Installing Unidesk with Azure integration

I have previosly blogged about Unidesk layering technology earlier this year, https://msandbu.wordpress.com/2015/01/05/unidesk-tech-preview-for-hyper-v/ then it was about Hyper-V support and how it operated. Then at Microsoft ignite this year I was introduced to a new version which enabled Azure Support.

Then I was like WTF? You guys do that?? and yes they do, it was released not so long ago and this is my experience with how it works.

First things we need to do is download the Azure version of Unidesk from their website –> http://www.unidesk.com/software/azure then we need to have a azure account with an active subscription and a azure virtual network which either is connected locally  using a S2S VPN or a P2S VPN, this needs to be in place because the management appliance uses this VPN connection to communicate with Azure.

image

Or! we can setup an virtual machine in azure which can act as a management host, where we can do the same procedure and run the installer wizard from. (I had some issues with uploading timing out)

P2S is pretty easy to setup in Azure, just need to make our own signed certificate using makecert utils from VS. When that is done we start the installation of Unidesk! first we need a publish file from Azure (Which can be generated from here –> https://manage.windowsazure.com/publishsettings)

So when starting the installation, you point it to the publish file to allow it to get info about our subscriptions and such

image

Then define a virtual network to place the management appliance, NOTE: That in a Azure subnet the first available IP-address is always 4. The setup also generates its own storage account to place the appilance.

image

Then we play the waiting game…After the upload is compelte you should see the storage account appear where the VHD file was uploaded

image

And also you should see the appliance starting up

image

After it is uploaded and accessable you will need to login to the appliance and setup the Master Cachepoint appliance.
image

Then go into System and create CachePoint

image

image

Now we have to create an golden image. Choose RDSH session host from the gallery list

image

Important! place it in the same cloud service and storage account as the management appliance

image

Now after this has been deployed there are a couple of things we need to do.

NOTE: The golden image cannot be part of a domain.

1: Enable PowerShell remoting

2: Apply all the latest updates

3: Copy the unidesk tools to the golden image under C:windows\setup\scripts

4: Run the uattended installation wizard by using the unattend.exe file in the scripts folder

image

Then run the Optimization feature

image

And lastly run the tools setup. Here we need to enter information about the management appliance IP and so on.

image

NOTE: Might be that you need to restart your golden image before the installation is successfull.

And after the installation is done we can go ahead and create a golden image OS layer based upon the template we just created

image

So this has been part 1 of Unidesk & Azure.

Implenenting Containers on Windows Server 2016 and running IIS

So since TP3 was released yesterday, I have been quite busy trying to implement Containers on top of a Hyper-V host. Now Microsoft has been kind as enough to give us a simple Contain Image which makes the first part pretty easy.

In order to deploy Container we need a container host. The easiest way to get startet is download a finished script from Microsoft, which we can run directly from a Hyper-V host to be able to get a container host VM

NOTE: That Containers do not require Hyper-V, but this

wget -uri http://aka.ms/newcontainerhost -OutFile New-ContainerHost.ps1

This will generate a PowerShell Script from the URL, when we run it we need to define a couple of things, first of is name of the VM and password for the built-in administrator account and doing so the script which in essence will do a couple of things.

1: Download a finished Sysprepped Container Host image from http://aka.ms/ContainerOsImage which is in essence
WindowsServer_en-us_TP3_Container_VHD

2: Enables the Container feature on the host-vm  (Part of the unattend process) is in the last part of the script contains a unattend section which is being process against the container host-vm

3: Boot the VM as a Contained-host and do PowerShell direct session after the VM is booted and finish the setup.

After that you have a running container host setup, and we can connect to the VM using Hyper-V manager

image

Not much to see yet. Important to remember that the image will create a built-in NAT switch on the Docker host, with a predefined subnet range

image

Where the docker host will take the first IP in the range. Now if we run Get-ContainerHost and Get-ContainerImage we should get that the VM is a Containerhost and that we have a WindowsServerCore Image available.

Now in order to create a Container we need to run the following command

$container = New-Container -Name «MyContainer» -ContainerImageName WindowsServerCore -SwitchName «Virtual Switch»

The name of the switch needs to be identical to the one added. Can be viewed using get-vmswitch

Reason why we store it in a variable is because we need to reference it later when using PowerShell direct.

I can use the command get-container to see that it has been created. Now I have to start the container using start-container –name “MyContainer”

I can now see that the container is running and is attached to the NAT vSwitch

image

Great! so what now ? Smilefjes

As I mentioned earlier we needed to store the container variable in order to use it later, well this is the time. Now we need to do a PowerShell direct session to the Container. If not we can always use the $container = get-container –name to store it against.

By using the command

Enter-PSSession -ContainerId $container.ContainerId –RunAsAdministrator

We can now enter a remote session against the Container. We can also see that the container ID is shown at the start of the prompt

image

Also verify that is has gotten an IP-address from the NAT Network

image

So now what ? Let’s start by installing IIS on the container, this can be done by using the command Install-windowsfeature –name Web-Server

After that is installed and that the W3 service is running

get-service –name W3SVC

image

Now that we have deployed an IIS service on the Container, we need to setup a Static NAT rule to open for port 80. In my case I have a lab which resides on 192.168.0.0/24 but the NAT switch is on 172.16.0.0.

NOTE: Another option we can do is to enable the builtin-administrator account so that way we can use RDP against the Container in the future (Make sure you add the proper NAT rules)

net user administrator /active:yes

So in order to add a static forwarding rule on the containerhost vm just use the command to specify ports and IP-addreses. Add-NetNatStaticMapping -NatName «ContainerNat» -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.16.0.3 -InternalPort 80 -ExternalPort 80

Next I just do a nasty firewall disable edit

set-netfirewallprofile domain,public,private –Enabled false

Then by running Get-NatStaticMapping on the ContainerHost I can see the rules I created. I also added som new rules for RDP purposes.

image

Now my Docker host, is setup with two IP addresses (One which is 172.16.0.1) and the other is 192.168.0.10 (Which when I connect to that IP the NAT rules will kick in and forward me to my IIS service running on the Container)

Now I can see that I have a NAT session active

image

And that IIS opens on the Container

image

Now that I have an IIS installed Container I can shutdown the VM and create a new containerimage of it.

stop-container –name “test2”

By using the command

$newimage = New-ContainerImage -ContainerName test2 -Publisher Demo -Name newimage -Version 1.0

So this has been a first introduction to Containers running on TP3. Note that many utilities do not work formally with Containers, such as sconfig which tries to list out network interfaces, but they are not presented within a Container so some settings are not available.

Getting started with Docker Containers on Windows Server 2016 Technical Preview 3

So TP3 was released earlier today (about 1 hour ago), as an image on Azure, and I have been able to spend quite alot of useful minutes on it and more specificaly on Containers. TP3 is the first release that supports Native containers.

Now Containers can be added to TP3 as a feature, by running the command

Install-WindowsFeature –name Containers

Now by default there isn’t so much that we can do, unless we have some proper images in place. Luckily I have noticed that Microsoft has a GitHub site where it places all different examples uses for showing Containers.

Which can be found here –> http://bit.ly/1Pzq4dO

From here we also have a sample-script which allow us to setup a new container host with a sample image. The install-containerhost will in essence setup a Windows Server 2016 container host on top of Hyper-V

It will download a Container image from http://bit.ly/1TUXjJa this Image is about 6 GB large so it might take some time before it is finished downloaded.

We also have an example script to deploy an Container with MineCraft under the same GitHub https://github.com/Microsoft/Virtualization-Documentation/blob/master/windows-server-container-samples/MineCraft/MinecraftHost.ps1

which was updated less then 15 minutes ago Smilefjes

enjoy!

Netscaler and support for Framehawk

In the latest release of Netscaler, which came on friday (download link here — https://t.co/nAf5V6NXB8 ) Citrix now enables for Framehawk usage over Remote Access (AKA ICA Proxy) there are only a few small steps needed in order to deploy Framehawk on Citrix

And of course it still requires that the infrastructure has FP2 installed in the backend. So it is going to be interesting to see how this competes with a proper tuned TCP profile on the Netscaler.

Hyper-V and Storage features deep-dive comparison with Nutanix

So another blogpost in this storage series with Hyper-V, in the previous posts I discussed a bit about what features Hyper-V has and the issues with them. Well time to take that to the next level. Just to show how Nutanix solves the performance issues and how Microsoft does it with their Windows Server features.

First of we have the native capabilities with Windows Server and Storage Spaces. We can benefit from SMB 3 and for instance mutlichannel with RSS and Jumbo frames which allows for much less overhead in a TCP network, of course it requires some knowledge on congestion algoritms to use as well to be able to use the full troughput

We can also use tiering in the back-end with the default write-back cache feature (which by default is on 1 GB) and during night the tiering feature run an optimization task that moves the hot data to the SSD tier and the cold data to the HDD tier.

On the other hand we can have a RDMA deplouyment which in essence removes the TCP/IP stack completly and does zero-copy network capabilities, and we can use this in conjunction with CSV cache which only provides benefits for read-only unbuffered I/Os in RAM on the host, this feature can be enabled on a CSV disk level and is integrated into failover cluster manager and is leveraged on all the hosts in a cluster. but… this feature is disabled for a tiered stoarge space CSV therefore they can not be both activated on the same deployment.

image

In the Nutanix I/O Path things are a bit different, since the CVM (Controller VM) serves content locally from the node to the hyper-V host using SMB using disk passtrough locally.

image

The I/O fabric in a Nutanix node consists of many different logical stores. First of we have the Content Cache which is an deduplicated read cache which consists of both memory and SSD. Which is serverd from the memory of the CVM. Here we have the ability to leverage from inline deduplication.

Then we have the OpLog which is built to handle random I/O, when dealing with bursts of random I/O it coalesce them and then sequentially drains it to the other Store (Extent Store) The oplog is on the SSD tier. In case of sequencial Write I/O  the Oplog is bypassed and is then writen directly to the Extent Store.  The Oplog is also replicated to one or more nodes in a cluster to handle high-availabilty.

The Extent Store serves as persistent data storage in a Nutanix node, which consists of SSD and HDD. Data coming into the extent store is either directly as sequential write I/O or drained from the Oplog. The Extent store can also leverage from deduplication, this is a cross cluster deduplication feature, meaning that all nodes participate. 

So as we can see Nutanix leverages tiering, deduplication, in-memory caching while maintaining availability for data across nodes in a cluster, and combining this with data locality to deliver the lowest form of latency.

Wire Data in Operations Management Suite

Microsoft finally released a new solutions pack to Operations Management suite the other day, which I have been waiting for since Ignite! WireData!!!

This is an solution pack that gathers meta data about your network, it requires a local agent installed on your servers as with other solution packs but allows you to get more detailed information about network traffic happening inside your infrastructure.

So if you have OMS you just need to go into the solution pack and add the wire data pack

image

But note that after adding the solution pack It need a while to gather the necessery data to create a sort of baseline about the network traffic.

image

After it is done it groups together the communication that has happend on the agents to see what kind of protocols that are often in use

image

For instance I see that there is alot of Unknown traffic happening on my agent, I can do a drill down to see more info about that particular traffic. Then I can see in detail where the traffic is going

image

I can also do a drill down to se what kind of process is initiating the traffic going back and forth. Something I would like to see in this, is the ability to add custom info, lets say for instance if I have a particular application running which uses some custom ports and processes I would like to add a custom name to that application so It can appear in the logs and in the overview.

Other then that it provides some great insight in what kind of traffic is going back and forth inside the infrastrucutre, and Microsoft has added some great common queries.

image

Upcoming events!

It has been a bit quiet here lately (well there has been some activity but not as noisy as it used to be) therefore I decided to give a quick update to tell everyone what’s going on for my part.

At the moment I’m quite busy writing two books! that’s right two!

One is an update to one of my existing books, http://www.amazon.co.uk/Implementing-Netscaler-Vpx-Marius-Sandbu/dp/178217267X/ref=sr_1_1?ie=UTF8&qid=1438541424&sr=8-1&keywords=netscaler which is an update for this book to V11 which was released a couple of months back and therefore there is much new content in there such as

* Unifed Gateway
* GSLB
* Mobilestream
* V11 in general
* More in-depth on traffic optimization (HTTP/2 SPDY, TCP, Multi-PE and so on)
* AAA
* Azure and Amazon deployment

And of course much more!

I am also writing a mastering Netscaler book which will go in much more depth where I am co-writing with another Citrix Consultant, really looking forward to this book as well. Both these books are going to be release Q4 this year so busy time ahead.

Also in other releated events I am delivering a session on Microsoft EMS (Intune, Azure AD, Azure RMS and ATA) at Trond E Haavarstein aka @xenappblog’s virtual expo which is here –>  https://xenapptraining.leadpages.net/xbve2015/ joined by alot of rockstar community people! hurry up if you want to join is close to about 1000 attendees!

Also later in August I’m holding a local seminar at Microsoft Norway where I am going to talk about Azure AD and Windows 10 a talk a bit more about the different scenarios when in a hybrid setup and so on.

So this happens August the 19th, so if you want to join send me a wink. Other then that stay tuned!