Windows Server 2016 Key Features and License Prospects

If you are planning to move to Windows 2016 and looking for benefits, I have listed down below :

Why Windows Server 2016?

• ·         Microsoft Windows Server 2016, previously referred to as Windows Server vNext, is a server operating system (OS). The server operating system is specifically developed to serve as a platform for running networked applications.

• ·         End of life, Extended Support – 11^th Jan, 2027
• ·         Key features includes two native containers : Windows Server Containers &  Hyper-V containers
• ·         It has been in support for Dockers used to manage containers
• ·         It has support for virtual TPM (Trusted Platform Module) which can be used in disk encryption using Bitlocker.
• ·         It comes with Nano server which is very light weight, can be used as Container or cloud based OS.
• ·         IIS 10 which has a lots of improvements. [IIS in Containers, IIS on Nano Server, HTTP/2 etc.]
• ·         Network Controller, a new server role that provides a centralized, programmable point of automation to configure, manage, monitor, and troubleshoot virtual and physical network devices and services.

• ·         Hot add and remove virtual memory and virtual network adapters while the VM is running.

What specific benefits/features/advantages from SA perspective

• ·         All licenses for Microsoft Windows Server 2016 is now core based, earlier for Windows Server 2012 was Processor based.
• ·         Default license which we need to buy for Windows Server 2016 is 16 core license for each physical server.
• ·         If we have existing licenses of Windows Server 2012 with Software Assurance, at a minimum, Microsoft is going to grant you 16 core licenses of Windows Server 2016 for each license of Windows Server 2012 that is covered by SA.
• ·         So if we have physical server of 20 cores with Windows Server 2012 license with SA, then Microsoft will grant you 20 core licenses for Windows Server 2016. But Microsoft needs to be provided with sufficient documentation for extra licenses.

Security enhancements covered:

·

•           The current AD version 2008 does not support FIDO 2 complaint authentication solutions, Hence we are facing challenges in proposing and testing 2 factor authentication solution for employees.
• ·         The current AD version 2008 does not support enhanced security features that we need to configure. Like control over protected groups, LSASS protection, credential guard, etc.
•        · Microsoft Defender suite having ASR, exploit guard, CFG, etc. are available in 2016 version.

Desired State Configuration With Powershell

DSC is management platform, used to manage your IT infrastructure, presenting configuration as code.
So this code is just powershell script which contains Windows features or roles needs to be maintained with comply of your organisation. Code would be pushed to the Nodes where this code need to maintain Configuration settings.
DSC not only maintains the configuration of the nodes but also monitor and can provide alerts is a node is not compliant.
lthough DSC was introduced in Windows Server 2012 R2, it is available for down-level operating systems via the Windows Management Framework (WMF) package.


Some of the benefits of Desired State Configuration:
* To automate the configuration tasks for one or more nodes
* To standardize the nodes with same set of configuration
* Faster deployments and reliable
* Monitor the compliance state of nodes and can automatically fix it(Make it compliant)

There are two types of architecture with DSC:

Push mode: the configurations are sent (“pushed”) manually towards one or more units that we call “node”. This action is done by an administrator.
Pull mode: a “pull server” is created and the nodes contact this server at regular intervals so as to obtain their configuration.

There are 3 components of Desired State Configuration in Powershell:

1. Local Configuration Manager - Engine which facilitates the Pull and Push mode of the system. It control flow implemented by resources to ensure that the state defined in configuration is maintained.
2. Configuration Files - Declarative powershell scripts which can be applied repeatedly and will always give the same result and it won’t generate errors if the configuration was already applied.
3. Resources - contain the code that put and keep the target of a configuration in the specified state. Resources reside in PowerShell modules and can be written to model something as generic as a file or a Windows process, or as specific as an IIS server or a VM running in Azure.

Lets Make a Small DSC example:

Two Files need to be created -
1. Default.html
2. CreateWebsite.ps1

Scenario - We need to install WebServer Role in node with default page.

Paste Below in Default.html

<head>Test Page</head>
<body>
<p>Sample for Desired state configuration in Powershell</p>
</body>

Paste Below in CreateWebsite.ps1

Configuration CreateWebsite {

 
    Import-DscResource -ModuleName PsDesiredStateConfiguration

    Node 'VMSRV1' {

        WindowsFeature WebServer {
            Ensure = "Present"
            Name   = "Web-Server"
        }

        File WebsiteContent {
            Ensure = 'Present'
            SourcePath = 'c:\temp\Default.html'
            DestinationPath = 'c:\inetpub\wwwroot'
        }
    }
}

Steps to Run:
1. First you need to compile the CreateWebsite.ps1 file, You can verify the output by going to Present Directory where script is running and check if MOF(Managed Object Format) file is create with name "VMSVR1".
2. To Apply the configuration which we created, use command "Start-DscConfiguration ./CreateWebsite.ps1"
3. It will show some output, after execution is completed. Please check if IIS role has been installed and you can see default website with Default.html which we created.

Quick Look to VMware SRM(Site Recovery Manager)

Vmware Site Recovery Manager

========================
1. Vmware SRM is disaster recovery and business continuity solution which automates the tranfer of virtual machines to a local or remote recovery site.
2. It is an extension of vcenter server
3. SRM automates the recovery or migration of virtual machines between protected site and recovery site. Protected site is primary site and recovery site is the datacenter location ewhere yoiu want to move your production workloads.
4. SRM facilirates the clean shutdown of virtual machines at the protected site for a planned migration.
5. VMware SRM is used with array-based replication software. you can also use vmware native replicatoin copies virtal machines from one host to another using the power of the hosts involved rather than the storage system.
6. Below are the high level recommendation to setup SRM:
* vSphere environment including vCenter should be deployed on both Protected site and recovery site.
* Array based replication is established between protected and recovery site using third party storage vendors. Optionally you can utilize vSphere Replication as a native solution, if you don’t have array based replication.
* VMware Site recovery manager software needs to be installed on both Protected and recovery site.
* VMware Administrators use SRM to create disaster recovery plans.
* VMware Administrator can use recovery plans to initiate Recovery tests or actual recovery.
7. Since SRM 5.6, SRM plugin integrated only with web client and no plugins available for vsphere client.
8. VR appliance - This used to be called the VRMS and provided management capabilities for the VR framework. This is function persists in the VR appliance and VRS functionality has been integrated with the appliance.
9. VR Server - An optional scaling component. This provides a replication target. This functionality is included in the VR appliance, but to scale to higher than 100 replications, additional VR server instances can be deployed.
10. vSphere Replication Agent(VRA) Present on every vsphere host, it only becomes active when protected VM is wirting data.
11. Network file copy(NFC) - Protocol is used to commit network based disk writed by vSphere. The VRS received replicated blocks and distributes them via NFC to the vsphere hosts for writing to storage.

Installation and Configuring SRM
===========================

1. SRM 6.0 is a software component and it can be installed separately on dedicated server or installed with the same server where vcenter server is installed.
2. If you have vcenter as appliance, you will need separate windows server for SRM.
3. You can use embedded Postgres database or external database like MSSQL or Oracle. For using external database, you need to create DSN for the same.
4. Time sync is important between both SRM server(Protected site & Recovery site). Please sync with central NTP server before pairing sites.
5. Account used for installation and configuration muse be admin account with privileges to install and run SRM service.

SRM site pairing
=============

1. Once you have installed SRM in both sites, you can login to vcenter web client and click "Site Recovery" plugin.
2. You must see the sites on the left pane. Click on the the sites button and in summary frame you can see the "Pair Sites" link.
3. Provide the Platform service controller address of your SRM remote site (recovery site).The address that you provide for the Platform Services Controller must be an exact match of the of address that you provided when you installed Site Recovery Manager Server on the remote site.
4. Next you need to provided credential, you entered while installation of SRM.
5. Once it is done, you see detials of paired sites in summary tab.

Parallel File Copy using Powershell Workflow!

Long Time No See!!😁😁😁😁😁😁

Due to my busy  schedule, I am not able to post or update the blogs but recently someone asked me about concept of Powershell Workflow and we have good discussions on how it is helpful and it was proved that powershell is no less than any language which endure all the requirement a sysadmin can have.

Starting with Powershell Workflow, Let's imagine that you need to perform the following tasks on a fleet of 12 new servers:

1. Set hostname (and reboot).

1. Join Active Directory (AD) domain (and reboot).

1. Enumerate all installed .dll files and copy an output file to a network share

Microsoft added the Windows Workflow Foundation (WF) engine to version 3.0 of the .NET Framework. It brings a cool set of functionalities such as the possibilities to execute code in parallel, to create scripts that are persist to reboot, and lot’s of other neat things.
To understand more, please go to basics of workflow with below link:

https://blogs.technet.microsoft.com/heyscriptingguy/2012/12/26/powershell-workflows-the-basics/

Here is my implementation of Powershell Workflow:

We need to copy file in multiple servers, but Copy-Item will copy one file on server at a time. This is where Workflow Parallel functionality.

--------------------------------------------------------------------------------------------------------------------------# Name - Copy-File-v4.ps1
# Created - Visual Code
# Modified - 27-02-2018
# Description - Will copy parallel software to multiple server and create report about status
Workflow Start-Copy
{
    param ([string[]]$server)
    # 20 is thread Parallel, we can increase decrease depending on size and memory of server where script is running!
     Foreach -parallel -throttle 20 ($ShareM in $server)
     {
        sequence{
        if(test-path -Path "\\$s\Software\Utility"){
         Copy-Item  "E:\Script\Distribution\Winzip.zip"  "\\$ShareM\Software\Utility"  -Verbose -ErrorAction SilentlyContinue
         Get-Item "\\$ShareM\Software\Utility\Winzip.zip" -Verbose | Select-Object Name,length,FullName | Export-csv -Path C:\temp\WinzipDist.csv -Append -NoTypeInformation
            }
         }
     }
}
# ServerName is input file where we mentioned servers to copy files
$Entry=Get-Content -path E:\Script\Distribution\ServerName.txt
# Calling Workflow function Start-Copy
Start-Copy -server $Entry

Scope in Powershell

Long Time No See!!!!!          

      An item included in a scope is visible in the scope in which it was created and in any child scopes, unless it is explicitly made private.
An item can only be changed within the scope in which it was created, unless you explicitly specify a different scope.
                 If you create an item in a scope and the item shares its name with an item in a different scope the original item might be hidden by the new item, but it is not overridden or changed.
Visualize bubbles within bubbles. When the inner bubble pops, all its contents are gone.

Local Scope

$local - the current scope (whatever that may be at the time)

$time = get-date

$day = (get-date).day

function get-theTime()

{

 #create a local $time variable

 $time=(get-date).Minute

 $milli = (get-date).Millisecond

 Write-Output "Function: '`$Time' variable is $time"

 Write-Output "Function: '`$day' variable is $day"

 Write-Output "Function: '`$milli' variable is $milli"

}

 get-theTime Write-Output "Script: '`$Time' variable is $time"

 Write-Output "Script: '`$Day' variable is $day"

 Write-Output "Script: '`$milli' variable is $milli"

 Write-Output "NOTE: '`$milli' only existed within the life of the function call!"

Private Scope

$private – these cannot be seen outside the current scope.

$time = get-date
$Private:Pday = (get-date).Day
 # new-variable -name Pday -Option private -Value (get-date).day
 function Look-AtVars()
 {
 Write-Output "Function: '`$time' is viewable and has a value of $time"
 Write-Output "Function: '`$Pday' is private and has a value of $Pday"
 }
 Write-Output "Script: '`$time' is viewable and has a value of $time"
 Write-Output "Script: '`$Pday' is private and has a value of $Pday"
 Look-AtVars
Write-Output "NOTE: the Pday was not viewable from within the function!"

Script Scope

$script - the things within the script as the script runs.

$time = get-date
 function Set-ScriptVar()
 {
   $time = 1200
   Write-Output "Function: '`$time' has a value of $time"
   Write-Output "Function: script level '`$time' has a value of $script:time"
   $time = 1300
   $script:time = (get-date).AddYears(-6)
   Write-Output "Function: altered value of '`$time' to $time"
   Write-Output "Function: altered value of script level '`$time' to $script:time"
 }
 Write-Output "Script: '`$time' has a value of $time"
 Set-ScriptVar Write-Output "Script: '`$time' has a value of $time"
 Write-Output "NOTE: the year was changed from within the function!"

Global Scope

$global - automatic variables, preference variables, etc. $home for example.

# get-Variable -Scope Global
 Write-Output "'`$HOME' is: $HOME"
 Write-Output "'`$PSCULTURE' is: $PSCULTURE"
 Write-Output "'`$ERRRORACTIONPREFERENCE' is: $ERRORACTIONPREFERENCE"
 Write-Output " " $global:MYGLOBAL="MyGlobalVariable"
 Write-Output "'`$MYGLOBAL' is: $MYGLOBAL"
 Write-Output "NOTE: Global '`$MYGLOBAL' will be viewable in other scripts and functions"  Write-Output " " Write-Output "Try this: Get-Variable -Scope Global"

Snapshot Report from Multiple VCenter - POWERCLI

<#
.SYNOPSIS
    Report snapshot status in multiple VCenter
.DESCRIPTION
    This script will send mail report with proper format,
    with details of snapshot from multiple VCenter
.NOTES
    File Name  : Get-SnapshotReport.ps1
Author     : Shankar Sahu
Requires   : PowerShell V3 + PowerCLI 5 or above
.HISTORY
    First published : 15.9.2016
Updated         : 19.9.2016 - validated for Verstion 2.
                               - added link references
.LINK
    This script posted to:
       http://scriptchef.blogspot.in/
#>


$htmlfile="D:\script\Status_Report.html"

$svr="10.1.0.4","10.1.0.3"

New-Item -ItemType file $htmlfile -Force

# CSS styling for report format and table - HTML

$htmlcss="<head>
    <title>Snapshot Status Report!</title>
<style>

body {
    width: 600px;
    margin: 40px auto;
    font-family: 'trebuchet MS', 'Lucida sans', Arial;
    font-size: 14px;
    color: #444;
}

table {
    *border-collapse: collapse; /* IE7 and lower */
    border-spacing: 0;
    width: 100%;  
}

.bordered {
    border: solid #ccc 1px;
    -moz-border-radius: 6px;
    -webkit-border-radius: 6px;
    border-radius: 6px;
    -webkit-box-shadow: 0 1px 1px #ccc;
    -moz-box-shadow: 0 1px 1px #ccc;
    box-shadow: 0 1px 1px #ccc;      
}

.bordered tr:hover {
    background: #fbf8e9;
    -o-transition: all 0.1s ease-in-out;
    -webkit-transition: all 0.1s ease-in-out;
    -moz-transition: all 0.1s ease-in-out;
    -ms-transition: all 0.1s ease-in-out;
    transition: all 0.1s ease-in-out;  
}  
 
.bordered td, .bordered th {
    border-left: 1px solid #ccc;
    border-top: 1px solid #ccc;
    padding: 10px;
    text-align: left;  
}

.bordered th {
    background-color: #dce9f9;
    background-image: -webkit-gradient(linear, left top, left bottom, from(#ebf3fc), to(#dce9f9));
    background-image: -webkit-linear-gradient(top, #ebf3fc, #dce9f9);
    background-image:    -moz-linear-gradient(top, #ebf3fc, #dce9f9);
    background-image:     -ms-linear-gradient(top, #ebf3fc, #dce9f9);
    background-image:      -o-linear-gradient(top, #ebf3fc, #dce9f9);
    background-image:         linear-gradient(top, #ebf3fc, #dce9f9);
    -webkit-box-shadow: 0 1px 0 rgba(255,255,255,.8) inset;
    -moz-box-shadow:0 1px 0 rgba(255,255,255,.8) inset;
    box-shadow: 0 1px 0 rgba(255,255,255,.8) inset;      
    border-top: none;
    text-shadow: 0 1px 0 rgba(255,255,255,.5);
}

.bordered td:first-child, .bordered th:first-child {
    border-left: none;
}

.bordered th:first-child {
    -moz-border-radius: 6px 0 0 0;
    -webkit-border-radius: 6px 0 0 0;
    border-radius: 6px 0 0 0;
}

.bordered th:last-child {
    -moz-border-radius: 0 6px 0 0;
    -webkit-border-radius: 0 6px 0 0;
    border-radius: 0 6px 0 0;
}

.bordered th:only-child{
    -moz-border-radius: 6px 6px 0 0;
    -webkit-border-radius: 6px 6px 0 0;
    border-radius: 6px 6px 0 0;
}

.bordered tr:last-child td:first-child {
    -moz-border-radius: 0 0 0 6px;
    -webkit-border-radius: 0 0 0 6px;
    border-radius: 0 0 0 6px;
}

.bordered tr:last-child td:last-child {
    -moz-border-radius: 0 0 6px 0;
    -webkit-border-radius: 0 0 6px 0;
    border-radius: 0 0 6px 0;
}
</style>
</head>
"
$counter=0
$date = ( get-date ).ToString('yyyy/MM/dd')
Function Header($File)
{

Add-content $File "<html>"
    Add-content $File $htmlcss
    Add-content $File "<body><h2>Snapshot Status Report</h2>"
    Add-content $File "<table class='bordered'>"
    Add-content $File " <thead>"
    Add-content $File "<tr>"
    Add-content $File "<th>VM</th>      
        <th>Name</th>
        <th>vCENTER</th>
        <th>Created_Date</th>
<th>SizeGB</th>
        <th>Description</th>
        </tr>
        </thead>"
}
Function Footer($File)
{
Add-Content $File "</table>"
Add-Content $File "</body>"
Add-Content $File "</html>"
}
Header $htmlfile
Function Connect($server)
{
      # $user=Read-Host -Prompt "Username"
      # $pass=Read-Host -Prompt "Password" -AsSecureString
      # $usercred=new-object system.management.automation.pscredential ($user,$pass)
      # Connect-VIserver -Server $server -credential $usercred
      # uncomment if you want to run it with different credential
      Connect-VIserver -Server $server   # Use vCenter admin credential to run script
}

Function Disconnect($svr)
{
Disconnect-VIServer $svr -Force -Confirm:$false
Write-host "Host is Disconnected"
}


foreach($s in $svr){
Connect($s)
Write-Host "=======VCenter:$s========"
   
        $Machine=Get-VM -Name * -Server $s | Get-snapshot | Select-object VM,Name,Created,Description,SizeGB -ErrorAction ignore
        foreach($info in $Machine){
                Add-Content $htmlfile "<tr>"
Add-Content $htmlfile "<td>$($info.VM)</td>"    
Add-Content $htmlfile "<td>$($info.Name)</td>"
Add-Content $htmlfile "<td>$($s)</td>"
Add-Content $htmlfile "<td>$($info.Created_Date)</td>"
                $size=[math]::round($($info.SizeGB),2)
Add-Content $htmlfile "<td>$($Size)</td>"
Add-Content $htmlfile "<td>$($info.Description)</td>"
Add-Content $htmlfile "</tr>"
            }
            Disconnect($s)
        }
Footer $htmlfile

Function Mailme
{
param($from,$to,$subject,$smtp,$flname)
$body = Get-Content $flname
$smtp= New-Object System.Net.Mail.SmtpClient $smtp
$msg = New-Object System.Net.Mail.MailMessage $from, $to, $subject, $body
$msg.isBodyhtml = $true
$smtp.send($msg)
}
Mailme adbadmin@shanky.com adbgroup@shanky.com "Snapshot Service Status - $Date" 10.1.0.67 $htmlfile

Customising your Shell

One of the problems with having multiple command shells open at the same time is figuring out which window does what. After all, they all look the same, right Well, not necessarily. You can use a few handly tricks to make different windows more distinguishable.

:: Change the background and foreground colours.
:: Change the Windows size
:: Change the windows title

Adding colour to your world

You can easily change the background and foreground colors to suit your
preference. For example, you can change the background color to magenta
and the foreground color (the color the text is displayed in) to blue by typing
these commands at the PSH prompt.

$Host.UI.RawUI.BackgroundColor=”magenta”
$Host.UI.RawUI.ForegroundColor=”blue”

$Host is a special variable that is a reference to the current console object.

You assign the appropriate color to the UI.RawUI.BackgroundColor and UI.RawUI.ForegroundColor properties of the console object.

Getting size-specific with your windows

The $Host.UI.RawUI object is actually pretty useful. You can query or manipulate additional properties through this object to affect the console’s appearance besides the foreground and background colors. You can change the window size, the buffer size, and even change the window’s title. (The following section covers how to change the title.)

The buffer size is the width and height of the window retained in memory where as the window size is the portion of the buffer that’s visible. Because of this, the only real constraint is that your window size must be smaller than your buffer size. (PSH won’t let you screw this up even if you try.) The buffer height is important because it controls essentially how far back you can scroll in your window as you run more and more commands. The default buffer height is 3,000, which means the buffer keeps up to 3,000 lines of output before it starts to discard older entries.
You change the window or buffer size by changing the value of either the BufferSize or WindowSize property of $Host.UI.RawUI. If you want to find out the current value, run the following PSH commands:
$Host.UI.RawUI.BufferSize
$Host.UI.RawUI.WindowSize

The output of either command is the width and height displayed in a tabular format. Now, you might be tempted to try something like this to change the window size:
$Host.UI.RawUI.WindowSize.Width = 110
$Host.UI.RawUI.WindowSize.Height = 40

Although PSH doesn’t complain, the window size doesn’t change, and if you query the value of WindowSize again, you’ll find that the old values are still there. The correct way to change WindowSize is by assigning a new value to this property directly. Because WindowSize is an object, you need to somehow create an object of that type, set its width and height properties, then assign this new value to WindowSize. You can change the window size by using the following command sequence:
$size = $Host.UI.RawUI.WindowSize
$size.Width = 100
$size.Height = 25
$Host.UI.RawUI.WindowSize = $size

Here I store the value of WindowSize in a variable called $size. I don’t really care so much about what the current value is, but I need to have an object that’s the same data type as WindowSize so I can make the change.
Now that I have such an object, I assign my new width and height values to it and then reassign this entire object back to WindowSize. If you want to change the buffer size, simply replace WindowSize with BufferSize.

Window and buffer width and height dimensions aren’t measured in pixels —
rather, width is measured by the number of characters that fit on one row, and height refers to the number of rows it can accommodate.

Reference - CookBook Powershell