Microsoft News – 9 December 2014

I do not give a flying fiddlers about some wizard Accenture is selling to deploy System Center. Moving on to relevant things …

Hyper-V

System Center

Azure

Intune

Licensing

Miscellaneous

Microsoft News – 3 December 2014

It’s been a slow period but there’s some interesting stuff in Azure networking and websites.

Hyper-V

Windows Server

Azure

Office 365

Miscellaneous

Microsoft News – 19 November 2014

Pay attention to the security update for Windows that was released out of band last night. It’s an important one that prevents people from crafting custom Kerberos tickets.

Hyper-V

Windows Server

Azure

Security

Office 365

Microsoft News – 17 November 2014

I’ve had a crazy few weeks with TechEd Europe 2014, followed by the MVP Summit, followed by a week of events and catchup at work. Today, I’ve finally gotten to go through my news feeds. There is a LOT of Azure stuff from TEE14.

Hyper-V

Windows Server

System Center

Windows Client

  • Windows 10 – Making Deployment Easier: Using an in-place upgrade instead of the traditional wipe-and-load approach that organizations have historically used to deploy new Windows versions. This upgrade process is designed to preserve the apps, data, and configuration from the existing Windows installation, taking care to put things back the way they need to be after Windows 10 has been installed on the system. And support for traditional deployment tools.
  • Windows 10 – Manageability Choices: Ensuring that Windows works better when using Active Directory and Azure Active Directory together. When connecting the two, users can automatically be signed-in to cloud-based services like Office 365, Microsoft Intune, and the Windows Store, even when logging in to their machine using Active Directory accounts. For users, this will mean no longer needing to remember additional user IDs or passwords.

Azure

clip_image001

ASR SAN replication topology

Office 365

Intune

Operational Insights

Licensing

TEE14 Scripted Demo 6 – Extended Port ACLs

My sixth  TechEd Europe 2014 demo was a fun one: Extended Port ACLs, which is the ability to apply network security rules in the virtual switch port, which cannot be overruled by the guest OS admin.

There is a demo VM that is running IIS with a default site. The Windows Firewall is turned off in the guest OS. The script will:

  1. Clean up the demo lab
  2. Open a window with a continuous ping to the VM, showing the open network status
  3. Starts IE and browses to the VM’s site
  4. Kills IE and applies an extended port ACL to block everything.
  5. IE is re-opened (with flushed cache) and fails to load the site. Ping packets are dropping in the continuous ping.
  6. Kills IE and creates another extended port ACL to allow inbound TCP 80
  7. Reopens IE to show the site is accessible. Meanwhile, pings continue to fail.

There’s plenty of process management, and controlling IE in this script.

cls
#Clean up the demo to start up with
Get-VMNetworkAdapterExtendedAcl -VMName PortACLs | Remove-VMNetworkAdapterExtendedAcl

$DemoVM = "PortACLS"

Write-Host "Extended Port ACLs Demo"

#Clear IE Cache
RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 8

#Ping the VM
Start-Process Ping -ArgumentList "-t","PortACLS"

#Start IE
$ie = new-object -comobject InternetExplorer.Application
$ie.visible = $true
$ie.top = 200; $ie.width = 900; $ie.height = 600 ; $ie.Left = 100
$ie.navigate("http://portacls.demo.internal")

#Block all traffic script block
Read-Host "Block all traffic to the VM"
#Kill IE
Get-Process -Name IEXPLORE | Stop-Process
RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 8
Write-Host "`nAdd-VMNetworkAdapterExtendedAcl –VMName PortACLs –Action `“Deny`” –Direction `“Inbound`” –Weight 1"
Sleep 3
Write-Host "`nAll inbound traffic to the virtual machine is blocked" -foregroundcolor red -backgroundcolor yellow
Add-VMNetworkAdapterExtendedAcl –VMName PortACLs –Action “Deny” –Direction “Inbound” –Weight 1
#Start IE to show the site is offline
$ie = new-object -comobject InternetExplorer.Application
$ie.visible = $true
$ie.top = 200; $ie.width = 900; $ie.height = 600 ; $ie.Left = 100
$ie.navigate("http://portacls.demo.internal")

#Put in web traffic exception script block
Read-Host "`n`n`nAllow HTTP traffic to the VM"
#Kill IE
Get-Process -Name IEXPLORE | Stop-Process
RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 8
Write-Host "Add-VMNetworkAdapterExtendedAcl –VMName PortACLs –Action `“Allow`” –Direction `“Inbound`” –LocalPort 80 –Protocol `“TCP`” –Weight 10"
Sleep 3
Write-Host "`nAll inbound traffic to the virtual machine is blocked EXCEPT for HTTP" -foregroundcolor red -backgroundcolor yellow
Add-VMNetworkAdapterExtendedAcl –VMName PortACLs –Action “Allow” –Direction “Inbound” –LocalPort 80 –Protocol “TCP” –Weight 10
#Start IE to show that the website is now back online, despite all other traffic being blocked
$ie = new-object -comobject InternetExplorer.Application
$ie.visible = $true
$ie.top = 200; $ie.width = 900; $ie.height = 600 ; $ie.Left = 100
$ie.navigate("http://portacls.demo.internal")

Read-Host "`n`n`nEnd the demo"

#Clean up after the demo
Get-Process -Name Ping | Stop-Process
Get-Process -Name IEXPLORE | Stop-Process
Get-VMNetworkAdapterExtendedAcl -VMName PortACLs | Remove-VMNetworkAdapterExtendedAcl

TEE14 Scripted Demo 5 – Out-Of-Band File Copy

In my fight demo at TechEd Europe 2014, the topic was OOB File Copy, the ability to place a file into a VM’s storage, via the VMBus, and without network connectivity to the VM (e.g. tenant isolation).

The script does the following:

  1. Cleans up the demo
  2. Opens up notepad. I manually copy and paste text from a website into the file and save it.
  3. Enable the Guest Service Interface for the VM to enable OOB File Copy
  4. Copy the file to the VM
  5. Disable Guest Service Interface
  6. Connect to the VM. I manually log in and open the file to verify that the file I created is now inside of the VM
  7. Clean up the demo

 

function KillProcess ($Target)
{
    $Processes = Get-Process
    Foreach ($Process in  $Processes)
    {
        if ($Process.ProcessName -eq $Target)
        {
            Stop-Process $Process
        }   
    }
}

cls

$DemoHost1 = "Demo-Host1"
$DemoVM1 = “OOBFileCopy”
$DemoFile = "CopyFile.txt"
$DemoFilePath = "C:\Scripts\TechEd\$DemoFile"
$VMConnect = "C:\Windows\system32\vmconnect.exe"
$VMConnectParams =  "$DemoHost1 $DemoVM1"

#Prep the demo
#Use a remote command to delete the file from the VM
Invoke-Command -ComputerName $DemoVM1 -ScriptBlock {Remove-Item -ErrorAction SilentlyContinue "C:\CopyFile.txt" -Confirm:$False | Out-Null}
Disable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"
Remove-Item -ErrorAction SilentlyContinue $DemoFilePath -Confirm:$False | Out-Null
New-Item $DemoFilePath -ItemType File | Out-Null

#Start the demo

#Note to self – script the network disconenct of the VM along with a continuous ping to confirm it.

Read-Host "`nStart the demo"
Write-Host "`nCreate a file to be copied into the virtual machine" -foregroundcolor red -backgroundcolor yellow
Start-Process "c:\windows\system32\notepad.exe" -ArgumentList $DemoFilePath

#Copy the file
Read-Host "`nEnable the Guest Service Interface integration service"
Write-Host "`nEnable-VMIntegrationService $DemoVM1 -Name `"Guest Service Interface`""
Enable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"

Read-Host "`nCopy the file to the VM"
Write-Host "`nCopy-VMFile $DemoVM1 -SourcePath $DemoFilePath -DestinationPath C: -FileSource Host"
Copy-VMFile $DemoVM1 -SourcePath $DemoFilePath -DestinationPath C: -FileSource Host

Read-Host "`nDisable the Guest Service Interface integration service"
Write-Host "`nDisable-VMIntegrationService $DemoVM1 -Name `"Guest Service Interface`""
Disable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"

#Check the file
Read-Host "`nLog into the virtual machine to check the file"

Set-VMHost -EnableEnhancedSessionMode $true | Out-Null
Start-Process $VMConnect -ArgumentList $VMConnectParams

#End the demo
Read-Host "`nEnd the demo"
KillProcess "vmconnect"
Disable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"
Remove-Item -ErrorAction SilentlyContinue $DemoFilePath -Confirm:$False | Out-Null
#Use a remote command to delete the file from the VM
Invoke-Command -ComputerName $DemoVM1 -ScriptBlock {Remove-Item -ErrorAction SilentlyContinue "C:\CopyFile.txt" -Confirm:$False | Out-Null}

 

TEE14 Scripted Demo 5 – Out-Of-Band File Copy

In my fight demo at TechEd Europe 2014, the topic was OOB File Copy, the ability to place a file into a VM’s storage, via the VMBus, and without network connectivity to the VM (e.g. tenant isolation).

The script does the following:

  1. Cleans up the demo
  2. Opens up notepad. I manually copy and paste text from a website into the file and save it.
  3. Enable the Guest Service Interface for the VM to enable OOB File Copy
  4. Copy the file to the VM
  5. Disable Guest Service Interface
  6. Connect to the VM. I manually log in and open the file to verify that the file I created is now inside of the VM
  7. Clean up the demo

 

function KillProcess ($Target)
{
    $Processes = Get-Process
    Foreach ($Process in  $Processes)
    {
        if ($Process.ProcessName -eq $Target)
        {
            Stop-Process $Process
        }   
    }
}

cls

$DemoHost1 = "Demo-Host1"
$DemoVM1 = “OOBFileCopy”
$DemoFile = "CopyFile.txt"
$DemoFilePath = "C:\Scripts\TechEd\$DemoFile"
$VMConnect = "C:\Windows\system32\vmconnect.exe"
$VMConnectParams =  "$DemoHost1 $DemoVM1"

#Prep the demo
#Use a remote command to delete the file from the VM
Invoke-Command -ComputerName $DemoVM1 -ScriptBlock {Remove-Item -ErrorAction SilentlyContinue "C:\CopyFile.txt" -Confirm:$False | Out-Null}
Disable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"
Remove-Item -ErrorAction SilentlyContinue $DemoFilePath -Confirm:$False | Out-Null
New-Item $DemoFilePath -ItemType File | Out-Null

#Start the demo

#Note to self – script the network disconenct of the VM along with a continuous ping to confirm it.

Read-Host "`nStart the demo"
Write-Host "`nCreate a file to be copied into the virtual machine" -foregroundcolor red -backgroundcolor yellow
Start-Process "c:\windows\system32\notepad.exe" -ArgumentList $DemoFilePath

#Copy the file
Read-Host "`nEnable the Guest Service Interface integration service"
Write-Host "`nEnable-VMIntegrationService $DemoVM1 -Name `"Guest Service Interface`""
Enable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"

Read-Host "`nCopy the file to the VM"
Write-Host "`nCopy-VMFile $DemoVM1 -SourcePath $DemoFilePath -DestinationPath C: -FileSource Host"
Copy-VMFile $DemoVM1 -SourcePath $DemoFilePath -DestinationPath C: -FileSource Host

Read-Host "`nDisable the Guest Service Interface integration service"
Write-Host "`nDisable-VMIntegrationService $DemoVM1 -Name `"Guest Service Interface`""
Disable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"

#Check the file
Read-Host "`nLog into the virtual machine to check the file"

Set-VMHost -EnableEnhancedSessionMode $true | Out-Null
Start-Process $VMConnect -ArgumentList $VMConnectParams

#End the demo
Read-Host "`nEnd the demo"
KillProcess "vmconnect"
Disable-VMIntegrationService $DemoVM1 -Name "Guest Service Interface"
Remove-Item -ErrorAction SilentlyContinue $DemoFilePath -Confirm:$False | Out-Null
#Use a remote command to delete the file from the VM
Invoke-Command -ComputerName $DemoVM1 -ScriptBlock {Remove-Item -ErrorAction SilentlyContinue "C:\CopyFile.txt" -Confirm:$False | Out-Null}

 

TEE14 Scripted Demo 4 – Enhanced Session Mode

The 4th of my 10 demos at TechEd North America 2014 was based on Enhanced Session Mode and all the RemoteFX via the VMBus goodness that it provides admins with when interacting with VMs on WS2012 R2 Hyper-V.

It was a complicated demo to script – but certainly not the most complicated! The logic is:

  1. Clean up the environment – this involved disabling enhanced session mode (I normally use it)
  2. Connect to a VM and show the lack of copy/paste etc – note how I directly run VMConnect
  3. Enable enhanced session mode
  4. Log into the VM and show off the features of the RemoteFX-powered connect
  5. Copy/paste etc
  6. Clean up the demo

Some of things I do in this script are used in some of the later, more complicated demo scripts. You’ll soon see lots more invoke-command, PSEXEC, and process manipulation.

 

function KillProcess ($Target)
{
    $Processes = Get-Process
    Foreach ($Process in  $Processes)
    {
        if ($Process.ProcessName -eq $Target)
        {
            Stop-Process $Process
        }   
    }
}

CLS
$DemoHost1 = "Demo-Host1"
$DemoVM1 = “OOBFileCopy”
$VMConnect = "C:\Windows\system32\vmconnect.exe"
$VMConnectParams =  "$DemoHost1 $DemoVM1"

#Prep the demo
KillProcess "vmconnect"
Set-VMHost -EnableEnhancedSessionMode 0 | Out-Null

#Start the demo
Read-Host "Start the demo"
Write-Host "`nThe host is configured as default – same old VMConnect:" -foregroundcolor red -backgroundcolor yellow
Write-Host "`n(Get-VMHost).EnableEnhancedSessionMode"
(Get-VMHost).EnableEnhancedSessionMode | Out-Host

Read-Host "`nConnect to the demo virtual machine"
Start-Process $VMConnect -ArgumentList $VMConnectParams

Read-Host "`nStop VMConnect"
KillProcess "vmconnect"

#Enable enhanced session mode
Read-Host "`nEnabled Enhanced Session Mode"
Write-Host "`nLet’s get the new administrator experience:" -foregroundcolor red -backgroundcolor yellow
Write-Host "`nSet-VMHost -EnableEnhancedSessionMode `$true"
Set-VMHost -EnableEnhancedSessionMode $true | Out-Null
Write-Host "`n(Get-VMHost).EnableEnhancedSessionMode"
(Get-VMHost).EnableEnhancedSessionMode | Out-Host

Read-Host "`nConnect to the demo virtual machine"
Start-Process $VMConnect -ArgumentList $VMConnectParams
Write-Host "`nLog in and demonstrate Enhanced Session Mode" -foregroundcolor red -backgroundcolor yellow

Read-Host "`nEnd the demo"
KillProcess "vmconnect"
Set-VMHost -EnableEnhancedSessionMode 1 | Out-Null

TEE14 Scripted Demo 3 – Resource Metering

My third demo at TechEd Europe 2014 focused on Resource Metering, enabling granular reporting of per-VM resource utilisation, primarily for the purposes of show-back reporting or cross-charging/billing. This feature can be used to satisfy one of the traits of a cloud, as defined by NIST: measured usage.

In this demo, I:

  1. Clean up the demo
  2. Enable metering on a VM
  3. Modify the reporting interval from 1 hour to 10 seconds to suit the demo
  4. Use memory in the VM
  5. Copy a file to the VM (I might also run some network consuming process in the VM)
  6. Report on resource usage
  7. Dive deeper into network metering
  8. Clean up the demo

$DemoVM = "Metering"
$DemoFile = "C:\Scripts\TechEd\ResourceMeteringDemoFile.exe"

CLS
Get-VM $DemoVM | Disable-VMResourceMetering
Set-VMHost –ComputerName Demo-Host2 –ResourceMeteringSaveInterval 00:00:10

#Enable metering
Read-Host "`nEnable Resource Metering on the VM"
Write-Host "`nGet-VM $DemoVM | Enable-VMResourceMetering"
Get-VM $DemoVM | Enable-VMResourceMetering
Write-Host "`nResource Metering is enabled on $DemoVM" -foregroundcolor red -backgroundcolor yellow

#Use some resources
Sleep 1
Write-Host "`nUsing RAM in the VM $DemoVM" -foregroundcolor red -backgroundcolor yellow
#Loop to consume RAM in the VM
Invoke-Command -ComputerName $DemoVM -ScriptBlock {1..28|%{$x=1}{[array]$x+=$x}} -ErrorAction SilentlyContinue
#Copy a file to the VM
Write-Host "`nCopying a file to the VM $DemoVM" -foregroundcolor red -backgroundcolor yellow
Remove-Item "\\Metering\C$\ResourceMeteringDemoFile.exe" -ErrorAction SilentlyContinue
Copy-Item -Path $DemoFile -Destination "\\Metering\C$\ResourceMeteringDemoFile.exe"
Remove-Item "\\Metering\C$\ResourceMeteringDemoFile.exe" -ErrorAction SilentlyContinue
Copy-Item -Path $DemoFile -Destination "\\Metering\C$\ResourceMeteringDemoFile.exe"
Remove-Item "\\Metering\C$\ResourceMeteringDemoFile.exe" -ErrorAction SilentlyContinue

#Check usage data
Read-Host "`nCheck usage data"
Write-Host "`nMeasure-VM –VMName $DemoVM"
Measure-VM –VMName $DemoVM | Out-Host

#Check network usage data
Read-Host "`nCheck network usage data"
Write-Host "`n(Measure-VM –VMName $DemoVM).NetworkMeteredTrafficReport"
(Measure-VM –VMName $DemoVM).NetworkMeteredTrafficReport | Out-Host

 

Read-Host "`nEnd the demo"
Get-VM $DemoVM | Disable-VMResourceMetering
Set-VMHost –ComputerName Demo-Host2 –ResourceMeteringSaveInterval 01:00:00

TEE14 Scripted Demo 2 – Live Exporting & Cloning Hyper-V Virtual Machines

The second demo in my presentation focused on being able to export running virtual machines. We can also export a checkpoint to create a merged export. And then we can import a VM to clone it, maybe for troubleshooting, diagnostics, performance testing, upgrade testing, and rollback testing …. all on a “production” VM with “production” data and services.

This script will do:

  1. Clean up the lab
  2. Show the running VM
  3. Export the VM
  4. Show the export
  5. Remove the export
  6. Checkpoint the VM
  7. Export the checkpoint
  8. Import the checkpoint to create a new VM
  9. Highlight the new VM is running alongside the old VM

CLS
$DemoVM1 = “NUMA”
$ExportPath = “D:\Exports\”
$ImportedVMName = “Newly Imported VM”
$ImportVMPath = “D:\Virtual Machines\$ImportedVMName”

#Clean up the demo
Start-VM $DemoVM1 | Out-Null
CLS
If (Test-Path $ExportPath)
{
Remove-Item $ExportPath -Recurse -Force | Out-Null
}
Remove-VMSnapshot $DemoVM1 -ErrorAction Ignore | Out-Null
Stop-VM $ImportedVMName -Force -ErrorAction Ignore | Out-Null
Remove-VM $ImportedVMName -Force -ErrorAction Ignore | Out-Null
Remove-Item $ImportVMPath -Recurse -Confirm:$false -ErrorAction Ignore | Out-Null

#Start the demo
Read-Host “Start the demo”
Write-Host “`nThis is the virtual machine $DemoVM that we will be working with” -foregroundcolor red -backgroundcolor yellow
Get-VM $DemoVM1 | Select Name, Status | Out-Host

#Export the VM
Read-Host “`nExport the running VM”
Write-Host “`nCreating an export of the virtual machine $DemoVM while it is running” -foregroundcolor red -backgroundcolor yellow
Write-Host “`nExport-VM $DemoVM1 -Path $ExportPath”
Export-VM $DemoVM1 -Path $ExportPath | Out-Host
Write-Host “`nHere is the export of the still running virtual machine” -foregroundcolor red -backgroundcolor yellow
Dir $ExportPath\NUMA

#Create a VM checkpoint
Read-Host “`nCreate a checkpoint of the VM $DemoVM1”
Write-Host “`nCreating a checkpoint (formerly known as a snapshot) of the virtual machine $DemoVM1” -foregroundcolor red -backgroundcolor yellow
Write-Host “`nCheckpoint-VM $DemoVM1 -SnapshotName `”Demo Checkpoint AKA Snapshot`””
Checkpoint-VM $DemoVM1 -SnapshotName “Demo Checkpoint AKA Snapshot”
Write-Host “`nThis is the new checkpoint” -foregroundcolor red -backgroundcolor yellow
Get-VMSnapshot $DemoVM1 | Out-Host

 

#Export the VM checkpoint
Read-Host “`nDo an export of the VM $DemoVM1 checkpoint”
If (Test-Path $ExportPath)
{
Remove-Item $ExportPath -Recurse -Force | Out-Null
}
Write-Host “`nWe can export a checkpoint of a running virtual machine” -foregroundcolor red -backgroundcolor yellow

Write-Host “`nNew-Item -ItemType Directory $ExportPath\$DemoVM1”
New-Item -ItemType Directory $ExportPath\$DemoVM1

Write-Host “`nExport-VMSnapshot -Name “Demo Checkpoint AKA Snapshot” -VMName $DemoVM1 -Path $ExportPath”
Export-VMSnapshot -Name “Demo Checkpoint AKA Snapshot” -VMName $DemoVM1 -Path $ExportPath | Out-Host

Write-Host “`nHere is the export” -foregroundcolor red -backgroundcolor yellow
Dir $ExportPath\NUMA

#Import the VM checkpoint to create a new VM
Read-Host “`nImport the exported checkpoint to create a new VM”
Write-Host “`nNow we will create a whole new virtual machine from the exported checkpoint” -foregroundcolor red -backgroundcolor yellow

Write-Host “`n`$XML = gci `”$ExportPath$DemoVM1\Virtual Machines`” | Where-Object {$_.Extension -eq `”.XML`”}”
$XML = gci “$ExportPath$DemoVM1\Virtual Machines” | Where-Object {$_.Extension -eq “.XML”}

Write-Host “`n`$NewVM = IMPORT-VM -path `$XML.FullName -Copy -VhdDestinationPath `”$ImportVMPath\Virtual Hard Disks`” -VirtualMachinePath `”$ImportVMPath`” -SnapshotFilePath `”$ImportVMPath\Snapshots`” -SmartPagingFilePath `”$ImportVMPath`” -GenerateNewId”
$NewVM = IMPORT-VM -path $XML.FullName -Copy -VhdDestinationPath “$ImportVMPath\Virtual Hard Disks” -VirtualMachinePath $ImportVMPath -SnapshotFilePath “$ImportVMPath\Snapshots” -SmartPagingFilePath $ImportVMPath -GenerateNewId

Write-Host “`nRename-VM `$NewVM $ImportedVMName”
Rename-VM $NewVM $ImportedVMName

Write-Host “`nStart-VM $ImportedVMName”
Start-VM $ImportedVMName

Write-Host “`nHere is the original virtual machine $DemoVM1 and the new virtual machine $ImportedVMName” -foregroundcolor red -backgroundcolor yellow
Get-VM $ImportedVMName,$DemoVM1 | Select Name, Status | Out-Host

#Clean up the demo
Read-Host “`nEnd the demo”
Start-VM $DemoVM1 | Out-Null
If (Test-Path $ExportPath)
{
Remove-Item $ExportPath -Recurse -Force | Out-Null
}
CLS
Remove-VMSnapshot $DemoVM1 -ErrorAction Ignore | Out-Null
Stop-VM $ImportedVMName -Force -ErrorAction Ignore | Out-Null
Remove-VM $ImportedVMName -Force -ErrorAction Ignore | Out-Null
Remove-Item $ImportVMPath -Recurse -Confirm:$false -ErrorAction Ignore | Out-Null