How to identify and Expand AWS EBS volumes in Windows Server 2012

If you have a disk drive that is running out of space because a database is starting to grow too large for the drive in an EBS volume on AWS, you may be asked to modify or expand the volume. In this case, we are tasked with expanding the “E drive” on a Windows Server 2012 AWS virtual machine. Because this is not a boot volume, and because it is an NVMe-based gp2 volume, it will be fairly easy to expand the volume without having to do things like shut down the instance, take a snapshot, expand the snapshot etc.

When you have a lot of disks attached to a Windows Server corresponding to a lot of different volumes attached to the instance in AWS, it can be a little tricky identifying the correct volume to expand. Read below to learn how to match an EBS volume in AWS to a Disk drive in Windows, expand the volume in AWS, and then finally resize the disk in Windows.

Identify Volumes Associated with Instance

First, log into AWS

Next, Go to EC2 > Find your instance in EC2 by name, select it, then copy the instance ID.

get instance id

Next, navigate in AWS to EBS > Volumes.

Find all the volume names associated with the instance by pasting the Instance ID into the search box at the top of the screen.

Identify the EBS Device in Windows

Now we’ll switch over to Windows. RDP into the server we want to modify. Once we’re in the server’s desktop, we want to download ebsnvme-id.zip from https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/nvme-ebs-volumes.html And unzip/copy the .exe to your desktop.

Next find the command prompt and open CMD as administrator (right-click on CMD icon > run as administrator.)

Run CMD as Administrator

Change directory in CMD to your desktop with the command:

cd c:\users\jcoltrin\desktop

Run the ebsnvme-id.exe in the Administrator Command Prompt

run ebsnvme-id.exe in cmd

Identify Disk in Windows and Match to Volume ID

Next, on the Windows server, open Server Manager

Windows 2012 Server Manager

In the upper-right corner of Server Manager, go to Tools > Computer Management

Server 2012 Computer Management

Make note of which disk (Disk 0, Disk 1, Disk 2, etc) corresponds to the Device Name and Volume ID that you want to change. In my case I want to expand Disk E, which is also known as Disk 3. Looking at the output of the CMD screenshot above, I can see Disk 3 shows my Volume ID is vol-0a17e…, and Device Name is XVDB.

Server 2012 Disk Management

Modify and Expand EBS Volume in AWS

Now that we are sure which volume it is we want to expand, and that this is not our Boot drive we can right-click on the vol-0a17e… volume in EBS and choose Modify Volume. **If the Disk is your boot drive, a snapshot should be taken first, and then shut down to expand the snapshot volume, then detach the snapshot, and attach the expanded volume.

EBS Modify Volume

A new dialog box pops up asking for the new size of the volume:

EBS Modify Volume Size Dialog

Enter the new size and click Modify.

Switch gears and now go back to your RDP session, go to Disk Managment, Right click on the volume and choose Extend Volume… > use all of the available space and click ok.

Our Volume size has now been increased and we can continue to grow!

Working Remotely -Windows 10 virtual desktops and RDP Tips for laptops and multiple monitors

If you’re working remote with just a laptop, or a laptop and a small 2nd monitor, the desktop gets pretty cramped for a sysadmin. One way to mitigate the pain is to use your OS’s virtual desktops functionality.

Here’s links to guides for Windows, Ubuntu, and MacOS on how to get started with them for your OS. Using Windows as the example, you just press Win-Tab and click the plus sign at the top for New Desktop.

Then drag existing windows on to it, and now they’re on a separate screen. To quickly move between virtual desktops, you can use the CTRL-WIN-left/right arrows.

Once you get in a habit of using them, it’s great for keeping multiple small applications visible on a whole desktop, or multiple full screen apps on their own window that you don’t have to constantly minimize/maximize. You can use Win-Tab (or the Task View button next to the Cortana button on your taskbar) to mass organize things or rearrange, and your Taskbar will reflect what items are open on that particular Desktop.

Alerts and notifications will still appear, even if you’re on a different virtual desktop, and interacting with the notification will teleport you to the relevant desktop.

One gripe with the Windows Virtual desktops is that there’s no easy way to move between desktops without taking your hand off the mouse. You can use the buttons on the side of your mouse (if your mouse has them) to switch desktops if you have the buttons on the side. If your mouse software doesn’t support the windows key combos check out X-Button Mouse Control. Set the buttons to generic and tell X-BMC to change it to the virtual desktop switches.

In order to display an application on all virtual desktops, do Win+Tab, then Right click the Chrome window you want Show window on all desktops.

One thing to note is if you have an AWS Workspace desktop open inside of a virtual desktop, it’s best to have the workspaces desktop in the far-left/primary desktop.

When working remotely in RDP, and you have multiple monitors, and you remote into a machine with multiple monitors, when you open the Remote Desktop client, click the Show Options button then under the display tab, ‘select use all my monitors’ for the remote session.

Site Maintenance – security and reliability

Thanks for all your support. Some of you may have noticed a little downtime. I invested a little professional expertise in the site and you should now see better performance and more site reliability and uptime. Special thanks to Gregory Morozov at upwork.com who quickly identified and resolved the following issues:

  • Block xmlrpc.php
  • Added the site to CloudFlare DNS (free tier)
  • Convert PHP to php-fpm – for many reasons, but one is control over max php processes (I’ll use: service php7.2-fpm restart – if I need to restart php.)
  • Relaxed Wordfence triggers so users don’t get denied access
  • Dropped memory usage from 700+MB to 400MB
  • Fixed invalid Repos, other updates and maintenance.
  • We’ll monitor the site usage into the beginning of next week to see if we need to add more memory to the instance.

Amazon Workspaces – Overview, Proof of Concept, and Pricing

Overview and Whitepaper:

Using the AWS Management Console, you can deploy high-quality cloud desktops for any number of users.

Strategies and Challenges for IT who deploy desktops (whitepaper):

Strategy challenges:

  • Timely employee request fulfillment
  • Supporting contractors and temporary staff with a productive workspace
  • Merger and acquisition assistance
  • Increased application development and engineering activity
  • Provide and manage temporary desktops

Greatest Challenges:

  • Security of endpoints
  • Threat Detection/Prevention
  • Corporate file access and protection
  • Improve collaboration
  • Maintain compliance
  • Complexity of technology
  • Managing a heterogeneous device environment
  • SSO to corporate apps
  • Rogue employee devices
  • Rogue applications housing corporate data
  • Supporting LOBs and executive devices and apps

On Premises Virtual Desktop Infrastructure (For example building Terminal Server VDI’s or Citrix)

Upsides to On Premises Virtual Desktop Infrastructure:

  • Simplified management, centralized, hosted, managed, executed
  • Efficient provisioning and de-provisioning with standardized images allowing quick revoking of access
  • Centralized image management, proactive detection, rapid quarantine of suspicious behavior

Downsides to VDI:

  • Complex infrastructure that is difficult for IT to plan, configure, manage, and maintain.
  • Unfavorable economics that tip ROI equation in the wrong direction with un-utilized capacity, heavy upfront costs and cumbersome ops.
  • Unpredictable global access based on proximity of users due to low network bandwidth and unacceptable latency
  • Time-consuming implementations that involve multiple IT disciplines and months of planning, testing, and staging of infrastructure.
  • Difficult root cause analysis among multiple IT teams.

Amazon Workspaces Desktop as a Service a Viable alternative to VDI (Hosted Desktop Service)

Employee Benefits:

  • Employees not tethered to traditional desktops or laptops.
  • No cumbersome VPN connections
  • Increased collaboration and communication with simplified virtual workspaces

Business Benefits:

  • Rapid scale up or down; new employees, mergers and acquisitions, global growth
  • Integrate, consolidate, and deliver services and apps
  • Reduce capital expenditures, operational costs and streamline IT maintenance and infrastructure management

IT Benefits

  • Ability to meet security policy requirements and compliance standards by using protocols to compress, encrypt, and encode data so only images are transmitted and data no longer resides on local devices.
  • Enables creation of developer-style environments, granting developers quick an secure access to end-user environments for seamless dev testing, without impeding user productivity.
  • Allows devs to move fast and fail fast with access to desktop resources when they need them.
  • Keeps business data secure, centrally managed, and accessible to users.
  • Places productive workspace in the hands of end-users near instantaneously, while supporting secure access from multiple device types.
  • Manages apps centrally with the ability to securely package, deploy, and maintain a productive user environment.
  • Deliver a productive environment for users without the task of configuring a desktop asset.

Proof of Concept 

*Note, our org already has a VPN connection between Amazon AWS and our On-Prem domain and domain controllers. This allows me to find our domain with Amazon’s connector. Review the Architectural Diagram below to ensure you’re comfortable with how Workspaces can fit into your AWS presence and VPC’s.

  1. Log into AWS, > Workspaces > Get started
  2. Create AD connector (use Administrator account to connect) – also add WorkDocs Sync feature
  3. Create New Workspace > Choose Directory (local.domain.com) > search for user > jcoltrin (username: domain\jcoltrin) > add selected > Next > Select: Standard with Windows 7 (later I will add MS volume license for Office and other applications and then create an image.)
  4. I choose Performance: 2 vCPU, 7.5 GiB Memory – Hourly
  5. Download the Workspaces client here: https://clients.amazonworkspaces.com/

I sent myself the connection email which looks like the following:

————————-

Dear Jason,

A new Amazon WorkSpace has been provided for you. Follow the steps below to quickly get up and running with your WorkSpace:

1. Download and install a WorkSpaces Client for your favorite devices:

https://clients.amazonworkspaces.com/

2. Launch the client and enter the following registration code: XXxxXX+xxXXxx

3. Login with your Network/Domain password. Your username is jcoltrin

If you have any issues connecting to your WorkSpace, please contact your administrator.

Sincerely,

Amazon WorkSpaces

————————–

After verifying the registration code, log into the new virtual workspace with your domain credentials:

After logging in you may receive the following notice if resuming the workspace:

After logging in I received the following desktop:

Notice the following in the desktop image:

  • Network Drives mapped
  • Local and Remote Printers are created
  • Corporate desktop background
  • The computer is now a member of the domain with the computer name IP-AC1F5261
  • Icons available for AWS applications and Directory Sync (share files with my local workstation)

Finalizing for Production and Production Notes:

  • Finalize image with all necessary applications and test. Build your gold Images
  • Enlist a user to test running the workspace in production and adjust applications/workspace as necessary
  • Deploy to a set of users.
  • Rent before buy, buy before build.
  • Aligned with cloud technology
  • Builds on existing AWS infrastructure
  • Straightforward architecture
  • Give it to users and see how they like it
  • Multi-Region vs Single Region – within each region are availability zones. One workspace is not available in all regions. When building VPC, figure out which subnets support workspaces.
  • Subnets are fixed, build to allow for growth.
  • Workspaces are attached to AD connectors. You cannot move an old Workspace between AD Connectors. If availability zone becomes unavailable, then workspaces are unavailable. Use multiple availability zones to allow for this.
  • Only allow windows devices with certificates to connect. Etc. You’re going to have several AD connectors. Have a production AD connector and a testing AD Connector. Setup pure sandbox somewhere else for testing.
  • Each AD connector drops the computer into single OU, options are separate AD connector per department. Eg. Only accounting can connect from a certain dept. Or you cannot auth from outside, only on-prem. Create AD connector for consultants which drop them into separate subnet, monitoring.
  • Workspaces IP addresses stay there forever. IP addresses persist on rebuild etc. Cannot assign IP’s.
  • One VPC for workspaces.
  • Better segregation between work and personal side of things. BYOD is nice – pane of glass. Devs have good separation.
  • This gets Windows on Mac better than bootcamp
  • Reduced operational overhead, light-weight devices, drop them in mail ready to go. Send the registration code. People are lining up to get onboard. Tougher to please users are ecstatic about workspaces. Once implemented, IT itself will not go back to before.
  • Run pilots.
  • Replace end-of-life desktops
  • Great for Mergers and acquisitions
  • Users could connect with Zero client at the office and Home computer at home
  • Allow deployment of Zero clients in all facilities and retrofits
  • Hoteling/shared workspace areas. Smaller sites only need internet connectivity, not a WAN-enabled site.
  • Scalable and global
  • No upfront CapEx
  • Capacity-on-demand
  • Rate of innovation – customers drive features at Amazon
  • Instrumentation and controls – complexity and cost of on-prem is daunting
  • Cost savings – financial benefits – get out of the business of providing physical PC’s, building and configuring VDI service is complicated and costly, focus on service not infrastructure.
  • Workspaces API & CLI integration
  • Same image/applications leverage multiple Geos, ability to grow into other areas
  • Having desktop in cloud allows patch compliant capacities
  • Enabling support staff opportunities – support users all over world, help desk reps
  • Enable end users – automate the whole thing & allow user to migrate their data.

Pricing:

https://aws.amazon.com/workspaces/pricing/

https://aws.amazon.com/directoryservice/pricing/

There are two main options for Workspaces, Monthly pricing and Hourly Pricing.

At 160 hours per month, a “Performance-grade” workspace under the Hourly Pricing model would cost $7.25 + $0.57/hour = $98.45.

The same “Performance-Grade” workspace under the “Monthly” pricing would cost $55.

$55 x 12 months = $660

A new Dell 7050 PC typically costs $800

So it would take approximately 1 1/2 years of monthly payments to reach the cost of a normal desktop PC.

Hardware Options

Value Root Volume User Volume Monthly Pricing Hourly Pricing
1 vCPU, 2 GiB Memory 80 GB 10 GB $25 $7.25/month + $0.22/hour
1 vCPU, 2 GiB Memory 80 GB 50 GB $28 $9.75/month + $0.22/hour
1 vCPU, 2 GiB Memory 80 GB 100 GB $31 $13/month + $0.22/hour
1 vCPU, 2 GiB Memory 175 GB 100 GB $36 $19/month + $0.22/hour
Standard Root Volume User Volume Monthly Pricing Hourly Pricing
2 vCPU, 4 GiB Memory 80 GB 10 GB $33 $7.25/month + $0.30/hour
2 vCPU, 4 GiB Memory 80 GB 50 GB $35 $9.75/month + $0.30/hour
2 vCPU, 4 GiB Memory 80 GB 100 GB $38 $13/month + $0.30/hour
2 vCPU, 4 GiB Memory 175 GB 100 GB $44 $19/month + $0.30/hour
Performance Root Volume User Volume Monthly Pricing Hourly Pricing
2 vCPU, 7.5 GiB Memory 80 GB 10 GB $55 $7.25/month + $0.57/hour
2 vCPU, 7.5 GiB Memory 80 GB 50 GB $57 $9.75/month + $0.57/hour
2 vCPU, 7.5 GiB Memory 80 GB 100 GB $60 $13/month + $0.57/hour
2 vCPU, 7.5 GiB Memory 175 GB 100 GB $66 $19/month + $0.57/hour
Power Root Volume User Volume Monthly Pricing Hourly Pricing
4 vCPU, 16 GiB Memory 80 GB 10 GB $70 $7.25/month + $0.68/hour
4 vCPU, 16 GiB Memory 80 GB 50 GB $72 $9.75/month + $0.68/hour
4 vCPU, 16 GiB Memory 80 GB 100 GB $74 $13/month + $0.68/hour
4 vCPU, 16 GiB Memory 175 GB 100 GB $78 $19/month + $0.68/hour
Graphics Root Volume User Volume Monthly Pricing Hourly Pricing
8 vCPU, 15 GiB Memory, 1 GPU, 4 GiB Video Memory 100 GB 100 GB $22/month + $1.75/hour
Additional Storage $0.10/GB

Conclusion

Overall, I really like Workspaces, it was simple to setup and run. I believe the remote workspace from AWS can work very well for the enterprise and provides a flexibility to expand, create different images for different users easily and keep  data safe at AWS by only sending graphics/pixels over the wire. People can use their own BYOD devices such as Chromebooks etc. to perform their jobs.

The only drawback I’ve encountered is workspaces does not provide a pass-through video / camera devices for Skype video calls. If a user needs to use Skype or other video conferencing, they will have to start their call “outside” of Workspaces.

Let me know what you think about the product and this write-up.

Google Cloud Platform Overview

The pace of global cloud computing is continuing to grow exponentially. While Amazon still holds the lion’s share of cloud services, Google’s Cloud Platform has been growing at the fastest pace. In this article, we’ll first examine what makes the Google Cloud Platform different; provide you with a list of its components, solutions, and features; and finish up by discussing pricing.

Cloud Services trends and opinion

According to a Synergy Research Group study: “In terms of year-over-year growth, Google enjoys the lead at 162 percent, while Azure has grown by an even 100 percent. AWS is in fourth with a 53 percent year-over-year (YoY) growth rate.…

Read the rest of the article here…

Google Cloud Platform overview

How to setup an Amazon AWS VPC, What is a VPC, and Subnets, Part 1 of 3

Amazon Web Services (AWS) provides the capacity to create a Virtual Private Cloud (VPC), which is a virtual network dedicated to your AWS account. In the first part of this three-part series, I will show you how to create a VPC with the corresponding subnets.

Read the rest of the articles Here

AWS VPC – Overview, setup, subnets