Implenenting Containers on Windows Server 2016 and running IIS

So since TP3 was released yesterday, I have been quite busy trying to implement Containers on top of a Hyper-V host. Now Microsoft has been kind as enough to give us a simple Contain Image which makes the first part pretty easy.

In order to deploy Container we need a container host. The easiest way to get startet is download a finished script from Microsoft, which we can run directly from a Hyper-V host to be able to get a container host VM

NOTE: That Containers do not require Hyper-V, but this

wget -uri http://aka.ms/newcontainerhost -OutFile New-ContainerHost.ps1

This will generate a PowerShell Script from the URL, when we run it we need to define a couple of things, first of is name of the VM and password for the built-in administrator account and doing so the script which in essence will do a couple of things.

1: Download a finished Sysprepped Container Host image from http://aka.ms/ContainerOsImage which is in essence
WindowsServer_en-us_TP3_Container_VHD

2: Enables the Container feature on the host-vm  (Part of the unattend process) is in the last part of the script contains a unattend section which is being process against the container host-vm

3: Boot the VM as a Contained-host and do PowerShell direct session after the VM is booted and finish the setup.

After that you have a running container host setup, and we can connect to the VM using Hyper-V manager

Not much to see yet. Important to remember that the image will create a built-in NAT switch on the Docker host, with a predefined subnet range

Where the docker host will take the first IP in the range. Now if we run Get-ContainerHost and Get-ContainerImage we should get that the VM is a Containerhost and that we have a WindowsServerCore Image available.

Now in order to create a Container we need to run the following command

$container = New-Container -Name «MyContainer» -ContainerImageName WindowsServerCore -SwitchName «Virtual Switch»

The name of the switch needs to be identical to the one added. Can be viewed using get-vmswitch

Reason why we store it in a variable is because we need to reference it later when using PowerShell direct.

I can use the command get-container to see that it has been created. Now I have to start the container using start-container –name “MyContainer”

I can now see that the container is running and is attached to the NAT vSwitch

Great! so what now ?

As I mentioned earlier we needed to store the container variable in order to use it later, well this is the time. Now we need to do a PowerShell direct session to the Container. If not we can always use the $container = get-container –name to store it against.

By using the command

Enter-PSSession -ContainerId $container.ContainerId –RunAsAdministrator

We can now enter a remote session against the Container. We can also see that the container ID is shown at the start of the prompt

Also verify that is has gotten an IP-address from the NAT Network

So now what ? Let’s start by installing IIS on the container, this can be done by using the command Install-windowsfeature –name Web-Server

After that is installed and that the W3 service is running

get-service –name W3SVC

Now that we have deployed an IIS service on the Container, we need to setup a Static NAT rule to open for port 80. In my case I have a lab which resides on 192.168.0.0/24 but the NAT switch is on 172.16.0.0.

NOTE: Another option we can do is to enable the builtin-administrator account so that way we can use RDP against the Container in the future (Make sure you add the proper NAT rules)

net user administrator /active:yes

So in order to add a static forwarding rule on the containerhost vm just use the command to specify ports and IP-addreses. Add-NetNatStaticMapping -NatName «ContainerNat» -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.16.0.3 -InternalPort 80 -ExternalPort 80

Next I just do a nasty firewall disable edit

set-netfirewallprofile domain,public,private –Enabled false

Then by running Get-NatStaticMapping on the ContainerHost I can see the rules I created. I also added som new rules for RDP purposes.

Now my Docker host, is setup with two IP addresses (One which is 172.16.0.1) and the other is 192.168.0.10 (Which when I connect to that IP the NAT rules will kick in and forward me to my IIS service running on the Container)

Now I can see that I have a NAT session active

And that IIS opens on the Container

Now that I have an IIS installed Container I can shutdown the VM and create a new containerimage of it.

stop-container –name “test2”

By using the command

$newimage = New-ContainerImage -ContainerName test2 -Publisher Demo -Name newimage -Version 1.0

So this has been a first introduction to Containers running on TP3. Note that many utilities do not work formally with Containers, such as sconfig which tries to list out network interfaces, but they are not presented within a Container so some settings are not available.

#containers, #tp3, #windows-server-2016

Getting started with Docker Containers on Windows Server 2016 Technical Preview 3

So TP3 was released earlier today (about 1 hour ago), as an image on Azure, and I have been able to spend quite alot of useful minutes on it and more specificaly on Containers. TP3 is the first release that supports Native containers.

Now Containers can be added to TP3 as a feature, by running the command

Install-WindowsFeature –name Containers

Now by default there isn’t so much that we can do, unless we have some proper images in place. Luckily I have noticed that Microsoft has a GitHub site where it places all different examples uses for showing Containers.

Which can be found here –> http://bit.ly/1Pzq4dO

From here we also have a sample-script which allow us to setup a new container host with a sample image. The install-containerhost will in essence setup a Windows Server 2016 container host on top of Hyper-V

It will download a Container image from http://bit.ly/1TUXjJa this Image is about 6 GB large so it might take some time before it is finished downloaded.

We also have an example script to deploy an Container with MineCraft under the same GitHub https://github.com/Microsoft/Virtualization-Documentation/blob/master/windows-server-container-samples/MineCraft/MinecraftHost.ps1

which was updated less then 15 minutes ago

enjoy!

#containers, #github, #technical-preview, #window-server-2016

What new at Ignite! Nano Server, Containers, Azure Stack, OMS, ATA and so on

So this is my recap on what has happend at Ignite, sorted by subject of course but the focus and strategy at Microsoft is clear! “MOVE TO OUR CLOUD” of course they did not leave out the guys on the floor as well.

Microsoft announced numerous changes to their Azure platform, including more of an architechtural change to their IaaS platform (Which is due time) so to sum up Azure changes happening over the last two weeks.

• User defined routes (Which allow us finally define a routing table for each subnet)
• Reserved IP addresses (Allow us to move reserved IP addresses between services now!)
• Instance level public IP
• Multiple VIPs per Cloud Service
• Azure DNS (Which allows us to manage our DNS zones from Azure, whic also will eventually support DNSSEC and integrate with Traffic Manager)
• Networking support for resource manager
• Bring in BGP routes if you are using ExpressRoute
• 16 vNICs pr virtual machine
• Azure Automation with support for Graphical Authoring and integration with on-premises
• Azure Resource Manager which will allos us to build total services based upon JSON files, this will also play a huge role in Azure Stack
• IP forwarding on virtual appliances
• Announced a bunch of different virtual appliance partners which will arrive in the marketplace soon (For instance Citrix Netscaler, CheckPoint and so on)
• Role Based Access
• Exchange supported on Premium Storage in Azure

So as you can see there is much on Azure happening, specifically on networking which has been lacking for quite some time. So what about Office365 and EMS?

• Sway (Will be available to all later this month)
• New Office2016 Public Preview
• Skype for Buisness Broadcast meetings
• Announced one Sync client for OneDrive
• Mobile offline files IOS and Android OneDrive
• Save to OneDrive from OWA
• 20,000 file limit and 10GB max file site will be gone
• You can see more about the OneDrive Roadmap here http://www.zdnet.com/article/microsoft-fills-in-onedrive-roadmap-dates-details/)
• Intune announced support for Mac OSX
• Intune app wrapping for Android
• Support for Apple Volume Purchage Program
• Support for MAM in Outlook app
• Multi-identity
• Restrict Access to Outlook based upon compliance of device
• Windows 10 support for Intune
• Document Tracking with Azure RMS
• Cloud App Discovery GA
• Priviliged Identity Managment
• Also heard that eventually Intune will merge into Azure Active Directory

Other then these news Microsoft also announced a new bundle which is called OMS (Operations Management Suite) which consists of

• Azure Automation
• Azure Backup
• Azure Site Recovery
• Azure Operational Insights ( Which will later get support for components like networking logging, syslog tracking and CMDB options.

This suite can be tried now! Microsoft also announced that they will be opening for partners to add their own intelligence packs for their own monitoring solutions. Which means that more data moving to the cloud.

So what did Microsoft annonunce for the guys on the floor ? Well alot! For instance a lot of new capabiliteis in Server 2016.

• Microsoft Advanced Threat Analytics (Which is currently in preview is a combination of networking and log based monitoring to be able to detect attacks like Pass the Hash, accounts that have been comprimised and so on) This will become more advanced with capabilities like networking monitoring and be able to take action if there is an attack.
• PowerShell DSC support for Linux (Which just came out of nowhere!)
• Nano Server (Which is a newly created fashin of Windows Server, which is designed for delivering the next generation cloud services with a very low footprint in terms of RAM, DISK and CPU where Microsoft stripped most of the tradisional solutions away. ill be writing more about Nano Server but it essence it now looks more like ESX.
• Containers, Containers, Containers! (Also something I will be writing more about)
• Storage Spaced Direct (Shared Nothing File Cluster can also be combined with Hyper-V to deliver HCI)
• Storage Replica which is not like DFS-R.. Which allow us to Async or Syncronous replicate any volume.
• Storage QoS on a scale out file server
• Windows Defender not installed and enabled by default (even i Nano)
• Rolling Cluster Upgrades
• RDS support for OpenGL 4.4, OpenCL 1.1 + Support for GEN2 VMs and RemoteFX,
• Web Application Proxy, preauth for HTTP Basic, HTTP to HTTPS redirect
• Windows Server 2016 will support VXLAN
• Software loadbalancing capabilities
• Production Checkpoints and integration with VSS
• Linux SecureBoot
• Connected Standby
• Hyper-V manager and alternate Credetials
• ReFS more used in centralized SOFS
• Binary virtual machine configuration VMCX
• Hot Add and remove of memory and network adapters
• SMB 3.1.1 (Pre authentication integrity check, encryption improvements,
• The Network Controller which will allow central management of virtual and physical network devices
• Shielded VMs and Host Guardian Service
• JEA (Just Enough Administration
• Converged NIC across tenant and RDMA traffic
• Server Side Support for HTTP/2 including header compression and connecrtion multiplexing on IIS
• Online Resizing support for Shared VDHX
• PowerShell Direct to a virtual machine.

Now with all these capabilities in place in the fabric, there is only missing one thing. Which is something they announced in the Keynote which is Azure Stack, now Microsoft means buisness. They are moving in and competing with the likes of OpenStack and Cloudplatform and so on. Now many wondered if this was the new version of Azure Pack ( and it its! its the evolution of Azure Pack) Microsoft will continue to support Azure Pack for a while but the main development will be into Azure Stack. Now unlike Azure Pack, Stack is not so deeply dependant on System Center. Now of course you would still use this to manage the infrastructure, but the fabric connection between Azure Stack Providers would be against Hyper-V or clusters.

The Azure Stack will consist of an Azure like fabric controller and will also have the option to communicate with the network controller to manage the fysical and virtual network layer. Stack will also look and feel like the new portal which is currently in use in the preview portal and will come with a set of different provides to deliver specific services.

With the support of VXLAN in the fabric and some support for Vmware with DPM maybe Microsoft is moving with the Azure Stack and support for Vmware ?

Time will tell, and stay tuned for more.

#ata, #azure-stack, #containers, #nano-server, #oms