• macos,  microsoft,  virtualization,  vmware,  windows 10,  windows server

    Building a Virtual Active Directory Test Lab

    Windows Server Core, Windows 10 Pro, and macOS Big Sur in an AD domain.

    It has been a long time since I build a Microsoft Active Directory lab environment. Years ago, I put together a test lab with physical white box machines that I built. The popularity of virtual machine technology makes all of that space hogging, wires everywhere, make your wife annoyed mess a thing of the past.

    This will be the first in a series of posts about how I setup a virtual test lab using VMware Fusion on my Mac.

    Microsoft Insider Programs

    I have been dabbling with virtual Ubuntu machines over the last year or so, and I wanted to do something a little different. Microsoft offers IT pros a few of their products free of charge, for non-production use, of course, for training and development purposes as part of the Insider program. IT types who want to play along will be interested in the Windows 10, Windows Server (Core), Visual Studio Preview, and SQL Server Developer. There are also programs for Microsoft Edge and Office 365, if you are so inclined.

    Make Up of the Lab

    I'm looking for a playground so my requirements are pretty low. To build my virtual lab environment I will be using my everyday use 2015 5K iMac with a 3.3Ghz Quad-Core Intel Core i5 CPU and 32GB of RAM. Faster CPUs and more RAM is always better, however, in 2015 my needs were different. I am also running VMware Fusion Pro 12 as the hypervisor on my iMac. Due to the physical constrains of my iMac, not all of these virtual machines will be running all the time. Likewise, they will not be optimized for speed.

    As a side note, anyone purchasing a new M1 Apple Silicon powered Macintosh - the 2020 MacBook Air, the 2020 2-port USB-C 13-inch MacBook Pro, or the 2020 silver Mac mini - will not currently be able to run virtualization technology like VMware Fusion or Parallels Desktop because these apps haven't yet been updated to work on M1 and Apple's new virtualization technology layer.

    For my initial lab setup, I plan on deploying the Insider editions of Windows Server Core, Windows 10 Pro, and then building an Active Directory domain to manage the environment. Then, I added a virtualized macOS 11 Big Sur VM. In the future, I plan to deploy an IIS web server on my domain controller and the developer edition of SQL Server on another AD member Core server. I will be using Microsoft's RD Client for macOS to connect to the Windows machines. To network the virtual machines together, I will use the "Share with my Mac" VMware Fusion networking option. From my home network perspective, there will only be one DHCP1 IP network address being used (by my iMac) and each VM will get it's own private IP address thanks to the magic of NAT2.

    VMware Fusion 12's Network NAT Option

    For my next article in this series, I will discuss the setup process for Windows Server Core.

  • microsoft,  update,  windows,  windows server

    Microsoft’s ANS Alerts Are No Longer Free

    Tomorrow's Microsoft "Patch Tuesday" is going to seem a little bit more confusing than past patch days for the majority of Microsoft's customers.

    "They've gone from free to fee, and for really no particular reason," said Andrew Storms, vice president of security services at New Context, a San Francisco-based security consultancy, in an interview."

    Microsoft Windows administrators have been familiar with the ANS, or Advanced Notification Service emails that were sent out a head of Microsoft's scheduled patch release date with information regarding what software was to be patched, their classification of the patch, and associated knowledge base articles.  Starting with tomorrow's patch Tuesday, Microsoft will not provide advanced notice of patches.

    "Customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimized testing and deployment methodologies," said Chris Betz, senior director at the Microsoft Security Response Center (MSRC). "While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically."

    "Microsoft prefers to call its monthly security release "Update Tuesday," apparently believing "Patch Tuesday" carries negative connotations."

    So, unless your organization pays for premiere support or is otherwise involved in sharing security information with Microsoft, you will no longer be receiving these email updates.

    Personally, I've never participated in the online briefings, but I would skim the list of patches, sorry, "updates" that Microsoft would be pushing out to Microsoft Windows Update Servers (WUS) running on private networks.  While I'm sad to see the email notices and blog postings go away, for small to mid-sized organizations, I'm not sure that there will be a meaningful impact on day-to-day operations.  What will likely become of this is that Windows client and Windows Server administrators will need to pay more attention when testing the latest updates before deploying them on production servers.

    [Via ComputerWorld.com...]