Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

AWARDED VMWARE VEXPERT AGAIN FOR 2017

February 9, 2017 08:49AM

I am honored today again to see the announcement that I was awarded the title vExpert for the 4th year in a row.

vExpert is a title that VMware awards to those that have made significant contributions to the VMware community.  The title doesn’t show a particular level of technical expertise; but rather shows that those awarded have a strong desire to share what knowledge they have with others.  Most vExperts either blog, are VMUG leaders, speak at local events, contribute on the VMTN boards, or even speak at large events like VMworld.

vmware vexpert for all time vcloud-lab.com kunal udapi

See the entire list here: https://blogs.vmware.com/vmtn/2017/02/vexpert-2017-award-announcement.html

MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCEL

January 26, 2017 07:14PM

CREATE NEW NSG (NETWORK SECURITY GROUP - VIRTUAL FIREWALL ACL) ON MICROSOFT AZURE
POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL
MICROSOFT AZURE POWERSHELL: CREATING NEW NSG (NETWORK SECURITY GROUP)

Here I had got a task to clone or copy existing NSG in the Azure Powershell. I already have created one Template Network Security Group and all rules are created in it. As I required Rules, Need to run below command to know store all the rule in powershell variable. This will not copy default firewall rules, Only manually created rules information are stored.

$TemplateNSGRules =  Get-AzureRmNetworkSecurityGroup -Name 'Windows-NSG' -ResourceGroupName 'POC-VPN' | Get-AzureRmNetworkSecurityRuleConfig

Cloning, copying, Importing, copy, clone, import, Microsoft Azure NSG network security Group Template to another NSG, Get-azurermNetworkSecurityGroup, Get-AzureRmNetworkSecurityRuleConfig

As I need rules only I will create new NSG.

$NSG = New-AzureRmNetworkSecurityGroup -ResourceGroupName 'POC-VPN' -Location 'East US 2' -Name 'Copy-of-Windows-NSG'

Next with the help of foreach loop I will copy inject all the rules from Template NSG to newly created rules.

foreach ($rule in $TemplateNSGRules) {
    $NSG | Add-AzureRmNetworkSecurityRuleConfig -Name $rule.Name -Direction $rule.Direction -Priority $rule.Priority -Access $rule.Access -SourceAddressPrefix $rule.SourceAddressPrefix -SourcePortRange $rule.SourcePortRange -DestinationAddressPrefix $rule.DestinationAddressPrefix -DestinationPortRange $rule.DestinationPortRange -Protocol $rule.Protocol # -Description $rule.Description
    $NSG | Set-AzureRmNetworkSecurityGroup
}

Cloning, copying, Importing, copy, clone, import, Microsoft Azure NSG network security Group Template to another NSG, New-AzureRmNetworkSecurityGroup, Add-AzureRmNetworkSecurityRuleConfig, direction, source.png

Sane way importing NSG from excel file will work. follow this article to create CSV excel file - POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL.to import.

$TemplateNSGRules = Import-CSV -Path C:\Temp\TestNSG01.csv 

Create new empty NSG firewall, and run the foreach script block as shown above.

MICROSOFT AZURE POWERSHELL: CREATING NEW NSG (NETWORK SECURITY GROUP)

January 23, 2017 02:18PM

This post is based on article CREATE NEW NSG (NETWORK SECURITY GROUP - VIRTUAL FIREWALL ACL) ON MICROSOFT AZURE. Although it is same, but in this I will be showing how to do the same task using PowerShell. Below command creates new NSG with no custom Security Rules. 3 parameters are required -Name, -ResourceGroupName and -Location and they are self explanatory. And new NSG information is stored into a $NSG Variable, which I require to add inbound and outbound rules.

$NSG = New-AzureRmNetworkSecurityGroup -Name 'Windows-NSG' -ResourceGroupName 'POC-VPN' -Location 'East US 2'

As currently no rules (There are by default three default security rules) are there in newly created network security group, I will creating one using below command.

$NSG | Add-AzureRmNetworkSecurityRuleConfig -Name 'rule-default-allow-RDP' -Direction Inbound -Priority 100 -Access Allow -SourceAddressPrefix '*'  -SourcePortRange '*' -DestinationAddressPrefix '*' -DestinationPortRange 3389 -Protocol Tcp  -Description 'RDP exception for Windows'

Parameters Breakdown
-Name: This is the Name for rule under NSG
-Direction: Direction will be either Inbound or Outbound
-Prioirty: Rule priority (should be between 100 - 4096), Lower The priority number, Higher the precedence. 
-Access: This will be either Allow or Deny
-SourceaddressPrefix: Provide the IP or subnet range, * means any IP can connect. Source is the machine from you will be generating connection to destination.
-SourcePortRange: Provide Port range of Source. * means any port.
-DestinationAddressPrefix: Provide the IP or subnet range, Destination is the Azure VM or services.
-DestinationPortRange: Here I am opening only 3389 port on azure virttual machine for RDP.
-Protocol: This can be TCP, UDP or Both
-Description: This option is not visible on Azure Resource manager portal, and can be set through only Powershell, It is good practice to put information about rule.

POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL

Now Rule is created, but still changes are not committed into Azure, they are still on Local Powershell memory.

Microsoft Azure powershell create NSG, Network Security Group, New-AzureRmNetworkSecurityGrouP, Add-AzurermnetworkSecurityRuleConfig, NSG inbound outbound rules, tcp udp allow deny

To commit changes of new security rules into NSG, execute below command, Once successful It will show the new rules provisioningstate as succeeded, It can be compared with above and below screenshots.

$NSG | Set-AzureRmNetworkSecurityGroup

Microsoft Azure powershell create NSG, Network Security Group, Add-AzurermnetworkSecurityRuleConfig, NSG inbound outbound rules, tcp udp allow deny set-azurermnetworksecuritygroup commit changes

You can use below command on powershell to know about existing NSGs.

Get-AzureRmNetworkSecurityGroup -Name 'Windows-NSG' -ResourceGroupName 'POC-VPN'

Microsoft Azure powershell NSG, Network Security Group, Add-AzurermnetworkSecurityRuleConfig, NSG inbound outbound rules, tcp udp allow deny set-azurermnetworksecuritygroup, get-AzureRMNetworkSecurityGroup changes.png

Subsequently Use below One-Liner command to check Network Security rules under NSG.

Get-AzureRmNetworkSecurityGroup -Name 'Windows-NSG' -ResourceGroupName 'POC-VPN' | Get-AzureRmNetworkSecurityRuleConfig -Name 'rule-default-allow-RDP'

Microsoft Azure powershell NSG, Network Security Group, Add-AzurermnetworkSecurityRuleConfig, NSG inbound outbound rules, tcp udp allow deny Get-AzurermnetworkSecurityRuleConfig, get-AzureRMNetworkSecurityGroup change

Associating NSG to VM Nic is relatively easy with below commands.

$VMNetoworkInterface = Get-AzureRmNetworkInterface -Name 'NIC_Interface' -ResourceGroupName POC-VPN
$VMNetoworkInterface.NetworkSecurityGroup =  $NSG
$VMNetoworkInterface | Set-AzureRmNetworkInterface

Microsoft Azure associate NSG (Network Security Group) to Virtual Machine vm Nic interface, Network, Get-AzureRmNetworkinterface - NetworkSecurityGroup, Set-Azure RmNetworkInterfaces

Next is associating Network security group to virtual network subnet. First command I need information about existing vNet stored in $vNet variable

$vNet = Get-AzureRmVirtualNetwork -ResourceGroupName 'POC-VPN' -Name 'POC-VPN-vNet'

And set the existing vNet subnet, make sure you are using correct existing address prefix only.

Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vNet -Name 'Default' -NetworkSecurityGroup $NSG -AddressPrefix '10.0.0.0/24'

Associating, assigning NSG, network security group to a Virtual Network vNet subnet microsoft azure powershell get-azurermvirtualnetwork, set-azurermvirtualnetworksubnetconfig networksecuritygroup, virtualnetwork, vnet

This is the last piece of command, associating NSG in vNet subnet and need to commit the changes in azure.

Set-AzureRmVirtualNetwork -VirtualNetwork $vNet

Associating NSG network security group to a Virtual Network vNet subnet microsoft azure powershell get-azurermvirtualnetwork, set-azurermvirtualnetworksubnetconfig , Set-AzureRmVirtualNetwork -virtualNetwork.png

Useful Links
INSTALLING MICROSOFT AZURE POWERSHELL
PART 9: CREATING AND MANAGING VIRTUAL MACHINE (VM) USING MICROSOFT AZURE RESOURCE MANAGER PORTAL
POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL
MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCEL

CREATE NEW NSG (NETWORK SECURITY GROUP - VIRTUAL FIREWALL ACL) ON MICROSOFT AZURE

January 20, 2017 10:18AM

In my earlier blog POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL I wrote on how to export NSG (Network Security Group) in CSV excel file using powershell, which can be used later to create new NSG using same rules or editing CSV file. NSG is nothing but a Virtual Firewall containing Inbound and outbound rules (ACLs). It is as similar as Microsoft Windows Firewall rules under control panel. New NSG is automatically created while creating new Azure Virtual Machine.

Network Security Groups can be associated to either VM Nic card or vNet (Virtual Network) subnets. To simply demonstrate I have below VISIO diagram, I have 2 Azure Virtual Machines, both are in same vNet subnets hosting IIS web server, I have applied one NSG to Azure Virtual Network subnet with Inbound rule allowing only Port 80 for HTTP to everyone from outside.

Next blog article MICROSOFT AZURE POWERSHELL: CREATING NEW NSG (NETWORK SECURITY GROUP)

 1. Microsoft Azure, NSG, network security group, Inbound firewall rule 80 http, vnet, virtual network.png

In another scenario, Most likely diagram is same but instead of attaching NSG to Virtual Network, I have created 2 separate NSGs and attached them to individual VM Nics with only required ports, Here I have 2 VMs with different OS flavors, and need to open only required ports on the different NSG for remote management for example On windows RDP 3389 and Linux SSH 22. Unlike above diagram I have applied NSG to VM directly, and can control Firewall ACLs per VM. It also gives me control which IP or Network can access the VM, Same rule can be created for Outbound rule as well. 

It is also possible to attach single NSG (Network Security Group) to multiple VMs. But per VM Nic or vnet subnet can have only one NSG resource.

2. Microsoft Azure, NSG, network security group, Open Inbound firewall rule 80 http,rdp 3389 linux, 22 ssh windows, vnet, virtual network.png

Whenever virtual machine is created one NSG is automatically created and attached to the respective VM. here Instead I will be creating NSG manually first and associate it with VM later. Open Resource Group, Click +Add button. 

Microsoft Azure Add new resource NSG Network Security Group in Resource group vcloud-lab.com

Search filter for Network Security group in the list and select it to create new one, There are many other third party Firewalls appliances also available in the list. 

Microsoft Azure create Add new resource manager firewall layer NSG Network Security Group in Resource group barracuda vcloud-lab.com

Provide Network Security Group some name, Once NSG is created and it will be reflected on Resource Group after refresh. Currently NSG is created but there are no rules in it. Click NSG to create new rules. 

Microsoft Azure newly created refresh resource Group NSG Network Security Group

There are two types of security rules we can create Inbound and Outbound. I will be creating Inbound (Incoming) rule only in this lab and enabling 3389 windows RDP port. 

Microsoft Azure NSG Network Security Group add Inbound security rules Firewall, Priority, Firewall Source destination, TCP UDP Ports

Once rules are created and refreshed page, rules will be visible in the list. 

Priority: Rules are processed in priority order; the lower the number, the higher the priority. For better design Microsoft recommends leaving gaps between rules - 100, 200, 300 etc. so it's easier to add new rules without having to edit existing rules. Also firewall rules priority must be between number range 100 and 4096.
Source: This the computer from where you will try to connect to Azure VM. * is equal to any, (Here you can mention single IP, or IP range) The source filter can be any, an IP address range, or a default tag. It specifies the incoming traffic from a specific source IP address range that will be allowed or denied by this rule.
Destination: This is the Azure VM. It specifies the outgoing traffic for a specific destination IP address range that will be allowed or denied by this rule.
Service:  This is port number (TCP, UDP or both), This specifies the destination protocol and port range for this rule. You can choose a predefined service, like RDP or SSH, or provide a custom port range.
Action: Can be either Allow or Deny.

Microsoft Azure NSG Network Security Group add Inbound security rules Firewall, Priority, Firewall Source destination, TCP UDP Ports advanced basic, port range allow deny, service

Same way Outbound NSG rule can be created. it will allow or deny (block) traffic leaving from VM. Here is the screenshot while creating new virtual machine, I can attach existing firewall network security group to to it. if VM has multiple network card, you can assign one NSG per NIC card. 

Microsoft Azure attaching or associating existing NSG Network Security Group on virtual machine vm in Settings Configure optional features choose firewall

You can create Virtual Machine VM without NSG policy defined or NSG can be attached to VM Nic later with below steps, under Resource group, select Network interface, and attach the NSG in Network security Group as shown.

Microsoft Azure deploy virtual network interface, attach assoicate existing network security group NSG to virtual machine vm

Here is another example NSG can be applied associated to Virtual Network (vNet) Subnet.

Microsoft Azure create new NSG, network security group attach, associate add it to vnet virtual network subnets

In this Visio, this is how Security rules works. Lower number of the priority, it will have higher precedence. In Inbound security rules Source is the computer who will be initiating connection, and in Destination will be remote computer (Azure) in most cases, on the Outbound Security rule below scenario will become complete opposite, Source will be Azure VM who is want to communicate on Destination remote computer (That can also be a Azure VM).

Microsoft Azure, Inbound and outbound firewall security rules, explained priority, Source and destination, allow deny

In the last, just for information, there are 3 default rules under every NSG (Inbound and OutBound both), They cannot be modified or deleted. in the list Last rule is Deny all traffic with least priority. upon that VMs or resources in Virtual network and Azure load balancers are allow to connect with higher priority than DenyAllinbound.

Microsoft windows Azure nsg, network security group, inbound and outbound default security rules cannot be modified

Useful Links
INSTALLING MICROSOFT AZURE POWERSHELL
PART 9: CREATING AND MANAGING VIRTUAL MACHINE (VM) USING MICROSOFT AZURE RESOURCE MANAGER PORTAL
POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL
MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCEL

POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL

December 30, 2016 11:31AM

A network security group is a layer of security that acts as a virtual firewall for controlling traffic in and out of virtual machines (via network interfaces) and subnets. It contains a set of security rules that allow or deny inbound and outbound traffic using the following 5-tuple: protocol, source IP address range, source port range, destination IP address range, and destination port range. A network security group can be associated to multiple network interfaces and subnets, but each network interface or subnet can be associated to only one network security group.

POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL
CREATE NEW NSG (NETWORK SECURITY GROUP - VIRTUAL FIREWALL ACL) ON MICROSOFT AZURE
MICROSOFT AZURE POWERSHELL: CREATING NEW NSG (NETWORK SECURITY GROUP)
MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCEL

Security rules are evaluated in priority-order, starting with the lowest number rule, to determine whether traffic is allowed in or out of the network interfaces or subnets associated with the network security group. A network security group has separate inbound and outbound rules, and each rule can allow or deny traffic. Each network security group has a set of default security rules, which allows all traffic within a virtual network and outbound traffic to the internet. There is also a rule to allow traffic originating from Azure's load balancer probe. All other traffic is automatically denied. These default rules can be overriden by specifying rules with a lower priority number.

In the Classic deployment model, endpoints - with access control lists (ACLs) - were used to control traffic in and out of virtual machines. In the Resource Manager deployment model, traffic can be controlled by using either network security groups or load balancers with inbound NAT rules. While inbound NAT rules are functionally equivalent to endpoints, Azure recommends using network security groups for new deployments where NAT features (like port translation) are not required.

There are no additional charges for creating network security groups in Microsoft Azure.

Windows Export Microsoft Azure NSG network security group rules inbound and outbound rules export to excel csv

Export the NSG rules to excel is very easy with below Azure Powershell command. Mention the NSG Name and respective Resource Group Name and in the last Export-Csv Path name. (Make sure you have installed Microsoft Azure PowerShell module SDK and logged on Azure using Login-AzureRmAccount). For Inbound and Outbound rules script is same.

Get-AzureRmNetworkSecurityGroup -Name TestNSG01 -ResourceGroupName POC-VPN | Get-AzureRmNetworkSecurityRuleConfig | Select * | Export-Csv -NoTypeInformation -Path C:\Temp\TestNSG01.csv

Powershell Microsoft Azure export nsg network security group rules to excel csv get-azurermnetworksecuritygroup Get-AzureRmNetworkSecurityRuleconfig

I can use this exported CSV data to create another NSG (Network Security Group) with all the Rules as it is. Another benefit is csv file can be modified to add or remove Firewall rules.

Useful Links
INSTALLING MICROSOFT AZURE POWERSHELL
PART 9: CREATING AND MANAGING VIRTUAL MACHINE (VM) USING MICROSOFT AZURE RESOURCE MANAGER PORTAL

POWERSHELL FUN SEND KEYS ON THE SCREEN

December 29, 2016 08:34PM

Today I received weird request from one of my developer friend, He created some application but whenever screen was getting locked due to screen saver lock Group Policy after designated time, Application was not working as expected, Until he resolve the bugs in his application he was seeking help if there is any possibility that server won't get automatically locked due to screen saver policy, And I also need not to make any changes to group policy for single this single PC.

For this below is the small PowerShell Script, Which sends keyboard key NUMLOCK twice on the screen after every 60 seconds, which doesn't allow to lock the screen.

To run this script, copy it to notepad and save it as .PS1 extension using double quotes, 

save powershell ps1 file format extension from notepad with double quote

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
$Seconds = 60

$ObjShell =  New-Object -ComObject Wscript.Shell
$i=0
do
{
    Write-Host " " -BackgroundColor (Get-Random 'Black', 'DarkBlue','DarkGreen','DarkCyan', 'DarkRed','DarkMagenta','DarkYellow','Gray','DarkGray','Blue','Green','Cyan','Red','Magenta','Yellow','White') -NoNewline
    $ObjResult = $ObjShell.SendKeys("{NUMLOCK}{NUMLOCK}")
    Start-Sleep -Seconds $Seconds
}
while ($x -lt 0)

Once saved it in ps1 file. Run it using cmd with below one liner command.

PowerShell -NoProfile -File c:\temp\nolock.ps1 -ExecutionPolicy Unrestricted

run powershell from cmd, powershell -noprofile -file nolock.ps1 -executionpolicy unrestricted

I have added one more code for fun once run below code on the screen it shows some cool random colors on the screen. Same is in the script.

1..300 | foreach {Write-Host " " -BackgroundColor (Get-Random 'Black', 'DarkBlue','DarkGreen','DarkCyan', 'DarkRed','DarkMagenta','DarkYellow','Gray','DarkGray','Blue','Green','Cyan','Red','Magenta','Yellow','White') -NoNewline}

#Revised this code after got help on facebook.
1..300 | foreach {Write-Host " " -BackgroundColor ([ConsoleColor].GetEnumValues() | Get-Random) -NoNewline

vcloud-lab.com powershell fun with color code on the screens, fun friday

CONFIGURING AND MANAGING MICROSOFT WINDOWS NANO SERVER

December 28, 2016 05:27PM

From my previous article I created Nano server VHD image and deployed it as virtual machine on Vmware Workstation. This article I will be focusing on configuration of network settings, Currently I have only one network adapter, from main menu after login, Hit enter for Network settings and select the Ethernet card. While configuration I found it is some what same to Esxi DCUI based configuration.

HOW TO INSTALL WINDOWS NANO SERVER ON VMWARE WORKSTATION AND V2V CONVERTER

1 Powershell Microsoft Server 2016 nano server configuring Networking on console, nano recovery console, select network adapter to configure

Press F11 to setup IPV4 address settings.

2 Powershell Microsoft Server 2016 nano server configuring Networking Ethernet network adapter settings F11 ipv4 settings

Disable DHCP, and provide IP address, Hit enter to save the configuration.

3 powershell create windows 2016 nano server image, nano server image generator, nanoserverimagegenerator module, import-module nano server nanoserver.wim new-nanoserverimage, basepath, targetpath, packages

Once everything is successful, you will see Operation succeeded on IP configuration menu.

4 Powershell Microsoft Server 2016 nano server configuring Networking Ethernet network adapter settings F11 ipv4 settings, Ip configuration, operation succeeded

Next from the main screen Link, Go to the WinRM and configure it. Before proceeding go through the another article POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS to understand the Windows Remote management (WINRM) and configuration. By configuring this step I am enabling ps remoting and opening required ports on firewall in one shot.

WinRM is the Microsoft implementation of the WS-Management (WS-Man) protocol which provides a secure way to communicate with local and remote computers using web services. If you have lost the ability to remotely manage this server over WinRM this option will allow you to reset the WinRM firewall and service configuration to their default settings and allow connections from ANY subnet.

In next few steps I will test the PowerShell remoting connectivity. 

5 Powershell Microsoft Server 2016 nano server configuring and enabling - windows Remote management (WINRM) ws-man protrocol.png

As I want to configure file server and need to do ping test, under Inbound Firewall Rules from previous main screen Link, I will enable File and Printer Sharing (Echo Request - ICMPv4-In), Hit enter. (Inbound is connection coming into Nano server, and Outboud is connection leaving from Nano server.)

6 Powershell Microsoft Server 2016 nano server configuring and enabling - windows Remote management (WINRM) ws-man protrocol enable firewall icmp ping inbound firewall rules.png

Firewall rule can be enabled and disabled using F4 key button, Allow and deny status can be seen on Action.

7 Powershell Microsoft Server 2016 nano server configuring and enabling - windows Remote management (WINRM) ws-man protrocol enable firewall icmp ping allow inbound firewall rules

First thing I will verify nano server is pinging from my desktop, as I can see it is successful and can go ahead with further configuration.

8 Powershell Microsoft Server 2016 nano server configuring and enabling - windows Remote management (WINRM) ws-man protrocol enable firewall icmp ping allow inbound firewall rules, ping successful.png

After opening required inbound firewall ports and enabling remote management Nano can be configured remotely using Server Manager, I am on my one of Windows 2012 R2 server, Opened Server Manger, click Create a Server Group, on the wizard select DNS,

I will search for the Nano server IP, as it doesn't exist in DNS server, It might throw an error Searching for the given IP. and shows, No DNS entry found matching your search text, and I will add it any way.

9 Microsoft Windows Nano server 2016 server manager add and create Server group dns for remote management

Provide Server group a name, I have named it NanoGroup, Once server is selected from the list, click OK to save it.

10 Microsoft Windows Nano server 2016 server manager add and create Server group dns for remote management, Manage nano server remotely.png

On the Left hand side of Server Manager, click the NanoGroup menu, choose the nano server from list, right click and select Manage as to Provide username and password, As server is in workgroup user name will be ~\administrator.

11 Microsoft Windows Nano server 2016 server manager add and create Server group dns for remote management, Manage nano server remotely, Winrm default authentication error manage as.png

Once Server is connected successfully, right click on the nano server again and go to the Add roles and features.

12 Microsoft Windows Nano server 2016 server manager add and create Server group dns for remote management, Manage nano server remotely, Add roles and Features nano server server manager.png

In the Add roles and Features Wizard, select the nano server, press next.

13 Microsoft Windows Nano server 2016 add and create Server group dns for remote management, Manage nano server remotely, Add roles and Features nano server server manager server selection 2016 datacenter nano remotely.png

If you see here there are very few roles, This is because, While creating NANO image I only had injected 2 packages in it, Storage and Hyper-V as shown in earlier blog HOW TO INSTALL WINDOWS NANO SERVER ON VMWARE WORKSTATION AND V2V CONVERTER.

14 Microsoft Windows Nano server 2016 add and create Server group dns for remote management, Manage nano server remotely, Add roles and Features nano server server manager datacenter nano remotely, select roles.png

POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS

From the powershell, remote into the nano server, using command. Enter-PSSession -ComputerName 192.168.33.31 -Credential (Get-Credential), It pops up for the username password, as shown username will be ~\administrator.

15 Microsoft Windows Nano server 2016 remote management, Manage nano server remotely, Add roles and Features nano server server manager datacenter nano remotely, powershell remoting psremoting non domain wsman

If connection is successful, PowerShell prompt will change to Nano server IP or FQDN, I want to create and share one folder remotely on Nano server, For this I will change the directory using command cd \, next I am creating a empty directory Temp on C: with command mkdir c:\temp. With next command I am sharing this folder with Everyone user for demo purpose.

New-SmbShare -Name 'Temp' -Path 'C:\temp' -FullAccess 'Everyone'

15 Microsoft Windows Nano server 2016 remote management, Manage nano server remotely, Add roles and Features nano server server manager datacenter nano remotely, powershell remoting psremoting non domain wsman

In below screenshot I am accessing Shared drive and copied some files.

17 Microsoft Windows Nano server 2016, Manage nano server remotely, nano powershell datacenter, powershell remoting psremoting non-domain wsman enter-pssession, new-smbshare file server share path

HOW TO INSTALL WINDOWS NANO SERVER ON VMWARE WORKSTATION AND V2V CONVERTER

December 26, 2016 07:15PM

New Microsoft Windows Nano server 2016 provides and offers many new benefits over traditional windows server operating system. It is very cost effective to run nano server Amount of resources required to run nano server is very low. also due to its striped down GUI architect (no GUI layer at all) and low reduced OS footprint. Saves lots of cost hardware and energy required. Fewer reboots required, Due to reduced operating system footprint less patches are required and as so few reboots. It boots faster than earlier windows OS, low disk size required, increased security and many more other new features.

CONFIGURING AND MANAGING MICROSOFT WINDOWS NANO SERVER

Installing Nano server has different process than traditional one and first need to create VHD image from the Windows Server 2016 OS ISO image. I have downloaded evaluation Windows Server 2016 OS ISO from www.microsoft.com and mounted it on my desktop, I require NanoServer folder from the CD/DVD. I have copied it on my C:\Temp drive. All the required Nano WIM image and scripts are available in the folder.

1 copy nanoserver folder and Create microsoft windows 2016 server nano vhd image for vmware workstation

Open windows Powershell as administrator. First 2 commands cd and dir are to view the contents in the folder. Import the powershell nanoserver module with below command.

Import-Module .\nanoserver\nanoserverImageGenerator\nanoServerImageGenerator.psm1

Once powershell module is imported there are 3 new commands available to create/modify nano image, Edit-NanoserverImage, Get-NanoServerPackage, New-NanoServerImage. 

I will be using nanoserver.wim to create images under nanoserver folder and using single New-NanoServerImage cmdlet to genrate nano vhd image.

2 powershell as a administrator, create windows server 2016 nano server image, nano server image generator, nanoserverimagegenerator powershell module, import-module nano server image nanoserver.wim

New-NanoServerImage -MediaPath H:\ `
          -BasePath C:\Temp\NanoServer\Base `
          -Targetpath C:\Temp\NanoServer\Nano.vhd `
          -ComputerName NanoServer01 `
          -Packages 'Microsoft-Nanoserver-Compute-Package', 'Microsoft-NanoServer-OEM-Drivers-Package', 'Microsoft-NanoServer-Storage-Package', `
          -DeploymentType Host `
          -Edition DataCenter `
          -AdministratorPassword (ConvertTo-SecureString -String 'Computer@1' -AsPlainText -Force)
3 powershell create windows 2016 nano server image, nano server image generator, nanoserverimagegenerator module, import-module nano server nanoserver.wim new-nanoserverimage, basepath, targetpath, packages

New-NanoServerImage is used to to create image and below are the parameters breakdown. Once executed you can see the status progress bar on the top.
-MediaPath: is ISO cd/dvd path of windows 2016 server, It requires sources folder from the mounted ISO.
-BasePath: Here all the wim files and other required files are copied, it will be writable local drive path.
-Targetpath: This is a folder location where new nano VHD file is generated and created.
-ComputerName: This will be the nano server hostname, and assigned while creation image (With additional parameters it is also possible to provide IP address).
-Packages: Currently I am installing only Storage and HyperV packages. All the packages can be found under nanoserver\packages folder, also I have mentioned all the available packages on the ISO as after this paragraph.
-DeploymentType: There are 2 options here Host and Guest, Host is used for Bare metal and Guest is used for VM image, As I am planning for HyperV as VM. I am selecting Host.
-Edition: This is self explanatory and selecting datacenter edition.
-AdministratorPassword: it should be encrypted using command (ConvertTo-SecureString -String 'Password' -AsPlainText -Force).

Below are the packages list can be used to install and found under packages folder.
Microsoft-NanoServer-BootFromWim-Package
Microsoft-NanoServer-Compute-Package
Microsoft-NanoServer-Containers-Package
Microsoft-NanoServer-DCB-Package
Microsoft-NanoServer-Defender-Package
Microsoft-NanoServer-DNS-Package
Microsoft-NanoServer-DSC-Package
Microsoft-NanoServer-FailoverCluster-Package
Microsoft-NanoServer-Guest-Package
Microsoft-NanoServer-Host-Package
Microsoft-NanoServer-IIS-Package
Microsoft-NanoServer-NPDS-Package
Microsoft-NanoServer-OEM-Drivers-Package
Microsoft-NanoServer-SCVMM-Compute-Package
Microsoft-NanoServer-SCVMM-Package
Microsoft-NanoServer-SecureStartup-Package
Microsoft-NanoServer-ShieldedVM-Package
Microsoft-NanoServer-Storage-Package

4 powershell create windows 2016 nano server logs vhd, nano server image generator, nanoserverimagegenerator module, import-module nano server nanoserver.wim new-nanoserverimage, basepath, targetpath, packages

On the Target path new VHD file is created, As I am using VMware workstation, and this VHD cannot be used with it, I will need it to be converted to VMDK file format first. for this there is a free tool available startwind V2V (virtual to virtual) converter on http://www.starwindsoftware.com/converter.

5 starwind v2v converter, vhd to vmdk converter, vmdk to vhd converter, windows server nano server, powershell nano image creation generation

Registration is required before downloading V2V (virtual to virtual) converter software, it send the download url on registration email id for virtual to virtual (V2V) converter software, Once downloaded, setup it and execute to start wizard, choose the source image location as local file, in my case there is a VHD file on my local folder location c:\temp\nanoserver.

6 starwind v2v converter, vhd to vmdk converter, vmdk to vhd converter, windows server nano server, powershell nano image creation generation. nanoserverimage

Select the newly created Nano.VHD, check the size it is only 4 GB (Also can be installed on Pen drives). On the next screen select the destination desired image format you want to convert to, VMware Esx server image, This format file is VMware server virtual disk image (VMDK), and it is thick disk, Disk space for this image is allocated at the creation time and does not change over time, click next.

7 starwind v2v converter, vhd to vmdk vmdk to vhd converter, windows server nano server, powershell nano image creation generation. nanoserverimage, esxi server image converter, windows server 2016 nano server image

I am keeping VMDK options default, click next to select the file name and location of the new nano VMDK. make sure you have enough space on the disk, note down it will be thick disk and it is only 4 GB os virtual disk in size.

8 powershell create windows server 2016 iso nano server image for vmware esxi, workstation, v2v contersion nanoserverimage.wim, nano wim

It will take 1 or 2 minutes to convert file from vhd to vmdk. Once everything is successful, new disk is created and it is ready to attach in the new VM.

9 powershell v2v free vhd to vmdk converter free, windows server nano image generator using wim, powershell command as administrator

I have already written past article on creating VMs on VMware Workstation, PART 7 : CREATING NESTED VMWARE ESXI SERVER VM IN HOME LAB ON VMWARE WORKSTATION, Use the same article to deploy new Virtual machine, except In the wizard while selecting a disk, choose option Use an existing virtual disk.

10 Install and create Powershell windows server 2016 nano image on vmware workstation use existing virtual disk vmdk, previously configured disk, Powershell as administrator, free tools vhd to vmdk vice versa

While browsing vmdk in the folder, select the nano.vmdk, This is a descriptor file and only around 1 KB in size and actual data resides on another disk nano-flat vmdk. 

11 VMware Workstation add select an existing disk converted v2v vhd, windows server 2016 nano vmdk image, iso

Convert the existing vmdk virtual disk to newer format if you require, once converted vmdk it will be unusable with older version of VMware Workstation.

12 VMware Workstation add select an existing disk converted v2v vhd, windows server 2016 nano vmdk image, convert disk, add existing disk, conversion virtual disk workstation 12 New vm virtual machine

Once VM is completed with mapping existing VMDK disk, Power it on, and provide administrator as user name and password is the same one mentioned while creating nano image using PowerShell. It looks something similar to Esxi login screen and further configuration is also somewhat same like esxi.

13 vmware workstation 12 add windws 2016 nano server converted vhd to vmdk image virtual machine vm nano server login username and password

It opens nano server recovery console. Go to networking and hit enter to configure IP address (This step is possible while nano image creation as well). I will be configuring nano and coming up with further steps in next article.

14 vmware workstation 12 add windws 2016 nano server converted vhd to vmdk image virtual machine vm nano server, login username and password nano server recovery console winrm networking, firewall rules microsoft windows server 2016 nanoserver datacenter

CONVERTING FROM SERVER 2012 CORE INSTALL TO FULL GUI

December 13, 2016 10:26PM

There might be a chance while installation of Microsoft Windows Server setup, You might have overlooked the operating systems menus while setup installation and selected default Windows Server 2012 R2 standard (Server Core installation), first option from the list and click next or press enter. This installs windows 2012 R2 standard core OS by default, and no GUI available. It might be hard some guys who use only GUI to manage and configure Windows severs. Rerunning complete setup again takes time, instead with few commands we can switch from Windows 2012 R2 core to GUI easily even after complete installation. Same steps can be run on Windows Server 2016, I didn't find any difference.

7 convert or switch from winodws 2016 r2 core, windows 2012 core from Core to GUI, powershell install-windowsfeature, windows core installation setup

Once logged into the Microsoft Windows 2012 R2 Core, by default CMD.exe will be open and visible, run below command to open another powershell console on the core.
start powershell

I have Windows 2012 R2 OS DVD or ISO already mounted on the server, to know which drive is of the CDROM, run below command.
Get-PSDrive -PSProvider FileSystem

It shows all the available local drives on the server, here is my D drive is 4.24 GB, and for sure it is the OS DVD/ISO. to check and confirm run dir command on D: and verify the contents. In most cases in fresh installations D drive is always CDROM Drive.

Micrsoft Windows server 2012 r2 core, windows server 2016 core, Server Manager, add roles and features start powershell, Get-Psprovider filesystem, switch from windows core to gui

Running Get-WindowsImage -Imagepath D:\sources\Install.wim will show the Images inside the OS ISO, As I have installed Standard version of core, I will use Index 2 to convert it by running below command.
Install-WindowsFeature server-gui-shell, server-gui-mgmt-infra -restart -source wim:D:\sources\install.wim:2

Setup will start installing 2 new features, Graphical Management Tools infrastructure and Server Graphical Shell. Once they are completed server will restart automatically, and you will see GUI based Windows 2012 R2 Operating system once rebooted.

convert Micrsoft Windows server 2012 r2 core, windows server 2016 core, Server Manager, add roles and features start powershell, get-windowsimage, install-windowsfeature source wim, switch from windows core to gui


On contrary to Converting from Core to GUI, Here in this another tutorial I will switch from GUI to Core, Open Server Manager, under Manage tab, click Remove Roles and Features, 

Micrsoft Windows server 2012 r2, windows server 2016, remove roles and features

De-Select check box for two features Graphical Management Tools infrastructure and Server Graphical Shell under User interfaces and Infrastructure. click Next.

Micrsoft Windows server 2012 r2, windows server 2016, Server Manager remove roles and features, user interfaces and infrastructure, Server Graphical Shell

Confirm the role removal, you can click restart server automatically if required and press button remove. Once server is restarted GUI is gone and only Windows Core exist.

Micrsoft Windows server 2012 r2, windows server 2016, Server Manager remove roles and features, user interfaces and infrastructure, Server Graphical Shell server

Same process can be achieved from Powershell as well, by running Get-WindowsFeature cmdlet, Once run It show entire features list by which are installed, by scrolling down find the User-Interfaces-Infra and subfeatures. run below one-liner command, to remove them.

Remove-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell -Restart

Micrsoft Windows server 2012 r2, windows server 2016, Server Manager, remove roles and features, Get-WindowsFeature, Remove-Windowsfeature Server-gui-mgmt-infra, server-gui-shell

MICROSOFT AZURE POWERSHELL DEPLOYING PAAS SQL DATABASE AS A SERVICE

December 7, 2016 11:15PM

Taking forward  from my previous article MICROSOFT AZURE CREATING AND DEPLOYING PAAS SQL SERVER, DATABASE AS A SERVICE, In this post I will performing same task using Microsoft Azure PowerShell to deploy SQL Server. Very first I will be creating Logical SQL server, As this server is completely taken care by Azure team as shown earlier I don't have any physical access.

New-AzureRmSqlServer -ResourceGroupName 'POC-VPN' -Location 'East US 2' -ServerName 'pocsqlserver01' -ServerVersion '12.0' -SqlAdministratorCredentials (Get-Credential)

Once executed this one-liner powershell command New Cloud SQL server is deployed and ready. It prompt for new SQL server username and password (equivalent to SA user). Make sure server name is on all small letters and no special characters allowed, numbers are accepted.

Microsoft Azure Powershell Resource Group deploy new sql database server paas sql database as a service, New-azurermserver

If command executed successfully it shows the new SQL server information on the screen. Next command will create new database under just created SQL server.

New-AzureRmSqlDatabase -ResourceGroupName 'POC-VPN' -DatabaseName 'pocsqlinstance01' -ServerName 'pocsqlserver01' -Edition Standard -RequestServiceObjectName S0

I have used all the existing information for Resource Group and Server Name, Make sure Database name is in small latters and no special characters allowed, numbers are accepted. Edition is the tier version as chart shown in the previous article, and Requested Service Objective name is Database Size.

Microsoft Azure Powershell Resource Group deploy new sql database server paas sql database as a service, New-azurermserver, New-AzureRMSqlDatabase, Get-Credential

New-AzureRmSqlServerFirewallRule -ServerName 'pocsqlserver01' -ResourceGroupName 'POC-VPN' -FirewallRuleName 'MyLocalServer' -StartIpAddress '45.124.140.122' -EndIpAddress '45.124.140.122'

This command will create new Azure SQL firewall rule, I am adding my desktop's internet public IP where my SQL client is installed. Same test I did in previous post.

Microsoft Azure Powershell Resource Group deploy new sql database server paas sql database as a service, New-AzureRmSqlServerFirewallRule firewall Rules

View older posts »