Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Security Baseline for Azure Arc enabled Servers and Arc Kubernetes #AzureHybrid #Security

Azure Arc Enabled Server network connectivity.

Baseline security is very important to have that in place to keep your Servers more secure in your datacenter. You want Hybrid Servers like Azure Arc enabled servers for example to be secure running in your datacenter. This begins to secure and have up-to-date Server hardware running in your datacenter. Monitor for security updates and install Server hardware based on best practices from the vendor.
Then the Operating System like Windows Server 2022 standard needs the OS Baseline security. This is called:

Microsoft Security Compliance Toolkit 1.0

When your Windows Servers are security compliant by the rules of the company and/or Security Officer, then we can have a look at the Well Architected Framework (WAF) for Azure Arc Enabled Servers.  Here you find an

Introduction to Azure Arc landing zone accelerator for hybrid and multicloud

Azure Arc Single Control Plane.

This security baseline applies guidance from the Microsoft cloud security benchmark version 1.0 to Azure Arc-enabled servers. The Microsoft cloud security benchmark provides recommendations on how you can secure your cloud solutions on Azure. The content is grouped by the security controls defined by the Microsoft cloud security benchmark and the related guidance applicable to Azure Arc-enabled servers.

Security by Default in your Datacenter

Here you find more information about Azure Security Baseline for Azure Arc enabled Servers.

Here you find more information about Azure Security Baseline for Azure Arc enabled Kubernetes.

Security by Design with Azure Security Center and Azure Defender

Azure Arc Jumpstart

When you have read about Azure Arc Well Architected Framework (WAF) and you have your security in place, we can start with Microsoft Azure Arc.
Before you start implementing Azure Arc, you must have seen this Awesome website of Azure Arc Jumpstart!

The Azure Arc Jumpstart is designed to provide a “zero to hero” experience so you can start working with Azure Arc right away!

The Jumpstart provides step-by-step guides for independent Azure Arc scenarios that incorporate as much automation as possible, detailed screenshots and code samples, and a rich and comprehensive experience while getting started with the Azure Arc platform.
Our goal is for you to have a working Azure Arc environment spun-up in no time so you can focus on the core values of the platform, regardless of where your infrastructure may be, either on-premises or in the cloud.

Here you find my MVPLABSerie Azure Hybrid with Arc Enabled Windows Servers on-premises blog 

 

Conclusion

You can manage your compliance and security policies with Azure Arc enabled Servers, Kubernetes, or SQL Managed instances to make your hybrid solutions with
the Microsoft Azure Cloud in a secure environment.  When you work with security by design based on OSI model with 7 security layers and use Microsoft Arc enabled servers, you get also more Azure Hybrid security features like Azure Defender for Cloud, and much more.
Don’t forget the Microsoft Azure Arc Community Monthly Meetup

 


Leave a comment

Windows Admin Center and Deploying Windows Server Insider Build 25099 Core #WindowsAdminCenter #Winserv #WIMVP

Windows Admin Center Version 2110.2 Build 1.3.2204.19002

Windows Admin Center is a customer-deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows PCs. It comes at no additional cost beyond Windows and is ready to use in production. Learn more about Windows Admin Center.

Benefits

  • Simple and modern management experience
  • Hybrid capabilities
  • Integrated toolset
  • Designed for extensibility

Languages
Chinese (Simplified), Chinese (Traditional), Czech, Dutch (Netherlands), English, French, German, Hungarian, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Swedish (Sweden), Turkish

In the following step-by-step guide I will deploy Windows Server 2022 Insider Build 25099 Core Edition with Windows Admin Center tool together with some great features for managing Windows Servers in a secure hybrid way with Microsoft Azure Cloud services. Like Azure Defender for Cloud, Azure Backup Vault, Azure Monitor, Security and more.
So I have Windows Admin Center 2110.2 installed and I have a Windows Server 2022 Hyper-V Server for my Virtual Machines in my MVPLAB Domain.
Now we will deploy the new Windows Server 2022 Insider Preview Build 25099.

In WAC on my Hypervisor in Virtual Machines

When you explore and open your Hyper-V Host and go to Virtual Machines, you can Click on Add and then on New for Creating your Windows Server Insider VM.

Create a New Windows Server Insider VM called StormTrooper01

Here you can configure your new Windows Server 2022 Insider VM with the following :

  • What kind of Generation VM (Gen 2 Recommended)
  • The path of your Virtual Machine and the path of your virtual disk(s)
  • CPU and you can make nested Virtualization too
  • Memory and use of Dynamic Memory
  • Network select the Virtual Switch
  • Network Isolation by VLAN
  • Storage, Create the size of the Virtual Disk. Choose an ISO or Select an existing VHD(x)

I Created a New 70GB OS Disk
and I want to Install the New Windows Server Insider OS from ISO.
Click on Browse

Here you Browse Default on your Hyper-V Host and select the ISO.

When the Windows Server ISO is selected you can hit Create

We get the Notification that the virtual machine is successfully created.

Only the Virtual Machine is now made with your specs and visible on the Hyper-V Host.
Select the New Virtual Machine (StormTrooper01) click on Power and hit Start.

After you started the VM, you can double click on it and go to Connect.
Click on Connect to the Virtual Machine.

Now you are on the console via VM Connect.

Click on Install Now

We are installing Windows Server 2022 Insider Core edition, because we have WAC 😉

Installing Windows Server 2022 Insider Core Preview Build 25099 via Windows Admin Center

Create New Administrator Password.

And here we have Sconfig of the Windows Server 2022 Core.
via Virtual Machine Connect.

Now we can add and connect the New Virtual Machine with Windows Server 2022 Insider Preview Build in Windows Admin Center via IP-Address.

The Next step is to join the Windows Server 2022 Insider to my Domain MVPLAB.

Click on the Top on Edit Computer ID
Click on Domain and type your domain name.
Click op Next
Add your administrator account for joining the server
Reboot the VM.

Windows Server 2022 Insider Preview Core edition is domain joined.

Now we have the New Microsoft Windows Server 2022 Insider Preview Build 25099 running in Windows Admin Center, we can use all the tooling provided by WAC also in a Azure Hybrid way. Think about Azure Defender for Cloud, Azure Monitor. In Microsoft Windows Admin Center we also have a topic Azure Hybrid Center :

Here you see all the Azure Hybrid benefit features for your Windows Server 2022 Insider.

  • Microsoft Azure Arc
  • Azure Backup
  • Azure File Sync
  • Azure Site Recovery
  • Azure Network Adapter
  • Azure Monitor
  • Azure Update Management
  • and More…

Microsoft Azure and the Windows Admin Center Team made the wizards customer friendly and easy to get those Azure Hybrid services for your Windows Server.
When you have your Server running, you want to make backups and Monitoring your Server for management. And after that you want to be in control of your security of your new Server. In the following steps you see some examples on the same Windows Server 2022 Insider Preview Build:

Microsoft Azure Backup via WAC

Click on Azure Backup
Select your Azure Subscription and the Azure Backup Vault.
Select your data and make the schedule.

Enter the Encryption passphrase and Apply.

Here you have Azure Backup Vault working together with WAC.

Azure Defender for Cloud Security

Click op Microsoft Defender for Cloud
Click on Setup
Add the right Azure Subscription and Workspace
Click on Setup.

Configuring Azure Defender for Cloud agent and Subscription.

Azure Defender for Cloud in Windows Admin Center on your Windows Server 2022 Insider Preview Build.

In Windows Admin Center there is also a Security tab for the Windows Server.

Here you can see your Secured-Core status

Here you can see if your system is supported for this security features 🙂

Enable the supported features and Restart de Virtual Machine.

And here you see my status overview.

Further more you can manage RBAC in Windows Admin Center when you have to work with different kind of users.

You can find RBAC in settings.

Conclusion

Windows Server Insider Core edition and Windows Admin Center are working better together! You have all the tools you need to startup your Windows Server and
manage it with WAC. Windows Admin Center is getting better and better to manage your Hybrid Datacenter and keep you as an Administrator in Control!
So is how I manage my MVPLAB but also for Production workloads I use Windows Admin Center and the Azure Portal together. With Microsoft Azure Arc Services
Azure Hybrid becomes your solution where Windows Admin Center can Support you with making Azure Stack HCI Clusters with Azure Kubernetes for your DevOps environment.

Windows Admin Center Community Group on LinkedIn


Leave a comment

#Microsoft Windows Server and SMB Protocol #Winserv #WindowsServer2022

Server Message Block (SMB)

The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.
Here you can see the versions of MS-CIFS and download free white papers

Today SMBv1 is a not save protocol and will be used by hackers for man in the middle attacks to compromise your data and systems. SMBv1 is a weak protocol and should not be used in your environment. There are still a lot of Windows Servers 2012 R2 in the world running in datacenters with SMBv1 by Default enabled. To make your Windows Server more secure, you can disable SMBv1 protocol via a Group Policy Object (GPO).

In the following steps we will disable SMBv1 on Windows Servers via GPO.

Open Group Policy Management in your Domain.

Click on Group Policy Object with your right mouse button.
Click on New.

Give your policy a Name.

I made also an temporary Exception policy.

Right click on your new Policy Object.
Click on Edit.

Go to Computer Configuration => Preferences => Windows Settings
Click on Registry.

Click on New and then on Registry Item.

Here you have to add the following Registry Properties:

Set these settings.

Set Path: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Click on Apply for these Registry settings.

SMBv1 Disable setting is set in the Policy Object.

This is the path where we push the policy via GPO.

Here we Link the Existing GPO to the OU with the Windows Server 2012 R2
to disable SMBv1 Protocol.

Select your new Policy to disable SMBv1 Protocol.

We have now Linked the new GPO to Disable SMBv1

GPUpdate /force on your Server to disable SMBv1
To get the new GPO active on your Server.

Policy Update successfully.

GPResult /r to see the results.

Get-SmbServerConfiguration | Select EnableSMB1Protocol

or

Get-SmbServerConfiguration

You can still as a administrator enable SMBv1 on your Server with :

Set-SmbServerConfiguration -EnableSMB1Protocol $true

When the Server gets a reboot, SMBv1 will be disabled by GPO again.

When you have maintenance window for updates for example, you can un-install the SMBv1 Feature in Server Manager. This procedure needs a restart of the Windows Server.

Go to Server Manager remove features.

Click on Remove Roles and Features.

Remove the mark at SMB 1.0/CIFS File Sharing Support Feature.

Click on Remove.

Click on Close and Reboot the Server

Now SMBv1 protocol on the Windows Server is disabled and will use a higher version of SMB like version 2.x or 3.x.

More Microsoft information can be found here on Docs.

SMB over QUIC on Windows Server 2022

SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. QUIC is an IETF-standardized protocol with many benefits when compared with TCP:

  • All packets are always encrypted and handshake is authenticated with TLS 1.3
  • Parallel streams of reliable and unreliable application data
  • Exchanges application data in the first round trip (0-RTT)
  • Improved congestion control and loss recovery
  • Survives a change in the clients IP address or port

SMB over QUIC offers an “SMB VPN” for telecommuters, mobile device users, and high security organizations. The server certificate creates a TLS 1.3-encrypted tunnel over the internet-friendly UDP port 443 instead of the legacy TCP port 445. All SMB traffic, including authentication and authorization within the tunnel is never exposed to the underlying network. SMB behaves normally within the QUIC tunnel, meaning the user experience doesn’t change. SMB features like multichannel, signing, compression, continuous availability, directory leasing, and so on, work normally.

Client Server Handshake and Data transfer differences.

Here you find a Great blogpost of Ned Pyle

SMB over QUIC: Files Without the VPN

Conclusion

When you still have Windows Servers running with SMBv1 by default enabled, for security you should disable SMBv1 protocol as soon as possible! Otherwise you make it easy for hackers to compromise your data with man in the middle attacks. In Windows Server 2019 and higher SMBv1 is disabled by default. Have a look at SMB over QUIC in your test environment and learn how secure it is and how it works for your security and data.


Leave a comment

Windows Admin Center and Windows Server 2022 #Docker Host – Azure Container Instances and #AKS #WAC #Azure #Winserv

Windows Admin Center

Windows Admin Center runs in a web browser and can manage :

  • Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
  • Windows 11, Windows 10
  • Azure Stack HCI
  • Clusters
  • Containers; Docker, Kubernetes, AKS
  • Azure Virtual Servers, Azure integration via extensions like Azure Monitoring, Azure Security, and much more….
  • Lot of extensions to manage for example third party solutions.

This goes with the locally Windows Admin Center gateway installed on Windows Server or domain-joined Windows 10 /11.

Windows Admin Center Architecture.

Here you find more information about the Install options of Windows Admin Center

I’m working with Windows Admin Center every day to manage our datacenter and to mange my MVP LAB. When you have to install Windows Server Core
or Microsoft Azure Stack HCI Operating system, then Windows Admin Center is the right tool for you as an Administrator. You can use all the Server Manager tools via WAC
and you don’t have to work with Command-line tools only like CMD and PowerShell.


You can download Microsoft Windows Admin Center here

Installing Docker Host on Windows Server 2022

In my MVP LAB I have a Microsoft Windows Server 2022 Datacenter Edition Hyper-V Host, and I like to make a Docker Host Server for my Containers.
With Windows Admin Center it’s easy to roll out a Docker host Server for your Containers.
In the following steps I will Install a Docker Host Server on Windows Server 2022.

Open Windows Admin Center and connect to your Server.

I Have Container Extension installed version 1.150.0

Click on Containers and Click on Install
Windows Admin Center will Restart your Server for the Docker Installation!

Hang on while Docker Host will be Installed on Windows Server 2022.

Docker Host Installed Successfully.

Docker Host Container Overview Screen on Windows Server 2022.

From here you can Pull containers images to the Docker Host.
This is what I did but…..

Instead of pulling a Container Image you can also Create your Own Container Image.

Here I’m Pulling a ASP.NET Container Image from Microsoft.

Pulled Container Image Successfully.

The ASP.NET Container Image is now Available on the Docker Host.

Select the Container Image and Click on Run.

Give the Docker Container a name.
You can Manage the ports,
Hyper-V Isolation,
Memory,
CPU
And add addition Docker Run options,
Click on Run.

The ASP.NET Docker Container is running on Windows Server 2022.

When you Click on the running Container you will get options like :
Stats, Details, Logs, Console and Events.
When you Click on Console you will go remote by PowerShell to the Docker Host.

Here you got all the Docker commands 😉

And of course when you want to develop Containers as a developer you can use Microsoft Visual Studio Code as well.

The ASP.NET Container in VSCode.
Download Microsoft Visual Studio Code here

(I’m using Visual Studio Code Insiders version in my MVP LAB)

Microsoft Azure Container Instances

Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.

Azure Container Instances is a great solution for any scenario that can operate in isolated containers, including simple applications, task automation, and build jobs. For scenarios where you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, we recommend Azure Kubernetes Service (AKS).

For my MVP LAB Azure Container Instances (ACI) is a great way to run Containers fast in the Cloud and have a overview with Windows Admin Center for :

Here you have a overview of your Azure Container Instances in Windows Admin Center.

In the following steps I will create an Azure Container Instance via the Microsoft Azure Portal and show it in Windows Admin Center. For this you need to integrate Windows Admin Center with your Microsoft Azure Subscription. This you can do in settings of WAC:

Register your Azure Subscription with Windows Admin Center for Hybrid Benefit.
Here you find more information about Azure integration with Windows Admin Center

When you have your Azure Account active in Windows Admin Center, go to the Microsoft Azure Portal and search for Container instances.

Click on Create Container Instances

Here you set the basics of your Azure Container Instance

Here you set the following items for your Azure Container Instance (ACI) :

  1. Select your Azure Subscription which is integrated with your Microsoft Windows Admin Center.
  2. Select or Create the Resource Group for your Azure Container Instance.
  3. Give your Container a name.
  4. Select the Region in Microsoft Azure where you want your Azure Container Instance to run.
  5. Availability zones to select.
  6. Select your Image Source, I selected Quickstart images of Microsoft, but you can also select your own Container image.
  7. Then select the size for vcpu, memory, gpus for your Azure Container Instance application.

Click on Next for Networking.

I Selected Public for testing but here you can select private too
with your own DNS name Label with the
right ports and protocols.

At Advanced settings you can configure additional container properties and variables

here you can TAG the Owner of the Azure Container Instance.
Click on Review + Create.

Now you can Click Create or Download the template for Automation.

Have a look at the Options here what you can do with the Template from here.

Microsoft Azure Container Instance is Deployed and running.

Nginx Container Instance is running on Azure.

Now we have the Microsoft Azure Container Instance with Nginx running in the Cloud, we can see that in Windows Admin Center.

Azure Container Instance in Windows Admin Center in running state.
When you don’t need it anymore you can end it here or in the Azure Portal.

Azure Container Instance is stopped by Windows Admin Center.

Run your Own Azure Container Instances from the ACR via
Windows Admin Center.

Manage Kubernetes Clusters and Containers with Windows Admin Center

Azure Kubernetes Service (AKS) on Azure Stack HCI is an on-premises implementation of Azure Kubernetes Service, which automates running containerized applications at scale. Azure Kubernetes Service is available on Azure Stack HCI, Windows Server 2019 Datacenter, and Windows Server 2022 Datacenter, making it quicker to get started hosting Linux and Windows containers in your datacenter. This is the High Available Container Solution on-premises from Microsoft, where you can run Containers and microservices in a isolated way in your datacenter with your DevOps Team. But you can also make your Azure Stack HCI Cluster hybrid with Azure integration and Azure Arc Services to benefit of Azure Hybrid Services.

 

Setup AKS on Azure Stack HCI with Windows Admin Center

Create your Own locally Azure Stack HCI Cluster with Azure Kubernetes Services

Conclusion

Microsoft product team of Windows Admin Center | Windows Server | Azure Stack HCI are working hard to make the Windows Admin Center Tool better and better to install and manage Container / microservices solutions. With Microsoft Azure extensions in Windows Admin Center and Azure Arc Services, Microsoft features from the Azure Cloud becomes available for your Containers like Azure Defender for Cloud with Container Insights, Azure Monitor, Azure App Services and much more.
Windows Admin Center is a Great Server Manager tool for your Windows Servers in your Datacenter. Especially when you use Windows Server Core or Azure Stack HCI.

Important:

Some features in Windows Admin Center are preview and not production ready yet, like ACR and ACI Integration I just showed in preview.
Please feel free to provide Microsoft feedback on Windows Admin Center here.

JOIN Windows Admin Center Community Group on LinkedIn


Leave a comment

#WindowsAdminCenter – Installing Windows Server version 20H2 Core Build 10.0.19042 #Winserv #HybridIT #Azure

Windows Admin Center Hyper-V Host

Simplify server management

Manage all your server environments with familiar yet modernized tools, such as the reimagined Server Manager and streamlined MMC tools, from a single, browser-based, graphical user interface. Admins can manage Windows Server instances anywhere: on-premises, in Azure, or in any cloud.

Operate hybrid seamlessly

Extend on-premises deployments of Windows Server to the cloud by using the Azure hybrid services found in Windows Admin Center. Use Azure for:

  • Backup and disaster recovery
  • Additional capacity for compute, file servers and storage
  • Centralized management for monitoring, threat protection and update management

You can download Windows Admin Center here

In the following steps we will install Windows Server Core 20H2 version Build 10.0.19042 via Windows Admin Center on my Hyper-V Host called Starship01.mvplab.cloud.
I have Windows Admin Center already running for my MVPLAB with a Windows Server 2019 Hypervisor host. From here I will install a New Windows Server Core 20H2 Machine.

Click in the Left toolbar on Virtual Machines 
and then on Add New

Deployment settings for the New Virtual Machine.

Here we set the following settings :

  • Virtual Machine Name
  • Generation VM ( gen 2 is recommended )
  • The path of the VM settings and Disk
  • Virtual Processors
  • a mark for nested virtualization ( for the Hyper-V feature )
  • Memory
  • Network / Virtual Switch
  • Storage

 

When you Add Storage you can select also the new ISO file for Installation.

I changed the Size of the Operating Disk from 127GB to 50GB
And I selected the path to the Windows Server Core 20H2 ISO.
Then Click on Create.

Windows Admin Center will create the Virtual Machine really fast.

Now the Window Virtual Machine Dark20H2 is created by Windows Admin Center on the Hyper-V Host, we can do the Windows Server Core 20H2 Installation by starting the Virtual Machine.

Before you Start running the VM, have a look at the settings

If you want you can set more Security features here.
You can set Encryption and Security Policy.

Start the Virtual Machine here for Installation of Windows Server Core 20H2
( The ISO is connected )

Installation of Windows Server Core 20H2 version Build 10.0.19042

The virtual Machine is running and now we can connect it via Windows Admin Center to do the installation of Windows Server.

Click on Connect

Use your Windows Admin Center account and mark
for the certificate. Then Click on Connect

Here we see the Console for the Windows Server Installation.

Install Now.

The Windows Server Core 20H2 is Installed.

Of course you can now configure the Machine via SConfig.exe, I only gave the Server name and a static IP address with DNS.

Via Windows Admin Center ( Manage) you can add the Machine to the domain.

Add the Server to the domain with your account and Click on Join

Server will Restart, Click on Yes

Dark20H2 Joined the Domain MVPLAB.CLOUD Successfully

 Adding the Windows Server Core 20H2 to Windows Admin Center

Add Dark20H2.mvplab.cloud to Windows Admin Center.

Of course I want to manage the server with Windows Admin Center and use all the tools I need to securely manage this Server.

Windows Server Core 20H2 in Windows Admin Center.

First thing what I do in my MVPLAB is Windows Updates.

December Updates for Windows Server Core 20H2

Updates Installed Successfully 🙂

Azure Hybrid Services

Azure Hybrid Services

You can extend on-premises deployments of Windows Server to the cloud by using Azure hybrid services. These cloud services provide an array of useful functions, both for extending on-premises into Azure, and for centrally managing from Azure. Think of :

  • Azure Backup Services
  • Azure Monitoring Services
  • Disaster Recovery
  • Azure File Sync Services
  • Azure Security Center / Azure Defender Services

Here you find more information about Azure Hybrid Services

Conclusion

Windows Admin Center is a must have when you have to manage Windows Server Core versions, you don’t have to worry about all the Commands of Windows Server Core. With Windows Admin Center it becomes easy to do the complete installation of the server and this include also all features of Windows Server Core 202H2 Build 10.0.19042. It becomes really powerful when you use it in a Hybrid way by connecting to Microsoft Azure Cloud Services. Earlier I wrote a blogpost about Windows Admin Center and Azure Security Center

I Hope this is useful for you, and start your journey with Windows Admin Center & Windows Server Core versions 😉

JOIN the Windows Admin Center Community Group on LinkedIn


Leave a comment

Windows Admin Center and The Container Extension #WAC #Containers #Winserv

Windows Admin Center

Windows Admin Center is a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure, as well as Windows 10 PCs. It comes at no additional cost beyond Windows and is ready to use in production. If you want to work more secure with Windows Server Core images without the GUI or with Microsoft Azure Stack HCI operating system then Windows Admin Center is the tool for the Administrator to manage your workloads on-premises or in the Cloud. You have one web based interface for all your Server consoles (MMC) to manage your Hybrid Datacenter.
Here you can read more about Microsoft Windows Admin Center and download the free software.

Get the best with Windows Admin Center Extensions

Windows Admin Center and the Container Extension

When you have installed Microsoft Windows Admin Center you can configure the settings and extensions for your environment. When you want the benefits of the Microsoft azure Cloud Services you can configure your Azure subscription and add the extensions to your Windows Admin Center. There are also Third Party extensions like Dell, DataOn, Fujitsu and more.
Here you find more information about how extensions work.

Container Extension

In the following step-by-step guide we will work with the Container Extension of Windows Admin Center on a Windows Server 2019. You have already added the server in WAC and installed the Container extension. In my MVPLAB.CLOUD is that Windows Server 2019 datacenter Starship01.mvplab.cloud. When you open the server you will come in the Overview of the Windows Server:

Click on Containers.

Click on Install for the Docker installation on Starship01.mvplab.cloud.

This will install Docker on the Windows Server 2019 and reboot when it’s ready to use for Containers. From this moment you can work with Windows Containers on the host via Windows Admin Center.

Remote Desktop in Windows Admin Center, the docker host is installed with the Windows Filter by default.

When you want to use Docker Linux Containers with Windows Server 2019 host, you have to configure the Linux kit LCOW with a distro on the host. More info here

Containers on Starship01.mvplab.cloud

To start with containers you can create your own, or pull an image from Docker Hub with Windows Admin Center. In my case I pull Windows Server 2019 ltsc with IIS image.

mcr.microsoft.com/windows/servercore/iis  (Image)

windowsservercore-ltsc2019 (Tag)

Click then on Pull.

Select your image and click on Run.
Give your Container a name and set your settings.

Click on Run.

Click on Containers tab and you will see your running Container

More details you see the IP-Address of the Container.

IIS is running on Windows Server 2019 ltsc in a Docker Windows Container.
That was easy right 😉

Making your Own Docker file with Windows Admin Center Container Extension

When you have your own Github repository with your software, you can make your own docker file and make a docker image on your host for deployment. To show this I have used this sample on Microsoft docs, but you can clone also a github repository and copy the dockerfile on the host.

I copied the dockerfile on the host C:\BuildImage.

—————

# Sample Dockerfile

# Indicates that the windowsservercore image will be used as the base image.
FROM mcr.microsoft.com/windows/servercore:ltsc2019

# Metadata indicating an image maintainer.
LABEL maintainer=”jshelton@contoso.com”

# Uses dism.exe to install the IIS role.
RUN dism.exe /online /enable-feature /all /featurename:iis-webserver /NoRestart

# Creates an HTML file and adds content to this file.
RUN echo “Hello World – Dockerfile” > c:\inetpub\wwwroot\index.html

# Sets a command or process that will run each time a container is run from the new image.
CMD [ “cmd” ]


Here is the Microsoft docs website

Image Creation in progress

New Image Created with Windows Admin Center

Running your Own Container image

Container “Hello World – Dockerfile” running

Conclusion :

In Windows Admin Center comes ITpro world and DevOps world Together in One web based console like with the Container extension. Microsoft is developing really fast in Windows Admin Center to get all the right Feature for ITPro, DevOps and SecOps Administrators in one place. Awesome are the Windows Admin Center Extensions, developers makes these better and better to do the job for Administrators 🚀
Windows Server 2019 Core and Azure Stack HCI are Operating systems without a GUI, and with Windows Admin Center they are really good to manage, update and keeping in control of security.
I like Windows Admin Center a lot and it Rocks for managing your hybrid Datacenter 😉

Send your comments and feedback via Microsoft GitHub repo by opening a new issue for the Container Extension. Follow @vrapolinario on Twitter

 

You can Follow Windows Admin Center here on Twitter : @servermgmt


Leave a comment

Download the Microsoft Azure Migrate E-Book for your Cloud Migration #Azure #Migrate #Cloud

Microsoft Azure Migrate E-Book

Download this e-book to learn about Azure Migrate, Microsoft’s central hub of tools for cloud migration. In this e-book, Microsoft will cover:

  • What is Azure Migrate
  • How Azure Migrate can help your migration journey
  • Running a datacenter discovery and assessment
  • Migrating your infrastructure, applications, and data
  • Additional learning resources

Download the Free Azure Migrate E-Book here

More information about Microsoft Azure Migrate Tools on my Blog :

Microsoft Azure Migrate Assessments in Action VMWare to Cloud


Leave a comment

Docker Linux Container running on Windows Server 2019 #Winserv #Docker #Containers

In the following steps we install Docker for Windows enterprise on a Windows Server 2019 which is running on a hypervisor platform in this case VMware to run a Linux container in the Datacenter.

When you are on a virtualization platform like Hyper-V or VMware and you have installed de Virtual machine with Microsoft Windows Server 2019 Standard edition, you must make the virtual processors ready for virtualization.
(Nested Virtualization) otherwise you can’t install Hyper-V on VMware.

This is the error you get.

Enable this feature for virtualization to the guest OS for VMware.

When you run Microsoft Hyper-V you have to activate nested virtualization

It’s like this in PowerShell : Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

Before you install Docker enterprise for Windows Server you have to install the Hyper-V Role and the Container Feature:

Hyper-V Role Installed

Containers Feature installed.

via Powershell is like this :

Install-WindowsFeature -Name Hyper-V,Containers -IncludeAllSubFeature -IncludeManagementTools

Now we have all the prerequisites installed on Microsoft Windows Server 2019, we can begin with Docker for Windows Enterprise via Powershell in Administrators modus :

Command: Install-Module DockerMSFTProvider

Then you type the following commands:

Import-Module -Name DockerMSFTProvider -Force

Import-Packageprovider -Name DockerMSFTProvider -Force

Command: Install-Package -Name Docker -Source DockerDefault

Now we have Docker EE version 19.03.5 installed for Windows Server 2019.

It’s ready for Windows Containers.

But we want to run linux containers,

Now that we have Docker installed, we need to make some changes to the default configuration to enable support for Linux Containers. This involves setting an Environment variable and creating a docker daemon configuration file.

—————————————————-

# Set LCOW_SUPPORTED Variable to 1 for enabled

[Environment]::SetEnvironmentVariable(“LCOW_SUPPORTED”, “1”, “Machine”)

 # Enable Experimental Features in Docker daemon.conf

$configfile = @”

{

    “experimental”: true

}

“@

$configfile|Out-File -FilePath C:\ProgramData\docker\config\daemon.json -Encoding ascii -Force

——————————————————

Because Linux Containers still need a Linux kernel, we need to deploy LCOW for it to run :

Invoke-WebRequest -Uri “https://github.com/linuxkit/lcow/releases/download/v4.14.35-v0.3.9/release.zip&#8221; -UseBasicParsing -OutFile release.zip

Expand-Archive release.zip -DestinationPath “$Env:ProgramFiles\Linux Containers\.”

Now you have to reboot the Server.

Ready for running Linux Containers.

To make Linux containers the Default you can set this environment setting :

[Environment]::SetEnvironmentVariable(“LCOW_API_PLATFORM_IF_OMITTED”, “linux”, “Machine”)

Here you can read how to Pull docker Linux images to your Docker Host on Windows Server 2019

What is handy to use is Microsoft Visual Studio Code with the Docker Extension.

Wish you all the Best with Deploying Containers.


Leave a comment

Free #Windows10 IT Pro Essentials Top 10 Tools E-book by @Edbott

Windows10 Ebook Top10 tools

Dive in to Windows 10 with award-winning journalist and Windows Expert Ed Bott in this highly curated free eBook covering the top apps, accessories, and utilities included in the box with Windows 10.

The sheer volume of Windows programs and accessories says a lot about the power and complexity of Windows—a fact that every IT pro knows from firsthand experience. There’s a tool for nearly every task, and a large part of the process of becoming a Windows expert is knowing how to find the appropriate one when you need it.

This eBook contains descriptions and hands-on advice to help IT Pros work faster and smarter. Some of these tools are for everybody—end users and experts alike—whereas some are strictly for professionals. A few are so specialized that you’ll only need them once in a blue moon. Collectively, though, they make up a toolbox that can save you (and your company) time and money.

You can download the Free Windows 10 IT Pro Essentials Top 10 Tools E-book here

Thank you Ed Bott for this Awesome E-book 😉


Leave a comment

#WindowsContainer Host Deployment on #NanoServer #HyperV nested Virtualization

Hyper-V-Containers-Nested-Virtualization

Windows Containers on Hyper-V NanoServer nested Virtualization

Deployment Steps

Install Container Feature

The container feature can be installed on Windows Server 2016, or Windows Server 2016 Core, using Windows Server Manager or PowerShell.

To install the role using PowerShell, run the following command in an elevated PowerShell session.

Install Containers

PS C:\> Install-WindowsFeature containers

The system needs to be rebooted when the container role installation has completed.

PS C:\> shutdown /r

After the system has rebooted, use the Get-ContainerHost command to verify that the container role has successfully been installed:

Get-Containerhost

PS C:\> Get-ContainerHost

Prepare Nano Server

Deploying Nano Server involves creating a prepared virtual hard drive, which includes the Nano Server operating system, and additional feature packages. This guide quickly details preparing a Nano Server virtual hard drive, which can be used for Windows Containers.

For more information on Nano Server, and to explore different Nano Server deployment options, see the Nano Server Documentation.

Create a folder named nano.

PS C:\> New-Item -ItemType Directory c:\nano

Locate the NanoServerImageGenerator.psm1 and Convert-WindowsImage.ps1 files from the Nano Server folder, on the Windows Server Media. Copy these to c:\nano.

#Set path to Windows Server 2016 Media
PS C:\> $WindowsMedia = "C:\Users\Administrator\Downloads\WindowsServerTP4"

PS C:\> Copy-Item $WindowsMedia\NanoServer\Convert-WindowsImage.ps1 c:\nano
PS C:\> Copy-Item $WindowsMedia\NanoServer\NanoServerImageGenerator.psm1 c:\nano

Run the following to create a Nano Server virtual hard drive. The –Containers parameter indicates that the container package will be installed, and the –Compute parameter takes care of the Hyper-V package. Hyper-V is only required if Hyper-V containers will be created.

Import-Module

PS C:\> Import-Module C:\nano\NanoServerImageGenerator.psm1
PS C:\> New-NanoServerImage -MediaPath $WindowsMedia -BasePath c:\nano -TargetPath C:\nano\NanoContainer.vhdx -MaxSize 10GB -GuestDrivers -ReverseForwarders -Compute -Containers

When completed, create a virtual machine from the NanoContainer.vhdx file. This virtual machine will be running the Nano Server OS, with optional packages.

Configure Nested Virtualization

If the container host itself will be running on a Hyper-V virtual machine, and will also be hosting Hyper-V Containers, nested virtualization needs to be enabled. This can be completed with the following PowerShell command.

The virtual machines must be turned off when running this command.

PS C:\> Set-VMProcessor -VMName <container host vm> -ExposeVirtualizationExtensions $true

Configure Virtual Processors

If the container host itself will be running on a Hyper-V virtual machine, and will also be hosting Hyper-V Containers, the virtual machine will require at least two processors. This can be configured through the settings of the virtual machine, or with the following PowerShell script.

PS C:\> Set-VMProcessor –VMName <VM Name> -Count 2

Enable Hyper-V Role

If Hyper-V Containers will be deployed, the Hyper-V role needs to be enabled on the container host. If the container host is a virtual machine, ensure that nested virtualization has been enabled. The Hyper-V role can be installed on Windows Server 2016 or Windows Server 2016 Core using the following PowerShell command.

PS C:\> Install-WindowsFeature hyper-v

Create Virtual Switch

Each container needs to be attached to a virtual switch in order to communicate over a network. A virtual switch is created with the New-VMSwitch command. Containers support a virtual switch with type External or NAT.

This example creates a virtual switch with the name “Virtual Switch”, a type of NAT, and Nat Subnet of 172.16.0.0/12.

PS C:\> New-VMSwitch -Name "Virtual Switch" -SwitchType NAT -NATSubnetAddress 172.16.0.0/12

Configure NAT

In addition to creating a virtual switch, if the switch type is NAT, a NAT object needs to be created. This is completed using the New-NetNat command. This example creates a NAT object, with the name ContainerNat, and an address prefix that matches the NAT subnet assigned to the container switch.

Finally, if the container host is running inside of a Hyper-V virtual machine, MAC spoofing must be enable. This allows each container to receive an IP Address. To enable MAC address spoofing, run the following command on the Hyper-V host. The VMName property will be the name of the container host.

PS C:\> Get-VMNetworkAdapter -VMName <contianer host vm> | Set-VMNetworkAdapter -MacAddressSpoofing On

Install OS Images

An OS image is used as the base to any Windows Server or Hyper-V container. The image is used to deploy a container, which can then be modified, and captured into a new container image. OS images have been created with both Windows Server Core and Nano Server as the underlying operating system.

Container OS images can be found and installed using the ContainerProvider PowerShell module. Before using this module, it needs to be installed. The following commands can be used to install the module.

PS C:\> Install-PackageProvider ContainerProvider -Force

Return a list of images from PowerShell OneGet package manager:

PS C:\> Find-ContainerImage

Name                 Version                 Description
----                 -------                 -----------
NanoServer           10.0.10586.0            Container OS Image of Windows Server 2016 Techn...
WindowsServerCore    10.0.10586.0            Container OS Image of Windows Server 2016 Techn...

To download and install the Nano Server base OS image, run the following.

PS C:\> Install-ContainerImage -Name NanoServer -Version 10.0.10586.0
Downloaded in 0 hours, 0 minutes, 10 seconds.

Likewise, this command downloads and installs the Windows Server Core base OS image.

Issue: Save-ContainerImage and Install-ContainerImage cmdlets fail to work with a WindowsServerCore container image, from a remote PowerShell session.
Workaround: Logon to the machine using Remote Desktop and use Save-ContainerImage cmdlet directly.

PS C:\> Install-ContainerImage -Name WindowsServerCore -Version 10.0.10586.0
Downloaded in 0 hours, 2 minutes, 28 seconds.

Verify that the images have been installed using the Get-ContainerImage command.

PS C:\> Get-ContainerImage

Name              Publisher    Version      IsOSImage
----              ---------    -------      ---------
NanoServer        CN=Microsoft 10.0.10586.0 True
WindowsServerCore CN=Microsoft 10.0.10586.0 True

For more information on Container management See Windows Containers Documentation

MSFT Containers