOW with a distro on the host. More info here

Containers on Starship01.mvplab.cloud

To start with containers you can create your own, or pull an image from Docker Hub with Windows Admin Center. In my case I pull Windows Server 2019 ltsc with IIS image.

mcr.microsoft.com/windows/servercore/iis  (Image)

windowsservercore-ltsc2019 (Tag)

Click then on Pull.

Select your image and click on Run.
Give your Container a name and set your settings.

Click on Run.

Click on Containers tab and you will see your running Container

More details you see the IP-Address of the Container.

IIS is running on Windows Server 2019 ltsc in a Docker Windows Container.
That was easy right 😉

Making your Own Docker file with Windows Admin Center Container Extension

When you have your own Github repository with your software, you can make your own docker file and make a docker image on your host for deployment. To show this I have used this sample on Microsoft docs, but you can clone also a github repository and copy the dockerfile on the host.

I copied the dockerfile on the host C:\BuildImage.

—————

# Sample Dockerfile

# Indicates that the windowsservercore image will be used as the base image.
FROM mcr.microsoft.com/windows/servercore:ltsc2019

# Metadata indicating an image maintainer.
LABEL maintainer=”jshelton@contoso.com”

# Uses dism.exe to install the IIS role.
RUN dism.exe /online /enable-feature /all /featurename:iis-webserver /NoRestart

# Creates an HTML file and adds content to this file.
RUN echo “Hello World – Dockerfile” > c:\inetpub\wwwroot\index.html

# Sets a command or process that will run each time a container is run from the new image.
CMD [ “cmd” ]


Here is the Microsoft docs website

Image Creation in progress

New Image Created with Windows Admin Center

Running your Own Container image

Container “Hello World – Dockerfile” running

Conclusion :

In Windows Admin Center comes ITpro world and DevOps world Together in One web based console like with the Container extension. Microsoft is developing really fast in Windows Admin Center to get all the right Feature for ITPro, DevOps and SecOps Administrators in one place. Awesome are the Windows Admin Center Extensions, developers makes these better and better to do the job for Administrators 🚀
Windows Server 2019 Core and Azure Stack HCI are Operating systems without a GUI, and with Windows Admin Center they are really good to manage, update and keeping in control of security.
I like Windows Admin Center a lot and it Rocks for managing your hybrid Datacenter 😉

Send your comments and feedback via Microsoft GitHub repo by opening a new issue for the Container Extension. Follow @vrapolinario on Twitter

 

You can Follow Windows Admin Center here on Twitter : @servermgmt