mountainss Cloud and Datacenter Management Blog

Microsoft SystemCenter blogsite about virtualization on-premises and Cloud


Leave a comment

What’s New in Windows Server 2016 version 1709 #Winserv #Hyperv #Containers

Application containers and micro-services

  • The Server Core container image has been further optimized for lift-and-shift scenarios where you can migrate existing code bases or applications into containers with minimal changes, and it’s also 60% smaller.
  • The Nano Server container image is nearly 80% smaller.
    • In the Windows Server Semi-Annual Channel, Nano Server as a container base OS image is decreased from 390 MB to 80 MB.
  • Linux containers with Hyper-V isolation

For more information, see Changes to Nano Server in the next release of Windows Server and Windows Server, version 1709 for developers.

Modern management

Check out Project Honolulu for a simplified, integrated, secure experience to help IT administrators manage core troubleshooting, configuration, and maintenance scenarios. Project Honolulu includes next generation tooling with a simplified, integrated, secure, and extensible interface. Project Honolulu includes an intuitive all-new management experience for managing PCs, Windows servers, Failover Clusters, as well as hyper-converged infrastructure based on Storage Spaces Direct, reducing operational costs.

Compute

Nano Container and Server Core Container: First and foremost, this release is about driving application innovation. Nano Server, or Nano as Host is deprecated and replaced by Nano Container, which is Nano running as a container image.

For more information about containers, see Container Networking Overview.

Server Core as a container (and infrastructure) host, provides better flexibility, density and performance for existing applications under a modernization process and brands new apps developed already using the cloud model.

VM Load Balancing is also improved with OS and Application awareness, ensuring optimal load balancing and application performance. Storage-class memory support for VMs enables NTFS-formatted direct access volumes to be created on non-volatile DIMMs and exposed to Hyper-V VMs. This enables Hyper-V VMs to leverage the low-latency performance benefits of storage-class memory devices.

Storage-class memory support for VMs enables NTFS-formatted direct access volumes to be created on non-volatile DIMMs and exposed to Hyper-V VMs. This enables Hyper-V VMs to leverage the low-latency performance benefits of storage-class memory devices. Virtualized Persistent Memory (vPMEM) is enabled by creating a VHD file (.vhdpmem) on a direct access volume on a host, adding a vPMEM Controller to a VM, and adding the created device (.vhdpmem) to a VM. Using vhdpmem files on direct access volumes on a host to back vPMEM enables allocation flexibility and leverages a familiar management model for adding disks to VMs.

Virtualized Persistent Memory (vPMEM) is enabled by creating a VHD file (.vhdpmem) on a direct access volume on a host, adding a vPMEM Controller to a VM, and adding the created device (.vhdpmem) to a VM. Using vhdpmem files on direct access volumes on a host to back vPMEM enables allocation flexibility and leverages a familiar management model for adding disks to VMs.

Container storage – persistent data volumes on cluster shared volumes (CSV). In Windows Server, version 1709 as well as Windows Server 2016 with the latest updates, we’ve added support for containers to access persistent data volumes located on CSVs, including CSVs on Storage Spaces Direct. This gives the application container persistent access to the volume no matter which cluster node the container instance is running on. For more info, see Container Storage Support with Cluster Shared Volumes (CSV), Storage Spaces Direct (S2D), SMB Global Mapping.

Container storage – persistent data volumes with SMB global mapping. In Windows Server, version 1709 we’ve added support for mapping an SMB file share to a drive letter inside a container – this is called SMB global mapping. This mapped drive is then accessible to all users on the local server so that container I/O on the data volume can go through the mounted drive to the underlying file share. For more info, see Container Storage Support with Cluster Shared Volumes (CSV), Storage Spaces Direct (S2D), SMB Global Mapping.

Security and Assurance

Windows security baselines have been updated for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings and explains their security impact. For more information, and to download the Policy Analyzer tool, see Microsoft Security Compliance Toolkit 1.0.

Network encryption enables you to quickly encrypt network segments on software-defined networking infrastructure to meet security and compliance needs.

Host Guardian Service (HGS) as a shielded VM is enabled. Prior to this release, the recommendation was to deploy a 3-node physical cluster. While this ensures the HGS environment is not compromised by an administrator, it was often cost prohibitive.

Linux as a shielded VM is now supported.

For more information, see Guarded fabric and shielded VMs overview.

Storage

Storage Replica: The disaster recovery protection added by Storage Replica in Windows Server 2016 is now expanded to include:

  • Test failover: the option to mount the destination storage is now possible through the test failover feature. You can mount a snapshot of the replicated storage on destination nodes temporarily for testing or backup purposes. For more information, see Frequently Asked Questions about Storage Replica.
  • Project Honolulu support: Support for graphical management of server to server replication is now available in Project Honolulu. This removes the requirement to use PowerShell to manage a common disaster protection workload.

 

SMB:

  • SMB1 and guest authentication removal: Windows Server, version 1709 no longer installs the SMB1 client and server by default. Additionally, the ability to authenticate as a guest in SMB2 and later is off by default. For more information, review SMBv1 is not installed by default in Windows 10, version 1709 and Windows Server, version 1709.
  • SMB2/SMB3 security and compatibility: Additional options for security and application compatibility were added, including the ability to disable oplocks in SMB2 for legacy applications, as well as require signing or encryption on per-connection basis from a client. For more information, review the SMBShare PowerShell module help.

 

Data Deduplication:

  • Data Deduplication now supports ReFS: You no longer must choose between the advantages of a modern file system with ReFS and the Data Deduplication: now, you can enable Data Deduplication wherever you can enable ReFS. Increase storage efficiency by upwards of 95% with ReFS.
  • DataPort API for optimized ingress/egress to deduplicated volumes: Developers can now take advantage of the knowledge Data Deduplication has about how to store data efficiently to move data between volumes, servers, and clusters efficiently.

Remote Desktop Services (RDS)

RDS is integrated with Azure AD, so customers can leverage Conditional Access policies, Multifactor Authentication, Integrated authentication with other SaaS Apps using Azure AD, and many more. For more information, see Integrate Azure AD Domain Services with your RDS deployment.

For a sneak peek at other exciting changes coming to RDS, see Remote Desktop Services: Updates & upcoming innovations

Networking

Docker’s Routing Mesh is supported. Ingress routing mesh is part of swarm mode, Docker’s built-in orchestration solution for containers. For more information, see Docker’s routing mesh available with Windows Server version 1709.

New features for Docker are available. For more information, see Exciting new things for Docker with Windows Server 1709.

Windows Networking at Parity with Linux for Kubernetes: Windows is now on par with Linux in terms of networking. Customers can deploy mixed-OS, Kubernetes clusters in any environment including Azure, on-premises, and on 3rd-party cloud stacks with the same network primitives and topologies supported on Linux without the need for any workarounds or switch extensions.

Core network stack: Several features of the core network stack are improved. For more information about these features, see Core Network Stack Features in the Creators Update for Windows 10.

  • TCP Fast Open (TFO): Support for TFO has been added to optimize the TCP 3-way handshake process. TFO establishes a secure TFO cookie in the first connection using a standard 3-way handshake. Subsequent connections to the same server use the TFO cookie instead of a 3-way handshake to connect with zero round trip time.
  • CUBIC: Experimental Windows native implementation of CUBIC, a TCP congestion control algorithm is available. The following commands enable or disable CUBIC, respectively.

netsh int tcp set supplemental template=internet congestionprovider=cubic

netsh int tcp set supplemental template=internet congestionprovider=compound

  • Receive Window Autotuning: TCP autotuning logic computes the “receive window” parameter of a TCP connection. High speed and/or long delay connections need this algorithm to achieve good performance characteristics. In this release, the algorithm is modified to use a step function to converge on the maximum receive window value for a given connection.
  • TCP stats API: A new API is introduced called SIO_TCP_INFO. SIO_TCP_INFO allows developers to query rich information on individual TCP connections using a socket option.
  • IPv6: There are multiple improvements in IPv6 in this release.
    • RFC 6106 support: RFC 6106 which allows for DNS configuration through router advertisements (RAs). You can use the following command to enable or disable RFC 6106 support:

netsh int ipv6 set interface <ifindex> rabaseddnsconfig=<enabled | disabled>

  • Flow Labels: Beginning with the Creators Update, outbound TCP and UDP packets over IPv6 have this field set to a hash of the 5-tuple (Src IP, Dst IP, Src Port, Dst Port). This will make IPv6 only datacenters doing load balancing or flow classification more efficient. To enable flowlabels:

netsh int ipv6 set flowlabel=[disabled|enabled] (enabled by default)

netsh int ipv6 set global flowlabel=<enabled | disabled>

  • ISATAP and 6to4: As a step towards future deprecation, the Creators Update will have these technologies disabled by default.
  • Dead Gateway Detection (DGD): The DGD algorithm automatically transitions connections over to another gateway when the current gateway is unreachable. In this release, the algorithm is improved to periodically re-probe the network environment.
  • Test-NetConnection is a built-in cmdlet in Windows PowerShell that performs a variety of network diagnostics. In this release we have enhanced the cmdlet to provide detailed information about both route selection as well as source address selection.

Software Defined Networking

  • Virtual Network Encryption is a new feature that provides the ability for the virtual network traffic to be encrypted between Virtual Machines that communicate with each other within subnets that are marked as “Encryption Enabled”. This feature utilizes Datagram Transport Layer Security (DTLS) on the virtual subnet to encrypt the packets. DTLS provides protection against eavesdropping, tampering and forgery by anyone with access to the physical network.

Windows 10 VPN

  • Pre-Logon Infrastructure Tunnels. By default, Windows 10 VPN does not automatically create Infrastructure Tunnels when users are not logged on to their computer or device. You can configure Windows 10 VPN to automatically create Pre-Logon Infrastructure Tunnels by using the Device Tunnel (prelogon) feature in the VPN profile.
  • Management of Remote Computers and Devices. You can manage Windows 10 VPN clients by configuring the Device Tunnel (prelogon) feature in the VPN profile. In addition, you must configure the VPN connection to dynamically register the IP addresses that are assigned to the VPN interface with internal DNS services.
  • Specify Pre-Logon Gateways. You can specify Pre-Logon Gateways with the Device Tunnel (prelogon) feature in the VPN profile, combined with traffic filters to control which management systems on the corporate network are accessible via the device tunnel.

Release Notes: Important Issues in Windows Server, version 1709

Advertisements


Leave a comment

Watch all those Awesome Microsoft #MSIgnite 2017 video sessions #Azure #AzureStack #MSOMS

Empower IT and developer productivity with Microsoft Azure with @scottgu

Microsoft Azure virtual machine infrastructure innovation and automation

Microsoft Azure Stack Development Kit and why it matters

Manage hybrid cloud and transform your workplace with PowerShell and Azure Automation

See here all the Microsoft Ignite 2017 video sessions

Thank you Microsoft and MVP’s for those Awesome sessions at Ignite 2017


Leave a comment

#Microsoft Azure #CosmosDB Globally Distributed Multi-model Database Service #Cloud #Azure

 

Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service for mission-critical applications. Azure Cosmos DB provides turn-key global distribution, elastic scaling of throughput and storage worldwide, single-digit millisecond latencies at the 99th percentile, five well-defined consistency levels, and guaranteed high availability, all backed by industry-leading SLAs. Azure Cosmos DB automatically indexes data without requiring you to deal with schema and index management. It is multi-model and supports document, key-value, graph, and columnar data models. As a cloud-born service, Azure Cosmos DB is carefully engineered with multi-tenancy and global distribution from the ground up.

5-Minute Quickstarts

Learn how to use Azure Cosmos DB to create a globally distributed database using one of the multi-model APIs:

Microsoft Azure Cosmos DB Documentation

From here you see how simple you can Activate Azure Cosmos DB :

Select Azure Cosmos DB and Create

Creating CosmosDB

From here you can select your Platform and Add Collection.

And do Epic Things in Visual Studio 😉

What really Awesome is to replicate with Microsoft Azure Cosmos DB :

Here I have the Write Region in North Europe

Here I have added a Read Region Japan West by Click on the +

Write Region is North Europe
Read Region is Japan West

From here you can do a Manual Failover

Here you see the Failover between Europe and Japan

My Write Region is now Japan West instead of Europe
And you can add more Regions like this.

And of course everything is in the metrics monitoring.

It’s a Great Microsoft Azure Cloud solution for Enterprises doing business all over the world and for Developers to make Epic Things !

#MVPBuzz
#DevOps


Leave a comment

JOIN The #Microsoft Tech Community Today #MStechSummit #Azure #MSOMS #AzureStack #Sysctr #Winserv

Sign Up Here for the Microsoft Tech Community

Jeff Woolsey in action Talking about Windows Server 2016 Security and Containers
Thanks Jeff Great Sessions !

Of course It’s a tradition that @ClusterMVP & @WSV_GUY  & @Jamesvandenberg are on a Picture 😉
Cloud and Datacenter Management Rocks

#MVPbuzz Time with Ask Me Anything (AMA) sessions at the Microsoft Tech Summit 2017
Great questions and feedback on Microsoft :

Azure
AzureStack
Windows Server 2016
Hyper-V
System Center
Operations Management Suite (OMS)
Containers

Microsoft Tech Summit 2017 Amsterdam Dutch MVP’s at the Booth
#MVPbuzz

Multitasking showing of the Microsoft Surface Studio and supporting the Microsoft Tech Community
Thanks Ladies !

Microsoft Tech Summit 2016-17

Build your cloud and infrastructure skills with a two-day free technical training event
Here you can see in which cities the Microsoft Tech Summit 2017 is

Thank you Microsoft and Community for these Awesome two Cloud and Infrastructure Days in Amsterdam !  😉


Leave a comment

Happy Holidays and Thank you ! #MSOMS #Azure #AzureStack #Hyperv #Sysctr #HybridCloud

merry-christmas-and-happy-new-year-2017

Thank you for following me @Jamesvandenberg
Thank you Community 😉
Thank you Microsoft
Wish you all the Best !
#MVPbuzz


Leave a comment

Get Started with Microsoft #MSOMS Service Map to get in Control #HybridCloud #Winserv #Linux

oms-servicemap-overview

Microsoft OMS Service Map

Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. It allows you to view your servers as you think of them – as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, and ports across any TCP-connected architecture with no configuration required other than installation of an agent.

If you are new with Microsoft Operations Management Suite, you can download here a Free OMS Subscription Plan to try it your Self

oms-solution-overview-smap

Start the Microsoft OMS Solution Market and select Service Map

oms-servicemap

Click on ADD Solution.

oms-dashboard-with-servicemap-config-tile

Click on the Service Map Tile.

servicemap-agent-1

Download your dependency Agent here.

download-agent

servicemap-agent-software

Run as Administrator

dependency-agent-install-1

agent

Click Finish.

services-dependeny-agent

The Microsoft Dependency Agent is running together with the OMS Agent.

servicemap-in-dashboard

Your first agent is running in Service Map

servicemap-dash-tile

I Added 3 Machines.

hybridcloud01-connection

Service Map of HyperV2016 Server.

hybridcloud01-connection-2 HybridCloud01 Server via the OMS Gateway

hybridcloud01-connection-3

hybridcloud01-connection-5

If you load Server Map from 40.121.165.208

hybridcloud01-connection-6

Microsoft Operations Management Suite (OMS) Service Map Alert view looks like this :

security-alert-service-map

Click on this HybridCloud01 Server alert.

security-alert-service-map-1

Here you can see that I miss a Security Update on this Server.

service-map-features

For this HybridCloud01 Server you can choose more OMS Service Map features to see what is going on with :

  • See a Summary of my Hybridcloud01 Server
  • The properties of my Hybridcloud01 Server
  • Alerts on my HybridCloud01 Server
  • Changes on my HybridCloud01 Server
  • Performance issues on my HybridCloud01 Server
  • Security on my HybridCloud01 Server
  • Updates on my HybridCloud Server

oms-service-map-schedule-view

OMS Service Map Schedule View settings.

oms-gateway-performance

Here you see the OMS Gateway Performance via Service Map.

Here you find more Microsoft technical documentation about Service Map in OMS

SCUG Banner


Leave a comment

#Microsoft System Center 2016 TP5 VHD’s Available for Download #Sysctr #SCVMM #SCOM

System Center 2016 TP5

VHDThis VHD’s enables System Center customers to evaluate System Center 2016 Technical Preview 5 and Windows Server 2016 Technical Preview 5.

System Center 2016 Technical Preview 5 VHD’s are on the following locations:

System Center Technical Preview 5 Data Protection Manager – Evaluation (VHD)
System Center Technical Preview 5 Operations Manager – Evaluation (VHD)
System Center Technical Preview 5 Orchestrator – Evaluation (VHD)
System Center Technical Preview 5 Service Manager – Evaluation (VHD)
System Center Technical Preview 5 Virtual Machine Manager – Evaluation (VHD)