Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

Welcome to the ITOpsTalk GitHub Repo! #Azure #Winserv #ITOps

ITOps Talk GitHub Repo

GitHub has become the central location for open-source projects, samples, and even content โ€“ but primarily focused on developers. This new repository will focus on you: The ITPro/Ops person managing the environment in your company, keeping the lights on, supporting end-users or other IT teams.

The Microsoft Modern Infrastructure Cloud Advocates are responsible for the content on this repo, but sharing your handy script samples on this repo would be Awesome to manage Modern Azure Infrastructure, Azure Stack HCI, Windows Servers, Hyper-V, Containers and more. Have a look at the announcement on Microsoft tech community, Sharing together to make IT Better ๐Ÿ˜‰

Microsoft Announcing the ITOpsTalk GitHub repo โ€“ A central location for IT/Ops related samples


Leave a comment

Thank you #Community and #Microsoft for this Awesome Year 2022! Happy Holidays

What a Year 2022!!

I like to thank you Community for Supporting, Sharing and Reading New Microsoft technologies on my Blog, Twitter, Facebook and
LinkedIn Community Groups ๐Ÿ’— I wish you all happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! ๐ŸŽ„๐Ÿฅ‚

I’m very proud and Honoredย  on the Microsoft Global MVP Awards 2022-2023 !

  • MVP Award for Cloud and Datacenter Management
  • MVP Award for Windows Insiders
  • MVP Award for Azure Hybrid

Thank you Microsoftย Product Groups, MVP Award Program, Windows Insider Team, Azure Hybrid Team, Windows Server and Azure Stack HCI Team for all your support, NDA PGI sessions, and for the Awesome software, Features, solutions you are building ๐Ÿ™‚
Wish you all Happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! ๐ŸŽ„๐Ÿฅ‚

Here are some Great links for Reading and Sharing :

JOIN these LinkedIn Community Groups for free and Share New Microsoft Technologies Together:

Windows Admin Center Community Group

Containers in the Cloud Community Group

Microsoft Azure Monitor & Security for Hybrid IT Community Group

Azure Hybrid Community Group

Azure DevOps Community Group

What I really love is the Microsoft Tech Community platform


For Microsoft Azure Hybrid:

Azure Arc Jumpstart site

Azure Hybrid and Multi Cloud documentation

Microsoft Azure Arc Community monthly Meetup (GitHub)

Follow on Twitter for Azure Hybrid:

——————————————————————————————————————————————————-
For Windows Insiders:

Microsoft Windows Insiders Blog

Windows Insider Team on YouTube

The Windows Insider Program Team is really active on Twitter:
@WindowsInsider

@JenMsft

@NorthFaceHiker

@brandonleblanc

@amanda_lango


Get started with the Windows Server Insider program

What’s New in Windows Server 2022

Overview of Windows Admin Center

What’s New in SQL Server 2022



Leave a comment

#MVPLABSerie Azure Defender for Cloud with #AzureArc enabled SQL Server #AzureHybrid #Security

Azure Arc enabled SQL Servers Architecture

To keep your Business running, It’s important to secure and monitor your data. One of the security measures is doing Vulnerability assessments in your datacenter(s) to see the status and results for remediation. With Microsoft Azure Arc Defender for Cloud you can do a SQL Server vulnerability assessment in your on-premises datacenter or anywhere with the Azure Arc agent running.
Here you find more information about Azure Arc enabled SQL Server

Microsoft Defender for Cloud on Azure Arc enabled SQL Server

Here I activated Microsoft Defender for Cloud on Azure Arc enabled SQL Server, and Azure Defender for Cloud is doing a SQL vulnerability assessment to get the security status and results for remediation.

On this same Azure portal page you will see the Vulnerability assessment findings.

When you Open a Vulnerability finding, you get more information and the remediation for the issue.

Here you see the complete Resource Health of the Azure Arc enabled SQL Server.
Look at the Status of each severity.

Here you see all the vulnerability findings on these four databases.

When you do the remediation you will see the healthy status.
on the Passed tab.

Here I open only the OperationsManager database.
Now you see only the Vulnerability findings on this database.

Here you see a vulnerability finding on the SCOM database with the Remediation ๐Ÿ™‚

You can make your Own Workbooks or use them from the Gallery.

Workbook example of Vulnerability Assessment findings.

Conclusion

With Azure Defender for Cloud vulnerability assessment and management you will learn a lot to set your Security Baseline on a higher level in your datacenter(s). Getting the right remediation of Microsoft to solve security issues is Great! You can do your assessments frequently to show your current status on demand. I Really like these Azure Hybrid Tools to make my work easier and the data more secure for the business.


Please join the Azure Hybrid Community Group on LinkedIn for free ( Sharing is Caring together )


Leave a comment

#MVPLABSerie Azure Arc enabled Servers #AzureHybrid

Azure Arc Infrastructure overview

In the last blogpost of MVPLABSerie we learned how to add Servers from anywhere to Microsoft Azure Arc services to get the Azure Hybrid benefit with awesome features and Management tools. you can find that blogpost over here:

MVPLABSerie Azure Hybrid with Arc Enabled Windows Servers on-premises

So with this I have added my on-premises Windows Insider Servers to Microsoft Azure Arc:

Connected Azure Arc Servers

In the following steps we are going to add Windows Admin Center to the Arc enabled Windows Servers on-premises.
Here you can read more aboutย Azure Arc-enabled Servers using Windows Admin Center in Azure (preview)

With Windows Admin Center in the Azure Portal you can manage the Windows Server operating system of your Arc-enabled servers, known as hybrid machines. You can securely manage hybrid machines from anywhereโ€“without needing a VPN, public IP address, or other inbound connectivity to your machine.

Open Servers and open your Azure Arc Enabled Server.

First of all we have to add the right Role assignment.
Click on Access Control on the Left.
Click on Add => Add Role Assignment.

Here you have to add the following Role Assignment.
Windows Admin Center Administrator Login.
Add this to your account

When the account is done, then go to Windows Admin Center (Preview)
on the left panel. Click then on Setup.

Click on Install

Setup Successfully!

Now you can Connect your Azure Arc Enabled Windows Server.

Here we have my Storage Windows Insider Server in mvplab.local domain.
From here you can do your IT Management with WAC.

Remote PowerShell on Azure Arc enabled Server.

Microsoft Azure Arc Insights Monitoring and Log Analytics

For IT Management and troubleshooting, monitoring and getting Insights is important to act quickly to keep the business and IT solutions running. With Azure Arc Insights you can see with Maps the connections of the Windows Server.

Azure Arc Insights with Map.
See also the Quick Link to Connection details

This is a really cool overview of your connections.
Here you can see if you have a Malicious connection!

Microsoft Azure Arc Log Analytics is very Powerful
Here you find more information about Log Analytics

Here I do a Query on the Arc Enabled Server mvpstore01
Update Summary.

There are a lot of Log Analytics queries to play with and mark them as your favorite for your Arc enabled Windows Server ๐Ÿ˜‰

In the following blogpost we will have a closer look at Microsoft Azure Auto Manage and Update Management Center for
Microsoft Azure Arc enabled Windows Servers. We will not forget Security with Azure Defender for Cloud coming in the next blogposts.

Conclusion

With Microsoft Azure Arc enabled Servers you get a Microsoft Azure Hybrid environment with Great features and solutions.
Some features are still in preview and not supported for production workloads, but you can test them now like I do with my mvplab.local
This new innovative technology is going fast forward for Azure Hybrid Services to Manage your Windows Servers, Azure Stack HCI Clusters or your Linux virtual Machines. Azure Arc rocks and you can connect Microsoft Azure Anywhere ๐Ÿ™‚


Leave a comment

MVPLAB Serie Installing SQL Server 2022 CTP on Windows Server Insider Cluster #SQLServer #WIMVP

SQL Server 2022 CTP2.1

In this blogpost of MVPLAB Serie, we are going to install Microsoft SQL Server 2022 CTP2.1 on my Windows Server Insider Preview Cluster in mvplab.local domain. Before this blogpost I installed the following basics in mvplab.local domain :

Now we are going to install the Backend of the datacenter, and that is SQL Server 2022 CTP2.1 on a Cluster resource with the first SQL Instance for databases which is High Available (HA).

First we download SQL Server 2022 CTP2.1

SQL Server 2022 Preview is the most Azure-enabled release of SQL Server yet, with continued innovation in security, availability, and performance.

  • Integration with Azure Synapse Link and Azure Purview enables customers to drive deeper insights, predictions, and governance from their data at scale.
  • Cloud integration is enhanced with disaster recovery (DR) to Azure SQL Managed Instance, along with no-ETL (extract, transform, and load) connections to cloud analytics, which allow database administrators to manage their data estates with greater flexibility and minimal impact to the end-user.
  • Performance and scalability are automatically enhanced via built-in query intelligence.
  • There is choice and flexibility across languages and platforms, including Linux, Windows, and Kubernetes.

Mount the ISO file and Copy the files to a local disk location, then run Setup as Administrator with your personal Domain Administrator Account to install SQL Server 2022 CTP2.1. Before the installation read Configure Cluster accounts in Active Directory (AD)

Click on Yes.

Click on the left on Installation
Then Click on New SQL Server Failover Cluster Installation

Here I choose for the Developer edition.
Click on Next

Accept the License terms
Click on Next

Check for Updates (recommended)
Click on Next

Check the Warnings and solve issues.
Click on Next

I Installed only the default for SQL Database.
(You can install later Shared SQL Features if you need them.)
Click on Next

Specify a network name for the New SQL Server Failover Cluster.
mvpsql01
Click on Named Instance and type INSTANCE01
Click on Next

Click on Next

Select your Cluster disk
Click on Next

Select IPv4 and type the IP-Address of your Cluster Resource
mvpsql01
Then Click on Next

Select your domain Service accounts and type the passwords.
Select if you want Maintenance Tasks privilege to your SQL Server Database Engine Service.
Click Next

Here you can add the SQL Admin Group from Active Directory (AD)
Click on top tab Data Directories

I Changed the User Database Log Directory.
Here you can set your directories.
Have a look at the Other TAB fields, I set Memory later.
When you finished all the Tabs then click Next

Check the Summary and click on Install

SQL Server 2022 CTP2.1 Installed Successfully Click on Close.

This was on the first mvpfs01.mvplab.local, now you have to do the installation on the other node mvpfs02.mvplab.local.
Here we will add a SQL Node to the Cluster.

 

Click on the left on Installation
Then Click on Add Node to a SQL Server Failover Cluster

Add Node in Progress

Add Node to SQL Server 2022 CTP2.1 Failover Cluster is Successful
Click on Close

Here you see your SQL Server 2022 CTP2.1 Cluster Instance Running in Failover Cluster Manager.

Here I installed the new Microsoft SQL Server Management Studio (SSMS) version 19 preview 2

Connecting the High Available SQL 2022 CTP2.1 Cluster Resource Instance01.

And you can connect the SQL Instance with Azure Data Studio ๐Ÿ˜‰

With Azure Data Studio you can install marketplace extensions working with your SQL Instance.
Here you find more information about Microsoft Azure Data Studio

+


Leave a comment

MVPLAB Serie Cluster Aware Updating – CAU for Windows Server Insider #WindowsServerInsider #MVPBuzz #Winserv

Cluster Aware Updating (CAU)

In my last MVPLAB Serie blogpost, I wrote about setting-up a Microsoft Domain mvplab.local and making a Windows Server Insider Cluster with an iSCSI Target Host Server for Shared iSCSI Storage provisioning. First thing I did was Installing Windows Admin Center for Hybrid IT Management. With WAC we can Manage the Cluster Nodes but also the Cluster, Installing new features via Windows Admin Center like Kubernetes for running Containers and microservices. But first we start with Microsoft Cluster Aware Updating to keep your Cluster up-to-date.

Windows Admin Center Cluster Manager

Installing Cluster Aware Updating

In the following steps you can see how easy it is to install Cluster Aware Updating with Windows Admin Center on your Windows Server Cluster, in my case mvpcl01.mvplab.local

Go to your Windows Server Insider Cluster

In Cluster Manager, go to Updates.
Click on Add Cluster Aware Updating Role

Successfully configured Cluster Aware Updating (CAU)

On both Cluster Nodes is the Update Available.
Click on Install

Click on Install

Look at the status to see what is happening on the Cluster Nodes.

First Cluster Node is done

Both Cluster Nodes are updated successfully.

Here you can read more about Microsoft Cluster Aware Updating

Conclusion

Microsoft Windows Admin Center is the Administrator Management tool to use in your hybrid datacenter. You see how easy it is to configure Cluster Aware Updating (CAU) on your Cluster. When you use Windows Server Core or Azure Stack HCI then Windows Admin Center is really handy instead of command-line tools or PowerShell scripting.ย  here you can find more information about
Cluster Aware Updating requirements and Best Practices

Here you can JOIN the Windows Admin Center Community Group on LinkedIn


Leave a comment

Download Windows 11 Security E-book #Windows11 #WIMVP #WindowsInsiders

This Microsoft E-Book gives you an overview about security in Windows 11 with in different layers of security.

  • Hardware Security
  • Operating System Security
  • Application Security
  • Identity and Privacy
  • Cloud Services
  • Security Foundation
  • Upcoming Features

Different Security Layers in Windows 11

Be aware of all the Microsoft security features in Windows 11 and download the free Microsoft Windows 11 Security Book here


Leave a comment

#Microsoft Windows Server and SMB Protocol #Winserv #WindowsServer2022

Server Message Block (SMB)

The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.
Here you can see the versions of MS-CIFS and download free white papers

Today SMBv1 is a not save protocol and will be used by hackers for man in the middle attacks to compromise your data and systems. SMBv1 is a weak protocol and should not be used in your environment. There are still a lot of Windows Servers 2012 R2 in the world running in datacenters with SMBv1 by Default enabled. To make your Windows Server more secure, you can disable SMBv1 protocol via a Group Policy Object (GPO).

In the following steps we will disable SMBv1 on Windows Servers via GPO.

Open Group Policy Management in your Domain.

Click on Group Policy Object with your right mouse button.
Click on New.

Give your policy a Name.

I made also an temporary Exception policy.

Right click on your new Policy Object.
Click on Edit.

Go to Computer Configuration => Preferences => Windows Settings
Click on Registry.

Click on New and then on Registry Item.

Here you have to add the following Registry Properties:

Set these settings.

Set Path: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Click on Apply for these Registry settings.

SMBv1 Disable setting is set in the Policy Object.

This is the path where we push the policy via GPO.

Here we Link the Existing GPO to the OU with the Windows Server 2012 R2
to disable SMBv1 Protocol.

Select your new Policy to disable SMBv1 Protocol.

We have now Linked the new GPO to Disable SMBv1

GPUpdate /force on your Server to disable SMBv1
To get the new GPO active on your Server.

Policy Update successfully.

GPResult /r to see the results.

Get-SmbServerConfiguration | Select EnableSMB1Protocol

or

Get-SmbServerConfiguration

You can still as a administrator enable SMBv1 on your Server with :

Set-SmbServerConfiguration -EnableSMB1Protocol $true

When the Server gets a reboot, SMBv1 will be disabled by GPO again.

When you have maintenance window for updates for example, you can un-install the SMBv1 Feature in Server Manager. This procedure needs a restart of the Windows Server.

Go to Server Manager remove features.

Click on Remove Roles and Features.

Remove the mark at SMB 1.0/CIFS File Sharing Support Feature.

Click on Remove.

Click on Close and Reboot the Server

Now SMBv1 protocol on the Windows Server is disabled and will use a higher version of SMB like version 2.x or 3.x.

More Microsoft information can be found here on Docs.

SMB over QUIC on Windows Server 2022

SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. QUIC is an IETF-standardized protocol with many benefits when compared with TCP:

  • All packets are always encrypted and handshake is authenticated with TLS 1.3
  • Parallel streams of reliable and unreliable application data
  • Exchanges application data in the first round trip (0-RTT)
  • Improved congestion control and loss recovery
  • Survives a change in the clients IP address or port

SMB over QUIC offers an “SMB VPN” for telecommuters, mobile device users, and high security organizations. The server certificate creates a TLS 1.3-encrypted tunnel over the internet-friendly UDP port 443 instead of the legacy TCP port 445. All SMB traffic, including authentication and authorization within the tunnel is never exposed to the underlying network. SMB behaves normally within the QUIC tunnel, meaning the user experience doesn’t change. SMB features like multichannel, signing, compression, continuous availability, directory leasing, and so on, work normally.

Client Server Handshake and Data transfer differences.

Here you find a Great blogpost of Ned Pyle

SMB over QUIC: Files Without the VPN

Conclusion

When you still have Windows Servers running with SMBv1 by default enabled, for security you should disable SMBv1 protocol as soon as possible! Otherwise you make it easy for hackers to compromise your data with man in the middle attacks. In Windows Server 2019 and higher SMBv1 is disabled by default. Have a look at SMB over QUIC in your test environment and learn how secure it is and how it works for your security and data.


Leave a comment

#WindowsInsiders 11 Preview Enterprise Build in #Azure Cloud

Windows 11 Enterprise Preview in Azure

When you joined the Microsoft Windows Insider Programย you can use the Windows 11 preview build images from the Azure Marketplace.
Here you can see the Windows 11 Preview plans in the Microsoft Azure Market place.

As a Windows Insider it’s great to have your machine in the Microsoft Azure Cloud to test new features of Windows 11 Preview. You don’t have to buy compatible hardware for Windows 11 Preview, and you only pay for the machine when you use it in the Cloud.
Here you find the Windows 11 Preview minimal requirements.

In the following steps I deploy Windows 11 Preview Enterprise in Azure Cloud.

Create your Windows 11 Preview Machine in Azure Cloud.

For this you need a Microsoft Azure Subscription to create a Windows 11 Preview Virtual Machine in the Cloud. In the Azure template for deployment you can select the right size Virtual Machine, Storage, networks, and Management extensions like security and Azure Monitor.

Before you Connect your Windows 11 Preview VM, make sure the security for RDP is set in the Network Security Group (NSG)

Set security for your RDP session in the NSG.

Go to Settings => Windows Update => Windows Insider Program.
Click on Get Started.
First step link an account to join the program.
(This must be your Windows Insiders account)

Sign in selection and continue.

IMPORTANT

Here you select your Windows Insider Channel, read the information and choose your
Windows Insider Build Channel. As a Windows Insider MVP I choose for the Dev Channel to give feedback to the product Team and get the first new features of Windows 11 Preview.

Read the recommendations and click on Continue.

Review the Agreements for your Device.
Click on Continue if you agree.

Restart the Virtual Machine into the Dev Channel for
the latest updates.

Set your Windows Update Advanced options.

Here we have Windows 11 Preview Insider Build 22000.160 on Azure Cloud ๐Ÿ˜‰

After this I went to the Windows Insider Feedback Hub to do my settings :

At Settings of the Feedback Hub you can update the software.
and of course your personal settings.

I Like the Windows Insider Feedback Hub in Dark mode.

IMPORTANT

When you are ready with testing and sending feedback to Microsoft don’t forget to Stop the Virtual Machine! This save you money.

Conclusion

Microsoft Azure Cloud Services and Windows 11 Preview Insider Builds working together gives you flexibility and as a Windows Insider you can test every Windows 11 Preview Build from any place with a Internet connection. I like to give Microsoft feedback to make Windows Awesome for everyone on the planet ๐Ÿ™‚

Follow Windows Insiders on Twitter :

@WindowsInsider

Jason Howard

Amanda Langowski

Brandon LeBlanc

Eddie Leonard

Jen Gentleman

Windows 11

 

 


Leave a comment

Azure Monitor Insights for Arc enabled Kubernetes Clusters anywhere #Azure #Kubernetes

Azure Monitor Insights for Monitoring your Containers.

In the last blogpost I wrote about Microsoft Azure Arc Services and how to connect a Docker for Desktop Kubernetes Cluster for testing your DevOps solution like Container Apps, Functions, App Services in a test environment. Here you find the Link to the Installation.

One of the Microsoft Azure Arc features is Azure Monitor Insights for monitoring your Kubernetes Cluster and the Containers.

Azure Arc Insights for Kubernetes Cluster anywhere

In the following step-by-step guide we will configure Azure Monitor Insights for your Kubernetes Cluster.

I Connected my Analytics Workspace CloudMVPLab.
Click on Configure.

Onboarding your Kubernetes Cluster will take some minutes.

After a while your Kubernetes Cluster Analytics data will show in Insights.

Here you see a navigation bar with the following topics

  • What’s New
  • Cluster
  • Reports
  • Nodes
  • Controllers
  • Containers.

Insights reports of the Kubernetes Cluster

Here you can Click on default reports of your Kubernetes Cluster.

Storage Capacity and Health Status report of your Kubernetes Cluster.

Storage Capacity more in Details.

Deployments Report of your Kubernetes Cluster.

Workload details Report of your Kubernetes Cluster.

Kubelet report of your Kubernetes Cluster

Data Usage of your Kubernetes Cluster

Data Usage

Insights the Nodes of the Kubernetes Cluster

Insights of the Nodes and on the right you can view Analytics.

Here you can work with Log Analytics on your Cluster.

Insights in Controllers of your Kubernetes Cluster

Insights of your Controllers

Insights Containers of your Kubernetes Cluster

Container Insights of your Kubernetes Cluster

Container Insights with Azure Log Analytics.

So with Azure Arc Enabled Kubernetes Clusters you can monitoring your Cluster and running Containers to keep you in Control on what is happening on the Cluster but also with your Container Apps and microservices. After this you can set Alerts and notifications when something is going wrong or offline. With this running you can start running your own App services, Containers or Azure functions on your Kubernetes Cluster.

Microsoft Senior Cloud Advocate Thomas Maurer explains in this awesome video how to add Azure App Services to your Kubernetes Cluster

Conclusion

This configuration with Docker for Desktop Kubernetes Cluster is for testing purpose only and can be used for your own DevOps solutions before you deploy on Production Ready Clusters. With Azure Arc Enabled Kubernetes Clusters you get the powerful Microsoft Azure Features and solutions in a secure way on your Kubernetes Cluster. I wish you lot of success with Azure Arc Enabled Kubernetes Clusters to make Awesome Apps and IT solutions for the Business ๐Ÿ˜‰