Category Archives: Networking

How to monitor network activities in Azure with Traffic Analytics

Worldwide cloud networks have substantial differences compared to those in the on-premises, but they are united by the need to be constantly monitored, managed and analyzed. All this is important for to know them better, in order to protect them and optimize them. Microsoft introduced in Azure the solution called Traffic Analytics, fully cloud-based, allowing you to have an overall visibility on network activities that are undertaken in the cloud environment. This article analyzes the characteristics of the solution and explains how you can turn it.

Operating principles of the solution

In Azure to allow or deny network communication to the resources connected with Azure Virtual Networks (vNet) it uses the Network Security Group (NSG), containing a list of access rules. The NSGs are applied to network interfaces connected to the virtual machines, or directly to the subnet. The platform uses NSG flow logs to maintain the visibility of inbound and outbound network traffic from the Network Security Group. Traffic Analytics is based on the analysis of NSG flow logs and after an appropriate aggregation of data, inserting the necessary intelligence concerning security, topology and geographic map, can provide detailed information about the network traffic of your Azure cloud environment.

Figure 1 – Data flow of Traffic Analytics

Solution functionality

Using Traffic Analytics you can do the following:

  • View network activities cross Azure subscriptions and identify hotspots.
  • Intercept potential network security threats, in order to take the right remedial actions. This is made possible thanks to the information provided by the solution: which ports are open, what applications attempt to access to Internet and which virtual machines connect to unauthorized networks.
  • Understand network flows between different Azure regions and Internet, in order to optimize their deployment for network performance and capacity.
  • Identify incorrect network configurations that lead to having incorrect communication attempts.

How to enable the solution

In order to analyze the network traffic you must have a Network Watcher in every region where there are the NSGs for which you intend to analyze traffic. The Network Watcher is a regional service, which makes it possible to monitor and diagnose the networking of Azure. Enabling Network Watcher can be made by Azure Portal, using Powershell or via REST API. By creating it from the portal it is not possible to determine the name of the Network Watcher and its Resource Group, but is assigned a default name in both entities.

Figure 2 – Enabling Network Watcher from the portal

Figure 3 – Enabling Network Watcher using PowerShell

As this is a preview service in order to use it you need to redo the registration of the network resource provider on the Azure subscription interested. You must also register the provider Azure Insights.

Figure 4 - Registration of the providers through PowerShell

In order to enable the collection of NSG Flow Logs you must have a storage account on which to store them. You must also have a workspace OMS Log Analytics on which Traffic Analytics will consolidate the aggregated and indexed data. The information present in Log Analytics will then be used to generate the analysis.

First configuration step of the NSG flow logs settings:

Figure 5 - Selection of the NSGs on which enable the collection of flow logs

Choice of storage account and workspace OMS Log Analytics for each NSGs:

Figure 6 – Enabling the collection of NSG flow logs and consolidation in OMS Log Analytics

The steps above must be repeated for each NSG for which you want to enable Traffic Analytics.

Figure 7 – List of NSGs with settings enabled

Within a few minutes from enabling, time necessary to obtain a quantity of sufficiently indicative aggregated data, its dashboard is populated with the information of Traffic Analytics.

Figure 8 – Traffic Analytics Dashboard

From the dashboard of Traffic Analytics information is readily available such as: hosts with a high level of communication, the most widely used application protocols, the communications that occur more frequently and the flows relating to network traffic in the cloud.

Selecting the section of interest is shown the query of Log Analytics that extrapolates the data:

Figure 9 - Sample query of Log Analytics showing the allowed malicious traffic

For a complete overview of the possible scenarios for using Traffic Analytics you can see this Microsoft's document.


Traffic Analytics is a new feature, currently in preview, introduced in Azure. It is an effective and easy-to-use tool that helps you keep track of the status of your network in Azure reporting very useful data, as who and where are connected, which ports are exposed to the internet, which network traffic is generated and more. This information is critical for detecting anomalies and make appropriate corrective actions. All operations that are difficult to achieve without this fully integrated tool in the platform.

OMS and System Center: What's New in November 2017

In November there have been several announcements from Microsoft concerning Operations Management Suite (OMS) and System Center. This article will summarize briefly with the necessary references to be able to conduct further studies.

Operations Management Suite (OMS)

Log Analytics

As already announced since 30 October 2017 Microsoft has launched the upgrade process of the OMS workspaces not yet updated manually. In this regard has been released this useful document that shows the differences between a legacy OMS workspace and a updated OMS workspace, with references for further details.


Those that use circuit ExpressRoute will be glad to know that Microsoft announced the ability to monitor it through Network Performance Monitor (NPM). This is a feature currently in preview that allows you to monitor connectivity and performance between the on-premises environment and vNet in Azure in the presence of ExpressRoute circuit. For more details about the features announced you can consult theofficial article.

Figure 1 – Network map showing details of ExpressRoute connectivity


As usual it was released a new version of the OMS Agent for Linux systems that now takes place on a monthly basis. This release fixes bugs related diagnostics during agents onboarding. Are not being introduced new features. To obtain the updated version please visit the official GitHub page OMS Agent for Linux Patch v 1.4.2-124.

Protection and Disaster Recovery

Azure Backup always protected backups from on-premises world toward Azure using encryption that takes place using the passphrase defined during the configuration of the solution. To protect VMs in Azure the recommendation for greater security in the backup was to use VMs with disk-encrypted. Now Azure Backup uses Storage Service Encryption (SSE) to do the encryption of backups of virtual machines on Azure, allowing to obtain in an integrated manner in the solution a mechanism for the implementation of the backup security. This also will happen to existing backup automatically and through a background task.

Microsoft, in order to bring more clarity with regard to pricing and licensing of Azure Site Recovery, updated the FAQ which you can see in the official page of pricing of the solution.

System Center

As is already the case for the operating system and System Center Configuration Manager, the other System Center products, in particular, Operations Manager, Virtual Machine Manager, and Data Protection Manager will follow a release of updated versions every 6 months (semi-annual channel). The goal is to rapidly deliver new capabilities and to ensure a speedy integration with the cloud world, which is essential given the speed with which it evolves. In November was announced the System Center preview version 1711 which you can download at this address.

Figure 2 – Summary of what's new in System Center preview version 1711

To know the details of the new features in this release, please consult theofficial announcement.

System Center Configuration Manager

For System Center Configuration Manager current branch version 1706 was issued an important update rollup you should apply as it solves a lot of problems.

Released the version 1710 for the Current Branch (CB) of System Center Configuration Manager that introduces new features and major improvements in the product. Among the main innovations of this update definitely emerge the possibilities offered by the Co-management that expand the possibilities for device management using either System Center Configuration Manager and Microsoft Intune.

Figure 3 – Features and benefits of Co-management

For a complete list of new features introduced in this version of Configuration Manager, you can consult theofficial announcement.

Released the version 1711 for the Technical Preview branch of System Center Configuration Manager. The new features in this update are:

  • Improvements in the new Run Task Sequence step.
  • User interaction when installing applications in the System context even when running a task sequence.
  • New options, in the scenario of using Configuration Manager associated with Microsoft Intune, to manage compliance policy for devices Windows 10 related to Firewall, User Account Control, Windows Defender Antivirus, and OS build versioning.

I remind you that the releases in the Technical Preview Branch allows you to evaluate in preview new SCCM functionality and is recommended to apply these updates only in test environments.

Released a updated version of the Configuration Manager Client Messaging SDK.

System Center Operations Manager

Released the new wave of the SQL Server Management Packs (version

The Management Packs for SQL Server 2017 can be used for the monitor of SQL Server 2017 and subsequent releases (version agnostic), this allows you to avoid having to manage different MPs for each version of SQL Server. The controls for versions of SQL Server earlier than 2014 are included in the generic MP "Microsoft System Center Management Pack for SQL Server".

System Center Service Manager

Microsoft has published a series of tips and best practices to be followed during Authoring Management Pack of System Center Service Manager (SCSM).

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

OMS and System Center: What's New in August 2017

This article summarizes the main new features and includes upgrades, concerning Operations Management Suite (OMS) and System Center, that were announced during the month of August.

Operations Management Suite (OMS)

Log Analytics

  • For Log Analytics was published what may be called the most significant upgrade from the date of issue. Among the main changes introduced by this update there is a new powerful query language, the introduction of the new Advanced Analytics portal and greater integration with Power BI. For more details, I invite you to consult the specific article Log Analytics: a major update evolves the solution.

Figure 1 – Upgrade of Log Analytics


  • The agent who for Linux systems is constantly evolving and we released a new version that has fixed some bugs and improved error handling during onboarding of agent for easier troubleshooting: OMS Agent for Linux GA v 1.4.0-45

Figure 2 – Bug fixes and what's new for the OMS agent for Linux


  • The OMS solution Network Performance Monitor has been improved and enhanced with the following new features:
    • The diagnostic agent: the solution now provides the ability to monitor in a specific view the health status of various agents deployed on the network and in case of problems NPM reports useful diagnostic information for troubleshooting.
    • Hop-by-hop latency breakdown: the topology map of the network has been enriched with details of timings found between two specific points.
    • Availability on the Azure Portal: as well as continuing to be available from OMS can be added from the Marketplace Azure and used directly by the Azure Portal.
    • Presence in additional region of Azure: the solution is now also available for the region Azure West Central US.

For more details see the announcement Improvements to the who Network Performance Monitor.

  • The emerging technology is becoming more widespread and monitor containers Docker becomes an essential component. For this reason the OMS team announced the availability of the new solution Container Monitoring that allows you to:
    • Display in a unique location information for all hosts container.
    • Learn which containers are running, where I am and with which image.
    • See audit information concerning action taken on container.
    • View and search logs for troubleshooting without needing access to hosts Docker.
    • Locate the containers that are consuming an excessive amount of resources on the host.
    • Display performance information centrally about the container about CPU usage, of memory, storage and network.

Figure 3 – Synthesis pathway of solution Container Monitoring

Full details on the solution Container Monitoring you can consult them in the document Container Monitoring solution in Log Analytics.

  • Released in preview the new solution for the monitoring of Azure Logic Apps. The solution displays various information about the status of logic app and then drill down to see details useful for troubleshooting. All aspects of this solution you can consult them in Microsoft's official documentation.

Security and Audit

  • The baseline assessment of OMS Security is enhanced with functionality Web security baseline assessment that was announced in public preview and lets you scan the web server with Internet Information Services (IIS) to check for security vulnerabilities and provides useful recommendations regarding the correct environment setup. The document Baseline Assessment in Operations Management Suite Web Security and Audit Solution shows additional information about.

Figure 4 – Assessment dashboard of Web security baseline


System Center

System Center Configuration Manager

  • Last month it was released version 1706 for the Current Branch (CB) System Center Configuration Manager as described in the article OMS and System Center: What's New in July 2017. In date 8 August was released a package update to correct some errors that were encountered during the first deployment, but this package introduced problems therefore on 11 August has been replaced with a new version. For those who have updated SCCM to version 1706 between August 8 and August 11 you need to install an additional update as documented in Microsoft knowledge base article Update for System Center Configuration Manager version 1706, first wave. This update can be installed by accessing the node "Updates and Servicing" of the SCCM console. A further update will be released in the coming week to who made the SCCM update to version 1706 prior to August 8.
  • Released version 1708 for the branch Technical Preview of System Center Configuration Manager: Update 1708 for Configuration Manager Technical Preview Branch – Available Now!. I remind you that the releases in the Technical Preview Branch allows you to evaluate in preview new SCCM functionality and is recommended to apply these updates only in test environments.

System Center Operations Manager

Following the news about the SCOM Management Pack 2016:

  • Advanced Threat Analytics 1.7 Management Pack version
  • Service Map Management Pack in public preview: Thanks to this new MP you can integrate maps are created dynamically by the OMS Service solution Map with diagrams of the Distributed Application in Operations Manager to ensure that the latter are dynamically generated and maintained.

For more information I invite you to consult related documentation available online.

Figure 5 – Integration of the Service Map of who and the SCOM Distributed App

  • Available a hotfix to solve some problems related to the WMI monitor health.

How to connect third-party security solutions at OMS

Between the various features of Operations Management Suite (OMS) There is a possibility to collect events generated in standard form Common Event Format (CEF) and events generated by Cisco ASA devices. Many vendors of security solutions generate events and log files matching the syntax defined in the standard CEF for interoperability with other solutions. Configuring the sending of data in this format to who and adopting the solution OMS Security and Audit You can correlate the different information collected, leverage the powerful search engine of OMS to monitor your infrastructure, retrieve audit information, detect problems and use Threat Intelligence.

This article will be fleshed out the necessary steps to integrate the logs generated by Cisco Adaptive Security Appliance (ASA) within the who. Before you can configure this integration you must have a Linux machine with installed agent OMS (version 1.2.0-25 or later) and configure it to forward the logs are received by the who to the workspace. For installation and onboard Linux agent I refer you to the official Microsoft documentation: Steps to install the OMS Agent for Linux.

Figure 1 – Architecture for collecting logs from Cisco ASA in OMS

Cisco ASA apparatus must be configured to forward events to the Linux machine defined as collector. To do this you can use Cisco ASA device management tools such as Cisco Adaptive Security Device Manager:

Figure 2 – Syslog Server configuration example Cisco ASA

On the Linux machine must be running the syslog daemon will send events to UDP port 25226 local. The agent who is listening on this port for all incoming events.

For this configuration, you must create the file Security-config-omsagent. conf respecting the following specifications depending on the type of Syslog running on Linux machine. For example, a sample configuration to send all events with facility local4 the agent who is as follows:

  • If daemon rsyslog the file must be present in the directory /etc/d/rsyslog. with the following content:
#OMS_facility = local4

local4.* @
  • If daemon syslog-ng the file must be present in the directory /etc/syslog-ng/ with the following content:
#OMS_facility = local4  

filter f_local4_oms { facility(local4); };  

destination security_oms { TCP("" port(25226)); };  

log { source(src); filter(f_local4_oms); destination(security_oms); };  

The next step is the creation of the configuration file Fluentd named security_events. conf that lets you collect and make parsing of events received by the agent who. The file you can download it from GitHub repository and must be copied into the directory /etc/opt/microsoft/omsagent/<workspace id>/conf/d/omsagent..

Figure 3 – Configuration file Fluentd the agent OMS

At this point, to make the changes, You must restart the syslog daemon and agent who through the following commands:

  • Restarting Syslog daemon:
sudo service rsyslog restart or sudo/etc/init.d/syslog-ng restart
  • Restart agent OMS:
sudo/opt/microsoft/omsagent/bin/service_control restart

Complete these steps the agent who should view the log to see if there are any errors using the command:

tail/var/opt/microsoft/omsagent/<workspace id>/logs/omsagent.log

After finishing the configuration from the who portal you can type in the query Log Search Type = CommonSecurityLog to analyze data collected from the Cisco ASA:

Figure 4 – Query to see Cisco ASA events collected at OMS

Log collection is enriched by Threat Intelligence present in solution Security & Compliance Thanks to an almost real-time correlation of data collected in the repository OMS with information from leading vendor of Threat Intelligence and with the data provided by the Microsoft security centers allows you to identify the nature and results of any attacks involving our systems, including the network equipment.

By accessing the solution Security And Audit from the OMS section appears Threat Intelligence:

Figure 5 – Information of Threat Intelligence

By selecting the tile Detected threat types You can see details about intrusion attempts that in the following case involving the Cisco ASA:

Figure 5 – Detected threat on Cisco ASA

In this article you entered the configuration details of Cisco ASA, but similar configurations you can make them for all solutions that support the generation of events in standard form Common Event Format (CEF). To configure the integration of Check Point Securtiy Gateway with who I refer you to the document Configuring your Check Point Security Gateways to send logs to Microsoft who.


Using Operations Management Suite there is a chance to consolidate and to correlate events from different products that provide security solutions allowing you to have a complete overview of your infrastructure and respond quickly and accurately to any incident of security.

Monitor network performance with the new solution of OMS

In this article we will see how it works and what are the main features of the new OMS solution called Network Performance Monitor (NPM). This solution is able to check the status of your network even in the presence of hybrid architectures allowing you to quickly identify any network segment or device at any given time is causing or has caused outages or performance problems network side. This new service makes the network monitor application centric and this feature makes it different than conventional monitor solutions on the market that tends to have a particular focus on the control of network devices.

Figure 1 – Overview of solution NPM

Using the solution Network Performance Monitor OMS you can have total visibility in terms of availability, latency and performance of their network infrastructure. The activation process and operation is as follows:

  • By accessing the portal who adds the solution "Network Performance Monitor (NPM)"in the gallery of the solution of OMS. To do so you can follow the steps that are documented in the following article: Add Azure Log Analytics management solutions to your workspace (OMS)
  • The solution requires the agent OMS installed on the machines on each subnet that you want to monitor. This is the traditional agent who is not prompted to install any additional part.
  • The cars carrying the agent who will download by who of Network Monitoring Intelligence Pack which is used to detect the subnet on which stood the machine and upload this information to the workspace who.
  • The agent retrieves in turn from who and network configurations are made of probe to detect packet loss and network performance. Network Performance Monitor (NPM) uses synthetic transactions to calculate how many packets are lost and the latency in mind for the various network links. Probe packets that are sent between various agents who carry out the assessment and to monitor the status of your network can be TCP (packages TCP SYN followed by a TCP handshake) or ICMP (messages ICMP ECHO as those generated by traditional utility Ping). Using the ICMP protocol to carry out the probe is useful in environments where network devices because of certain restrictions are not able to respond to TCP type probe.
  • All data is sent to the workspace who and are aggregated to show in clear and understandable terms the network status. In fact, thanks to the Topology Map provides a graphical view of all network paths exist between the various endpoints that helps quickly locate network problems. The topology map are interactive and allow you to drill down on various network links this hop-by-hop topology details. Also you can set filters based on the State of health of link, zoom on network segments and customize the topology.

Figure 2 – Network Topology

The main features of the solution are as follows:

  • The solution is agnostic in terms of the network devices and related vendor and is able to monitor any IP network.
  • The solution is able to monitor connectivity between:
    • Data-center located at different sites and connected via public or private network.
    • Public clouds like Azure and AWS, on-premises networks and user stations.
    • Virtual networks present at public cloud and on-premises.

      Figure 3 – Components monitored by solution NPM

  • NPM helps identify accurate and detailed the network path that is causing a malfunction or degradation of performance, regardless of the complexity of the network, monitoring model adopted:

    Figure 4 – Monitoring model

  • Thanks to a feature called Network State Recorder can not only see the current state of health of the network, but to evaluate it even at a certain time in the past, useful for investigating reports of transitional issues.

    Figure 5 – Network State Recorder

  • Using alerting functionality included in who you can configure sending e-mail alerts to problems encountered by solution NPM. Also you can trigger remediation actions through runbook or set up webhooks to integrate with an existing solution for service management.

    Figure 6 – NPM alerting

  • The solution not only supports Windows Server but the agent also works for client operating systems (Windows 10, Windows 8.1, Windows 8 and Windows 7) and there is also support for Linux operating systems (servers and workstations).

Regarding the cost and licensing model the solution Network Performance Monitor (NPM) is part of OMS Insight & Analytics. On page Prices for Microsoft Operations Management Suite find all the details related to pricing of OMS.



In IT environments they see increasingly complex architectures it is useful to have a tool to effectively monitor the status of your network and allows you to isolate with precision the source of any problems. Using the solution Network Performance Monitor (NPM) OMS you have full visibility of the network even in hybrid architecture and you can act proactively identify potential problems. NPM is also a suitable tool not only for network administrators, but thanks to its features can be very useful and easy to use even by those who manage the infrastructure and applications. For those interested to further deepen this and other features of the who remember that you can try the OMS for free. For more information about solution Network Performance Monitor (NPM) You can see the official documentation.

Windows Server 2016: Introduction to Network Controller

In Windows Server 2016 There are many new features in networking that allow us to achieve a functional infrastructure, named Software-Defined Networking (SDN), underlying the Software Defined Datacenter (SDDC).

The main features of Software Architecture Defined Networking (SDN) are adaptability, the dynamism and ease of management. All these aspects can be covered better by introducing in Windows Server 2016 of the features that we're going to deepen in this article.

Network Controller

This is a new role that is introduced in Windows Server 2016 that can be easily installed by using Server Manager or Using PowerShell and that helps you manage, Configure and monitor virtual and physical network infrastructure of your datacenter. Thanks to the Network Controller you can also automate the configuration of their network infrastructure instead of having to manually configure device and services. This role can also be installed on virtual machines, plan to be put in high availability and can scale easily. Deploy your Network Controller can either be done in domain environment, in this case, user authentication and network device is using Kerberos, that in a non-domain environment requiring certificate authentication.

Communication between the Network Controller and the network components is done using the Southbound API, figura 1, where is made the discovery of network equipment and detected configuring services. Also through the same interface the required network information is collected and transmitted to the changes made.

Northbound interface API you can communicate with your Network Controller to consult network information and use them to make monitoring and troubleshooting. The same API is used to make changes to the network configuration and to deploy new devices.

2015_ 12_27_WS16NC_01
Figure 1 – Communication Scheme

Manage and monitor your network through Network Controller, figura 2, can be performed directly using PowerShell (Network Controller Cmdlets) or by using management applications such as System Center Virtual Machine Manager (SCVMM) and System Center Operations Manager (SCOM).

2015_ 12_27_WS16NC_02

Figure 2 – Management Network Controller

Via the Network Controller you can manage the following physical and virtual network infrastructure components:

  • Hyper-V VMs and virtual switches
  • Switch
  • Router
  • Software firewall
  • Vpn Gateway (including Multitenant RRAS Gateway)
  • Load Balancer

Virtualized Network Functions

The spread of virtualization has also involved the field network and there is more and more interest in virtual appliances and cloud services that provide network services with an emerging market growing fast. We see more and more frequently in software defined datacenter using virtual appliances to deliver networking features that typically were paid solely by physical devices (such as load balancers, Firewall, router, switch, etc.).

In Windows Server 2016 Technical Preview includes the following virtual appliance:

Software Load Balancer

This is a load balancer software layer-4, similar to the load balancer already widely used on the Azure platform. For more information about Microsoft Azure Load Balancing Services, I invite you to consult Microsoft Azure Load Balancing Services.

Multi-tenant Firewall

Datacenter Firewall, figura 3, is a new service introduced in Windows Server 2016. This firewall can protect the network layer virtual network and is thought to be multitenant. When implemented can be offered as a service by the service provider and the tenant administrator can install and configure the firewall policy to secure their virtual networks from potential attacks that originate from the internet or from Interne.

2015_ 12_27_WS16NC_03

Figure 3 – Firewall Policy

Managing the Datacentre Firewall can be made using the network controller. Datacenter Firewall provides the following benefits for cloud service providers:

  • A scalable and maintainable software firewall service that can be offered as a service to its tenants
  • Provides protection for tenants, regardless of the operating system running on the virtual machine
  • Freedom to move virtual machines hosted tenants of different fabrics without breaking the firewall functionality provided in that:
  • Agent firewall is deployed as a vSwitch;
  • The virtual machines of the tenant shall take the policy assigned to their vSwitch;
  • Firewall rules are configured in each port of the vSwitch, regardless of the physical host that holds the virtual machine

As regards tenants instead the Datacenter Firewall provides the following benefits:

  • Ability to define rules on the firewall to help protect workloads in virtual network to the Internet
  • Ability to create rules on the firewall for protection between virtual machines on the same subnet layer 2 or on different subnet L2
  • Ability to define firewall rules to help protect and isolate network traffic between the on-premise and virtual network tenants present at the service provider

RAS Gateway

RAS Gateway is used to route network traffic between the virtual and physical networks networks. There are many areas of use:

Site-to-Site Gateway

Multi-tenant gateway solution, figura 4, that allows tenants to access their resources and manage them using a site-to-site VPN connection. Thanks to this gateway you can connect virtual resources in the cloud with the physical network of the tenant.

2015_ 12_27_WS16NC_04

Figure 4 – S2S Gateway

Forwarding Gateway

Used to route network traffic between virtual networks and the physical network hosting provider (in the same geographical location) – Figure 5.

2015_ 12_27_WS16NC_05

Figure 5 – Forwarding Gateway

GRE Tunnel Gateway

Gateways are able to create tunnels based on the GRE protocol that provide connectivity between virtual network of tenants and external networks. The GRE protocol is supported on many network devices, Therefore it is an ideal choice when not prompted to channel encryption. For more information on the GRE tunnel I invite you to consult GRE Tunneling on Windows Server Technical Preview.

Hyper-V Network Virtualization

The Network Virtualization with Hyper-V (HNV) is a key component of Software Defined Networking solution (SDN) by Microsoft and as such there are many new features in Windows Server 2016 to make it more functional and integrated stack SDN.

An important aspect to consider when it comes to SDN is that stack itself is consistent with Microsoft Azure and would therefore bring the same potentials used in public cloud Azure at its reality.

Programmable Hyper-V Switch

With the Network Controller you can make policy push HNV, figura 6, towards the agent running on each host that uses the Open vSwitch Database Management Protocol (OVSDB – RFC 7047). The Host Agent stores these policies using a schema customization VTEP and is able to program complex rules within the powerful engine of Hyper-V virtual switch.

2015_ 12_27_WS16NC_06

Figure 6 – Push Policies

VXLAN Encapsulation support

EXtensible Protocol Virtual Local Area Network (VXLAN – RFC 7348) has been widely adopted in the market with the support of leading vendors like Cisco, Brocade, Dell, HP and others. The HNV now supports this encapsulation scheme, using Microsoft MAC distribution mode through the Network Controller, which allows you to program the association between the IP addresses of the tenant (Customer Address – CA) physical network IPS and (Provider Address – PA). Generic Routing Encapsulation the encapsulation protocol Network Virtualization (NVGRE) continues to be supported on Windows Server 2016.

Interoperability with Software Load Balancer (SLB)

The software load balancer (SLB) presented above is fully supported in the virtual networks. The SLB is done through the virtual switch engine performance and controlled by network controller regarding the mapping Virtual IP (VIP) – Dynamic IP (DIP).

IEEE Compliant

To ensure full interoperability with physical and virtual network equipment we guarantee that all packets transmitted when using HNV is in all its fields compliant with standards dictated by the IEEE. This aspect has been heavily edited and improved in Windows Server 2016.

New Elements Introduced (Cloud Stairs Fundamentals)

In Windows Server 2016 the following features have been introduced to allow you to configure your environment more effectively, making the best use of available hardware resources:

Converged Network Interface Card (NIC): This feature allows you to use a single network adapter to handle different types of traffic: the management, storage access (RDMA) and the traffic of the tenant. In this way it is possible to decrease the number of network adapters are required for each physical host.

Switch Embedded Teaming (SET): Set is a new integrated Virtual Switch NIC Teaming solution for Hyper-V. SET allows you to have up to eight compounds teaming physical network adapters in a single SET team. This teaming mode, being integrated into virtual switch, can only be used on physical hosts and not inside the virtual machines, where you can still configure teaming in the traditional way (NIC Teaming Virtual Machines). This teaming mode does not expose team interfaces, but the configurations are made through Virtual Switch port.

2015_ 12_27_WS16NC_07

Packet Direct: Packet Direct allows to achieve a high throughput and low latency for network traffic.

Enhancements to existing services

The Network Access Protection feature (NAP) is already in the State "deprecated" in Windows Server 2012 R2. In Windows Server 2016 the DHCP Server role will no longer support NAP DHCP scopes and functionality will no longer be NAP-enabled.

DNS Server
Now let's dig into those that are on Windows Servers 2016 the various innovations introduced on DNS servers to improve the efficacy and safety:

DNS Policy: You can configure DNS policy to define how the DNS server answers queries DNS. DNS responses can be based on many parameters, such as the client's IP address (location) or the time of day. DNS policies open their doors to different scenarios like location-aware DNS configuration, traffic management, load balancing and DNS split-brain.

Response Rate Limiting (RRL): You can configure the DNS server limits on response rate. This configuration allows us to avoid the use of DNS by malicious systems to perform DOS attacks (denial of service).

DNS-based Authentication of Named Entities (DANE): You can use the TLSA records (Transport Layer Security Authentication) to provide information to the Client regarding DNS which CA is waiting for a specific domain name. This mechanism is useful to prevent attacks man-in-the-middle type you.

Support for Unknown Records: This feature allows you to add records that are not explicitly supported by Windows DNS servers.

IPv6 root hints: You can use the IPV6 root servers for Internet name resolution.

Windows PowerShell Support: introducing new PowerShell cmdlets support is improved for the DNS Server.

DNS and IPAM: better integration between DNS and IPAM.

I invite you to study and evaluate the field the new features introduced in the field of networking downloading Windows Server 2016.

Virtual Machine Manager 2012 R2: Integrazione con IPAM

In this article I'll show you how you can integrate the IPAM infrastructure with System Center Virtual Machine Manager 2012 R2 and what are its advantages.

IP Address Management (IPAM) is a suite of tools, integrated into the operating system from Windows Server 2012, that schedules, manage and monitor the infrastructure of IP routes using a simple and intuitive interface for centralized administration. All this is made possible thanks to the fact that IPAM is able to locate and communicate directly with DNS and DHCP servers on the network.

Flexible Fabric management provided by System Center Virtual Machine Manager (SCVMM) It allows you to model and manage the networking of your virtual datacenter. To have a full and comprehensive control of assigned IP network-wide directives you can integrate IPAM with SCVMM. The main purpose of the integration of IPAM and SCVMM is ensuring that IP addressing settings also associated with Logical Network and Virtual Machine Networks (VM networks) in SCVMM are synchronized with the information maintained centrally from the server IPAM.

In fact a single server enterprise IPAM can also detect and prevent IP conflicts and overlaps in addressing IP for multiple instances of SCVMM 2012 R2 (fabric stamps), come mostra la figura 1.


Figure 1 – Schema IPAM

Aggiungere un Server IPAM in SCVMM

From the SCVMM console access the workspace Fabric and expand Networking. In the branch Network Service, select "Add Network Services", figura 2.


Figure 2 – Aggiunta Nuovo Servizio

Specify a name and a description for the network service, figura 3.


Figure 3 – Aggiunta Nome

As a manufacturer you must select Microsoft and as Model "Microsoft Windows Server IP Address Management", figura 4.


Figure 4 – Provider

– Specify which Run As account use, who must belong to the following groups on the server IPAM, figura 5:

  • IPAM ASM Administrators: local group on all servers IPAM providing permissions for address space management (Address Space Management, ASM).
  • Remote Management Users: built-in user group that provides access to resources via WMI management protocols.

In this regard, it is recommended that you create a domain account specifically for this purpose.


Figure 5 – Run As Account

In connection string, specify the FQDN of the server IPAM, figura 6.


Figure 6 – Server Name

Complete the tests related to the Configuration provider and make sure you conclude successfully, figura 7.


Figure 7 – Validazione IPAM

To associate this Network Service (IPAM in this case) to the appropriate host, figura 8.


Figure 8 – Selezione Host

At the end of this configuration on the server IPAM will attend all Logical Network and VMS Network defined in VMM and you can run them directly from the Administration console of IPAM. The integration is bi-directional and allows administrators to have more control even of directives that are used by virtual infrastructure IP, come mostra la figura 9.


Figure 9 – Console IPAM