What’s New in PowerShell For Hyper-V In Windows Server 2016 Technical Preview 5? #HyperV #PowerShell #WS2016

On October 2nd 2014, Microsoft released Windows Server 2016 Technical Preview 1 bits along with System Center Technical Preview 1.

On May 4th 2015, and during the Ignite conference last year, Microsoft released Windows Server 2016 Technical Preview 2 bits along with System Center Technical Preview 2.

On August 19th 2015, Microsoft released the third Technical Preview bits for Windows Server 2016 and System Center Technical Preview 3.

On November 19th 2015, Microsoft also released Windows Server 2016 Technical Preview 4 along with System Center Technical Preview 4.

And on April 27th 2016, Microsoft released Windows Server 2016 Technical Preview 5 bits along with System Center Technical Preview 5 as well.

As we can see, 2016 is an exciting year, but we are still half way through the year. However, the final release of Windows Server 2016 and System Center is… When? I don’t know…    

In today’s blog post, we will look at what’s new in PowerShell for Hyper-V in Windows Server 2016 Technical Preview 5 versus Technical Preview 4.

The Hyper-V PowerShell module includes several significant features that extend its use, improve its usability, and allow you to control, automate and manage your Hyper-V environment entirely.

The PowerShell module in Windows Server 2016 TP1 Hyper-V ships with 186 PowerShell cmdlets.

The PowerShell module in Windows Server 2016 TP2 Hyper-V ships with 204 PowerShell cmdlets.

The PowerShell module in Windows Server 2016 TP3 Hyper-V and TP4 ships with 217 PowerShell cmdlets.

As you can see, the Hyper-V team is constantly adding new cmdlets in every release.

If we look into PowerShell module in Windows Server 2016 TP5 and count the Hyper-V cmdlets that are available under our disposal.

image

We have now 221 cmdlets in TP5 versus 217 in Hyper-V 2016 TP4, so we have 4 new cmdlets so far…

One important note to mention that starting with Windows Server 2016 TP2 and Windows 10, Microsoft added two PowerShell modules in-box Version 1.1 and Version 2.0 to help you manage cross-versions down level Hyper-V hosts (Windows Server 2012, 2012 R2 and 2016).

image

At the time of writing, you need to have a separate PowerShell session if you want to manage down-level hosts and Server 2016, in other words, every time you want to manage Server 2012 R2 or below, you want to remove the default PowerShell module V2.0 and load PowerShell module V1.1 as shown in the following screenshot.

image

Alternately, you can open two PowerShell sessions and load the desired PowerShell module. I know this is not efficient at the moment, hopefully this will change in the future.

So what are those 4 new cmdlets? Let’s compare Hyper-V 2016 TP4 and TP5 modules side by side and explore the difference.

I will use the Compare-Object cmdlet, but before doing that, you need to capture the XML file with all Hyper-V PowerShell cmdlets from Windows Server 2016 TP4 and TP5 hosts respectively.

On TP4 Host run the following command:

Get-Command -Module Hyper-V | Export-Clixml C:\HyperV-TP4-Compare.xml

On TP5 Host run the following command:

Get-Command -Module Hyper-V | Export-Clixml C:\HyperV-TP5-Compare.xml

image

The result above will be a table telling you what is different. Every PowerShell cmdlet that’s in the reference set (HyperV-TP4-Compare.xml), but not in the difference set (HyperV-TP5-Compare.xml), will have a <= indicator (which in this case Set-VMSecurityProfile). However, If a cmdlet is on the difference right side but not on the reference left side, it will have a => indicator which is our case here with 5 new cmdlets. Finally, PowerShell cmdlets that match across both sets won’t be included in the difference output.

All the previous PowerShell cmdlets that are available in Windows Server 2016 TP4 Hyper-V are available as well in Windows Server 2016 Technical Preview 5 in addition to the following:

As you can see in above screenshot, Set-VMSecurityProfile is not available anymore in WS2016 TP5, Set-VMSecurityProfile is being deprecated, you should either use Set-VMSecurity or Set-VMSecurityPolicy instead.                    

Let’s dive in and discover what those new cmdlets bring to Hyper-V 2016 in TP5.

Set-VMSecurity 

Trust is the biggest blocker to cloud computing adaption. Microsoft in Windows Server 2016 is investing a lot in the Hyper-V core platform to start providing these guarantees, and even if you trust or you don’t trust your administrators and service providers, no one can access your data!

Set-VMSecurity with –EncryptStateAndVmMigrationTraffic parameter determines, whether the VM’s memory is supposed to be encrypted when saved to disk or when live migrated to another Hyper-V host.

If we look at Windows Server 2016 Technical Preview 4 Hyper-V and open any Generation 2 VM settings, the Encrypt State and Virtual Machine migration traffic option was not included in the UI.

image

However, in Windows Server 2016 Technical Preview 5 Hyper-V, the UI has been updated to reflect those changes around shielded VMs…

image

If you connect to the VM and open device manager, you can see vTPM 2.0 listed under Security devices, then you can install BitLocker and Turn it on.

image

Set-VMSecurityPolicy

Set-VMSecurityPolicy can be used to configure the virtual machine’s policy. However, this is only possible in “Local HGS Mode” or until the virtual machine has been started for the first time.

As a side note, shielded VMs can be deployed  using Active Directory Attestation or using TPM Attestation, the TPM Attestation requires TPM V2.0 chip to be installed on the physical host.

For demo purposes, you can create a shielded VM based on a local host certificate (untrusted guardian).

Note, the VM console access is not available for shielded VMs, therefore you need to access it through RDP only.

image

If you don’t install the HostGuardian feature for Hyper-V support and then reboot your host, you won’t be able to start the virtual machine because the host’s Isolated User Mode is off.

clip_image002

Set-VMNetworkAdapterTeamMapping 

In Windows Server 2016, Microsoft is adding a new feature to force a host vNIC or a virtual machine vmNIC to be affinitized to a particular team member. The reason behind this can be used in many scenarios, for example in a converged network deployment, you want to ensure that traffic from a given vNIC on the host, e.g,. a storage vNIC, uses a particular pNIC (physical NIC) to send traffic so that it passes through a shorter path to the backend storage.

Please note that setting an affinity will not prevent failover to another physical NIC if the selected NIC encounters failures, in other words, if the physical NIC encounters any issue, the affinitized vNIC or vmNIC will failover to another team member. The affinity will be restored when the selected pNIC is restored to operation.

Please note that vNICs/vmNICs affinitized to team members is available only with Switch Embedded Teaming (SET) mode and not with LBFO (Stand-alone NIC Teaming).

The PowerShell cmdlet Set-VMNetworkAdapterTeamMapping will establish an affinity between a virtual NIC (vNIC or vmNIC) and a team member.

As an example:

The traffic from the vNIC (vNIC-SMB01) on the host will be forced to be sent and received on a physical adapter (PNIC-01).

The same affinitize rule will apply for virtual machines as well.

In the following example, we have a virtual machine with 3 vmNICs.

image

We will force the traffic for a specific vmNIC named “Storage1” from the VM named “WS-DC” to be sent and received on physical adapter named “Ethernet”. 

image

Get-VMNetworkAdapterTeamMapping 

You can check and see what affinities have been established. Checking the current affinities can be accomplished using the Get‑VMNetworkAdapterTeamMapping PowerShell cmdlet.

image

Remove-VMNetworkAdapterTeamMapping 

Last but not least, If an affinity is no longer needed it can be removed from the virtual machine (vmNIC) or from the host (vNIC) using the Remove‑VMNetworkAdapterTeamMapping PowerShell cmdlet.

image

I will update this blog post as soon as the next milestone is publically available.

Note: This is the current release of Technical Preview 5 #14300 build, so we’ll have to wait and see the changes in the final bits…

Thanks for reading!

Cheers,
-Ch@rbel

About Charbel Nemnom 270 Articles
Charbel Nemnom is a Microsoft Cloud Consultant and Technical Evangelist, totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 15 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize performance of mission-critical enterprise systems. Excellent communicator adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design and virtualization.

Be the first to comment

Leave a Reply