Tag Archives: Virtual

How to install the Windows Server 2019 VPN

Many organizations rely on a virtual private network, particularly those with a large number of remote workers who need access to resources.

While there are numerous vendors selling their VPN products in the IT market, Windows administrators also have the option to use the built-in VPN that comes with Windows Server. One of the benefits of using Windows Server 2019 VPN technology is there is no additional cost to your organizations once you purchase the license.

Another perk with using a Windows Server 2019 VPN is the integration of the VPN with the server operating system reduces the number of infrastructure components that can break. An organization that uses a third-party VPN product will have an additional hoop the IT staff must jump through if remote users can’t connect to the VPN and lose access to network resources they need to do their jobs.

One relatively new feature in Windows Server 2019 VPN functionality is the Always On VPN, which some users in various message boards and blogs have speculated will eventually replace DirectAccess, which remains supported in Windows Server 2019. Microsoft cites several advantages of Always On VPN, including granular app- and traffic-based rules to restrict network access, support for both RSA and elliptic curve cryptography algorithms, and native Extensible Authentication Protocol support to enable the use of a wider variety of advanced authentication methods.

Microsoft documentation recommends organizations that currently use DirectAccess to check Always On VPN functionality before migrating their remote access processes.

The following transcript for the video tutorial by contributor Brien Posey explains how to install the Windows Server 2019 VPN role. 

In this video, I want to show you how to configure Windows Server 2019 to act as a VPN server.

Right now, I’m logged into a domain joined Windows Server 2019 machine and I’ll get the Server Manager open so let’s go ahead and get started.

The first thing that I’m going to do is click on Manage and then I’ll click on Add Roles and Features.

This is going to launch the Add Roles and Features wizard.

I’ll go ahead and click Next on the Before you begin screen.

For the installation type, I’m going to choose Role-based or feature-based installation and click Next. From there I’m going to make sure that my local server is selected. I’ll click Next.

Now I’m prompted to choose the server role that I want to deploy. You’ll notice that right here we have Remote Access. I’ll go ahead and select that now. Incidentally, in the past, this was listed as Routing and Remote Access, but now it’s just listed as a Remote Access. I’ll go ahead and click Next.

I don’t need to install any additional feature, so I’ll click Next again, and I’ll click Next [again].

Now I’m prompted to choose the Role Services that I want to install. In this case, my goal is to turn the server into a VPN, so I’m going to choose DirectAccess and VPN (RAS).

There are some additional features that are going to need to be installed to meet the various dependencies, so I’ll click Add Features and then I’ll click Next. I’ll click Next again, and I’ll click Next [again].

I’m taken to a confirmation screen where I can make sure that all of the necessary components are listed. Everything seems to be fine here, so I’ll click Install and the installation process begins.

So, after a few minutes the installation process completes. I’ll go ahead and close this out and then I’ll click on the Notifications icon. We can see that some post-deployment configuration is required. I’m going to click on the Open the Getting Started Wizard link.

I’m taken into the Configure Remote Access wizard and you’ll notice that we have three choices here: Deploy both DirectAccess and VPN, Deploy DirectAccess Only and Deploy VPN Only. I’m going to opt to Deploy VPN Only, so I’ll click on that option.

I’m taken into the Routing and Remote Access console. Here you can see our VPN server. The red icon indicates that it hasn’t yet been configured. I’m going to right-click on the VPN server and choose the Configure and Enable Routing and Remote Access option. This is going to open up the Routing and Remote Access Server Setup Wizard. I’ll go ahead and click Next.

I’m asked how I want to configure the server. You’ll notice that the very first option on the list is Remote access dial-up or VPN. That’s the option that I want to use, so I’m just going to click Next since it’s already selected.

I’m prompted to choose my connections that I want to use. Rather than using dial-up, I’m just going to use VPN, so I’ll select the VPN checkbox and click Next.

The next thing that I have to do is tell Windows which interface connects to the internet. In my case it’s this first interface, so I’m going to select that and click Next.

I have to choose how I want IP addresses to be assigned to remote clients. I want those addresses to be assigned automatically, so I’m going to make sure Automatically is selected and click Next.

The next prompt asks me if I want to use a RADIUS server for authentication. I don’t have a RADIUS server in my own organization, so I’m going to choose the option No, use Routing and Remote Access to authenticate connection requests instead. That’s selected by default, so I can simply click Next.

I’m taken to a summary screen where I have the chance to review all of the settings that I’ve enabled. If I scroll through this, everything appears to be correct. I’ll go ahead and click Finish.

You can see that the Routing and Remote Access service is starting and so now my VPN server has been enabled.

View All Videos

Go to Original Article
Author:

How to Customize Hyper-V VMs using PowerShell

In this article, we’ll be covering all the main points for deploying and modifying virtual machines in Hyper-V using PowerShell.

You can create a Hyper-V virtual machine easily using a number of tools. The “easy” tool, Hyper-V Manager’s New Virtual Machine Wizard (and its near-equivalent in Failover Cluster Manager), creates only a basic system. It has a number of defaults that you might not like. If you forget to change something, then you might have to schedule downtime later to correct it. You have other choices for VM creation. Among these, PowerShell gives you the greatest granularity and level of control. We’ll take a tour of the capability at your fingertips. After the tour, we will present some ways that you can leverage this knowledge to make VM creation simpler, quicker, and less error-prone than any of the GUI methods.

Cmdlets Related to Virtual Machine Creation

Of course, you create virtual machines using New-VM. But, like the wizards, it has limits. You will use other cmdlets to finesse the final product into exactly what you need.

The above cmdlets encompass the features needed for a majority of cases. If you need something else, you can start with the complete list of Hyper-V-related cmdlets.

Note: This article was written using the cmdlets as found on Windows Server 2019.

Comparing PowerShell to the Wizards for Virtual Machine Creation

PowerShell makes some things a lot quicker than the GUI tools. That doesn’t always apply to virtual machine creation. You will need to consider the overall level of effort before choosing either approach. Start with an understanding of what each approach asks of you.

The GUI Wizard Outcome

Virtual machine configuration points you can control when creating a virtual machine using the wizard:

  • Name
  • Virtual machine generation
  • Storage location
  • Virtual switch connection
  • The startup memory quantity and whether the VM uses Dynamic Memory
  • Attach or create one VHD or VHDX to the default location
  • Initial boot configuration

If you used the wizard from within Failover Cluster Manager, it will have also added the VM to the cluster’s highly-available roles.

The wizard does fairly well at hitting the major configuration points for a new virtual machine. It does miss some things, though. Most notably, you only get vCPU. Once you finish using the wizard to create a virtual machine, you must then work through the VM’s properties to fix up anything else.

The Windows Admin Center Outcome

Virtual machine configuration points you can control when creating a virtual machine using Windows Admin Center:

  • Name
  • Virtual machine generation
  • The system that will host the VM (if you started VM creation from the cluster panel)
  • Base storage location — one override for both the VM’s configuration files and the VHDX(s)
  • Virtual switch connection
  • The number of virtual processors
  • The startup memory quantity, whether the VM uses Dynamic Memory, and DM’s minimum and maximum values
  • Attach or create one or more VHDs or VHDXs
  • Initial boot configuration

If you used the wizard from within Failover Cluster Manager, it will have also added the VM to the cluster’s highly-available roles.

Windows Admin Center does more than the MMC wizards, making it more likely that you can immediately use the created virtual machine. It does miss a few common configuration points, such as VLAN assignment and startup/shutdown settings.

The PowerShell Outcome

As for PowerShell, we have nothing missed on the outcome. It can do everything. Some parts take a bit more effort. You will often need two or more cmdlets to fully create a VM as desired. Before we demonstrate them, we need to cover the difference between PowerShell and the above GUI methods.

Why Should I Use PowerShell Instead of the GUI to Create a Virtual Machine?

So, if PowerShell takes more work, why would you do it? Well, if you have to create only one or two VMs, maybe you wouldn’t. In a lot of cases, it makes the most sense:

  • One-stop location for the creation of VMs with advanced settings
  • Repeatable VM creation steps
  • More precise control over the creation
  • Access to features and settings unavailable in the GUI

For single VM creation, PowerShell saves you from some double-work and usage of multiple interfaces. You don’t have to run a wizard to create the VM and then dig through property sheets to make changes. You also don’t have to start in a wizard and then switch to PowerShell if you want to change a setting not included in the GUI.

Understanding Permissions for Hyper-V’s Cmdlets

If you run these cmdlets locally on the Hyper-V host as presented in this article, then you must belong to the local Administrators group. I have personally never used the “Hyper-V Administrators” group, ever, just on principle. A Hyper-V host should not do anything else, and I have not personally encountered a situation where it made sense to separate host administration from Hyper-V administration. I have heard from others that membership in the “Hyper-V Administrators” group does not grant the powers that they expect. Your mileage may vary.

Additional Requirements for Remote Storage

If the storage location for your VMs or virtual hard disks resides on a remote system (SMB), then you have additional concerns that require you to understand the security model of Hyper-V’s helper services. Everything that you do with the Hyper-V cmdlets (and GUI tools) accesses a central CIM-based API. These APIs do their work by a two-step process:

  • The Hyper-V host verifies that your account has permission to access the requested API
  • Service on the Hyper-V host carries out the requested action within its security context

By default, these services run as the “Local System” account. They present themselves to other entities on the network as the Hyper-V host’s computer account, not your account. Changing the account that runs the services places you in an unsupported configuration. Just understand that they run under that account and act accordingly.

The Hyper-V host’s computer account must have at least Modify the permission on the remote NTFS/ReFS file system and at least Change on the SMB share.

Additional Requirements for Remote Sessions

If you run these cmdlets remotely, whether explicitly (inside a PSSession) or implicitly (using the ComputerName) parameter, and you do anything that depends on SMB storage (a second hop), then you must configure delegation.

The security points of a delegated operation:

  • The account that you use to run the cmdlet must have administrator privileges on the Hyper-V host
  • The Hyper-V host must allow delegation of credentials to the target location
  • You must configure the target SMB share as indicated in the last sentence of the preceding section

These rules apply whether you allow the commands to use the host’s configured default locations or if you override.

If you need help with the delegation part, we have a script for delegation.

Shortest Possible Use of New-VM

You can run New-VM with only one required parameter:

This creates a virtual machine on the local host with the following characteristics:

  • Name: “demovm”
  • Generation 1
  • 1 vCPU
  • No virtual hard disk
  • Virtual CD/DVD attached to virtual IDE controller 1, location 0
  • Synthetic adapter, not connected to a virtual switch
  • Boots from CD (only bootable device on such a system)

I do not use the cmdlet this way, ever. I personally create only Generation 2 machines now unless I have some overriding reason. You can change all other options after creation. Also, I tend to connect to the virtual switch right away, as it saves me a cmdlet later.

I showed this usage so that you understand the default behavior.

Simple VM Creation in PowerShell

We’ll start with a very basic VM, using simple but verbose cmdlets.

The above creates a new Generation 2 virtual machine in the host’s default location named “demovm” with 2 gigabytes of startup memory and connects it to the virtual switch named “vSwitch”. It uses static memory because New-VM cannot enable Dynamic Memory. It uses one vCPU because New-VM cannot override that. It does not have a VHDX. We can do that with New-VM, but I have a couple of things to note for that, and I wanted to start easy. Yes, you will have to issue more cmdlets to change the additional items, but you’re already in the right place to do that. No need to switch to another screen.

Before we move on to post-creation modifications, let’s look at uncommon creation options.

Create a Simple VM with a Specific Version in PowerShell

New-VM has one feature that the GUI cannot replicate by any means: it can create a VM with a specific configuration version. Without overriding, you can only create VMs that use the maximum supported version of the host that builds the VM. If you will need to migrate or replicate the VM to a host running an older version, then you must use New-VM and specify a version old enough to run on all necessary hosts.

To create the same diskless VM as above, but that can run on a Windows Server 2012 R2 host:

You can see the possible versions and their compatibility levels with  Get-VMHostSupportedVersion.

Be aware that creating a VM with a lower version may have unintended side effects. For instance, versions prior to 8 don’t support hardware thread counts so they won’t have access to Hyper-Threading when running on a Hyper-V host using the core scheduler. You can see the official matrix of VM features by version on the related Microsoft docs page.

Note: New-VM also exposes the Experimental and Prerelease switches, but these don’t work on regular release versions of Hyper-V. These switches create VMs with versions above the host’s normally supported maximum. Perhaps they function on Insider versions, but I have not tried.

Simple VM Creation with Positional Parameters

When we write scripts, we should always type out the full names of parameters. But, if you’re working interactively, take all the shortcuts you like. Let’s make that same “demovm”, but save ourselves a few keystrokes:

SwitchName is the only non-positional parameter that we used. You can tell from the help listing ( Get-Help New-VM):

Each parameter surrounded by double brackets ( [[ParameterName]]) is positional. As long as you supply its value in the exact order that it appears, you do not need to type its name.

In only 43 characters, we have accomplished the same as all but one of the wizard’s tabs. If you want to make it even shorter, the quote marks around the VM and switch names are only necessary if they contain spaces. And, once the cmdlet completes, we can just keep typing to change anything that New-VM didn’t cover.

Create a Simple VM in a Non-Default Path

We can place the VM in a location other than the default with one simple change, but it has a behavioral side effect. First, the cmdlet:

The Path parameter overrides the placement of the VM from the host defaults. It does not impact the placement of any virtual hard disks.

As for the previously mentioned side effect, compare the value of the Path parameter of a VM created using the default (on my system):

The Path parameter of a VM with the overriden path value:

When you do not specify a Path, the cmdlet will place all of the virtual machine’s files in the relevant subfolders of the host’s default path (Virtual Machines, Snapshots, etc.). When you specify a path, it first creates a subfolder with the name of the VM, then creates all those other subfolders inside. As far as I know, all of the tools exhibit this same behavior (I did not test WAC).

Create a VM with a VHDX, Single Cmdlet

To create the VM with a virtual hard disk in one shot, you must specify both the NewVHDPath and NewVHDSizeBytes parameter. NewVHDPath operates somewhat independently of Path.

Start with the easiest usage:

The above cmdlet does very nearly all the same things like the GUI wizard but in one line. It starts by doing the same things as the first simple cmdlet that I showed you. Then  It also creates a VHDX of the specified name. Since this cmdlet only indicates the file name, the cmdlet creates it in the host’s default virtual hard disk storage location. To finish up, it attaches the new disk to the VM’s first disk boot location (IDE 0:0 or SCSI 0:0, depending on VM Generation).

Create a VM with a VHDX, Override the VHDX Storage Location

Don’t want the VHDX in the default location? Just change NewVHDPath so that it specifies the full path to the desired location:

Create a VM with a VHDX, Override the Entire VM Location

Want to change the location of the entire VM, but don’t want to specify the path twice? Override placement of the VM using Path, but provide only the file name for NewVHDPath:

The above cmdlet creates a “demovm” folder in “C:LocalVMs”. It places the virtual machine’s configuration files in a “Virtual Machines” subfolder and places the new VHDX in a “Virtual Hard Disks” subfolder.

Just as before, you can place the VHDX into an entirely different location just by providing the full path.

Notes on VHDX Creation with New-VM

A few points:

  • You must always supply the VHDX’s complete file name. New-VM will not guess at what you want to call your virtual disk, nor will it auto-append the .vhdx extension.
  • You must always supply a .vhdx extension. New-VM will not create a VHD formatted disk.
  • All the rules about second-hops and delegation apply.
  • Paths operate from the perspective of the Hyper-V host. When running remotely, a path like “C:LocalVMs” means the C: disk on the host, not on your remote system.
  • You cannot specify an existing file. The entire cmdlet will fail if the file already exists (meaning that, if you tell it to create a new disk and it cannot for some reason, then it will not create the VM, either).

As with the wizard, New-VM can create only one VHDX and it will always connect to the primary boot location (IDE controller 0 location 0 for Generation 1, SCSI controller 0 location 0 for Generation 2). You can issue additional PowerShell commands to create and attach more virtual disks. We’ll tackle that after we finish with the New-VM cmdlet.

Create a VM with a VHDX, Single Cmdlet, and Specify Boot Order

We have one more item to control with New-VHD: the boot device. Using the above cmdlets, your newly created VM will try to boot to the network first. If you used one of the variants that create a virtual hard disk, a failed network boot will fall through to the disk.

Let’s create a VM that boots to the virtual CD/DVD drive instead:

You have multiple options for the BootDevice parameter:

  • CD: attach a virtual drive and set it as the primary boot device
  • Floppy: set the virtual floppy drive as the primary boot device; Generation 1 only
  • IDE: set IDE controller 0, location 0 as the primary boot device; Generation 1 only
  • LegacyNetworkAdapter: attach a legacy network adapter and set it as the primary boot device; Generation 1 only
  • NetworkAdapter: set the network adapter as the primary boot device on a Generation 2 machine, attach a legacy network adapter and set it as the primary boot device on a Generation 1 machine
  • VHD: if you created a VHDX with New-VM, then this will set that disk as the primary boot device. Works for both Generation types

The BootDevice parameter does have come with a quirk: if you create a VHD and set the VM to boot from CD using New-VM, it will fail to create the VM. It tries to attach both the new VHD and the new virtual CD/DVD drive to the same location. The entire process fails. You will need to create the VHD with the VM, then attach a virtual CD/DVD drive and modify the boot order or vice versa.

Make Quick Changes to a New VM with PowerShell

You have your new VM, but you’d like to make some quick, basic changes. Set-VM includes all the common settings as well as a few rare options.

Adjust Processor and Memory Assignments

From New-VM, the virtual machine starts off with one virtual CPU and does not use static memory. My preferred new virtual machine, in two lines:

Both New-VM and Set-VM include the MemoryStartupBytes parameter. I used it with Set-VM to make the grouping logical.

Some operating systems do not work with Dynamic Memory, some applications do not work with Dynamic Memory, and some vendors (and even some administrators) just aren’t ready for virtualization. In any of those cases, you can do something like this instead:

Technically, you can leave off the StaticMemory parameter in the preceding sequence. New-VM always creates a VM with static memory. Use it when you do not know the state of the VM.

Control Automatic Start and Stop Actions

When a Hyper-V host starts or shuts down, it needs to do something with its VMs. If it belongs to a cluster, it has an easy choice for highly-available VMs: move them. For non-HA VMs, it needs some direction. By default, new VMs will stay off when the host starts and save when the host shuts down. You can override these behaviors:

You can use these parameters with any other parameter on Set-VM, and you do not need to include all three of them. If you use the Nothing setting for AutomaticStartAction or if you do not specify a value for AutomaticStartDelay, then it uses a value of 0. AutomaticStartDelay uses a time value of seconds.

AutomaticStartAction has these options (use [Tab] to cycle through):

  • Nothing: stay off
  • Start: always start with the host, after AutomaticStartDelay seconds
  • StartIfRunning: start the VM with the host after AutomaticStartDelay seconds, but only if it was running when the host shut down

Note: I am aware of what appears to be a bug in 2019 in which the VM might not start automatically.

AutomaticStopAction has these options (use [Tab] to cycle through):

  • Save: place the VM into a saved state
  • ShutDown: via the Hyper-V integration services/components, instruct the guest OS to shut down. If it does not respond or complete within the timeout period, force the VM off.
  • TurnOff: Hyper-V halts the virtual machine immediately (essentially like pulling the power on a physical system)

If you do not know what to do, take the safe route of Save. Hyper-V will wait for saves to complete.

Determine Checkpoint Behavior

By default, Windows 10 will take a checkpoint every time you turn on a virtual machine. That essentially gives you an Oops! button. Windows Server has that option, but leaves it off by default. Both Windows and Windows Server use the so-called “Production” checkpoint and fall back to “Standard” checkpoints. You can override all this behavior.

Applicable parameters:

  • CheckpointType: indicate which type of checkpoints to create. Use [Tab] to cycle through the possible values:
    • Disabled: the VM cannot have checkpoints. Does not impact backup’s use of checkpoints.
    • Production: uses VSS in the guest to signal VSS-aware applications to flush to disk, then takes a checkpoint of only the VM’s configuration and disks. Active threads and memory contents are not protected. If VSS in the guest does not respond, falls back to a “Standard” checkpoint.
    • ProductionOnly: same as Production, but fails the checkpoint operation instead of falling back to “Standard”
    • Standard: checkpoints the entire VM, including active threads and memory. Unlike a Production checkpoint, applications inside a VM have no way to know that a checkpoint operation took place.
  • SnaphotFileLocation: specifies the location for the configuration files of a virtual machine’s future checkpoints. Does not impact existing checkpoints. Does not affect virtual hard disk files (AVHD/X files are always creating alongside the parent).
  • AutomaticCheckpointsEnabled: Controls whether or not Hyper-V makes a checkpoint at each VM start. $true to enable, $false to disable.

Example:

Honestly, I dislike the names “Production” and “Standard”. I outright object to the way that Hyper-V Manager and Failover Cluster Manager use the term “application-consistent” to describe them. You can read my article about the two types to help you decide what to do.

Control the Automatic Response to Disconnected Storage

In earlier versions of Hyper-V, losing connection to storage meant disaster for the VMs. Hyper-V would wait out the host’s timeout value (sometimes), then kill the VMs. Now, it can pause the virtual machine’s CPU, memory and I/O, then wait a while for storage to reconnect.

The value of AutomaticCriticalErrorActionTimeout is expressed in minutes. By default, Hyper-V will wait 30 minutes.

Alternatively, you can set AutomaticCriticalErrorAction to None and Hyper-V will kill the VM immediately, as it did in previous versions.

Attach Human-Readable Notes to a Virtual Machine

You can create notes for a virtual machine right on its properties.

Jeff Hicks gave this feature a full treatment and extended it.

Advanced VM Creation with PowerShell

To control all of the features of your new VM, you will need to use additional cmdlets. All of the cmdlets demonstrated in this section will follow a VM created with:

Starting from that base allows me to get where I want with the least level of typing and effort.

Prepare the VM to Use Discrete Device Assignment

Hyper-V has some advanced capabilities to pass through host hardware using Discrete Device Assignment (DDA). Set-VM has three parameters that impact DDA:

  • LowMemoryMappedIoSpace
  • HighMemoryMappiedIoSpace
  • GuestControlledCacheTypes

These have little purpose outside of DDA. Didier Van Hoye wrote a great article on DDA that includes practical uses for these parameters.

Specify Processor Settings on a New VM

All of the ways to create a VM result in a single vCPU with default settings. You can make some changes in the GUI, but only PowerShell reaches everything. Use the Set-VMProcessor cmdlet.

Changing a VM’s Virtual CPU Count in Hyper-V

I always use at least 2 vCPU because it allows me to leverage SMT and Windows versions past XP/2003 just seem to respond better. I do not use more than two without a demonstrated need or when I have an under-subscribed host. We have an article that dives much deeper into virtual CPUs on Hyper-V.

Give our new VM a second vCPU:

You cannot change the virtual processor count on a running, saved, or paused VM.

Note: You can also change the vCPU count with Set-VM, shown earlier.

Set Hard Boundaries on a VM’s Access to CPU Resources

To set hard boundaries on the minimum and maximum percentage of host CPU resources the virtual machine can access, use the Reserve and Maximum parameters, respectively. These specify the total percentage of host processor resources to be used which depends on the number of vCPUs assigned. Calculate actual resource reservations/limits like this:

Parameter Value / Number of Host Logical Processors * Number of Assigned Virtual CPUs = Actual Value

So, a VM with 4 vCPUs set with a Reserve value of 25 on a host with 24 logical processors will lock about 4% of the host’s total CPU resources for itself. A VM with 6 vCPUs and a Limit of 75 on a host with 16 logical processors will use no more than about 28% of total processing power. Refer to the previously-linked article for an explanation of these settings.

To set all of these values:

You do not need to specify any of these values. New-VM and all the GUI tools create a VM with a value of 1 for Count, a value of 0 for Reserve and a value of 100 for Maximum. If you do not specify one of these parameters for Set-VMProcessor, it leaves the value alone. So, you can set the processor Count in one iteration, then modify the Reserve at a later time without disturbing the Count, and then the Maximum at some other point without impacting either of the previous settings.

You can change these settings on a VM while it is off, on, or paused, but not while saved.

Prioritize a VM’s Access to CPU Resources

Instead of hard limits, you can prioritize a VM’s CPU access with Set-VMProcessor’s RelativeWeight parameter. As indicated, the settings is relative. Every VM has this setting. If every VM has the same priority value, then no one has priority. VM’s begin life with a default processor weight of 100. The host’s scheduler gives preference to VMs with a higher processor weight.

To set the VM’s vCPU count and relative processor weight:

You do not need to specify both values together; I only included the Count to show you how to modify both at once on a new VM. You can also include the Reserve and Maximum settings if you like.

Enable Auto-Throttle on a VM’s CPU Access

Tinkering with limits and reservations and weights can consume a great deal of administrative effort, especially when you only want to ensure that no VM runs off with your CPU and drags the whole thing down for everyone. Your first, best control on that is the number of vCPU assigned to a VM. But, when you start to work with high densities, that approach does not solve much. So, Microsoft designed Host Resource Protection. This feature does not look at raw CPU utilization so much as it monitors certain activities. If it deems them excessive, it enacts throttling. You get this feature with a single switch:

Microsoft does not fully document what this controls. You will need to test it in your environment to determine its benefits.

You can use the EnableHostResourceProtection parameter by itself or with any of the others.

Set VM Processor Compatibility

Hyper-V uses a CPU model that very nearly exposes the logical processor to VMs as-is. That means that a VM can access all of the advanced instruction sets implemented by a processor. However, Microsoft also designed VMs to move between hosts. Not all CPUs use the same instruction set. So, Microsoft implements a setting that hides all instruction sets except those shared by every supported CPU from a manufacturer. If you plan to Live Migrate a VM between hosts with different CPUs from the same manufacturer, use this cmdlet:

Employ a related parameter if you need to run unsupported versions of Windows (like NT 4.0 or 2000):

This one time, I did not override Count. Older operating systems did not have the best support for multi-processing, and a lot of applications from that era perform worse with multiple processors.

You can specify $false to disable these features. You can only change them while the VM is turned off. As with the preceding demonstrations, you can use these parameters in any combination with the others, or by themselves.

Change a VM’s NUMA Processor Settings

I have not written much about NUMA. Even the poorest NUMA configuration would not hurt more than a few Hyper-V administrators. If you don’t know what NUMA is, don’t worry about it. I am writing these instructions for people that know what NUMA is, need it, and just want to know how to use PowerShell to configure it for a Hyper-V VM.

Set-VMProcessor provides two of the three available NUMA settings. We will revisit the other one in the Set-VMMemory section below. Use Set-VMProcessor to specify the maximum number of virtual CPUs per NUMA node or the maximum number of virtual NUMA nodes this VM sees per socket.

As before, you can use any combination of these parameters with each other and the previously-shown parameters. Unlike before, mistakes here can make things worse without making anything better.

Enable Hyper-V Nested Virtualization

Want to run Hyper-V on Hyper-V? No problem (anymore). Run this after you make your new VM:

Note: Enabling virtualization extensions silently disable Dynamic Memory. Only Startup memory will apply.

I have not tested this setting with other hypervisors. It does pass the enabled virtualization features of your CPU down to the guest, so it might enable others. I also did not test this parameter with any parameter other than Count.

Change Memory Settings on a New VM

New-VM always leaves you with static memory. If you don’t provide a MemoryStartupBytes value, it will use a default of one gigabyte. The GUI wizards can enable Dynamic Memory, but will only set the Startup value. For all other memory settings, you must access the VM’s property sheets or turn to PowerShell. We will make these changes with Set-VMMemory.

Note: You can also change several memory values with Set-VM, shown earlier.

Setting Memory Quantities on a VM

A virtual machine’s memory quantities appear on three parameters:

  • Startup: How much memory the virtual machine will have at boot time. If the VM does not utilize Dynamic Memory, this value persists throughout the VM’s runtime
  • MinimumBytes: The minimum amount of memory that Dynamic Memory can assign to the virtual machine
  • MaximumBytes: The maximum amount of memory that Dynamic Memory can assign to the virtual machine

These values exist on all VMs. Hyper-V only references the latter two if you configure the VM to use Dynamic Memory.

This cmdlet sets the VM to use two gigabytes of memory at the start. It does not impact Dynamic Memory in any way; it leaves all of those settings alone. You can change this value at any time, although some guest operating systems will not reflect the change.

We will include the other two settings in the upcoming Dynamic Memory sections.

Enable Dynamic Memory on a VM

Control whether or not a VM uses Dynamic Memory with the DynamicMemoryEnabled parameter.

You can disable it with $false. The above usage does not modify any of the memory quantities. A new VM defaults to 512MB minimum and 1TB maximum.

You can only make this change while the VM is off.

You can also control the Buffer percentage that Dynamic Memory uses for this VM. The “buffer” refers to a behind-the-scenes memory reservation for memory expansion. Hyper-V sets aside a percentage of the amount of memory currently assigned to the VM for possible expansion. You control that percentage with this parameter.

So, if Hyper-V assigns 2108 megabytes to this VM, it will also have up to 210.8 megabytes of buffered memory. Buffer only sets a maximum; Hyper-V will use less in demanding conditions or if the set size would exceed the maximum assigned value. Hyper-V ignores the Buffer setting when you disable Dynamic Memory on a VM. You can change the buffer size on a running VM.

Dynamic Memory Setting Demonstrations

Let’s combine the above settings into a few demonstrations.

Control a VM’s Memory Allocation Priority

If VMs have more total assigned memory than the Hyper-V host can accommodate, it will boot them by Priority order (higher first). Also, if Dynamic Memory has to choose between VMs, it will work from Priority.

Valid values range from 0 to 100. New VMs default to 50. You can use Priority with any other valid combination of Set-VMMemory. You can change Priority at any time.

Note: The GUI tools call this property Memory weight and show its value as a 9-point slider from Low (0) to High (100).

Change a VM’s NUMA Memory Settings

We covered the processor-related NUMA settings above. Use Set-VMMemory to control the amount of memory in the virtual NUMA nodes presented to this VM:

As with the processor NUMA settings, I only included this to show you how. If you do not understand NUMA and know exactly why you would make this change, do not touch it.

Attach Virtual Disks and CD/DVD Drives to a Virtual Machine

You could use these cmdlets instead of the features of New-VM to attach drives. You can also use them to augment New-VM. Due to some complexities, I prefer the latter.

A Note on Virtual Machine Drive Controllers

On a physical computer, you have to use the physical drive controllers as you find them. If you run out of disk locations, you have to add physical controllers. With Hyper-V, you do not directly manage the controllers. Simply instruct the related cmdlets to attach the drive to a specific controller number and location. As long as the VM does not already have a drive in that location, it will use it.

On a Generation 1 virtual machine, you have two emulated Enhanced Integrated Drive Electronics (EIDE, or just IDE) controllers, numbered 0 and 1. Each has location 0 and location 1 available. That allows a total of four available IDE slots. When you set a Generation 1 VM to boot to IDE or VHD, it will always start with IDE controller 0, position 0. If you set it to boot to CD, it will walk down through 0:0, 0:1, 1:0, and 1:1 to find the first CD drive.

Both Generation types allow up to four synthetic SCSI controllers, numbered 0 through 4. Each controller can have up to 64 locations, numbered 0 through 63.

Unlike a physical system, you will not gain benefits from balancing drives across controllers.

Create a Virtual Hard Disk File to Attach

You can’t attach a disk file that you don’t have. You must know what you will call it, where you want to put it, and how big to make it.

By default, New-VHD creates a dynamically-expanding hard disk. For the handful of cases where fixed makes more sense, override with the Fixed parameter:

By default a dynamically-expanding VHDX uses a 32 megabyte block size. For some file systems, like ext4, that can cause major expansion percentages over very tiny amounts of utilized space. Override the block size to a value as low as 1 megabyte:

You can also use LogicalSectorSizeBytes and PhysicalSectorSizeBytes to override defaults. Hyper-V will detect the underlying physical storage characteristics and choose accordingly, so do not override these values unless you intend to migrate the disk to a system with different values:

Create a Virtual Hard Disk from a Physical Disk

You can instruct Hyper-V to encapsulate the entirety of a physical disk inside a VHDX. First, use Get-Disk to find the disk number. Then use New-VHD to transfer its contents into a VHD:

You can combine this usage with Fixed or BlockSizeBytes (not both). The new VHDX will have a maximum size that matches the source disk.

Create a Child Virtual Hard Disk

In some cases, you might wish to use a differencing disk with a VM, perhaps as its primary disk. This usage allows the VM to operate normally, but prevent it from making changes to the base VHDX file.

You can also specify the Differencing parameter, if you like.

Note: Any change to the base virtual hard disk invalidates all of its children.

Check a VM for Available Virtual Hard Disk and CD/DVD Locations

You do not need to decide in advance where to connect a disk. However, you sometimes want to have precise control. Before using any of the attach cmdlets, consider verifying that it has not already filled the intended location. Get-VMHardDiskDrive and Get-VMDvdDrive will show current attachments.

Attach a Virtual Hard Disk File to a Virtual Machine

You can add a disk very easily with Add-VMHardDiskDrive:

Hyper-V will attach it to the next available location.

You can override to a particular location:

Technically, you can skip the ControllerType parameter; Generation 1 assumes IDE and Generation 2 has no other option.

If you want to attach a disk to another SCSI controller, but it does not have another, then add it first:

Notice that I did not specify a location on Add-VMHardDiskDrive. If you specify a controller but no location, it just uses the next available.

Attach a Virtual DVD Drive to a Virtual Machine

Take special note: this cmdlet applies to a virtual drive, not a virtual disk. Basically, it creates a place to put a CD/DVD image, but does not necessarily involve a disk image. It can do both, as you’ll see.

Add-VMDvdDrive uses all the same parameters as Add-VMHardDiskDrive above. If you do not specify the Path parameter, then the drive remains empty. If you do specify Path, it mounts the image immediately:

All the notes from the beginning about permissions and delegation apply here.

If you have a DVD drive already and just want to change its contents, use Set-VMDvdDrive:

If you have more than one CD/DVD attached, you can use the ControllerTypeControllerNumber, and ControllerLocation parameters to specify.

If you want to empty the drive:

Remove-VMDvdDrive completely removes the drive from the system.

Work with a New Virtual Machine’s Network Adapters

Every usage of New-VM should result in a virtual machine with at least one virtual network adapter. By default, it will not attach it to a virtual switch. You might need to modify a VLAN. If desired, you can change the name of the adapter. You can also add more adapters, if you want.

Attach the Virtual Adapter to a Virtual Switch

You can connect every adapter on a VM to the same switch:

If you want to specify the adapter, you have to work harder. I wrote up a more thorough guide on networking that includes that, and other advanced topics.

Connect the Virtual Adapter to a VLAN

All of the default vNIC creation processes leave the adapter as untagged. To specify a VLAN, use Set-VMNetworkAdapterVLAN:

If you need help selecting a vNIC for this operation, use my complete guide for details. It does not have a great deal of information on other ways to use this cmdlet, such as for trunks, so refer to the official documentation.

Rename the Virtual Adapter

You could differentiate adapters for the previous cmdlets by giving adapters unique names. Otherwise, Hyper-V calls them all “Network Adapter”.

Like the preceding cmdlets, this usage will rename all vNICs on the VM. Use caution. But, if you do this on a system with only one adapter, then add another, you can filter against adapters not name “Adapter 1”, then later use the VMNetworkAdapterName parameter.

Add Another Virtual Adapter

You can use Add-VMNetworkAdapter to add further adapters to the VM:

Even better, you can name it right away:

Don’t forget to connect your new adapter to a virtual switch (you can still use Connect-VMNetworkAdapter, of course):

Add-VMNetworkAdapter has several additional parameters for adapter creation. Set-VMNetworkAdapter has a superset, show I will show them in its context. However, you might find it convenient to use StaticMacAddress when creating the adapter.

Set the MAC Address of a Virtual Adapter

You can set the MAC address to whatever you like:

If you need to override the MAC for spoofing (as in, for a software load-balancer):

Other Virtual Network Adapter Settings

Virtual network adapters have a dizzying array of options. Check the official documentation or Get-Help Set-VMNetworkAdapter to learn about them.

Work with a New Virtual Machine’s Integration Services Settings

None of the VM creation techniques allow you to make changes to the Hyper-V integration services. Few VMs ever need such a change, so including them would amount to a nuisance for most of us. We do sometimes need to change these items, perhaps to disable time synchronization for virtualized domain controllers or to block attempts to signal VSS in Linux guests.

We do not use “Set” cmdlets to control integration services. We have Get-, Enable-, and Disable- for integration services. Every new VM enables all services except “Guest Services”. Ideally, the cmdlets would all have pre-set options for the integration services. Unfortunately, we have to either type them out or pipe them in from Get-VMIntegrationService. You can use it to get a list of the available services. You can then use the selection capabilities of the console to copy and paste the item that you need (draw over the letters to copy, then right-click to paste). You can also use a filter (Where-Object) to pick the one that you need. For now, we will see the simplest choices.

To disable the time synchronization service for a virtual machine:

To enable guest services for a virtual machine:

Most of the integration service names contain spaces. Don’t forget to use single or double quotes around such a name.

Put it All Together: Use PowerShell to Make the Perfect VM

A very common concern: “How can I remember all of this?” Well, you can’t remember it all. I have used PowerShell to control VMs since the unofficial module for 2008. I don’t remember everything. But, you don’t need to try. In the general sense, you always have Get-Help and Get-Command -Module Hyper-V. But, even better, you probably won’t use the full range of capability. Most of us create VMs with a narrow range of variance. I will give you two general tips for making the custom VM process easier.

Use a Text Tool to Save Creation Components

In introductory, training, and tutorial materials, we often make a strong distinction between interactive PowerShell and scripted PowerShell. If you remember what you want, you can type it right in. If you make enough VMs to justify it, you can have a more thorough script that you guide by parameter. But, you can combine the two for a nice middle ground.

First, pick a tool that you like. Visual Studio Code has a lot of features to support PowerShell. Notepad++ provides a fast and convenient scratch location to copy and paste script pieces.

This tip has one central piece: as you come up with cmdlet configurations that you will, or even might, use again, save them. You don’t have to build everything into a full script. Sometimes, you need a toolbox with a handful of single-purpose snippets. More than once in my career, I’ve come up with a clever solution to solve a problem at hand. Later, I tried to recall it from memory, and couldn’t. Save those little things — you never know when you’ll need them.

Use PowerShell’s Pipeline and Variables with Your Components

In all the cmdlets that I showed you above, I spelled out the virtual machine’s name. You could do a lot of text replacement each time you wanted to use them. But, you have a better way. If you’ve run New-VM lately, you probably noticed that it emitted something to the screen:

customize vms using powershell

Instead of just letting all that go to the screen, you can capture it or pass it along to another cmdlet.

Pipeline Demo

Use the pipe character  | to quickly ship output from one cmdlet to another. It works best to make relatively few and simple changes.

The above has three separate commands that all chain from the first. You can copy this into your text manipulation tool and save it. You can then use it as a base pattern. You change the name of the VM and its VHDX in the text tool and then you can create a VM with these settings anytime you like. No need to step through a wizard and then flip a lot of switches after.

Warning: Some people in the PowerShell community develop what I consider an unhealthy obsession with pipelining, or “one liners”. You should know how the pipeline works, especially the movement of objects. But, extensive pipelining becomes impractical quite quickly. Somewhere along the way, it amounts to little more than showing off. Worse, because not every cmdlet outputs the same object, you quickly have to learn a lot of tricks that do nothing except keep the pipeline going. Most egregiously, “one liners” impose severe challenges to legibility and maintainability with no balancing benefit. Use the pipeline to the extent that it makes things easier, but no further.

Variables Demos

You can capture the output of any cmdlet into a variable, then use that output in succeeding lines. It requires more typing than the pipeline, but trades flexibility.

Each of the cmdlets in the above listing has a PassThru parameter, but, except for New-VM, none emits an object that any of the others can use. This script takes much more typing than the pipeline demo, but it does more and breaks each activity out into a single, easy comprehensible line. As with the pipeline version, you can set up each line to follow the pattern that you use most, then change only the name in the first line to suit each new VM. Notice that it automatically gives the VHDX a name that matches the VM, something that we couldn’t do in the pipeline version.

Combining Pipelines and Variables

You can use variables and pipelines together to maximize their capabilities.

With this one, you can implement your unique pattern but place all the changeable items right in the beginning. This sample only sets the VM’s name. If you want to make other pieces easily changeable, just break them out onto separate lines.

Making Your Own Processes

If you will make a single configuration of VM repeatedly, you should create a saved script or an advanced function in your profile. It should have at least one parameter to specify the individual VM name.

But, even though most people won’t create VMs with a particular wide variance of settings, neither will many people create VMs with an overly tight build. Using a script with lots of parameters presents its own challenges. So, instead of a straight-through script, make a collection of copy/pasteable components.

Use something like the following:

Trying to run all of that as-is would cause some problems. Instead, copy out the chunks that you need and paste them as necessary. Add in whatever parts suit your needs.

Be sure to let us know how you super-charged your VM creation routines!


Go to Original Article
Author: Eric Siron

Benefits of virtualization highlighted in top 10 stories of 2019

When an organization decides to pursue a virtual desktop solution, a host of questions awaits it.

Our most popular virtual desktop articles this year highlight that fact and show how companies are still trying to get a handle on the virtual desktop infrastructure terrain. The stories explain the benefits of virtualization and provide comparisons between different enterprise options.

A countdown of our most-read articles, determined by page views, follows.

  1. Five burning questions about remote desktop USB redirection

Virtual desktops strive to mimic the traditional PC experience, but using local USB devices can create a sticking point. Remote desktop USB redirection enables users to attach their devices to their local desktop and have it function normally. In 2016, we explored options for redirection, explained how the technology worked and touched upon problem areas such as how scanners are infamously problematic with redirection.

  1. Tips for VDI user profile management

Another key factor for virtualizing the local desktop experience includes managing things like a user’s browser bookmarks, desktop background and settings. That was the subject of this FAQ from 2013 and our ninth most popular story for 2019. The article outlines options for managing virtual desktop user profiles, from implementing identical profiles for everyone to ensuring that settings once saved locally carry over to the virtual workspace.

  1. VDI hardware comparison: Thin vs. thick vs. zero clients

The push toward centralizing computing services has created a market for thin and zero clients, simple and low-cost computing devices reliant on servers. In implementing VDI, IT professionals should consider the right option for their organization. Thick clients, the traditional PC, provide proven functionality, but they also sidestep some of the biggest benefits of virtualization such as lower cost, energy efficiency and increased security. Thin clients provide a mix of features, and their simplicity brings VDI’s assets, such as centralized management and ease of local deployment, to bear. Zero clients require even less configuration, as they have nothing stored locally, but they tend to be proprietary.

  1. How to troubleshoot remote and virtual desktop connection issues

Connection issues can disrupt employee workflow, so avoiding and resolving them is paramount for desktop administrators. Once the local hardware has been ruled out, there are a set of common issues — exceeded capacity, firewalls, SSL certificates and network-level authentication — that IT professionals can consider when solving the puzzle.

  1. Comparing converged vs. hyper-converged infrastructure

What’s the difference between converged infrastructure (CI) and hyper-converged infrastructure (HCI)? This 2015 missive took on that question in our sixth most popular story for 2019. In short, while CI houses four data center functions — computing, storage, networking and server virtualization — into a single chassis, HCI looks to add even more features through software. HCI’s flexibility and scalability were touted as advantages over the more hardware-focused CI.

  1. Differences between desktop and server virtualization

To help those seeking VDI deployment, this informational piece from 2014 focused on how desktop virtualization differs from server virtualization. Server virtualization partitions one server into many, enabling organizations to accomplish tasks like maintaining databases, sharing files and delivering media. Desktop virtualization, on the other hand, delivers a virtual computer environment to a user. While server virtualization is easier to predict, given its uniform daily functions, a virtual desktop user might call for any number of potential applications or tasks, making the distinction between the two key.

  1. Application virtualization comparison: XenApp vs. ThinApp vs. App-V

This 2013 comparison pitted Citrix, VMware and Microsoft’s virtualization services against each other to determine the best solution for streaming applications. Citrix’s XenApp drew plaudits for the breadth of the applications it supported, but its update schedule provided only a short window to migrate to newer versions. VMware ThinApp’s portability was an asset, as it did not need installed software or device drivers, but some administrators said the service was difficult to deploy and the lack of a centralized management platform made handling applications trickier. Microsoft’s App-V provided access to popular apps like Office, but its agent-based approach limited portability when compared to ThinApp.

  1. VDI shops mull XenDesktop vs. Horizon as competition continues

In summer 2018, we took a snapshot of the desktop virtualization market as power players Citrix and VMware vied for a greater share of users. At the time, Citrix’s product, XenDesktop, was used in 57.7% of on-premises VDI deployments, while VMware’s Horizon accounted for 26.9% of the market. Customers praised VMware’s forward-facing emphasis on cloud, while a focus on security drew others to Citrix. Industry watchers wondered if Citrix would maintain its dominance through XenDesktop 7.0’s end of life that year and if challenger VMware’s vision for the future would pay off.

  1. Compare the top vendors of thin client systems

Vendors vary in the types of thin client devices they offer and the scale they can accommodate. We compared offerings from Advantech, Asus, Centerm Information, Google, Dell, Fujitsu, HP, Igel Technology, LG Electronics, Lenovo, NComputing, Raspberry Pi, Samsung, Siemens and 10ZiG Technology to elucidate the differences between them, and the uses for which they might be best suited.

  1. Understanding nonpersistent vs. persistent VDI

This article from 2013 proved some questions have staying power. Our most popular story this year explained the difference between two types of desktops that can be deployed on VDI. Persistent VDI provides each user his or her own desktop, allowing more flexibility for users to control their workspaces but requiring more storage and heightening complexity. Nonpersistent VDI did not save settings once a user logged out, a boon for security and consistent updates, but less than ideal in providing easy access to needed apps.

Go to Original Article
Author:

Azure Bastion brings convenience, security to VM management

Administrators who want to manage virtual machines securely but want to avoid complicated jump server setup and maintenance have a new option at their disposal.

When you run Windows Server and Linux virtual machines in Azure, you need to configure administrative access. This requires communicating with these VMs from across the internet using Transmission Control Protocol (TCP) port 3389 for Remote Desktop Protocol (RDP), and TCP 22 for Secure Shell (SSH).

You want to avoid the configuration in Figure 1, which exposes your VMs to the internet with an Azure public IP address and invites trouble via port scan attacks. Microsoft publishes its public IPv4 data center ranges, so bad actors know which public IP addresses to check to find vulnerable management ports.

The problem with the network address translation (NAT)/load balancer method is your security team won’t like it. This technique is security by obfuscation, which is to say it does not make things more secure. It’s more of a NAT protocol hack.

port scan attacks
Figure 1. This setup exposes VMs to the internet with an Azure public IP address that makes an organization vulnerable to port scan attacks.

Another remote server management option offers illusion of security  

If you have a dedicated hybrid cloud setup with site-to-site virtual private network or an ExpressRoute circuit, then you can interact with your Azure VMs the same way you would with your on-premises workloads. But not every business has the money and staff to configure a hybrid cloud.

Another option, shown in Figure 2, combines the Azure public load balancer with NAT to route management traffic through the load balancer on nonstandard ports.

NAT rules
Figure 2. Using NAT and Azure load balancer for internet-based administrative VM access.

For instance, you could create separate NAT rules for inbound administrative access to the web tier VMs. If the load balancer public IP is 1.2.3.4, winserv1’s private IP is 192.168.1.10, and winserv2’s private IP is 192.168.1.11, then you could create two NAT rules that look like:

  • Inbound RDP connections to 1.2.3.4 on port TCP 33389 route to TCP 3389 on 192.168.1.10
  • Inbound RDP connections to 1.2.3.4 on port TCP 43389 route to TCP 3389 on 192.168.1.11

The problem with this method is your security team won’t like it. This technique is security by obfuscation that relies on a NAT protocol hack.

Jump servers are safer but have other issues

A third method that is quite common in the industry is to deploy a jump server VM to your target virtual network in Azure as shown in Figure 3.

jump server configuration
Figure 3. This diagram details a conventional jump server configuration for Azure administrative access.

The jump server is nothing more than a specially created VM that is usually exposed to the internet but has its inbound and outbound traffic restricted heavily with network security groups (NSGs). You allow your admins access to the jump server; once they log in, they can jump to any other VMs in the virtual network infrastructure for any management jobs.

Of these choices, the jump server is safest, but how many businesses have the expertise to pull this off securely? The team would need intermediate- to advanced-level skill in TCP/IP internetworking, NSG traffic rules, public and private IP addresses and Remote Desktop Services (RDS) Gateway to support multiple simultaneous connections.

For organizations that don’t have these skills, Microsoft now offers Azure Bastion.

What Azure Bastion does

Azure Bastion is a managed network virtual appliance that simplifies jump server deployment in your virtual networks.

Azure Bastion is a managed network virtual appliance that simplifies jump server deployment in your virtual networks. You drop an Azure Bastion host into its own subnet, perform some NSG configuration, and you are done.

Organizations that use Azure Bastion get the following benefits:

  • No more public IP addresses for VMs in Azure.
  • RDP/SSH firewall traversal. Azure Bastion tunnels the RDP and SSH traffic over a standard, non-VPN Transport Layer Security/Secure Sockets Layer connection.
  • Protection against port scan attacks on VMs.

How to set up Azure Bastion

Azure Bastion requires a virtual network in the same region. As of publication, Microsoft offers Azure Bastion in the following regions: Australia East, East U.S., Japan East, South Central U.S., West Europe and West U.S.

You also need an empty subnet named AzureBastionSubnet. Do not enable service endpoints, route tables or delegations on this special subnet. Further in this tutorial you can define or edit an NSG on each VM-associated subnet to customize traffic flow.

Because the Azure Bastion supports multiple simultaneous connections, size the AzureBastionSubnet subnet with at least a /27 IPv4 address space. One possible reason for this network address size is to give Azure Bastion room to auto scale in a method similar to the one used with autoscaling in Azure Application Gateway.

Next, browse to the Azure Bastion configuration screen and click Add to start the deployment.

Azure Bastion deployment setup
Figure 4: Deploying an Azure Bastion resource.

As you can see in Figure 4, the deployment process is straightforward if the virtual network and AzureBastionSubnet subnet are in place.

According to Microsoft, Azure Bastion will support client RDP and SSH clients in time, but for now you establish your management connection via the Connect experience in Azure portal. Navigate to a VM’s Overview blade, click Connect, and switch to the Bastion tab as shown Figure 5.

Azure Bastion setup
Figure 5. The Azure portal includes an Azure Bastion connection workflow.

On the Bastion tab, provide an administrator username and password, and then click Connect one more time. Your administrative RDP or SSH session opens in another browser tab, shown in Figure 6.

Windows Server management
Figure 6. Manage a Windows Server VM in Azure with Azure Bastion using an Azure portal-based RDP session.

You can share clipboard data between the Azure Bastion-hosted connection and your local system. Close the browser tab to end your administrative session.

Customize Azure Bastion

To configure Azure Bastion for your organization, create or customize an existing NSG to control traffic between the Azure Bastion subnet and your VM subnets.

Secure access to VMs with Azure Bastion.

Microsoft provides default NSG rules to allow traffic among subnets within your virtual network. For a more efficient and powerful option, upgrade your Azure Security Center license to Standard and onboard your VMs to just-in-time (JIT) VM access, which uses dynamic NSG rules to lock down VM management ports unless an administrator explicitly requests a connection.

You can combine JIT VM access with Azure Bastion, which results in this VM connection workflow:

  • Request access to the VM.
  • Upon approval, proceed to Azure Bastion to make the connection.

Azure Bastion needs some fine-tuning

Azure Bastion has a fixed hourly cost; Microsoft also charges for outbound data transfer after 5 GB.

Azure Bastion is an excellent way to secure administrative access to Azure VMs, but there are a few deal-breakers that Microsoft needs to address:

  1. You need to deploy an Azure Bastion host for each virtual network in your environments. If you have three virtual networks, then you need three Azure Bastion hosts, which can get expensive. Microsoft says virtual network peering support is on the product roadmap. Once Microsoft implements this feature, you can deploy a single Bastion host in your hub virtual network to manage VMs in peered spoke virtual networks.
  2. There is no support for PowerShell remoting ports, but Microsoft does support RDP, which goes against its refrain to avoid the GUI to manage servers.
  3. Microsoft’s documentation does not give enough architectural details to help administrators determine the capabilities of Azure Bastion, such as whether an existing RDP session Group Policy can be combined with Azure Bastion.

Go to Original Article
Author:

Windows Virtual Desktop is now generally available worldwide

Today, we’re excited to announce that Windows Virtual Desktop is now generally available worldwide. Windows Virtual Desktop is the only service that delivers simplified management, a multi-session Windows 10 experience, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps. With Windows Virtual Desktop, you can deploy and scale your Windows desktops and apps on Azure in minutes.

Since we announced Windows Virtual Desktop last September, and through the public preview announced in March, thousands of customers have piloted the service and taken advantage of the Windows 10 multi-session capability—validating the importance of this feature as a core part of the service. Customers also represented, all major industries and geographies, helping us get feedback from different customer types and locations. As a result, as of today the service is now available in all geographies. In addition, the Windows Virtual Desktop client is available across Windows, Android, Mac, iOS, and HTML 5.

“Windows Virtual Desktop allows our employees to work in a secure manner wherever they are. Windows Virtual Desktop provides the Windows 10 desktop experience that our employees are familiar with across a variety of devices or web browsers.”
—Jake Hovermale, Chief Technical Officer, BEI Networks

With the end of extended support for Windows 7 coming in January 2020, we also understand some customers need to continue to support Windows 7 legacy applications as they migrate to Windows 10. To support this need, you can use Windows Virtual Desktop to virtualize Windows 7 desktops with free Extended Security Updates (ESU) until January 2023. If you’re in the process of migrating to Windows 10 and need app compatibility assistance, read more about how we can help with the Desktop App Assure program.

To help increase productivity, we invested heavily in the Office experience in a virtualized environment with native improvements, as well as through the acquisition of FSLogix. In July, we made the FSLogix technology available to Microsoft 365, Windows 10 Enterprise, and RDS customers. Today, all FSLogix tools are fully integrated into Windows Virtual Desktop, enabling you to have the smoothest, most performant Office virtualization experience available today.

In addition to the significant architectural improvements for deployment and management, we’re also simplifying app delivery by supporting MSIX packaged apps to be dynamically “attached” to a virtual machine instead of installing it permanently. This is important because it significantly decreases storage and makes it easier for the admin to manage and update the apps, while creating a seamless experience for the user.

Check out the new video from Scott Manchester, Principal Engineering Lead for Windows Virtual Desktop, where he does a great job of walking you through the app “attach” experience.

Microsoft Mechanics

Windows Virtual Desktop is now released and ready for production!

Watch the video

Extending Windows Virtual Desktop

We also worked closely with our partner ecosystem to help our customers extend Windows Virtual Desktop and get the most out of existing virtualization investments.

  • Starting today, Citrix can extend Windows Virtual Desktop worldwide, including support for Windows 10 multi-session, Windows 7 with free Extended Security Updates for up to three years, and support for Windows Server 2008 R2 with free Extended Security Updates on Azure.
  • Later this year, VMware Horizon Cloud on Microsoft Azure will extend Windows Virtual Desktop and its benefits, such as Windows 10 Enterprise multi-session and support for Windows 7 with free Extended Security Updates for up to three years. Preview will be available by the end of the calendar year.
  • We also engaged with hardware partners, system integrators (SI), who provide turnkey desktop-as-a-service (DaaS) offerings, and value-added solution providers, who add capabilities such as printing, application layering, assessment, and monitoring on Azure Marketplace. Learn more about Windows Virtual Desktop partners on the documentation page.

General availability of Windows Virtual Desktop is just the beginning. We’ll continue to rapidly innovate and invest in desktop and app virtualization. We look forward to sharing more with you in the coming months. In the meantime, learn more on our product page and get started with Windows Virtual Desktop today.

If you’re a partner and want to learn more about Windows Virtual Desktop, visit the Azure Partner Zone page for Windows Virtual Desktop.

Go to Original Article
Author: Microsoft News Center

How to keep VM sprawl in check

During the deployment of virtual environments, the focus is on the design and setup. Rarely are the environments revisited to check if improvements are possible.

Virtualization brought many benefits to data center operations, such as reliability and flexibility. One drawback is it can lead to VM sprawl and the generation of more VMs that contend for a finite amount of resources. VMs are not free; storage and compute have a real capital cost. This cost gets amplified if you look to move these resources into the cloud. It’s up to the administrator to examine the infrastructure resources and make sure these VMs have just what they need because the costs never go away and typically never go down.

Use Excel to dig into resource usage

One of the fundamental tools you need for this isn’t Hyper-V or some virtualization product — it’s Excel. Dashboards are nice, but there are times you need the raw data for more in-depth analysis. Nothing can provide that like Excel.

Most monitoring tools export data to CSV format. You can import this file into Excel for analysis. Shared storage is expensive, so I always like to see a report on drive space. It’s interesting to see what servers consume the most drive space, and where. If you split your servers into a C: for the OS and D: for the data, shouldn’t most of the C: drives use the same amount of space? Outside of your application install, why should the C: drives vary in space? Are admins leaving giant ISOs in the download folder or recycle bin? Or are multiple admins logging on with roaming profiles?

Whatever the reason, runaway C: drives can chew up your primary storage quickly. If it is something simple such as ISO files that should have been removed, keep in mind that this affects your backups as well. You can just buy additional storage in a pinch and, because often many us in IT are on autopilot mode, it’s easy to not give drive space issues a second thought.

Overallocation is not as easy to correct

VM sprawl is one thing but when was the last time you looked at what resources you allocated to those VMs to see what they are actually using? The allocation process is still a little bit of a guess until things get up and running fully. Underallocation is often noticed promptly and corrected quickly, and everything moves forward.

A review process could reveal places that could use an adjustment to drain resources from overallocated VMs to avoid trouble in the future.

Do you ever check for overallocation? Do you ever go back and remove extra CPU cores or RAM? In my experience, no one ever does. If everything runs well, there’s little incentive to make changes.

Some in IT like to gamble and assume everything will run properly most of the time, but it’s less stressful to prepare for some of these unlikely events. Is it possible that a host or two will fail, or that a network issue strikes your data center? You have to be prepared for failure and at a scale that is more than what you might think. We all know things will rarely fail in a way that is favorable to you. A review process could reveal places that could use an adjustment to drain resources from overallocated VMs to avoid trouble in the future.

Look closer at all aspects of VM sprawl to trim costs

Besides the resource aspect what about the licensing cost? With more and more products now allocating by core, overallocation of resources has an instant impact on the application cost to start but it gets worse. It’s the annual maintenance costs that pick at your budget and drain your resources for no gain if you cannot tighten your resource allocation.

One other maintenance item that gets overlooked is reboots. When a majority of Windows Server deployments moved from hardware to virtualization, the runtime typically increased. This increase in stability brought with it an inadvertent problem. Too often, busy IT shops without structured patching and reboot cycles only performed these tasks when a server went offline, which — for better or worse — created a maintenance window.

With virtualization, the servers tend to run for longer stretches and show more unique issues. Memory leaks that might have gone unnoticed before — because they were reset during a reboot — can affect servers in unpredictable ways. Virtualization admins need to be on alert to recognize behaviors that might be out of the norm. If you right-size your VMs, you should have enough resources for them to run normally and still handle the occasional spikes in demand. If you see your VMs requiring more resources than normal, this could point to resource leaks that need to be reset.

Often, the process to get systems online is rushed, leads to VM sprawl and overlooks any attempts at optimization. This can be anything from overallocations to simple cleanup. If this isn’t done, you lose out on ways to make the environment more efficient, losing both performance and capacity. While this all makes sense, it’s important to follow through and actually do it.

Go to Original Article
Author:

12 TB VMs, Expanded SAP partnership on Blockchain, Azure Monitor for SAP Solutions

A few months back, at SAP’s SAPPHIRE NOW event, we announced the availability of Azure Mv2 Virtual Machines (VMs) with up to 6 TB of memory for SAP HANA. We also reiterated our commitment to making Microsoft Azure the best cloud for SAP HANA. I’m glad to share that Azure Mv2 VMs with 12 TB of memory will become generally available and production certified in the coming weeks, in US West 2, US East, US East 2, Europe North, Europe West and Southeast Asia regions. In addition, over the last few months, we have expanded regional availability for M-series VMs, offering up to 4 TB, in Brazil, France, Germany, South Africa and Switzerland. Today, SAP HANA certified VMs are available in 34 Azure regions, enabling customers to seamlessly address global growth, run SAP applications closer to their customers and meet local regulatory needs.

Learn how you can leverage Azure Mv2 VMs for SAP HANA by watching this video.
An image of a video player, clicking takes you to the video.

Running mission critical SAP applications requires continuous monitoring to ensure system performance and availability. Today, we are launching private preview of Azure Monitor for SAP Solutions, an Azure Marketplace offering that monitors SAP HANA infrastructure through the Azure Portal. Customers can combine monitoring data from the Azure Monitor for SAP Solutions with existing Azure Monitor data and create a unified dashboard for all their Azure infrastructure telemetry. You can sign up by contacting your Microsoft account team.

We continue to co-innovate with SAP to help accelerate our customers’ digital transformation journey. At SAPPHIRE NOW, we announced several such co-innovations with SAP. First, we announced general availability of SAP Data Custodian, a governance, risk and compliance offering from SAP, which leverages Azure’s deep investments in security and compliance features such as Customer Lockbox.

Second, we announced general availability of Azure IoT integration with SAP Leonardo IoT, offering customers the ability to contextualize and enrich their IoT data with SAP business data to drive new business outcomes. Third, we shared that SAP’s Data Intelligence solution leverages Azure Cognitive Services Containers to offer intelligence services such as face, speech, and text recognition. Lastly, we announced a joint collaboration of the integration of Azure Active Directory with SAP Cloud Platform Identity Authentication Service (SAP IAS) for a seamless single sign on and user provisioning experience across SAP and non-SAP applications. Azure AD Integration with SAP IAS for seamless SSO is generally available and the user provisioning integration is now in public preview. Azure AD integration with SAP SuccessFactors for simplified user provisioning will become available soon.

Another place I am excited to deepen our partnership is in blockchain. SAP has long been an industry leader in solutions for supply chain, logistics, and life sciences. These industries are digitally transforming with the help of blockchain, which adds trust and transparency to these applications, and enables large consortiums to transact in a trusted manner. Today, I am excited to announce that SAP’s blockchain-integrated application portfolio will be able to connect to Azure blockchain service. This will enable our joint customers to bring the trust and transparency of blockchain to important business processes like material traceability, fraud prevention, and collaboration in life sciences.

Together with SAP, we are offering a trusted path to digital transformation with our best in class SAP certified infrastructure, business process and application innovation services, and a seamless set of offerings. As a result, we help migrate to Azure SAP customers across the globe such as Carlsberg and CONA Services, who have large scale mission critical SAP applications. Here are a few additional customers benefiting from migrating their SAP applications to Azure:

Al Jomaih and Shell Lubricating Oil Company: JOSLOC, the joint venture between Al Jomaih Holding and Shell Lubricating Oil Company, migrated their mission critical SAP ERP to Azure, offering them enhanced business continuity and reduced IT complexity and effort, while saving costs. Migrating SAP to Azure has enabled the joint venture to prepare for their upgrade to SAP S/4HANA in 2020.

TraXall France: TraXall France provides vehicle fleet management services for upwards of 40,000 managed vehicles. TraXall chose Microsoft Azure to run their SAP S/4HANA due to the simplified infrastructure management and business agility, and to meet compliance requirements such as GDPR.

Zuellig Pharma: Amid a five-year modernization initiative, Singapore-based Zuellig Pharma wanted to migrate their SAP solution from IBM DB2 to SAP HANA. Zuellig Pharma now runs its SAP ERP on HANA with 1 million daily transactions and 12 TB of production workloads at a 40 percent savings compared to their previous hosting provider.

If you’re attending SAP TechEd in Las Vegas, stop by at the Microsoft booth #601 or attend one of the Microsoft Azure sessions to learn more about these announcements and to see these product offerings in action.

To learn more about how migrating SAP to Azure can help you accelerate your digital transformation, visit our website at https://azure.com/sap.

Go to Original Article
Author: Microsoft News Center

New VR Garage project Microgravity Lab takes students to space – Microsoft Garage

Virtual reality can transport us to new lands that are near, far, or imagined. As a team of Garage interns found partnering with the Microsoft Hacking STEM and NASA Stem on Station teams, it can also demonstrate physics concepts and spark an interest in STEM careers. For the back-to-school season, we’re excited to announce the opportunity to try Microgravity Lab, a Microsoft Garage project. The VR experience for Windows Mixed Reality and corresponding lesson plan equip teachers with an engaging tool for teaching physics concepts by simulating microgravity. Interested educators can request an invite to try the VR application and corresponding lesson plans. Be sure to include your school name and plan for using the application into the form.

Bringing space into the classroom via Windows Mixed Reality

The Garage Internship is a unique, startup-style program in which teams of interns build projects in response to pitched challenges by Microsoft engineering teams. When this Vancouver intern team heard that the Microsoft Education team was looking for a creative new method way to illustrate the concept of microgravity through VR, they jumped at the opportunity to work on the project.

Microgravity Lab title screen, displaying 5 different expeiences, settings, and other options.An often-misunderstood concept, microgravity is difficult to simulate and understand in Earth’s gravity-laden environment. It is best explained through experiential learning. The Microgravity Lab VR lab experience for Windows Mixed Reality and its accompanying lessons gives teachers the tools to bring this experiential learning to their students.

As NASA Education Specialist Matthew E. Wallace shared, “The concept of microgravity is often misunderstood by students who learn about astronauts on the International Space Station. Providing a virtual reality world for them to explore the phenomena of life on orbit is an excellent way to engage students and solidify their comprehension of concepts related to force, mass and gravitational acceleration.”

Sabrina Ng, Design Intern for the project noted, “When I think of microgravity, I think of it as something you feel, not what you see per se. Thinking about how to visualize and communicate such an abstract concept without stimulating the physical senses was a really cool challenge.”

Microgravity Lab joins a collection of eight middle school lesson plans developed in partnership with NASA to celebrate 20 years of humans living in and working on the International Space Station.

Experiencing microgravity to understand Newton’s 2nd & 3rd Law

Microgravity Lab is designed for grades 6-8. Students can explore three VR modules to understand these physics principles in the context of microgravity on the moon:

  • Conservation of momentum
  • Newton’s 2nd Law
  • Newton’s 3rd Law

The team worked closely with teachers to develop the project, testing early versions of Microgravity Lab with 7th and 8th grade classes. They refined and updated the experienced based on the classroom feedback.

Implementing feedback from teachers and students, the interns added a feature to enable live Microgravity data analysis via Excel. “This project gives students the experience and the fun aspects of VR, but with Excel, we found a way to expose them to Data Analysis. Data is a very important part of our world and this is a great way to introduce it to them,” shared Rébecca Vézina-Côté, the Program Manager Intern for Microgravity Lab.

Introducing space into the classroom via Windows Mixed Reality

Hacking STEM to engage students

Microgravity Lab joins the Hacking STEM portfolio. The portfolio is created by teachers for teachers to offer hands-on, inquiry-driven, real-world lesson plans. The standards-aligned, interdisciplinary lessons lesson plans teach 21st century technical skills in the context of existing curricula. The Hacking STEM portfolio now includes 22 middle and high school lesson plans built by teachers for teachers on topics ranging from circuits and robotic hands to learning how sharks swim, and now, microgravity.

“There are companies moving towards commercializing space travel and package delivery, a project like this might give students an idea of what life might be like on a space station, and hopefully inspire them to want to go further with it and see it as a future path for them as an area of interest or a future career,” shared Adrian Pang, a Software Engineer Intern with the project.

The Microgravity Lab experience makes science more engaging and introduces these concepts to students in a way that inspires lifelong learning and passionate curiosity about the world around them.

The impact of VR in the classroom

Microgravity lab team photoThe Microsoft Education team has provided materials to enable a seamless introduction of VR to the classroom. When immersive technologies are deployed correctly and in a pedagogically consistent manner, they have the potential to support and expand curriculum, enhancing learning outcomes in ways that haven’t been previously affordable or scalable. Read more in this white paper detailing the impact of VR in the classroom.

Based on their own experience learning VR and Windows Mixed Reality, Garage interns have suggestions on how teachers can get started with VR. “Windows Mixed Reality does a great job of walking users through setting up the headset, then it’s just finding the app on the Microsoft Store, downloading it and installing it,” shared Rébecca. Crystal Song, another Software Engineering Intern continues, “I’d encourage teachers and school administrators to not see the tech as just a toy, but something that can teach. VR has a unique ability to teach through discovery, so allowing space and time for students to explore is key.”

James Burke, a longtime Hacking STEM developer partner who worked with the interns to test the project, encourages fellow educators to think outside the box to engage and challenge students. “Kids can do a lot more than people give them credit for.” In Burke’s engineering lab at Tyee Middle School, students work on project-based learning modules that can resemble college-level multidisciplinary assignments. With future-ready equipment and real-world projects to tackle, his award-winning classroom engages with students at every level. VR is just another way to spark that passion in students.

Request an invitation to try the project

To get started with Microgravity Lab for your classroom, request an invite to try the VR application. Include your school name and plan for using the application into the form.

More lesson plans and classroom materials are available at the Hacking STEM website.

Go to Original Article
Author: Microsoft News Center

New Workspace One features focus on intelligence, security

VMware unveiled new Workspace One features at its annual user conference. Two standouts include Virtual Assistant, which will help to set up a device and answer frequently asked questions, and Employee Experience Management, which can proactively monitor endpoint security.

Workspace One is VMware’s digital workspace product that enables IT to manage endpoints and provide end users access to their desktops and applications wherever they are. The new features include AI capabilities that are designed to help IT and HR get new employees settled faster, as well as better identify potential security issues before they spread throughout the organization.

In this Q&A from VMworld, Shankar Iyer, SVP of end-user computing at VMware, talks about what the new Workspace One features can provide IT, why a zero-trust model is a security must and what customers can expect in the future from Workspace One.

What do organizations need to do at the start to get the most out of the new Workspace One features?

Shankar Iyer: It’s easy for an organization to latch on to it because it’s running in the cloud. The Virtual Assistant piece, we’ve partnered with IBM Watson and our framework will integrate with any NLP [natural language processing] type of programming that organizations use. We’re also seeing in the market the need for these general purpose questions answered, and Watson is a general purpose machine. We thought it was the best starting point from an NLP perspective.

We wanted to build a standard way for these bot frameworks to be able to integrate into our Virtual Assistant product. … But organizations can still customize a lot within Workspace One. Every organization that implements us is different, but there are patterns within industries or types of organizations that can ease that input.

How has the importance of security affected end-user computing?

Iyer: In the old days, the security model was about building this wall and not letting any activity leave the room. Now it’s an open floor: You can go to a company, and sometimes networks are open. Devices come from anywhere. It behooves customers to build this zero-trust security model.

As a result, you’ll need to put up some barriers and gates and that can benefit a platform like Workspace One. You need identity access; you need to establish device compliance and security hygiene. You need to have data collection through every point, and you need this intelligence ability to decode the data in real time and alert you if someone is coming in on a device we haven’t seen before from a place we haven’t seen before, so I’m going to notch up his risk score. If that risk score reaches a point, you can shut off access.

But how do you balance the desire for improved end-user experience with the need for better security?

Iyer: If you implement a zero-trust model you won’t compromise user experience. Because then say an employee comes into a network on a trusted device and, as IT, we’re going to give them the whole experience with no barriers. But through machine learning, if I detect an anomaly, I can start putting up gates. Say you used a friend’s device; the only inconvenience is probably a second login with a login pin. The end user will be OK with that. But if I try to challenge you with dozens of different password logins, that’s when you, as an end user, can get frustrated. It’s progressive enforcement as a need.

VMware SVP of EUC Shankar Iyer
VMware SVP of end-user computing, Shankar Iyer, addresses hundreds of VMworld attendees during the digital experience keynote.

The other thing security people are accepting is there’s no way to block everything. Even when a security concern slips through the cracks, with new Workspace One features, it tracks every action that the end user did. The moment you cross a threshold, we can shut off access.

That philosophy of security where you do progressive security boundaries, while not compromising experience by using all this data to fix things when things go wrong, is what we’re going for.

What is VMware looking forward to with Workspace One and what can customers expect?

Iyer: We’re starting to see an adoption of Workspace One features to optimize experience and when we break it down to a new employee’s Day Zero, Day One, Day Two and offboarding, there’s a lot we can do. We can optimize each one of those days and better bridge the physical and virtual world. For example, when you walk into your office, we badge in. Why do that when you have a smartphone? There are capabilities of using those devices as identity.

You’ll see this experience get more automated, and bringing the power of intelligence to IT to make them more productive and adding services, things like ticketing will diminish over time. Those are some areas we can still optimize. To do that, other facets of the platform like zero trust will need to be leveraged.

Go to Original Article
Author:

The use of technology in education has pros and cons

The use of technology in education continues to grow, as students turn to AI-powered applications, virtual reality and internet searches to enhance their learning.

Technology vendors, including Google, Lenovo and Microsoft, have increasingly developed technology to help pupils in classrooms and at home. That technology has proved popular with students in elementary education and higher education, and has been shown to benefit independent learning efforts, even as critics have expressed worry that can lead to decreased social interactions.

Lenovo, in a recent survey of 15,000 technology users across 10 countries, reported that 75% of U.S. parents who responded said their children are more likely to look something up online than ask for help with schoolwork. In China, that number was 85%, and in India, it was 89%.

Taking away stress

According to vendors, technology can augment schoolwork help busy parents give their children.

Parenting in general is becoming a challenge for a lot of the modern families as both parents are working and some parents may feel overwhelmed,” said Rich Henderson, director of global education solutions at Lenovo, a China-based multinational technology vendor.

If children can learn independently, that can take pressure and stress off of parents, Henderson continued.

Independent learning can include searching for information on the web, querying using a virtual assistant, or using specific applications.

About 45% of millennials and younger students find technology “makes it much easier to learn about new things,” Henderson said.

Many parents, however, said on the survey that they felt the use of technology in education, while beneficial to their children’s learning, also led to decreases in social interactions. Using the technology to look up answers, instead of consulting parents, teachers or friends, concerned parents that “their children may be becoming too dependent on technology and may not be learning the necessary social skills they require,” according to the survey.

At the same time, however, many parents felt that the use of technology in education would eventually help future generations become more independent learners.

Technology has certainly helped [children learn].
Rich HendersonDirector of global education solutions, Lenovo

“Technology has certainly helped [children learn] with the use of high-speed internet, more automated translation tools. But we can’t ignore the fact that we need students to improve their social skills, also,” Henderson said. “That’s clearly a concern the parents have.”

Yet, despite the worries, technology vendors have poured more and more money into the education space. Lenovo itself sells a number of hardware and software products for the classroom, including infrastructure to help teachers manage devices in a classroom, and a virtual reality (VR) headset and software to build a VR classroom.

The VR classroom has benefited students taking online classes, giving them a virtual classroom or lab to learn in.

Google in education

Meanwhile Google, in an Aug. 15 blog post, promoted the mobile learning application Socratic it had quietly acquired last year. The AI-driven application, released for iOS, can automatically solve mathematical and scientific equations by taking photos of them. The application can also search for answers to questions posed in natural language.

Use of technology in education, student, learning
The use of technology in education provides benefits and challenges for students.

Also, Socratic features references guides to topics frequently taught in schools, including algebra, biology and literature.

Microsoft, whose Office suite is used in many schools around the world, sells a range of educational and collaborative note-taking tools within its OneNote product. The tool, which includes AI-driven search functions, enables students to type in math equations, which it will automatically solve.

While apparently helpful, the increased use of technology in education, as well as the prevalence of AI-powered software for students, has sparked some criticism.

The larger implications

Mike Capps, CEO of AI startup Diveplane, which sells auditable, trainable, “transparent” AI systems, noted that the expanding use of AI and automation could make basic skills obsolete.

Many basic skills, including typing and driving, could eventually end up like Latin — learnable, potentially useful, but unnecessary.

AI systems could increasingly help make important life decisions for people, Capps said.

“More and more decisions about kids’ lives are made by computers, like college enrollment decisions and what car they should buy,” Capps said.

Go to Original Article
Author: