Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

MVPLAB Serie Cluster Aware Updating – CAU for Windows Server Insider #WindowsServerInsider #MVPBuzz #Winserv

Cluster Aware Updating (CAU)

In my last MVPLAB Serie blogpost, I wrote about setting-up a Microsoft Domain mvplab.local and making a Windows Server Insider Cluster with an iSCSI Target Host Server for Shared iSCSI Storage provisioning. First thing I did was Installing Windows Admin Center for Hybrid IT Management. With WAC we can Manage the Cluster Nodes but also the Cluster, Installing new features via Windows Admin Center like Kubernetes for running Containers and microservices. But first we start with Microsoft Cluster Aware Updating to keep your Cluster up-to-date.

Windows Admin Center Cluster Manager

Installing Cluster Aware Updating

In the following steps you can see how easy it is to install Cluster Aware Updating with Windows Admin Center on your Windows Server Cluster, in my case mvpcl01.mvplab.local

Go to your Windows Server Insider Cluster

In Cluster Manager, go to Updates.
Click on Add Cluster Aware Updating Role

Successfully configured Cluster Aware Updating (CAU)

On both Cluster Nodes is the Update Available.
Click on Install

Click on Install

Look at the status to see what is happening on the Cluster Nodes.

First Cluster Node is done

Both Cluster Nodes are updated successfully.

Here you can read more about Microsoft Cluster Aware Updating

Conclusion

Microsoft Windows Admin Center is the Administrator Management tool to use in your hybrid datacenter. You see how easy it is to configure Cluster Aware Updating (CAU) on your Cluster. When you use Windows Server Core or Azure Stack HCI then Windows Admin Center is really handy instead of command-line tools or PowerShell scripting.  here you can find more information about
Cluster Aware Updating requirements and Best Practices

Here you can JOIN the Windows Admin Center Community Group on LinkedIn


Leave a comment

MVPLAB Serie Windows Server Insider Cluster with ISCSI Target Server #WindowsServerInsider #Winserv

mvplab.local Domain

I have made a new MVPLAB with Microsoft Windows Server Insider Preview Build 25158 to install Services and Features for learning but also to give Microsoft feedback about the products. When the MVPLAB domain and Clusters are ready in basic then I can use new Microsoft Azure Hybrid solutions as well, like Azure Arc Kubernetes services and Azure Cloud Defender for Servers and SQL.
Before we start, you need to become a Windows Server Insider so that you can download the newest Windows Server Insider Builds ISO.
Here you get more information for the Windows Server Insider Program registration 

After the free registration you can download the new Microsoft Windows Server Insider Builds here :

While I’m writing a new blogpost, Microsoft published a new Build 25169.
Here you can download the ISO or VHDX file

To Build your Test and innovation LAB with the newest Microsoft technologies, you need a platform to Build on. Of course Microsoft Azure Cloud Services is Awesome to work with and Great to make test environments but I like to make a Azure Hybrid scenario with Azure Cloud and On-premises datacenter services like for example a Microsoft SQL Cluster with Cluster resources / Instances.
So my MVPLAB will be Azure Hybrid and for On-premises I use Windows Server Hyper-V to make virtual servers.

It’s Great when your hardware provider like Dell is Microsoft Azure Stack HCI compliant to build your Hyper Converged Infrastructure in your on-premises datacenter.

Microsoft Azure Stack HCI Solution

When you work with Microsoft Azure and Azure Stack HCI, you really need Windows Admin Center for Hybrid IT Management.
This is a Great Administrator tool for managing your Windows Servers, Clusters, Azure Stack HCI, and Azure VM’s in a Hybrid environment.

Windows Admin Center Cluster Overview

Now that we have everything and Hyper-V is running, we will build the Following Windows Servers with the Insider Preview Build:

  • MVPDC01 ( the first domain controller for mvplab.local domain )
  • MVPStore01 ( ISCSI Target Host for deploying ISCSI Virtual Disks to my Cluster)
  • MVPFS01 ( Cluster Node 01 of Cluster MVPCL01 )
  • MVPFS02 ( Cluster Node 02 of Cluster MVPCL01 )

I install all the virtual servers with 50GB local harddisk for OS and start with 4GB of Dynamic Memory and a Nic.
Only the Cluster nodes get two Nics (One for Heartbeat of the Cluster)
This is for my MVPLAB, but for Production environments I always start with 3 Nics ( 1 = Production 2 = Heartbeat 3 = Storage )

In Hyper-V we make a New Virtual Machine with these specifications and we attach the Windows Server Insider Preview Build ISO.
We install Windows Server Insider Preview Build default and after the installation we set the NIC IP-Address on static and gave the Server the name MVPDC01. Then I installed all the Windows Updates, and after that I started Server Manager to install the Active Directory Feature :

Active Directory just follow the wizard and don’t forget to run DCPromo to
build your domain.

Active Directory and DNS is running locally like
mvplab.local

So now is my domain and DNS running in my MVPLAB, but what do I need more first to build a Windows Server Insider Cluster?
We need Shared storage, so we build a Windows Server Insider ISCSI Target Host to provision Shared VHD’s via ISCSI Initiator to the Cluster Nodes.

The Next member Windows Server Insider is MVPStore01.mvplab.local joined in our new domain. Here I installed the iSCSI Host features:

Start Server Manager and the Add Server role :
– iSCSI Target Server
– iSCSI Target Storage Provider

Click on Install

In Hyper-V Settings of the Virtual Machine MVPStore01, I have installed a extra disk of 25GB so that we can use that for iSCSI Target Host which is now running on this Server. Now we can provision storage when the new Windows Server Insider Cluster MVPCL01.mvplab.local is installed with the iSCSI Initiator to get Cluster storage. So now we are first going to build a Windows Server Insider Cluster and after that we will provision the Cluster Storage.

Installing a Windows Server Cluster with Insider preview Build 25158.

I deployed two member servers MVPFS01.mvplab.local and MVPFS02.mvplab.local into the new domain. they have static IP-Address and are working fine with DNS resolving. On both Servers I installed the Feature Failover Clustering

Failover Clustering Installed.

from here we are going to install the new Windows Server Insider Cluster MVPCL01.mvplab.local

Start Failover Cluster Manager.
Create Cluster.

Click on Next

select the two new Cluster Nodes
Click on Next

Select Yes, run configuration validation tests
Click on Next

Click on Next

Run all tests
Click Next

Confirmation
Click Next

Type in the new Cluster name => mvpcl01
IP-Address => 192.168.2.43
Click Next

Confirmation
Click on Next

Creating Cluster….

We now have a Cluster mvpcl01.mvplab.local running, but without storage and without the witness disk. the iSCSI initiator is running on both Cluster nodes, so now we have to provision storage to the Cluster via the iSCSI Target Host MVPStore01.mvplab.local.

iSCSI Storage provisioning to Windows Server Insider Cluster

via the Server Manager of the iSCSI Target host, we are going to create a new iSCSI Virtual Disk for both Cluster Nodes :

Click on New iSCSI Virtual Disk

iSCSI Virtual Disk Name
Click on Next

Type in the Size I’m using 20GB of 24,9 because I need also a Quorum disk for the Cluster.
Select Fixed Size.
Click on Next.

New iSCSI Target
Click on Next

Give the iSCSI Target a Name
Click on Next

Add the Access Servers via iSCSI Initiator
Click on Next

Here you can set Authentication if you want.
Click on Next

Confirmation
Click on Create

the iSCSI Virtual Disk is successfully created.

the iSCSI Target VHD is not connected yet.
Now we connect with iSCSI Initiator from the Cluster Nodes.
The work on iSCSI Taget Host MVPStore01.mvplab.local is Done.

When you start the iSCSI Initiator it will set the services and the firewall settings on the Server.
You have to do this on both Cluster nodes.

First we add the Target portal and that is our iSCSI Taget Host MVPStore01.mvplab.local with
IP-Address 192.168.2.46 with port 3260.
This is under the discovery tab.

Select Targets tab
you see the Target mvpstore01 Inactive.
Select and click on Connect.

If you had Multi-path IO running, you could enable Multipath too.
Click on Ok

The iSCSI Taget Virtual Disk is connected.

On the iSCSI Target Host MVPStore01.mvplab.local is the target now also in Connected status.

You now can now bring the 20GB disk Online via Disk Management and give it a drive letter
for the Cluster.
Then you can add the 20GB disk via Storage of Cluster Manager tool.

 

 

You can make Cluster Shared Volume.

I made a Cluster for a SQL Instance and I made
a 2GB iSCSI Taget VHD for the Witness Disk.

So Now we have Cluster storage running and failovers are working, now we need to configure Quorum witness disk via
Failover Cluster Manager.

Go to more actions on the Cluster.
Configure Cluster Quorum

Click on Next

Select the quorum witness
Click on Next

You can configure your witness on different locations.
I will select our 2GB witness disk on our Cluster

Select the Quorum disk
Click on Next

Confirmation
Click on Next

You have successfully configured the quorum settings for the Cluster
Click on Finish

Witness disk is running.

So my Microsoft Windows Server Insider Cluster is ready for workloads, if you want to you can run a Cluster validation to see
if everything is okay. Now my MVPLAB is ready for the next installation on my Cluster and that is :

Installing the Newest SQL Server 2022 CTP2.1 on my Windows Server Insider Cluster.

But that will be a next Blogpost : Installing SQL Server 2022 CTP2.1 on a Windows Server Cluster 😉
Follow me on Twitter : @Jamesvandenberg

 


Leave a comment

#Microsoft Windows Server 2022 Insider Preview Build 25140 #Winserv #WindowsServerInsider #WAC

Here you can Download Windows Server Insider Preview Build

Ps. I downloaded the VHDX file for Hyper-V, but you can get also the ISO file here.

Getting started with the Windows Insider Program for Windows Server

Get exclusive access to Windows Server Insider Previews and Remote Server Administration tools and help shape the future of Windows Server in the Windows Insider Program for Windows Server. Register here for the Windows Server Insider program 

From here you can build your own local domain and Clusters in your LAB to test all the Features Windows Server 2022 Insider Preview Build 25140 has. Checking new Security features and doing your own pen tests.

Windows Server 2022 Insider Preview Build 25140.

Microsoft Vulnerable Driver Blocklist 

Testing security with Kali Linux Rolling distro in WSL 2.0 against Windows Server Insider
in my Lab. And give feedback about features and or issues on Windows Server Insider :

Give feedback on Windows Server Insider Preview Builds

And of course don’t forget Windows Admin Center for your LAB to manage your Servers, Azure Virtual Machines and your Clusters. You can download WAC here

What is new in preview is Windows Admin Center in the Azure Portal with Azure Arc Enabled Servers.

Windows Admin Center in the Azure Portal for Arc Enabled Servers 😉
Manage your Servers from the Cloud.

Conclusion

With Windows Server Insider Builds and Windows Admin Center, you can test and make your own LAB environment together for free. You can give the Microsoft product group feedback to make the product better. In the mean time your are learning new features and security in Windows Server Insider Preview Build and WAC before you go into production 🙂
I say a good win win situation and it’s fun to setup your own hybrid LAB.

Follow Microsoft Windows Server Insider Team on Tech Community

 

 

 


Leave a comment

Running #Ubuntu and #Debian Linux distro on Windows Server 2022 Preview with #WSL2

Running Ubuntu and Debian Linux Distro on Windows Server 2022
Preview Build 25120.1010 with WSL 2.0

In the Week of MS-Build 2022 Event, Microsoft is announcing that WSL 2.0 is coming to Windows Server 2022 Preview Build on twitter.

In the following step-by-step guide we will install Windows Subsystem for Linux 2.0 (WSL) on Microsoft Windows Server 2022 Insider Preview Build 25120.1010 to run Ubuntu and Debian Linux Distro’s.

Here you can download Windows Server 2022 Insider Preview Build ISO or VHDX disk
when you are registered as a Windows Insider.

Windows Server 2022 Insider Preview Build 25120 Installed.

Install the latest updates.

Open Windows Server Manager.

I Have installed the following :

  • Containers ( because I like this for later in my MVP Lab )
  • Hyper-V
  • Windows Subsystem for Linux
  • VirtualMachine Platform
  • Reboot the System after installation.

dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

When the Virtual Server is up, you have to bring it down to make nested virtualization possible when you run your server on a Hyper-V Host like me.

On the host in PowerShell administrator mode :

Set-VMProcessor -VMName WIN2022 -ExposeVirtualizationExtensions $true

Start the Virtual Machine.

wsl –install

wsl –update

WSL 2.0 is Installed

wsl –status

wsl –install -d Ubuntu

I did the same for Debian wsl –install -d debian

Here you can see both Linux distro’s on Windows Server.

Here we are running both WSL 2.0 Linux distro’s Ubuntu and Debian on Windows Server Insider Preview Build together at the same time 😉

Here I’m running VSCode on Remote WSL Debian Linux distro.

More information about Microsoft WSL you can find here on Docs.

Important:

All this is still in Preview and not ready for production environment yet. I installed this all in my MVP Test Lab for learning and testing. Hope you find this useful for your test environment to play with the newest Windows Server 2022 Insider Preview and WSL 2.0 with
all kind of Linux distro’s.


Leave a comment

Windows Admin Center and Deploying Windows Server Insider Build 25099 Core #WindowsAdminCenter #Winserv #WIMVP

Windows Admin Center Version 2110.2 Build 1.3.2204.19002

Windows Admin Center is a customer-deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows PCs. It comes at no additional cost beyond Windows and is ready to use in production. Learn more about Windows Admin Center.

Benefits

  • Simple and modern management experience
  • Hybrid capabilities
  • Integrated toolset
  • Designed for extensibility

Languages
Chinese (Simplified), Chinese (Traditional), Czech, Dutch (Netherlands), English, French, German, Hungarian, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Swedish (Sweden), Turkish

In the following step-by-step guide I will deploy Windows Server 2022 Insider Build 25099 Core Edition with Windows Admin Center tool together with some great features for managing Windows Servers in a secure hybrid way with Microsoft Azure Cloud services. Like Azure Defender for Cloud, Azure Backup Vault, Azure Monitor, Security and more.
So I have Windows Admin Center 2110.2 installed and I have a Windows Server 2022 Hyper-V Server for my Virtual Machines in my MVPLAB Domain.
Now we will deploy the new Windows Server 2022 Insider Preview Build 25099.

In WAC on my Hypervisor in Virtual Machines

When you explore and open your Hyper-V Host and go to Virtual Machines, you can Click on Add and then on New for Creating your Windows Server Insider VM.

Create a New Windows Server Insider VM called StormTrooper01

Here you can configure your new Windows Server 2022 Insider VM with the following :

  • What kind of Generation VM (Gen 2 Recommended)
  • The path of your Virtual Machine and the path of your virtual disk(s)
  • CPU and you can make nested Virtualization too
  • Memory and use of Dynamic Memory
  • Network select the Virtual Switch
  • Network Isolation by VLAN
  • Storage, Create the size of the Virtual Disk. Choose an ISO or Select an existing VHD(x)

I Created a New 70GB OS Disk
and I want to Install the New Windows Server Insider OS from ISO.
Click on Browse

Here you Browse Default on your Hyper-V Host and select the ISO.

When the Windows Server ISO is selected you can hit Create

We get the Notification that the virtual machine is successfully created.

Only the Virtual Machine is now made with your specs and visible on the Hyper-V Host.
Select the New Virtual Machine (StormTrooper01) click on Power and hit Start.

After you started the VM, you can double click on it and go to Connect.
Click on Connect to the Virtual Machine.

Now you are on the console via VM Connect.

Click on Install Now

We are installing Windows Server 2022 Insider Core edition, because we have WAC 😉

Installing Windows Server 2022 Insider Core Preview Build 25099 via Windows Admin Center

Create New Administrator Password.

And here we have Sconfig of the Windows Server 2022 Core.
via Virtual Machine Connect.

Now we can add and connect the New Virtual Machine with Windows Server 2022 Insider Preview Build in Windows Admin Center via IP-Address.

The Next step is to join the Windows Server 2022 Insider to my Domain MVPLAB.

Click on the Top on Edit Computer ID
Click on Domain and type your domain name.
Click op Next
Add your administrator account for joining the server
Reboot the VM.

Windows Server 2022 Insider Preview Core edition is domain joined.

Now we have the New Microsoft Windows Server 2022 Insider Preview Build 25099 running in Windows Admin Center, we can use all the tooling provided by WAC also in a Azure Hybrid way. Think about Azure Defender for Cloud, Azure Monitor. In Microsoft Windows Admin Center we also have a topic Azure Hybrid Center :

Here you see all the Azure Hybrid benefit features for your Windows Server 2022 Insider.

  • Microsoft Azure Arc
  • Azure Backup
  • Azure File Sync
  • Azure Site Recovery
  • Azure Network Adapter
  • Azure Monitor
  • Azure Update Management
  • and More…

Microsoft Azure and the Windows Admin Center Team made the wizards customer friendly and easy to get those Azure Hybrid services for your Windows Server.
When you have your Server running, you want to make backups and Monitoring your Server for management. And after that you want to be in control of your security of your new Server. In the following steps you see some examples on the same Windows Server 2022 Insider Preview Build:

Microsoft Azure Backup via WAC

Click on Azure Backup
Select your Azure Subscription and the Azure Backup Vault.
Select your data and make the schedule.

Enter the Encryption passphrase and Apply.

Here you have Azure Backup Vault working together with WAC.

Azure Defender for Cloud Security

Click op Microsoft Defender for Cloud
Click on Setup
Add the right Azure Subscription and Workspace
Click on Setup.

Configuring Azure Defender for Cloud agent and Subscription.

Azure Defender for Cloud in Windows Admin Center on your Windows Server 2022 Insider Preview Build.

In Windows Admin Center there is also a Security tab for the Windows Server.

Here you can see your Secured-Core status

Here you can see if your system is supported for this security features 🙂

Enable the supported features and Restart de Virtual Machine.

And here you see my status overview.

Further more you can manage RBAC in Windows Admin Center when you have to work with different kind of users.

You can find RBAC in settings.

Conclusion

Windows Server Insider Core edition and Windows Admin Center are working better together! You have all the tools you need to startup your Windows Server and
manage it with WAC. Windows Admin Center is getting better and better to manage your Hybrid Datacenter and keep you as an Administrator in Control!
So is how I manage my MVPLAB but also for Production workloads I use Windows Admin Center and the Azure Portal together. With Microsoft Azure Arc Services
Azure Hybrid becomes your solution where Windows Admin Center can Support you with making Azure Stack HCI Clusters with Azure Kubernetes for your DevOps environment.

Windows Admin Center Community Group on LinkedIn


Leave a comment

Try #Sysctr VMM 2022 and #AzureStackHCI Cluster #SCVMM

System Center 2022 includes:

  • System Center Operations Manager: Monitor health, capacity, and usage across applications, workloads, and infrastructure.
  • System Center Orchestrator: Automate your datacenter tasks; efficiently create and execute runbooks using native PowerShell scripts.
  • System Center Virtual Machine Manager: Deploy and manage your virtualized, software-defined datacenter with a comprehensive solution for networking, storage, compute, and security.
  • System Center Service Manager: Automated service delivery tool for incident resolution, change control, and asset lifecycle management.
  • System Center Data Protection Manager*: Protect your data with backup, storage, and recovery for private cloud deployments, physical machines, clients, and server applications.

*System Center Data Protection Manager will be available on a later date on May 1st, 2022.

Need more information about the next version of System Center? Visit the System Center product site.

Evaluate System Center 2022 for 180 Days

What’s new in System Center Virtual Machine Manager

Deploy and manage Azure Stack HCI clusters in VMM

Set up an SDN network controller in the VMM fabric


Leave a comment

#Microsoft Windows Server and SMB Protocol #Winserv #WindowsServer2022

Server Message Block (SMB)

The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.
Here you can see the versions of MS-CIFS and download free white papers

Today SMBv1 is a not save protocol and will be used by hackers for man in the middle attacks to compromise your data and systems. SMBv1 is a weak protocol and should not be used in your environment. There are still a lot of Windows Servers 2012 R2 in the world running in datacenters with SMBv1 by Default enabled. To make your Windows Server more secure, you can disable SMBv1 protocol via a Group Policy Object (GPO).

In the following steps we will disable SMBv1 on Windows Servers via GPO.

Open Group Policy Management in your Domain.

Click on Group Policy Object with your right mouse button.
Click on New.

Give your policy a Name.

I made also an temporary Exception policy.

Right click on your new Policy Object.
Click on Edit.

Go to Computer Configuration => Preferences => Windows Settings
Click on Registry.

Click on New and then on Registry Item.

Here you have to add the following Registry Properties:

Set these settings.

Set Path: HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Click on Apply for these Registry settings.

SMBv1 Disable setting is set in the Policy Object.

This is the path where we push the policy via GPO.

Here we Link the Existing GPO to the OU with the Windows Server 2012 R2
to disable SMBv1 Protocol.

Select your new Policy to disable SMBv1 Protocol.

We have now Linked the new GPO to Disable SMBv1

GPUpdate /force on your Server to disable SMBv1
To get the new GPO active on your Server.

Policy Update successfully.

GPResult /r to see the results.

Get-SmbServerConfiguration | Select EnableSMB1Protocol

or

Get-SmbServerConfiguration

You can still as a administrator enable SMBv1 on your Server with :

Set-SmbServerConfiguration -EnableSMB1Protocol $true

When the Server gets a reboot, SMBv1 will be disabled by GPO again.

When you have maintenance window for updates for example, you can un-install the SMBv1 Feature in Server Manager. This procedure needs a restart of the Windows Server.

Go to Server Manager remove features.

Click on Remove Roles and Features.

Remove the mark at SMB 1.0/CIFS File Sharing Support Feature.

Click on Remove.

Click on Close and Reboot the Server

Now SMBv1 protocol on the Windows Server is disabled and will use a higher version of SMB like version 2.x or 3.x.

More Microsoft information can be found here on Docs.

SMB over QUIC on Windows Server 2022

SMB over QUIC introduces an alternative to the TCP network transport, providing secure, reliable connectivity to edge file servers over untrusted networks like the Internet. QUIC is an IETF-standardized protocol with many benefits when compared with TCP:

  • All packets are always encrypted and handshake is authenticated with TLS 1.3
  • Parallel streams of reliable and unreliable application data
  • Exchanges application data in the first round trip (0-RTT)
  • Improved congestion control and loss recovery
  • Survives a change in the clients IP address or port

SMB over QUIC offers an “SMB VPN” for telecommuters, mobile device users, and high security organizations. The server certificate creates a TLS 1.3-encrypted tunnel over the internet-friendly UDP port 443 instead of the legacy TCP port 445. All SMB traffic, including authentication and authorization within the tunnel is never exposed to the underlying network. SMB behaves normally within the QUIC tunnel, meaning the user experience doesn’t change. SMB features like multichannel, signing, compression, continuous availability, directory leasing, and so on, work normally.

Client Server Handshake and Data transfer differences.

Here you find a Great blogpost of Ned Pyle

SMB over QUIC: Files Without the VPN

Conclusion

When you still have Windows Servers running with SMBv1 by default enabled, for security you should disable SMBv1 protocol as soon as possible! Otherwise you make it easy for hackers to compromise your data with man in the middle attacks. In Windows Server 2019 and higher SMBv1 is disabled by default. Have a look at SMB over QUIC in your test environment and learn how secure it is and how it works for your security and data.


Leave a comment

Windows Admin Center and Windows Server 2022 #Docker Host – Azure Container Instances and #AKS #WAC #Azure #Winserv

Windows Admin Center

Windows Admin Center runs in a web browser and can manage :

  • Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
  • Windows 11, Windows 10
  • Azure Stack HCI
  • Clusters
  • Containers; Docker, Kubernetes, AKS
  • Azure Virtual Servers, Azure integration via extensions like Azure Monitoring, Azure Security, and much more….
  • Lot of extensions to manage for example third party solutions.

This goes with the locally Windows Admin Center gateway installed on Windows Server or domain-joined Windows 10 /11.

Windows Admin Center Architecture.

Here you find more information about the Install options of Windows Admin Center

I’m working with Windows Admin Center every day to manage our datacenter and to mange my MVP LAB. When you have to install Windows Server Core
or Microsoft Azure Stack HCI Operating system, then Windows Admin Center is the right tool for you as an Administrator. You can use all the Server Manager tools via WAC
and you don’t have to work with Command-line tools only like CMD and PowerShell.


You can download Microsoft Windows Admin Center here

Installing Docker Host on Windows Server 2022

In my MVP LAB I have a Microsoft Windows Server 2022 Datacenter Edition Hyper-V Host, and I like to make a Docker Host Server for my Containers.
With Windows Admin Center it’s easy to roll out a Docker host Server for your Containers.
In the following steps I will Install a Docker Host Server on Windows Server 2022.

Open Windows Admin Center and connect to your Server.

I Have Container Extension installed version 1.150.0

Click on Containers and Click on Install
Windows Admin Center will Restart your Server for the Docker Installation!

Hang on while Docker Host will be Installed on Windows Server 2022.

Docker Host Installed Successfully.

Docker Host Container Overview Screen on Windows Server 2022.

From here you can Pull containers images to the Docker Host.
This is what I did but…..

Instead of pulling a Container Image you can also Create your Own Container Image.

Here I’m Pulling a ASP.NET Container Image from Microsoft.

Pulled Container Image Successfully.

The ASP.NET Container Image is now Available on the Docker Host.

Select the Container Image and Click on Run.

Give the Docker Container a name.
You can Manage the ports,
Hyper-V Isolation,
Memory,
CPU
And add addition Docker Run options,
Click on Run.

The ASP.NET Docker Container is running on Windows Server 2022.

When you Click on the running Container you will get options like :
Stats, Details, Logs, Console and Events.
When you Click on Console you will go remote by PowerShell to the Docker Host.

Here you got all the Docker commands 😉

And of course when you want to develop Containers as a developer you can use Microsoft Visual Studio Code as well.

The ASP.NET Container in VSCode.
Download Microsoft Visual Studio Code here

(I’m using Visual Studio Code Insiders version in my MVP LAB)

Microsoft Azure Container Instances

Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.

Azure Container Instances is a great solution for any scenario that can operate in isolated containers, including simple applications, task automation, and build jobs. For scenarios where you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, we recommend Azure Kubernetes Service (AKS).

For my MVP LAB Azure Container Instances (ACI) is a great way to run Containers fast in the Cloud and have a overview with Windows Admin Center for :

Here you have a overview of your Azure Container Instances in Windows Admin Center.

In the following steps I will create an Azure Container Instance via the Microsoft Azure Portal and show it in Windows Admin Center. For this you need to integrate Windows Admin Center with your Microsoft Azure Subscription. This you can do in settings of WAC:

Register your Azure Subscription with Windows Admin Center for Hybrid Benefit.
Here you find more information about Azure integration with Windows Admin Center

When you have your Azure Account active in Windows Admin Center, go to the Microsoft Azure Portal and search for Container instances.

Click on Create Container Instances

Here you set the basics of your Azure Container Instance

Here you set the following items for your Azure Container Instance (ACI) :

  1. Select your Azure Subscription which is integrated with your Microsoft Windows Admin Center.
  2. Select or Create the Resource Group for your Azure Container Instance.
  3. Give your Container a name.
  4. Select the Region in Microsoft Azure where you want your Azure Container Instance to run.
  5. Availability zones to select.
  6. Select your Image Source, I selected Quickstart images of Microsoft, but you can also select your own Container image.
  7. Then select the size for vcpu, memory, gpus for your Azure Container Instance application.

Click on Next for Networking.

I Selected Public for testing but here you can select private too
with your own DNS name Label with the
right ports and protocols.

At Advanced settings you can configure additional container properties and variables

here you can TAG the Owner of the Azure Container Instance.
Click on Review + Create.

Now you can Click Create or Download the template for Automation.

Have a look at the Options here what you can do with the Template from here.

Microsoft Azure Container Instance is Deployed and running.

Nginx Container Instance is running on Azure.

Now we have the Microsoft Azure Container Instance with Nginx running in the Cloud, we can see that in Windows Admin Center.

Azure Container Instance in Windows Admin Center in running state.
When you don’t need it anymore you can end it here or in the Azure Portal.

Azure Container Instance is stopped by Windows Admin Center.

Run your Own Azure Container Instances from the ACR via
Windows Admin Center.

Manage Kubernetes Clusters and Containers with Windows Admin Center

Azure Kubernetes Service (AKS) on Azure Stack HCI is an on-premises implementation of Azure Kubernetes Service, which automates running containerized applications at scale. Azure Kubernetes Service is available on Azure Stack HCI, Windows Server 2019 Datacenter, and Windows Server 2022 Datacenter, making it quicker to get started hosting Linux and Windows containers in your datacenter. This is the High Available Container Solution on-premises from Microsoft, where you can run Containers and microservices in a isolated way in your datacenter with your DevOps Team. But you can also make your Azure Stack HCI Cluster hybrid with Azure integration and Azure Arc Services to benefit of Azure Hybrid Services.

 

Setup AKS on Azure Stack HCI with Windows Admin Center

Create your Own locally Azure Stack HCI Cluster with Azure Kubernetes Services

Conclusion

Microsoft product team of Windows Admin Center | Windows Server | Azure Stack HCI are working hard to make the Windows Admin Center Tool better and better to install and manage Container / microservices solutions. With Microsoft Azure extensions in Windows Admin Center and Azure Arc Services, Microsoft features from the Azure Cloud becomes available for your Containers like Azure Defender for Cloud with Container Insights, Azure Monitor, Azure App Services and much more.
Windows Admin Center is a Great Server Manager tool for your Windows Servers in your Datacenter. Especially when you use Windows Server Core or Azure Stack HCI.

Important:

Some features in Windows Admin Center are preview and not production ready yet, like ACR and ACI Integration I just showed in preview.
Please feel free to provide Microsoft feedback on Windows Admin Center here.

JOIN Windows Admin Center Community Group on LinkedIn


Leave a comment

Windows Admin Center 21.10 Packet Monitoring Preview Extension #WAC #Winserv

Windows Admin Center Packet Monitoring

Packet monitoring allows you to diagnose your server by capturing and displaying network traffic through the networking stack in a log that is filtered, organized, and easy to follow and manipulate.​

Download Windows Admin Center Here

Filter the Captured packets by PacketMon.

Before you start the capture you can set the filter, with great options and see differences between two IP-Addresses for example.

Capture is running.

You can explore every packet in details for trouble shooting.

You can save your Captures for later.

Conclusion

A great tool for trouble shooting in Windows Admin Center 21.10 with Packet Monitoring (preview) to get the bits and bytes in detail.


Leave a comment

Windows Admin Center 21.10 Build 1.3.2111.01001 Secured-Core #Security #WindowsAdminCenter

Windows Admin Center Security

Secured-core – recommended for the most sensitive systems and industries like financial, healthcare, and government agencies. Builds on the previous layers and leverages advanced processor capabilities to provide protection from firmware attacks.

In Windows Admin Center Security you can Configure Secured-Core :

Secured-Core in Windows Admin Center 21.10

You can activate 6 secured-Core feature :

  • Hypervisor Enforced Code Integrity (HVCI)
  • Boot DMA Protection
  • System Guard
  • Secure Boot
  • Virtualization-based Security (VBS)
  • Trusted Platform Module 2.0 (TPM2.0)

You now can simply activate the Security Feature.
Needs a Reboot

Hypervisor Enforced Code Integrity (HVCI) is enabled.

More information about Secured-Core Features

Windows Admin Center Community on LinkedIn