My top 10 session I was @ MS Ignite

I am right now digesting the full and exciting last week and wanted to update you on the top 10 sessions of all that I attended in person. We are all different and have different taste and here you can see what I picked out.

I had like 50 sessions in my schedule that I did not manage to attend but will try to find time to watch the recordings and I will do another follow up post with the top sessions of all from Ignite later!

GS001 – An end-to-end tour of the Microsoft developer platform

Allthough I am more of an Operations guy I did not attend the infrastructure foundation session with Corey Sanders and I am happy I went for the Scott Hanselmans instead and have an insight into how the total developer experience now is within the Microsoft space and it was a great session that i can highly recommend you check out the recording of.  

DT1001 – Voices from the top: Leaders get real on building inclusive work cultures

This year the  Ignite conference had a track on Diversity and Tech and the first day I attended this lunch-session and being a nerd-techi and attending a non-technical session was great! This session gave me some great insight on how we as an industry that is very much still male-focused and need to work on our culture values to be able to get more people in.

BRK2215 – Real World architecture considerations for Azure: how to succeed and what to avoid

This first session on the Tuesday morning gave some insights from the Fasttrack team on how to do best practices when setting up environments within Azure.

BRK3062 – Architecting Security and Governance Across your Azure Subscriptions

On this session we got a high level overview on governance work within Azure and very valuable insights in the releases that had been announced regarding policys, resource graph, cost, management groups and blueprints. Also we got an insight into the in-guestvm policy work that Michael Greene with the powershell team have enabled.

BRK2269 – WinOps: Lessons learned from Enterprise devops with Microsoft technologies

Avesome session on how to apply devops thinking within the Microsoft Technologies and IT Pro space by the DevopsGuys Stephen Thair. He had some great valuable points and case studies where devops principles had been successfully implemented.

DT1003 – Service degraded: Recognizing mental burnout in your colleagues and yourself

Another great session from the Diversity track and this time it was Sonia Cuff (Azure Ops Advocate) that presented on the health topic and how to get into control of signs of burnout within yourselves or your colleagues. She did a splendid job and I did really value being here and not in Snovers PowerShell session that this one collided with in the schedule (Some sessions can be saved for later via the recording)

BRK1094 – Accelerating your IT career

Thursday morning and the room was almost full with the one and only Ned Pyle talk about how to survive in the changing landscape and how to see and work on your career. He had several tips on how to succed. The four pillars of success that included Discipline, Technical powerhouse, Communication, Legacy.

BRK2362 – The SRE role: An unexpected journey

I have not heard Jared talk before but this was a great session on the path for him and Microsoft adopting SRE (Site Reliability Engineers) practices that Facebook, Netflix and Google have been utilizing for years. It was fun analogies and his story going from being a server hugger to a cattle farmer made most of the crowd to recognise themselves.

BRK3085 – Deep dive into Implementing governance at scale through Azure Policy

Last session before the Microsoft Ignite celebration party but the room was full and everyone wanted to get more insigt into the work with Azure Policy, Azure Resource Graph and Azure Blueprints. Always a deep dive gives that extra layer of understanding and this time was no exclusion  having the product team presenting their stuff gives that extra nudge.

DT1005 – In conversation – raising the next generation of IT pros as diversity and inclusion champions

The final day I listened to this panel that talked on an interesting topic that I can truly recommend you to watch the recording. Among the people on stage was Donovan Brown talking about the struggle to hire the right staff as a People Manager. 

Webinar with Savision : Migrating to Azure and monitoring your hybrid environment

I am on the 5th of september going to have a webinar together with Savision about moving to Azure

“Don´t be a dinosaur, how to stay on top of your it Infrastructure when transitioning into Azure”

Change is happening incredibly fast in today’s IT delivery, and for a service provider, it’s about embracing the new or risking the latest T-Rex. In this webinar we review how to automate and create standardized Windows Server solutions in Azure where management and monitoring are included as a service. Interaction with customers through Microsoft Teams and Bots that speeds up change cases and provides quick feedback! 24/7 you can know status and costs as well as order new services that automatically end up under NOC when it reaches production status

Please sign up on Savisions web page and we will have a great time together uncovering some very cool things in the Azure space

 

Testing Altaro VM Backup v7.6

For taking care of my backups on my lab environment I have tested and updated to the new Altaro VM Backup to version 7.6 that now have some really nice features:

  • Augmented Inline Deduplication
  • Continuous Data Protection (CDP)
  • Concurrency
  • Offsite Backup Replication
  • Grandfather-Father-Son Archiving (GFS)
  • Cloud Backup to Azure

Setup and updating

In the console there is a check update and when pressing that I get redirected to the download page on Altaro

Installing the update keeps the settings and license so no fuzz there!

Configuring is really easy and getting the backup up and running was a breeze. Altaro have made it easy with good info and guidance on schedules and configurations needed!

Management

After Install of the mother I see in the console that my agent on the other Hyper-V server needs to be updated also to work properly.

Offsite backup and restore

One really nice feature is the Cloud Backup to have a storage account in azure as offsite location where the backups can be sent. I can set the storage account to cool and thus save a bit on the cost!

Start up with creating a storage account in Azure at a preferred region. As I already have backup onsite I do not need geo-replication within Azure also

After setup in Azure you need to configure Altaro Backup and add an offsite location.

Once I have setup the offsite storage I can then add a backup to be replicated there. And doing a restore from an Azure storage account took about 7 minutes for a 12 GB VM, I have in my lab a 250 Mbit broadband connection and the other side will probably not be the limiting factor 🙂

Cloud Management

Another great feature that can be configured is the Altaro Cloud Management Console that makes it easy to stay on top of your backups and you can reach it from anywhere with a browser!

Reporting

To set up backup reporting via email I can utilize a Office 365 account and the smtp.office365.com

Once setup I can expect an backup report every morning at 8 AM

Summary

Getting the Altaro Backup solution up and running is really straight forward and easy! I have not yet tested it in a large scale environment yet but it seems really great and have as I described above some very good features!

For us that have an automation approach we can connect to the Altaro Rest API to check and do stuff for larger environments. Being an MSP and having BaaS is crucial as a competitive offer and the licensing for Altaro Backup in an MSP scenario goes into number of VM instead of CPU

I urge you to take it for a test run and see for your selves!


Passed the 70-537 AzureStack Operator Exam

I have been part of the beta test group for the AzureStack Operator exam and last week I got the result!

It was quite a difficult exam and you will have to had some hands-on experience on a Azurestack stamp to succeed on this exam!

As you can see on the exam page there are some areas that you need to know about:

Deploying and Integrating an Azure Stack Environment (20-25%)

  • Build test environments by using the Azure Stack Development Kit (ASDK).
    • This objective may include but is not limited to: use PowerShell commands; install updated ASDK; troubleshoot failed installs; post-deployment registration
  • Configure DNS for data center integration.
    • This objective may include but is not limited to: configure external DNS name resolution from within Azure Stack; configure Azure Stack DNS names from outside Azure Stack
  • Configure connectivity for data center integration.
    • This objective may include but is not limited to: manage firewall ports needed at the edge; configure connectivity to the data center; install and renew certificates for public endpoints
  • Connect to and perform API-based administration on Azure Stack.
    • This objective may include but is not limited to: connect to the stack by using PowerShell; configure client certificates; configure firewall to support remote administration; establish RBAC roles for the Azure Stack fabric; create subscriptions for end users

Configuring PaaS and IaaS for an Azure Stack Environment (25-30%)

  • Configure and administer the App Service resource provider.
    • This objective may include but is not limited to: configure system; configure source control; configure worker tiers; configure subscription quotas; scale worker tiers and App Service infrastructure roles; add custom software; configure Azure Stack networking security
  • Configure and administer database resource providers.
    • This objective may include but is not limited to: configure and administer the SQL adapter; configure and administer the MySQL adapter; set up SKUs; set up additional hosting capacity
  • Configure and administer IaaS services.
    • This objective may include but is not limited to: implement virtual machine images; prepare Linux and Windows images; prepare a custom image; upload an image

Providing Services to and Enabling DevOps for Azure Stack Tenants (25-30%)

  • Create and manage quotas, plans, and offers.
    • This objective may include but is not limited to: create quotas; configure plans; configure offers; configure delegated offers; create add-on plans
  • Manage tenants.
    • This objective may include but is not limited to: add new tenants; remove tenants; manage authentication and authorization; establish RBAC roles for the tenant space
  • Manage the Azure Marketplace.
    • This objective may include but is not limited to: enable Azure Marketplace on Azure Stack; plan new packages; create and publish new packages; download Azure Marketplace items
  • Enable DevOps for tenants.
    • This objective may include but is not limited to: enable version control for tenants; manage ARM templates; deploy ARM templates; debug ARM templates; use Microsoft Visual Studio Team Services to connect to Azure Stack; use continuous integration and continuous deployment to automate a pipeline that targets Azure Stack

Maintaining and Monitoring an Azure Stack Environment (20-25%)

  • Plan and implement a backup-recovery and a disaster-recovery solution.
    • This objective may include but is not limited to: back up Azure Stack infrastructure services; perform cloud recovery of Azure Stack, replicate and fail over IaaS virtual machines to Azure; back up and restore PaaS resource data; back up and restore backup and restore of user IaaS virtual machine guest-OS, disks, volumes, and apps
  • Manage and monitor capacity, performance, updates, and alerts.
    • This objective may include but is not limited to: manage storage; monitor available storage; integrate existing monitoring services; manage public IP address ranges; monitor infrastructure component health; monitor Azure Stack memory, public IP addresses, and storage tenant consumption; apply updates; update system firmware; review and react to alerts
  • Manage usage reporting.
    • This objective may include but is not limited to: provide access to the usage database; test usage by using the ASDK; collect the usage data by using the Provider Usage API and the Tenant Usage API; investigate the usage time versus the reported time

 

 

 

Announcing the Windows Server Summit 26 of June

On the 26 of june Microsoft will have a half of a day summit on Windows Server that you do not want to miss!

The agenda will have four different tracks

  • Hybrid: We’ll cover how you can run Windows Server workloads both on-premises and in Azure, as well as show you how Azure services can be used to manage Windows Server workloads running in the cloud or on-premises.
  • Security: We know security is top of mind for many of you and we have tons of great new and improved security features that we can’t wait to show and help you elevate your security posture.
  • Application Platform: Containers are changing the way developers and operations teams run applications today. In this track we’ll share what’s new in Windows Server to support the modernization of applications running on-premises or in Azure.
  • Hyper-convergent Infrastructure: This is the next big thing in IT and Windows Server 2019 brings amazing new capabilities building on Windows Server 2016. Join this track to learn how to bring your on-premises infrastructure to the next level.

Agenda with times and speakers:

here you can find the link to the summit and download a reminder

Set powerplan to High Performance on VM´s

The recommendation stated is that for virtual machines running on either VMware or Hyper-V should be configured with a High Performance power plan.

Looking at Microsoft Azure VM´s they are set as High Performance by default:

In my Hyper-V lab you can see that I have balanced set and when using the powerplan powershell module I created you can also change it to high perf

If you save the following powershell functions in a folder on c:\program files\windowspowershell\modules\powerplan you can then import it as the screendump and utilize it either on a local server or remote server.

 

Azurestack 1804 admin subscriptions

Last week I updated my Azurestack Devkit to 1804, well with the devkit I have to do a redeploy, during the deployment it got stuck on creating the ADFS VM so i did a reset on that one and -rerun and it got into happyland!

After the deployment was successful I logged into the admin portal and found this, the default subscription have two pals now.

Upgrading our multinode stack did though not give the same view

The docs release notes have been updated to clarify about this and it also states that you should not use the new subscriptions yet

Here you can read more about this.


Azure and Azurestack alternative RDP port for VM

I have been exploring a bit with both Azure and Azurestack and when you onboard your VM´s to Log Analytics and the security center you soon get noticed about 100s of drilions attempts to log on to your mashine if you have made it available through RDP. Although there now is a way to take care of this in a better way using the Security Center JIT Access giving a timespan for opening the port and also limiting to certain IP/networks! Some times an JIT access is not what you can live with but an alternative port could be utilized then the following can be applied.

A recent update to the Azure portal have now surfaced where you get the option to dowload the RDP file with an alternative port instead of the standard 3389, that does not

  1. set the NSG to allow for the new port
  2. set the VM´s internal RDP service to respond to it

So to get the possibility to connect to the virtual machine we need to update the NSG and also reconfigure the virtual machine to actually listen on the new rdp port

First I add a row on the NSG

and then i utilize the custom script extension and change the listener on the virtual machine for RDP

Azurestack:

If I am utilizing an AzureStack all above can be achieved but in the portal the connect button will be greyed out so you can still connect to it but you need to manually enter the public IP and custom port:

 


Honolulu have been released as Windows Admin Center (WAC)

In the agile world we live in now Microsoft have released their new administration tool for servers formerly called Honolulu which was the project name and it is now by marketing named as Microsoft Windows Admin Center

I am running it on a Windows Server 2019 (core) build 17639

Using the AD module from Patrick Grünauer I can via the PowerShell remoting see viable information from the AD controller in WAC,

To manage a 2016 Hyper-V Server with WAC you need to add some features and roles

  1. Enable Remote Management.
  2. Enable File Server Role.
  3. Enable Hyper-V Module for PowerShell.

And the following OS can be managed by WAC:

Version Managed node via Server Manager Managed cluster via Failover Cluster Mgr Managed HCI cluster via HCI Cluster Mgr (preview)
Windows 10 Fall Creators Update (1709) or newer Yes (via Computer Management) N/A N/A
Windows Server 2019 (insider builds) Yes Yes Yes
Windows Server, version 1709 Yes Yes No
Windows Server 2016 Yes Yes Coming soon
Windows Server 2012 R2 Yes Yes N/A
Windows Server 2012 Yes Yes N/A

Note:

Windows Admin Center requires PowerShell features that are not included in Windows Server 2012 and 2012 R2. If you will manage Windows Server 2012 or 2012 R2 with Windows Admin Center, you will need to install Windows Management Framework (WMF) version 5.1 or higher on those servers.

Type $PSVersiontable in PowerShell to verify that WMF is installed, and that the version is 5.1 or higher.

If WMF is not installed, you can download WMF 5.1.


Windows Server (2019) vNext LTSC build 17623 released

Today the preview version of vNext LTSC (Windows Server 2019) build has been released on Windows Server Insider and now you can download and test the features and system.

Some info from the tech community site:

Extending your Clusters with Cluster Sets

“Cluster Sets” is the new cloud scale-out technology in this Preview release that increases cluster node count in a single SDDC (Software-Defined Data Center) cloud by orders of magnitude. A Cluster Set is a loosely-coupled grouping of multiple Failover Clusters: compute, storage or hyper-converged. Cluster Sets technology enables virtual machine fluidity across member clusters within a Cluster Set and a unified storage namespace across the “set” in support of virtual machine fluidity. While preserving existing Failover Cluster management experiences on member clusters, a Cluster Set instance additionally offers key use cases around lifecycle management of a Cluster Set at the aggregate.

Failover Cluster removing use of NTLM authentication

Windows Server Failover Clusters no longer use NTLM authentication by exclusively using Kerberos and certificate based authentication. There are no changes required by the user, or deployment tools, to take advantage of this security enhancement. It also allows failover clusters to be deployed in environments where NTLM has been disabled

Encrypted Network in SDN 

Network traffic going out from a VM host can be snooped on and/or manipulated by anyone with access to the physical fabric. While shielded VMs protect VM data from theft and manipulation, similar protection is required for network traffic to and from a VM. While the tenant can setup protection such as IPSEC, this is difficult due to configuration complexity and heterogeneous environments. 

Encrypted Networks is a feature which provides simple to configure DTLS-based encryption using the Network Controller to manage the end-to-end encryption and protect data as it travels through the wires and network devices between the hosts It is configured by the Administrator on a per-subnet basis.  This enables the VM to VM traffic within the VM subnet to be automatically encrypted as it leaves the host and prevents snooping and manipulation of traffic on the wire. This is done without requiring any configuration changes in the VMs themselves.

Windows Defender Advanced Threat Protection

Windows Defender ATP Exploit Guard

If you have not signed up for the insiders do so now and start playing with this new release, I am in the works of upgrading my lab!