Archive

Archive for the ‘Microsoft’ Category

Key features of the new Microsoft Azure Site Recovery Deployment Planner

Azure Site Recovery Deployment Planner is now GA with support for both Hyper-V and VMware.

Disaster Recovery cost to Azure is now added in the report. It gives compute, storage, network and Azure Site Recovery license cost per VM.

ASR Deployment Planner does a deep, ASR-specific assessment of your on-premises environment. It provides recommendations that are required by Azure Site Recovery for successful DR operations such as replication, failover, and DR-Drill of your VMware or Hyper-V virtual machines.  

Also, if you intend to migrate your on-premises workloads to Azure, use Azure Migrate for migration planning. Azure Migrate assesses on-premises workloads and provides guidance

 Key features of the tool are:

  1. Estimated Network bandwidth required for initial replication(IR) and delta replication.
  2. Storage type(standard or premium storage) requirement for each VM.
  3. Total number of standard and premium storage accounts to be provisioned.
  4. For VMware, it provides the required number of Configuration Server and Process Server to be deployed on on-prem.
  5. For Hyper-V, it provides additional storage requirements on on-premises.
  6. For Hyper-V, the number of VMs that can be protected in parallel (in a batch) and protection order of each batch for successful initial replication.
  7. For VMware, the number of VMs that can be protected in parallel to complete initial replication in a given time.
  8. Throughput that ASR can get from on-premises to Azure. 
  9. VM eligibility assessment based on number of disks, size of the disk  and IOPS, OS type.   
  10. Estimate DR cost for the target Azure  region in the specific currency.


When to use ASR Deployment Planner and Azure Migrate?

  • DR from VMware/Hyper-V to Azure
  • Migration from VMware to Azure

 

Download the tool and learn more about VMware to Azure Deployment Planner and Hyper-V to Azure Deployment planner.

 

 

 

New Technical Preview for Microsoft Windows Server management experience Project “Honolulu”, released

Modernized, simplified, integrated, and secure experiences. Project “Honolulu” Technical Preview 1711 update is now available!

Some cool new features were release like the Windows 10 client management: You can now add Windows 10 client machines as connections in Honolulu, and manage them with a subset of tools in the “Computer Management” Solution.

For more information on new and removed features check https://blogs.technet.microsoft.com/windowsserver/2017/12/01/1711-update-to-project-honolulu-technical-preview-is-now-available/

 

Automating the deployment of Hyper-V hosts with VMM 2016 with Baremetal deployment

To deploy a new Hyper-V host from bare metal, the following simple steps are carried out by System Center 2016 Virtual Machine Manager (VMM) :

  1. VMM Discovers the physical computer through out-of-band management (BMC)
  2. VMM Installs an OS image on the physical computer using a previously created physical computer profile.
  3. VMM Enables the Hyper-V role on the physical computer.
  4. VMM Brings the computer under VMM management as a managed Hyper-V host.

Now in order for that to happen, let’s see what pre-requisites you are required to provide first:

  1. DNS and Active Directory
    Create DNS entries and Active Directory account for the machine names.
  2. BIOS

    a. Set up the BIOS on the machine to support virtualization: Configuring the BIOS boot order to boot from (PXE)-enabled network adapter as the first device.
    b. Configure the BMC settings. Configure the logon credentials and IP address settings for the BMC on each computer.
  3. Add a PXE server environment: A PXE server integrated to VMM is required for Bare Metal deployment.
  4. Add resources to VMM library: Add a generalized virtual hard disk with an suitable OS to use as the base image, and driver files that will be added to the during installation of the OS.
  5. Create a Run As account. In VMM create a Run As Account with permissions to access the BMC.
  6. Create Physical Computer profiles: In the VMM library, create one or more physical computer profiles. These profiles include configuration settings, such as the location of the operating system image, and hardware and OS settings.


Now let’s have a look on the step by step to provision a Hyper-V host using Baremetal Deployment:

  1. Click Fabric > Servers > Home > Add > Add Resources > Hyper-V Hosts and Clusters.
  2. In the Add Resource Wizard > Resource location, select Physical computers to be provisioned as virtual machine hosts.
  3. In Credentials and Protocol select the Run As account with permissions to access the BMC. In the Protocol list, click the out-of-band management protocol that your BMCs use. If you want to use Data Center Management Interface (DCMI), click Intelligent Platform Management Interface (IPMI). Although DCMI 1.0 is not listed, it is supported. Make sure the correct port is selected.
  4. In Discovery Scope, enter the single IP address, the IP subnet, or the IP address range that includes the IP addresses of the BMCs

Note:

  • If you specify a single IP address, when you click Next, the computer is restarted.
  • If you specify an IP address range, when you click Next, information about the computer is displayed, and you can confirm that you specified the computer that you meant to.

4a. If you specified an IP subnet or IP address range the Target Resources page appears. Select the BMCs you want to provision as Hyper-V hosts.

  1. In Provisioning Options, click a host group for new Hyper-V hosts. Select the physical computer profile you want to apply.
  2. In Deployment Customization, provide information for each computer that you want to provision as a Hyper-V host:

Note: To remove a BMC from the list, select it and then click Remove.

For each BMC IP address in the list:

    • Click the BMC IP address and specify a unique computer name, without wildcard characters.
    • Select or clear Skip Active Directory for this computer name. The Active Directory check prevents deployment if the computer account already exists.
    • For each BMC IP address in the list:
    • Click on the Network Adapter (on the left) to modify the configuration, or fill in more information. You can specify the MAC address of the management NIC (not the BMC) and static IP settings for this network adapter.
    • To specify an IP address select a logical network and an IP subnet if applicable. If the selected IP subnet includes IP address pool, you can check Obtain an IP address corresponding to the selected subnet. Otherwise, type an IP address that’s within the logical network or its subnet.
    • Configure the adapter settings for each network adapter. You must specify any information that is missing for the adapters.
    • When all information for the listed BMC are completed, click Next.
  1. In Summary, confirm the settings, and then click Finish to deploy the new Hyper-V hosts and bring them under VMM management.

Make sure that all steps in the job have a status of Completed.

  1. To confirm that the host was added click Fabric > Servers > All Hosts > host group, and verify that the new Hyper-V host appears in the group.

 

Note: Nano Server is not a supported OS for infrastructure-related roles like Hyper-V. I recommend that you use Windows 2016 Core Server version

Extending Microsoft OMS to monitor Squid Proxy running in Linux with a plugin – part 1/3 #MSOMS

November 24, 2016 1 comment

Since Microsoft released OMS, I have been an early adopter and evangelist for the solution. Not only it is simple to deploy but it gives you a full spectrum of many of the workloads you have either on-premises or in the cloud and it does not matter which cloud. Be it Azure, AWS, Google and many others.

So, as I was advising on OMS for a customer, I found that they were running Squid Proxy servers. The Squid proxy server is one of the most famous proxy servers in the world and it has been utilised for years in many organisations. For that reason I then I decided to look at how OMS could leverage the monitoring for Squid.

squi3

As you can see here: https://github.com/Microsoft/OMS-Agent-for-Linux/tree/master/installer/conf/omsagent.d there are already many plugins for OMS to  monitor Windows and many Linux OS as well, DNS, Network, SQL, MySQL, Postgree, VMware, MongoDB, Security, Audit, Change Tracking and so on.

But, there was no Squid plugin and that’s where I brought back my past years of experience as a developer and although that was a long, long time go, I was able to developer in ruby a Squid plugin for Microsoft OMS.

How I developed it?

PART 1 : LOG Files

  1. I started but investigating the squid log on /var/log/squid/access.log and then I research REGEX expressions to extract information out of it. Below is a extract of it

1479696836.902    134 10.1.1.4 TCP_MISS/301 488 open http://cnn.com/ – HIER_DIRECT/151.101.0.73 –
1479696848.110    242 10.1.1.4 TCP_MISS/400 486 open http://www.sydney.com/ – HIER_DIRECT/54.253.253.77 text/html
1479696860.004    407 10.1.1.4 TCP_MISS/301 636 open http://www.7news.com.au/ – HIER_DIRECT/203.84.217.229 text/html

The initial difficult part for me was of to decouple the date/time to get it on a human readable format. So, after long hours of research and playing along, I decided for the following REGEX :

 REGEX =/(?<eventtime>(\d+))\.\d+\s+(?<duration>(\d+))\s+(?<sourceip>(\d+\.\d+\.\d+\.\d+))\s+(?<cache>(\w+))\/(?<status>(\d+))\s+(?<bytes>(\d+)\s+)(?<response>(\w+)\s+)(?<url>([^\s]+))\s+(?<user>(\w+|\-))\s+(?<method>(\S+.\S+))/
(If you have a better one, please feel free to shot me)

 

  1. I then wrote a squidparserlog.rb in ruby to parse the Squid access.log file and turn it into a OMS format
class SquidLogParserLib
require ‘date’
require ‘etc’
require_relative ‘oms_common’
require ‘fluent/parser’
    def initialize(error_handler)
@error_handler = error_handler
end
    REGEX =/(?<eventtime>(\d+))\.\d+\s+(?<duration>(\d+))\s+(?<sourceip>(\d+\.\d+\.\d+\.\d+))\s+(?<cache>(\w+))\/(?<status>(\d+))\s+(?<bytes>(\d+)\s+)(?<response>(\w+)\s+)(?<url>([^\s]+))\s+(?<user>(\w+|\-))\s+(?<method>(\S+.\S+))/
    def parse(line)
      data = {}
time = Time.now.to_f
      begin
REGEX.match(line) { |match|
data[‘Host’] = OMS::Common.get_hostname
          timestamp = Time.at( match[‘eventtime’].to_i() )
data[‘EventTime’] = OMS::Common.format_time(timestamp)
data[‘EventDate’] = timestamp.strftime( ‘%Y-%m-%d’ )
data[‘Duration’] = match[‘duration’].to_i()
data[‘SourceIP’] = match[‘sourceip’]
data[‘cache’] = match[‘cache’]
data[‘status’] = match[‘status’]
data[‘bytes’] = match[‘bytes’].to_i()
data[‘httpresponse’] = match[‘response’]
data[‘bytes’] = match[‘bytes’].to_i()
data[‘url’] = match[‘url’]
data[‘user’] = match[‘user’]
data[‘method’] = match[‘method’]}
rescue => e
@error_handler.logerror(“Unable to parse the line #{e}”)
end
      return time, data
end   #def
   end   #class
3. Finally, I wrote the squid.conf for OMS
# enhanced parse log with date format , which pass the path for the log to the SquidLogParser and tag it as oms.api.Squid. By doing this, you will end up with 11 custom fields in OMS for the LOG TYPE Squid_CL
<source>
type tail
format SquidLogParser
path /var/log/squid/access.log
pos_file /var/opt/microsoft/omsagent/state/var_log_squid_access.pos
tag oms.api.Squid
log_level error
</source>
squid-fields

 

On my next article I will go through the next part, which is getting Squid Proxy Statistics in OMS, along with the full code.

squid2.png

 

Linux Bash Command Line natively on Windows 10

 

If you a Linux fan or like to play around with Linux or are experienced Linux, Mac OS X or Unix developer, this feature is perfect for you: the new Bash feature will give you a Linux root shell, which means that you won’t even need to use sudo to become “Administrator”. As root user you will have full system access, like you have in Linux and Unix systems.

 

6

 

Before we start, is important to understand that an application that you install in the Bash shell is restricted to Bash shell. You won’t be able to access the application from PowerShell, Cmd or Explorer in Windows.

 

The solution

 

To offer a full Bash shell based on Ubuntu, Microsoft worked with Canonical to provide a shell that runs atop the subsystem allowing you to run the Bash shell and the exact same binaries you’d normally run on Ubuntu Linux.

There are some limitations as you won’t be able to install Linux server applications or to start Linux graphical software. The target for the feature are developers who want to run Linux command-line utilities on Windows.

 

Requirements

 

  • Windows 10 Insider Preview Build (minimum build: 14316)
  • Developer Mode activated

 

Getting there in simple 10 steps

 

1. Click on Windows Start, click on Settings and then click on Update & Security

2. On the left menu, click on Windows Update, then click on Advance Options

3. On the Advanced Options window, if you are not already an Windows Insider, click on Get Started and follow the instructions to become an Windows Insider. You will be requested to restart your computer and after that, return to this same windows and select the Fast mode to have at least the 14316 build installed.

0

4. Once the computer have the required minimum build, go back to Update & Security and on the left menu select For Developers.

1

  1. On Windows Start, type Program and Features

2

 

6. On the left panel, click on Turn Windows Feature on or off

3

 

7. Select Windows Subsystem for Linux (Beta) from the list and click on OK.  You’ll be requested to restart your computer,  for the feature to get installed.

4

8. When you computer gets back, click on the Windows Start button and type bash then select the bash command or press enter.

5v2

9. You will be requested to accept the terms of license and after accepting it a bash window will open. Press Y to accept the download of the Bash Ubuntu on Windows application from the Windows Store.

6.png

10. That’s it. You now have a full command-line bash shell based on Linux Ubuntu. You now have access to all the Linux command line software.

Note: As we installed the bash for Ubuntu and because they’re the same binaries as you would have on a normal Linux Ubuntu installation, you can use the same apt-get command you used to run on Ubuntu, to install software from Ubuntu’s repositories.

Notes:

  • In Linux the Bash shell is case-sensitive and the
  • Windows file system is located at /mnt/c in the Bash shell environment.

 

If you find that Microsoft is helping you and your business  as I as do, please help me out by recommending it on Recomazing a new tech platform where socially connected networks store and share trusted recommendations. Please click  here to help our community.

Have Fun!!!

 

 


Categories: Cloud, Microsoft Tags: , , , , , ,

Shielded VM’s: Virtualization security is a major investment area in Hyper-V 2016

security_banner1SECURITY – Protecting the company data should be a priority.

 

Protecting a Virtual Machine(VM) guest from a possible host compromised as well as the certain that on a 3rd party hosting environment your VM will be protected in addition to the protection applied to the hosts is a major investment area in Hyper-V 2016.

If you find that Microsoft is helping you and your business and find it has amazing technologies  as I as do, please help me out by recommending it on Recomazing a new tech platform where socially connected networks store and share trusted recommendations. Please click here to help our community.

Taking into consideration that a VM is a file, stored somewhere on a storage on locally in the Hyper-v host, it needs to be protected from attacks to the storage system, the network, while it is backed up or taken or copied to other systems.

To help protect against compromised fabric, Windows Server 2016 Hyper-V introduces Shielded VMs. A Shielded VM, requires a VM to be created as generation 2, which has a virtual TPM, is encrypted using BitLocker and can only run on healthy and approved hosts in the fabric. So, if someone copy either maliciously or accidentally the VM to a non-approved host, the VM (which is encrypted), won’t start and cannot be used to be mounted to allow access to it’s file system.

Shielded VM’s use several features to make it harder for Host administrators and malware on the host to inspect, tamper with, or steal data from the state of a shielded virtual machine. Data and state is encrypted, Hyper-V administrators can’t see the video output and disks, and the virtual machines can be restricted to run only on known, healthy hosts, as determined by a Host Guardian Server.

A configured Shielded VM has:

  • BitLocker encrypted disks
  • A hardened VM worker process (VMWP) that helps prevent inspection and tampering
  •  Automatically encrypted live migration traffic as well as encryption of its runtime state file, saved state, checkpoints and even Hyper-V Replica files (from 2016 TP5)
  • Blocked console access
  • Blocked  PowerShell Direct
  • Blocked Guest File Copy Integration Components
  • Blocked  services that provide possible paths from a user or process with administrative privileges to the VM.

 

 

 

With the release of Windows Server 2016 TP5, the Hyper-V team at Microsoft  made shielded virtual machines compatible with Hyper-V Replica. As with copying/moving the VM, to replicate a shielded VM, the host you want to replicate to must be authorized to run that shielded VM.

The Host Guardian Service supports two different deployments of a Guarded fabric (attestation modes): TPM-trusted attestation (Hardware based) and Admin-trusted attestation (AD based).

I hope you walk away with a better understanding of the Hyper-V Shielded VM solution from this post.

 

Hyper-V 2016 Tp5: Hyper-V Manager Console new features

Here are some important information and improvements Microsoft released for Hyper-V Manager in Tp5:

  • Alternate credentials support. You can now use a different set of credentials in Hyper-V Manager when you connect to another Windows Server 2016 TP5 or Windows 10 remote host. You can also save these credentials to make it easier to log on again.
  • Previous version management: the New Hyper-V Manager will allow you to manage versions manage computers running Hyper-V on Windows Server 2012/R2 and Windows 8.x client version.
  • Updated management protocolHyper-V Manager has been updated to communicate with remote Hyper-V hosts using the WS-MAN protocol, which permits CredSSP, Kerberos or NTLM authentication. When you use CredSSP to connect to a remote Hyper-V host, you can do a live migration without enabling constrained delegation in Active Directory. The WS-MAN-based infrastructure also makes it easier to enable a host for remote management. WS-MAN connects over port 80, which is open by default.
  • No more Integration services for Windows Virtual Machines. Updates to integration services for Windows guests are distributed through Windows Update. For service providers and hosting companies, this puts the control of applying updates into the hands of the tenants who own the virtual machines. Customers (tenants Administrators) can now update their Windows virtual machines with all updates, including the integration services, using a single method.
  • Integration services for Linux and FreeBSD Virtual Machines. Hyper-V supports both emulated and Hyper-V-specific devices for Linux and FreeBSD virtual machines. Linux Integration Services (LIS) or FreeBSD Integration Services (BIS) , the collection of drivers that are required to run Hyper-V-specific devices, has been added to the Linux kernel and is updated for new releases, but Linux distributions based on older kernels may not have the latest enhancements or fixes. Microsoft provides a download containing installable LIS drivers for some Linux installations based on these older kernels.
    Note: As some Linux distributions include versions of LIS, make sure you install the latest downloadable version of LIS, if applicable, for your installation.

Download: