I have to start by saying that I am totally blown away…what a year…everything, and I mean everything at Microsoft is changing, evolving and integrating like never before…
I think that never before ,means in this case, that that we are at a point in time were it is ALL coming together in a new era of computing and a new era for Microsoft.
Every product in the lineup is new and improved..and that means everything!
Windows, (8 and 2012), Office, Office 365, SQL, Visual Studio, Exchange, System Center, Windows Phone, CRM, XBOX…you name it…
I wanted to take a few minutes to show you and talk about some of the new security features in the new forthcoming Office 365 Enterprise.
First of all, for those who haven't seen it…the UI is beautiful…it is simple to use, easy to navigate and intuitive! looking back to the BPOS days…customer feedback has really made it’s way into the service.
For example, take a look at the following portal welcome page…nice and clean…showing you the status of your services. BTW this is not the datacenter status (like in the past) but…your specific services…sweet!
If you look close, you can see a new service…Rights Management Services….!?
In the past (Read= NOW ) you could (can) integrate on premise RMS to protect your cloud information.
Now Office 365 has RMS has Rights Management as a service built in! So, think about it…Protecting Email and SharePoint documents is a built in service! very cool!
Take a look at the following example for a Document library in Sharepoint online…you can set the policy, ensure that users only upload IRM supported documents, set your policy, set expiration (!!!) and even set the rights management permissions at the group level.
So that was RMS, another enhancement that I really like is the reports and auditing, a request that has been raised to me many times…now we have all kinds of useful reports on Protection, Usage and DLP…
DLP you say? Yeah Baby! Now we have Data Leakage Prevention built into the service…so you can scan mail and perform some kind of action on that message…for example: you can block the mail, or just notify and log the event…
Built in you can even see pre-packaged regulations and formats that you can set the DLP to…
For example this is the PCI-DSS DLP policy description:
Detects the presence of information commonly considered subject to the compliance requirements defined in the Payment Card Industry Data Security Standard (PCI-DSS). This includes credit card and debit card data in email. After your testing is complete, make the necessary configuration changes in Exchange so the transmission of information complies with your organization's policies. Examples include configuring TLS with known business partners or adding more restrictive transport rule actions, such as adding rights protection to messages that contain this type of data.
Last… but not least is the UI for the Active Sync, whilst not a new concept, I like the UI that enables us to easily set and enforce policy on our mobile devices…including encryption, password policy and when to local wipe and remote wipe…
There is a lot more to see and experience…but I just wanted to introduce you to the new Office 365 and some of the security features…
Now is a great time to start experiencing the new Office 365!
See you soon!
Many customers in the past have asked for this feature…and I know that there are even some products that have tried to fill this gap…now it is just a part of group policy on our Windows 8 machines…
Essentially, you can control your organization’s machines and network stack to ensure that your machines do not connect to your internal corporate network and the internet for example…basically not allowing that bridge to occur.
This is another great Windows 8 security feature…amongst many may more…
Some I really like are the new Secure boot, Bit locker and Virtual Smartcards…very cool!
Take a look at the policy setting below…
see you soon,
Windows 2012 is packed with features, one of the very cool ones is online backup. What this feature essentially does is enables you to back up the contents of a server to Azure. As we will see in the post.
Windows Azure Online Backup is a two-part process.
First it requires that you sign up for a subscription to the service and then install the management software (Windows Azure Online Backup Agent that supports Windows Azure Online Backup and the Windows Server Backup feature). You can perform these steps at the following links...
You will need PowerShell, WIF and a Live ID Client, don’t worry if you haven’t installed them…the installation will install them for you…
Once you have the subscription and installed the Azure Online Backup Agent you can proceed to installing the Windows Server Backup Feature…
Once the Backup Service is installed, you can proceed to registering the server (on the right…)
This is an important step…the backups on the Azure side will be encrypted…this is done with a passphrase that only you know, so choose a good one and keep it in a safe place.
You can have the UI create a random passphrase for you and copy it to the clipboard so that you can save. It…
NOTE: The passphrase must be at least 16 characters long, and you must record it. If you forget or lose the passphrase, you will not be eligible for customer support.
Once you register the Server…you are good to go (Backup and restore…that is…)
Now you can click the “schedule Backup” and Start the Wizard…
Select Items to Backup…
Choose on what day / Days to Backup and at one hour or Hours…
You can specify how long Microsoft should keep the backup…
What this essentially does is set the retention policy on the backups…so for example if you backup everyday…and you choose 30 days to retain the backup…you will essentially be able to restore your files to any day of the last month…
Once you finish, the Job gets scheduled and will run at the time that you specified…
Of course you can also click the backup now” button….to launch an immediate backup…
Recovering files is as easy as the backup…you click “recover data”….
Choose your recovery mode…
Select which backup you want to recover from…date, time, etc…
You can even choose which times you want to recover (individual files…)
You can recover to back to your original server or to a new location….(with the permissions…or without…)
And Voila!!!! You have just seen how easy it is to backup your server to the cloud and to recover back! Now that is what I call a cloud OS…
Today, we expect that our smartphones do this…(which is new, but we expect it to do it…)….next generation of Windows will do A LOT of this…leveraging the cloud and providing a lot of value added services to Windows…Having an encrypted automatic copy of your files available for restore is a very cool feature…for a server.
See you soon!
Today Microsoft is kicking off an exciting week at our Worldwide Partner Conference in Toronto. Windows Server 2012 will be a focus of attention at the event, of course, and it is nearing final release. In fact, at the conference we are announcing that Windows Server 2012 will be released to manufacturing in the first week of August. The code will be complete and we will begin delivering it to our hardware partners. Then, the product will be generally available to customers worldwide through multiple channels in September.
You, our customers and partners, have downloaded pre-release versions of Windows Server 2012 more than 500,000 times - more than any other server from Microsoft before. We can’t wait to get the final version out the door to you!
At WPC Microsoft also announced release timing for Windows 8. See the Windows blog for more information.
The other day, I was asked about how to manage and monitor applications from Development to Production…and how can we monitor the application in each of the standard development lifecycle environments…DEV, TEST, Staging and PROD (or whatever you might have in your environment…)
System Center 2012 and the various components all come together to manage (Build, Scale, Update) and Monitor (Infra, Networking, Server Application Performance and Client Application Performance…amongst many other capabilities…)
I found a few great resources that I wanted to share with you, and I really think that you will like what you see…dynamic systems have really come a long way…and taking a DEV application and deploying to STAGING in the cloud then PROD in the cloud is pretty amazing!
Hope you enjoy!
System Center App Controller 2012 Capability Walkthrough
How to monitor your Windows Azure application with System Center 2012
System Center Monitoring Pack for Windows Azure Applications
Videos on Managing and Monitoring:
For anyone that is looking to lock down their systems, please take a look at the new SCM…just released to the download center!
The Microsoft Security Compliance Manager has baselines and specific threats and Countermeasures for every setting for your servers (and Roles) and applications (at least the ones included in the tool, which is a lot).
Once you build your baseline and any changes (you can compare the two) meaning that the Microsoft baseline recommendation and any specific changes you have made and see the implications of that change.
In addition, you can export the baseline to a GPO and a “Desired Configuration” in SCCM. So not only can you set the policy, but you can get actual desired configurations on your machines…and see who is “really” compliant!
Key Features Include:
SCM 2.5 includes Windows and Office client product baselines that deliver on Computer, Domain, and User scenarios.
SCM 2.5 provides ready-to-deploy policies and DCM configuration packs that are tested and fully supported. Our product baselines are based on Microsoft security guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.
Additional SCM 2.5 client product baselines are included in the download, including Windows 7 SP1, Windows Vista SP2, Windows XP SP3, Office 2010 SP1, Exchange Server 2010 and Internet Explorer 8.
Gold master support which enables you to be able to create a snapshot of a reference machine or import an existing Group Policy to quickly build Configuration Manager DCM packs.
The ability to Configure stand-alone machines and deploy your configurations to non-domain joined computers using the new GPO Pack feature.
Customize and deploy one of the 64 pre-built DCM packs or group policies that cover multiple operating systems, server workloads and client applications.
Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
SCM configuration baselines are integrated into the System Center 2012 Service Manager Process Pack for IT GRC to provide oversight and auditor-ready reporting of your compliance activities.
I love my Windows Phone 7…it’s a great OS running on a Samsung Focus Flash Machine…
Every time I take it out, people always ask about it…and I tell them that I also have a few other devices that I use (devices I gathered along the way…).
One of them used to be this…IPhone…I don’t know exactly what happened…but…I just had to share…and ask if anyone has encountered something like this…
Imagine, you are enjoying your smartphone…talking,listening to music…angry birds…and then ALL of a sudden…you hear a noise, and it starts to blow up right in front of you….!!!
This is what it looks like…
Looks like something in the battery went terribly wrong and it just blew up…and expanded the whole machine from the inside….
Has anyone ever seen anything like this?!
With SCVMM 2012 (and the whole suite) coming out next month…there are a lot of super cool features that I think that ITPROs will really want to leverage…
One of them, is Dynamic Optimization!
During Dynamic Optimization, VMM migrates virtual machines within a host cluster to improve load balancing among hosts and to correct any placement constraint violations for virtual machines.
Dynamic Optimization can be configured on a host group, to migrate virtual machines within host clusters with a specified frequency and aggressiveness.
Aggressiveness determines the amount of load imbalance that is required to initiate a migration during Dynamic Optimization. By default, virtual machines are migrated every 10 minutes with medium aggressiveness.
When configuring frequency and aggressiveness for Dynamic Optimization, an administrator should factor in the resource cost of additional migrations against the advantages of balancing load among hosts in a host cluster.
Dynamic Optimization can be set up for clusters with two or more nodes.
A few Caveats…
If a host group contains stand-alone hosts or host clusters that do not support live migration, Dynamic Optimization is not performed on those hosts.
Any hosts that are in maintenance mode also are excluded from Dynamic Optimization.
Finally, SCVMM will only migrate highly available virtual machines that use shared storage.
Some of the other cool features are Power Optimization…which we’ll take a look at next time…
C U Soon!
Some of you might have seen my post in regards to Coreinfo.exe from sysinternals in regards to checking if your servers (CPUs) have SLAT (Second Level Address Translation)
Just a quick update to something we found in the field for those of you that have the Hyper-V Role enabled…it turns out that the tool needs to be run without Hyper-V enabled in order to verify correctly if you have SLAT…
In essence…you have two three options (good to know before hand)
1) Check before you enable hyper-V
2) Check from a dual boot…such as Windows 7 (if you have such a scenario…like a laptop running both editions…)
3) Uninstall the Role yeah…I know…
If you don’t have the Hyper-V Role installed, then you are good to go!
C U Soon,
For those about to buy some new Hyper-V hardware…
“Hyper-V requires a 64-bit system that has Second Level Address Translation (SLAT),” explains Hyper-V program manager Mathew John in Microsoft’s Windows 8 blog. “SLAT is a feature present in the current generation of 64-bit processors by Intel & AMD. You’ll also need a 64-bit version of Windows 8, and at least 4GB of RAM.”
SLAT is a form of hardware virtualization that is included in newer versions of Intel and AMD processors, such as Intel’s Core i3, i5 and i7 processors and AMD’s Barcelona processors. Hyper-V always required some form of hardware virtualization, but this is more restrictive than the current specs.
if you want to check if your servers support SLAT…try out this cool tool…by Mark Russinovich!
On an Intel processor, a star (*) on the line EPT means that SLAT is supported.
On an AMD processor, a star (*) on the line NP means that SLAT is supported.
If a dash is on the line EPT or NP, then your processor does not support the function SLAT and you cannot use Windows 8 Integrated Virtualization.
Bottom line…if you are buying a new server now…for Hyper-V…I would strongly recommend checking for SLAT…without it, you wont be able to upgrade and you’ll have to buy a new Processor…
Once upon a time…not soo long ago…
“NEW ORLEANS, May 6, 2003 — In his keynote address today at the 12th annual Windows® Hardware Engineering Conference (WinHEC), Bill Gates, chairman and chief software architect at Microsoft Corp., will showcase a concept of a Dynamic Data Center (DDC)”
I remember hearing about it for the first time, and thinking WOW…wouldn’t that be something…Imagine designing a system, with a tool (like visio)…designing your application along with the infrastructure integration and right clicking…and sending to production.
Almost decade later, I was able to build one ( a Dynamic Data Center) in only 24 hours…well, ok…it was actually 3 days ( 8 hours at a time…) but after those 24 hours (3 Days) we had a full, state of the art “Dynamic Datacenter” (aka = DCS) up and running!
The DCS reference architecture and reference implementation are blueprints for designing and implementing customized DCS solutions. Both were developed by a worldwide team of Microsoft Consulting Services (MCS) experts on Windows Server, System Center, and Forefront technologies. The reference architecture and reference implementation are designed to accelerate deployments, ensure quality and consistency of delivery, and simplify account planning and engagement scoping.
A few terms to know..
The Datacenter Services Solution is built using the Hydration v5 Framework. The framework is a lightweight scripting engine built on the Microsoft Deployment Toolkit 2010 Update 1. It allows for the building and sharing of Hydration Packs which define configuration and installation scripts for groups of products that make up a service. It also provides mechanisms to validate known-good configurations that are deployed using task sequences.
The fabric is all infrastructure and systems under the scope of control of the reference architecture. The fabric can consist of multiple sites and datacenters.
Sites / Datacenters
A physical location or site housing one or more resource pools.
A resource pool is comprised of server, network, and storage scale units that share a common hardware and configuration baseline but does not share a single point of failure with any other resource pool (other than the facility itself). Note that a resource pool could be subdivided further into Fault Domains with the definition of a fault domain being a group of physical infrastructure with a common configuration that doesn’t share a single point of failure with any other fault domain. For simplicity, in our solution a resource pool and a fault domain are equivalent.
A scale unit is a set of server, network, and storage capacity that is deployed as a single unit and is the smallest unit of capacity deployed in the fabric. Depending on the customer size, a scale unit may be a 4-node Hyper-V cluster or a full rack of 64 blade servers. It is typically sized as the average new capacity required quarterly in the environment. So rather than deploy a single server at a time, when additional capacity is needed, a new scale-unit is deployed to meet the need and leave room for the remainder of the growth anticipated in the quarter.
DCS Conceptual Architecture
Private Cloud IaaS is an advanced state of IT maturity that has a high degree of automation, integrated-service management, and efficient use of resources. Virtualization can be a key enabler of IaaS but in most models, including the NIST cloud definition, virtualization as common, not and essential, attribute.
An infrastructure that is 100 percent virtualized may have no process automation; it might not provide management and monitoring of applications that are running inside virtual machines (VMs) or IT services that are provided by a collection of VMs. In addition to virtualization, several other infrastructure-architecture layers are required to achieve the essential cloud attributes.
A rich automation layer is required. The automation layer must be enabled across all hardware components—including server, storage, and networking devices—as well as all software layers, such as operating systems, services, and applications.
The Windows Management Framework—which comprises Windows Management Instrumentation (WMI), Web Services-Management (WS-Management), and Windows PowerShell—is an example of a rich automation layer that was initially scoped to Microsoft products, but that is now being leveraged by a wide variety of hardware and software partners.
A management layer that leverages the automation layer and functions across physical, virtual, and application resources is another required layer for higher IT maturity. The management system must be able to deploy capacity, monitor health state, and automatically respond to issues or faults at any layer of the architecture.
An orchestration layer that manages all of the automation and management components must be implemented as the interface between the IT organization and the infrastructure. The orchestration layer provides the bridge between IT business logic, such as "deploy a new web-server VM when capacity reaches 85 percent," and the dozens of steps in an automated workflow that are required to actually implement such a change.
The IaaS solution’s primary purpose is to host other layers such as the PaaS and SaaS.
The final layer is the user interface layer providing interfaces for both service providers and service consumers.
This is what the Core architecture looks like….
And a Few Shots from my Build….
Server Manager and VMM….
CPUs and RAM….
The Datacenter Services Basic Portal…
Assigned Quota Units out of the overall 100 units available on the Resource Pool…
I love these provisioning portals…this is where almost anyone can ask for a machine…here they can choose from a predefined template…small, medium, large….or silver, gold…whatever makes sense…
Choosing where and which….
As you can see, we are moving rapidly towards Dynamic Datacenters…with advanced portals…you’ll see more and more of templates and Services that can be automatically deployed to the datacenter….and can scale…up and out…
This is one cool example that not only is simple…but also worked amazing…(note: This is a different system…not the DCS that I built…)
Once you choose your template and what you want on it…the magic starts!
For those wondering….DCS 2.0 (Next Generation Aka: ….(Windows 8 and System Center 2012)…)….is right around the corner….
I hope you enjoyed this intro and my experience with today’s DCS….We all know that we are just at the beginning and I am super excited about this evolution!!
Hey everyone! I know you are going to love this…for all of us that might still be on the keyboard with Windows 8…here it is…the full list of commands!
And of course…that infamous Win + C for the charms
More Posts Next page »