Kevin Remde's IT Pro Weblog

Attend a FREE Hybrid Cloud IT Camp

  • What’s New for Active Directory in Server 2012 R2?

    Active Directory.  You know it.  You love it.  You’ve loved it since it made its introduction back in Windows 2000 Server.  Over 90 percent of the world’s business IT relies on Active Directory for local user and machine management, authentication, policy application, and directory services. 

    Contoso.com's ADAnd with every new version of a Windows Server product, we make improvements and add new functionality that either directly impacts Active Directory, or indirectly impacts (read: enables) other new functionality on behalf of your users, applications, and managed resources.  So naturally we couldn’t do a series of “Why Windows Server 2012 R2” articles without discussing it.

    If there were an overall theme on top of the updates in Active Directory in Windows Server 2012 R2, I would have to say it’s the new capabilities to support the “Consumerization of IT” and “BYOD”. 

    From this TechNet Document:

    “One of the most prevalent IT industry trends at the moment is the proliferation of consumer devices in the workplace.  Employees and partners want to access protected corporate data from their personal devices, from checking email to the consumption of advanced business applications.  IT administrators in organizations, while wanting to enable this level of productivity, would like to continue to ensure that they can manage risk and govern the use of corporate resources.”

    To support this notion of giving our employees the ability to get their work done from their personal devices, of course there has been new functionality added to Active Directory to support it.  But before I get ahead of myself, why don’t I list out the 4 key value propositions – the main things you get that are new, and enabled by new capabilities in Active Directory:

    1. Workplace Join – Allow a user to associate their personal device with the company directory
    2. Single Sign-On from those devices now associated with the directory, granting them access to corporate data and applications
    3. Securely authenticate for and connect to company applications and data from anywhere (with an Internet connection), and
    4. Manage the risk of those users who work from and access data from anywhere.

    NOTE: These each are very big topics in their own right.  So, rather than doing an exhaustive write-up on each one, I’ll summarize the capabilities and benefits here, point out what specifically has changed in Active Directory to support it, and then point you to more complete documentation and user guides for further study if you wish.

    Join the Workplace

    What is it?

    clip_image002As a company employee who has his/her own device, and with the blessing of the company I work for (who is really interested in allowing me to be mobile and productive on whatever device I have), I want to be able to get stuff done.  So I will “join” my device to the “workplace”.

    “Isn’t that like joining the domain?”

    Yes.  Well, sort of.  But more correctly, NO.  It’s not going to be a domain-joined device in the way that we’ve been managing devices since Windows NT.  In this case, we’re registering the device with the domain so that it (and its owner) will be trusted when requesting and running company-secured applications, accessing company-secured data, or otherwise accessing company-secured resources.  When you join a device to the workplace, it becomes “a known device and will provide seamless second factor authentication and single-sign-on to workplace resources and applications.”  And once the device is “known”, IT can leverage that knowledge to also apply additional configurations (example: pushing company VPN connection settings to the device).

    What changed in AD to support it?

    The main change here was the addition of the Device Registration Service.  The DRS, which is a new part of the Active Directory Federation (ADFS) role, creates a device object in Active Directory, and tracks the associated device’s certificate in order to represent the device’s identity.  

    For more information:

    The SSO (Single Sign-On)

    What is it?

    Here’s a simple scenario: You have a device that you’re using to connect to a company SharePoint server.  You’ve registered your device with the company (“workplace join”), so your device has a certificate that is known to the directory as being yours; an employee in good standing.  Without SSO, you would be prompted for a login with every application or company SharePoint server you try to access.  But with SSO, you will only be asked one time. 

    What changed in AD to support it?

    In addition to the Device Registration Service, the Active Directory Federation (ADFS) role allows claims-based authentication to occur based on trusted certificates.  Once the user is authenticated (username + password + trusted device + other factors as needed), the claim then is trusted and, while valid, can be used to launch company applications or access company data. 

    For more information:

    Authentication of users “Anywhere-and-on-Any-Device”

    What is it?

    Well.. it’s not just enough to be able to sign in once on my non-domain-joined, personal device.  I also want to be able to use it from anywhere.  With nothing more than an internet connection, I should be able to have authenticated, secured access to my company applications data; whether they’re hosted in public cloud locations or on the private corporate network.

    What changed in AD to support it?

    Web Application Proxy Topology

    The Web Application Proxy is a new role service; a new part of the Remote Access role.   Web Application Proxy “provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access them from outside the corporate network. Web Application Proxy preauthenticates access to web applications using Active Directory Federation Services (AD FS), and also functions as an AD FS proxy.“

    So, now armed with SSO (facilitated through ADFS), the authenticated user + device can access applications on the corporate network without having to use a VPN connection

    For more information:

    Trusting your “Anywhere-and-on-Any-Device” Users

    What is it?

    In the end, who are we really trusting?  We have users who have user accounts with passwords in Active Directory.  They also registered their device in Active Directory so that we know we can trust it, and the user.  Hmm.. that’s two things that we’re trusting.  Is this what we might call “second factor authentication”?

    Yep.

    What changed in AD to support it?

    ADFS in Windows Server 2012 R2 supports more than just the permitted (or denied) user in ADFS claims.  We’ve added “multiple factors”, including user, device, location, and authentication data.  Authorization claim rules have a greater variety of claim types. 

    ”in AD FS in Windows Server® 2012 R2, you can enforce multi-factor access control based on user identity or group membership, network location, and device (whether it is workplace joined)”

    For more information:

    Summary

    The idea here is that Microsoft has expanded Active Directory in Windows Server 2012 R2 to support tracking devices that are “registered” (not joined) to the domain.  With those trusted devices we have further technology to grant authenticated access to our trusted users; even using multiple forms of information (multifactor authentication) to grant secured access to applications and data.  We allow users to sign-in one time and continue to have access to multiple apps and resources, from wherever they are (thank you ADFS).  And we even have a Web Application Proxy to allow that trusted access directly to internal resources as well.

    ---

    Here are some other topics relating to “What’s New” in Windows Server 2012 R2 and Active Directory:

    And of course, if you haven’t had a chance to try it out, you can download the evaluation of Windows Server 2012 R2 HERE.

    ---

    What do you think?  Is Microsoft doing the right thing to add support in Active Directory and supporting technologies to allow any user, any device, from anywhere to be able to get work done?  Please add to the comments if you have an opinion, a question, or any sort of off-the-wall comment.

  • The “Replica Replica” in Hyper-V

    In today’s article in the “Why Windows Server 2012 R2” series, I’d like to show off a new feature in Hyper-V; something I like to call the “Replica Replica”.

    “Huh?”

    ReplicationAs many of you know, Microsoft introduced a new, powerful tool for your disaster recover (DR) tool belt called Hyper-V Replica back in Windows Server 2012 Hyper-V and Hyper-V Server 2012.  For those of you who are not yet familiar with it, a Hyper-V Replica is an easily created and up-to-date offline copy of a virtual machine.  On some other host – either in your local or in some remote datacenter – you have a copy of a virtual machine that can be available in case of disaster.  If something bad happens to the production machine, you can failover to the replica virtual machine very quickly. 

    For a most-excellent description of Hyper-V Replica is and how to set it up in Hyper-V in Windows Server 2012 Hyper-V, check out this blog post from the series “31 Days of our Favorite Things” -

    Windows Server 2012 and Hyper-V Replica (Part 5 of 31) 

    “So, what’s new in R2?  What’s this ‘Replica Replica’ you talk about?”

    We’ve added the ability to create yet another replica.  It’s a replica of the replica.  It’s an additional offline copy of a virtual machine and its configuration, made available, synchronized and automatically kept up-to-date on yet another Hyper-V host.  Interestingly the request was from our many hosting providers, and it makes a great deal of sense in their scenario, where they are the ones hosting a replica on behalf of their customers.  It only makes sense that they would love to have a backup of the replica they’re hosting.. so why not make it a replica of the replica?

    “Brilliant!”

    Yeah, I thought so, too.

    “How does it work?”

    It’s very simple.  After you’ve created the first replica, you right-click on the replica machine and select “Extend Replication…”.  In my example, I have already set up a replica of my domain controller, and I’m going to extend the replication and put a replica of the replica on my Hyper-V Server named HVSR2-1

    image

    The wizard looks and works very much like setting up the initial replication does.  Once you get past the Before You Begin screen…

    image

    …you choose or browse to the server you want to put the replica on (the Replica server)…

    image

    You pick the type of authentication you want to use (based on what has been enabled in the Replication Settings on the Hyper-V Host settings)…

    image

    You pick a replication frequency. 

    image

    NOTICE that I have two choices here, because I had selected the primary replica as sending changes every 5 minutes.  Your choices will depend upon what you selected for the first replica frequency. 

    You may not know this (yet), but Hyper-V Replica in Server 2012 R2 allows for more than just the 5 minute intervals that were in the original Hyper-V Replica in Server 2012.  You can have replication send changes every 30 seconds, 5 minutes, or 15 minutes for the first replica.  For the extended replica, you must replicate at an interval that is less-or-equally-frequent to the first replica; with the exception being that you cannot replicate the to the extended replica at the 30 second interval. 

    Here’s a quick chart that shows the extended replication interval options available based on the first replica interval selected:

    Primary Replica interval selected Extended Replica intervals available
    30 seconds 5 minutes
    15 minutes
    5 minutes 5 minutes
    15 minutes
    15 minutes 15 minutes

    Getting back to our wizard; now we select how many recovery points we want to maintain of the extended replica…

    image

    We select an initial replication method, plus when to launch the initial replication if requested…

    image

    Check the summary…

    image

    And Finish.  We’re done.  And the first extended replication is now going over the wire.

    image

    Pretty cool, huh?

    “Pretty cool.  So now I can failover to either of my two replicas?”

    That’s right!

    Now, if I right-click on the first replica…

    image

    I see that I have similar options to what I had back in Hyper-V 2012.  But now I have an additional “Pause Extended Replication” option as well. 

    Here’s a failover scenario for you…

    Let’s say I have a virtual machine “DukeN” running on Host A, with replica on Host B and extended replica on Host C.

    Host A goes down.  So I right-click on the “DukeN” machine and select Failover…, and DukeN fires up and is now running on Host B.

    If I right click the newly running VM and look at the Replication options I have now on the failover machine, it’s pretty interesting…

    image

    I can “Reverse Replication”, which means I can now treat this running (but still considered a replica) machine as the primary machine, and begin replication back to what was the primary location.  Note: if you do this, it essential "orphans” the old extended replica.  You’ll have to re-extend the replication if you want to.

    I can “Remove Recovery Points..”, which does cleanup of this replica of any other points still saved.

    I can “Cancel Failover”, which will shut this replica down and assumes that the original machine is now available and can be started.

    I can “Resume Extended Replication”.  This one is interesting to me.  It assumes that Host C (containing the extended replica) is still available.  When selected from Host B, then Host B becomes the main VM and the copy on Host C becomes the first replica.  Once a synchronization process is completed, you can then go to the VM on Host C and Extend Replication to another host (Host D?). 

    ---

    Good stuff?  Try it out yourself by downloading the evaluations of either Windows Server 2012 R2 or Hyper-V Server 2012 R2.  And let me know if you have any comments or questions by posting them in the comments section.

  • Learn Microsoft Virtualization in Your Own Easy-to-Build Virtual Lab

    Virtualization Lab Build Guide

    Many of you in the U.S. may be familiar with the Microsoft “IT Camps” that we host now and then, where we teach you some great stuff and then give you the opportunity to work with the technology through hosted hands-on lab exercises.  These free in-person events have become very popular.  They’re so popular, in fact, that our next of IT Camps (kicking off this week) are pretty much all filled to capacity!  (This is why I don’t have a link to share on where to go to register. We’re all full!) 

    The labs we’re doing this time involve configuring and driving a highly available virtualization and private cloud platform using Windows Server 2012 R2 and System Center 2012 R2 Virtual Machine Manager.  Our IT Campers will configure storage pools, networking, virtualization hosts, a highly available host cluster, and even virtual machine templates and service templates.  All-in-all there are about four hours of really rich lab work awaiting our IT Camp attendees.

    Beyond the fact that these labs were only for our IT Camp attendees, a sad limitation in the timing of the lab.  We could only make the online versions available to you for the day of the event only, and no more.  So invariably at every IT Camp I get comments that go something like this:

    “Hey Kevin.. I love these labs, and I’d love to be able to do them again.” 

    - OR -

    “Hey Kevin, I have other people at my company that would learn so much from these labs.” 

    - OR -

    “Gosh, Kevin, I wish I could have access to these labs for more than just today.”

    And each of these are usually followed by the big question:

    “Do you have any instructions on how to build these lab virtual machines so that I can run them on my own hardware?”

    Well.. you’re in luck!  For this new set of IT Camps, and even for those of you who are unable to attend, I’ve created a Virtualization Lab Build Guide.

    “A Virtualization Lab Build Guide?”

    Virtualization Lab Build GuideYes.  I provide easy instructions and PowerShell scripts to help you quickly spin up and configure the 5 virtual machines that are used in the Virtualization lab; the same lab that we’re doing at our IT Camps.  And of course I’m also including the original lab manual; the same one that we’re handing out at our events.  So once you have the machines built, you can go through the labs over and over again to your heart’s content, or quickly spin up training environments for your other co-workers.

    “But, what will I need to have to do this?”

    For the software on your host machine, you’ll have to be running Windows Server 2012 R2 with the Hyper-V role installed.  The free evaluation installation works just fine. 

    In order to be able to run all 5 virtual machines on the same physical box, your server (or like in my case, a Hyper-V-capable spare laptop) will have to have at least 16GB of RAM and at least 200GB of free disk space

    The software required to build the virtual machines is all evaluation or free software:

    Once downloaded, you just extract the “Virtualization Lab Build Guide.zip” file containing the resources, put the above software installations into the .\Base folder, and run the script that creates the virtual machines. 

    But I’m getting ahead of myself.  Full instructions are included in the guide.  Download the Lab Manuals and .ZIP file from my SkyDrive here: Virtualization Lab Build Guide

    Virtualization Lab Build Guide

    Feel free to send me any feedback or questions, either in the comments on this blog post, or through the contact function (“E-mail Blog Author”) on this blog.  This is version 1.1, so I definitely expect to be fixing and improving things as I hear from you all.  I sincerely hope you will make good use of these resources!

    And if it is useful to you, then I’ll be doing more of these in future.

  • How fast is fast? Virtual Machine Live Migration Improvements

    When you’re doing a Live Migration** of a virtual machine between hyper-v hosts, you want it to go quickly.  You may be doing the migration of one or several or dozens of virtual machines all at once, and the performance of the network and the network paths you choose are going to determine how quickly you can get the job done.  Yes, sure, in one sense it doesn’t matter how long it takes if the VMs will continue to run and provide service during the migration.  But if I’m doing, say, an automated update of all of the hosts in my cluster, and allowing it to drive the live migrations of machines among hosts, the speed with which those migrations complete will ultimately determine how long it takes to complete the updates of all of those hosts.  If I’m really maxing out the capabilities of Hyper-V in Server 2012 R2 or Hyper-V Server 2012 R2, that could mean as many as 8,000 virtual machines moving around and among 64 clustered hypervisor nodes.  So, speed is still important.

    In the past, memory of a running virtual machine was just sent over the wire (TCP/IP) as it was.  Nothing special was done to it.  But as hardware costs have improved to support larger and larger scale, and as we’re afforded the ability to run more virtual machines with more and more memory, we certainly want to do everything we can to make that transfer of memory and configuration data go as quickly as possible.  So to address this and improve things, we’ve added two new technologies to hyper-v in Windows Server 2012 R2 and Hyper-V Server 2012 R2:

    1. Live Migration Compression, and
    2. Live Migration via SMB Direct (RDMA)

    Let’s talk about those, shall we?

    Live Migration With Compression

    Did you know that your hypervisor host isn’t typically suffering much when it comes to processor capacity?

    “I didn’t know that.”

    It’s true.  So, what we’re going to is borrow some extra CPU cycles while we’re doing a live migration, and actually compress the migration data before it goes over the wire, and decompress at the destination. 

    If it sounds just that simple, well, it is.  And it’s just a simple choice in the Live Migrations –> Advanced Features settings on your Hyper-V hosts:

    image

    And as if that wasn’t good enough…

    Live Migration via SMB Direct (RDMA)

    In Windows Server 2012 we introduced a new version of SMB – SMB 3.  Among other things, this version of the protocol greatly improves performance; even to the extent that we can trust a basic file share to be the location for live data such as a virtual machine’s hard disks and data disks, or a SQL Server database.  (Click here for a good summary of what SMB 3 provides.)

    SMB Direct (SMB over Remote Direct Memory Access, or RDMA) is technology that, given hardware (the NICs) supporting it, can establish an efficient memory-to-memory transfer of data.  In Server 2012 the main beneficiary of this was faster file services.  But in R2 we’re using this to send live migration data between the Hyper-V hosts. 

    image

    So now instead of just sending the memory and configuration of a VM over the wire using TCP/IP, or compressing it first, we’ll use a direct memory-to-memory channel. 

    Can you say “FAST”?

    “Fast!”

    I knew you could. 

    “But, can you give me an example?  Can you show me how they compare?”

    The best example I can give you is Jeff Woolsey’s demonstration he did for the TechEd 2013 North America keynote this past June. 

    Click this link to watch his demo (at 1:56:15) : TechEd 2013 North America Keynote Video – Jeff Woolsey’s Live Migration Demo

    Click to watch Jeff Woolsey's demo.

    And for a more detailed description of Live Migration and the improvements made, check out this page: Virtual Machine Live Migration Overview

    Questions?  Comments?  Make sure you add them to the comments at the bottom of this post!  And try it out yourself by downloading the evaluations of either Windows Server 2012 R2 or Hyper-V Server 2012 R2

    ---

    **That’s a ‘vMotion’ for those of you who are more familiar with the VMware terminology.

  • TechNet Radio: (Part 3) Virtualization: Did You Know...

    In Part 3 of our “Virtualization: Did you Know…” series, Jeff Woolsey and I conclude our Top 10 list of Virtualization solution facts.

    Download

    Missed Part 1 or Part 2  in this series? Click the links and get caught up!

    __________________________

    Experience Microsoft's latest products with these FREE downloads!
     Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2 and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

     Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial

    __________________________

    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

    More Videos:

    clip_image005622Follow the conversation @MS_ITPro
    clip_image0061122Become a Fan @ facebook.com/MicrosoftITPro

    clip_image005922Connect with Kevin @KevinRemde
    clip_image0061222Become a Fan @ facebook.com/KevinRemdeisFullofIT

    clip_image008322Subscribe to our podcasts via iTunes, Stitcher, or RSS

  • TechNet Radio: (Part 2) Virtualization: Did You Know...

    In this episode I welcome back Jeff Woolsey to the show for Part 2 of our three part “Virtualization: Did you Know…” series, where we cover four more quick facts about Microsoft’s Virtualization solution.

    Download

    __________________________

    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Experience Microsoft's latest products with these FREE downloads!
    clip_image00232Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

    clip_image00432Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial

    Websites & Blogs:

    clip_image00562Follow the conversation @MS_ITPro
    clip_image006112Become a Fan @ facebook.com/MicrosoftITPro

    clip_image00592Connect with Kevin @KevinRemde
    clip_image006122Become a Fan @ facebook.com/KevinRemdeisFullofIT

    clip_image00832Subscribe to our podcasts via iTunes, Stitcher, or RSS

  • TechNet Radio: Building Clouds - SQL Server Self-Service Kit - Deploying SQL Server as a Service with System Center 2012

    imageIn this episode I welcomes Bruno Saille to the show.  We discuss the SQL Server Self-Service Kit and how it works with System Center 2012 to help automate SQL Server deployments.
    Tune in as we discuss how the self-service kits works, which System Center components are required as well as what plans are in store for the next release.

    Download

    __________________________

    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Experience Microsoft's latest products with these FREE downloads!
    clip_image002Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

    clip_image004Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial

    Websites & Blogs:

    Tools:

    Videos:

    clip_image005Follow the conversation @MS_ITPro
    clip_image006Become a Fan @ facebook.com/MicrosoftITPro

    clip_image005Connect with Kevin @KevinRemde
    clip_image006Become a Fan @ facebook.com/KevinRemdeisFullofIT

    clip_image008Subscribe to our podcasts via iTunes, Stitcher, or RSS

  • Webcast: Microsoft Virtualization – Important Things You Didn’t Know

    Today (just a few minutes ago, in fact) I had the honor of presenting a webcast entitled “Microsoft Virtualization – Important Things You Didn’t Know” on BrightTALK

    The recording is now available, and viewable here:

    (click to go to the recording)
    Kevin's Webcast hosted on BrightTALK

    Let me know if you have any questions…

  • What’s New in R2 – The Executive Interviews

    Brad Andersion - Sr. VP - Microsoft CorporationA couple of months ago I had the privilege to interview Brad Anderson.  Brad is a Sr. VP at Microsoft, responsible for the System Center and Windows Server product lines.  So…

    “So this guy knows what he’s talking about?”

    Exactly.  As a companion to his blog - In the Cloud – we recorded these three interviews around his nine-part “What’s New in R2” blog series.  So for today’s article in our current “Why Windows Server 2012 R2” series, I thought I’d give you another opportunity to hear what Brad has to say.  Here are the videos, and I’ll include the links to his blog series posts below as well.  Enjoy!

    ---

    TechNet Radio: (Part 1) - What’s New in 2012 R2 - Empowering People-Centric IT

    TechNet Radio: (Part 2) What’s New in 2012 R2 – Transforming the Datacenter

    TechNet Radio: (Part 3) What’s New in 2012 R2: Enabling Modern Business Applications

    Brad Anderson’s “What’s New in 2012 R2” Series

    1. What’s New in 2012 R2: Beginning and Ending with Customer-specific Scenarios
    2. What’s New in 2012 R2: Making Device Users Productive and Protecting Corporate Information
    3. What’s New in 2012 R2: People-centric IT in Action - End-to-end Scenarios Across Products
    4. What’s New in 2012 R2: Enabling Open Source Software
    5. What’s New in 2012 R2: IaaS Innovations
    6. What’s New in 2012 R2: Service Provider & Tenant IaaS Experience
    7. What’s New in 2012 R2: Identity Management for Hybrid IT
    8. What’s New in 2012 R2: Hybrid Networking
    9. What’s New in 2012 R2: Cloud-integrated Disaster Recovery
    10. What’s New in 2012 R2: Enabling Modern Apps with the Windows Azure Pack
    11. What’s New in 2012 R2: PaaS for the Modern Web

    Related Resources

    Websites & Blogs:

     Follow @technetradio
     Become a Fan @ facebook.com/MicrosoftTechNetRadio

     Follow @KevinRemde
     Become a Fan @ facebook.com/KevinRemdeIsFullOfIT

    Subscribe to our podcast via iTunes, Stitcher, or RSS

  • TechNet Radio: (Part 1) Virtualization: Did You Know...

    Today I welcome Varun Chhabra to the show as we kick off our three part “Virtualization: Did you Know…” series. 

    In this series we will discuss facts and facets of Microsoft’s Virtualization solution that, if you are currently using some other virtualization platform, you probably didn’t know but definitely should.

    Download

    __________________________

    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Experience Microsoft's latest products with these FREE downloads!
    clip_image0023Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

    clip_image0043Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial

    Websites & Blogs:

    clip_image0056Follow the conversation @MS_ITPro
    clip_image00611Become a Fan @ facebook.com/MicrosoftITPro

    clip_image0059Connect with Kevin @KevinRemde
    clip_image00612Become a Fan @ facebook.com/KevinRemdeisFullofIT

    clip_image0083Subscribe to our podcasts via iTunes, Stitcher, or RSS

  • Build a Hyper-V Lab for a Chance to WIN a Surface Pro and MORE! ( US ONLY )

    Build your very own Hyper-V Server 2012 R2 for FREE and Enter for a chance to win* one of the following fantastic prizes:

    • Three Grand Prizes: One of three Microsoft Surface Pro 64GB devices with Type Cover keyboard cover ($828.99 USD Retail Value)
       
    • Twenty-Five First Prizes: One of twenty-five Microsoft Certification Exam Vouchers ($150.00 USD Retail Value)

    You could win a Surface Pro or Certification Exam Voucher!

    You could win a Microsoft Surface Pro or Certification Exam Voucher!

    But Wait! There’s More!

    In addition to a chance to win one of the prizes above, EVERY ENTRANT will receive our Hyper-V Server 2012 R2 enterprise-grade bare-metal hypervisor software completely free.  This is a fully functional virtualization hypervisor that supports scalability up to 320 logical processors, 4TB physical RAM, live migration and highly-available clustering.

    Hyper-V serves as the virtualization foundation for Private Clouds leveraging Windows Server 2012 R2 and System Center 2012 R2.

    How To Enter the IT Pro “Cloud OS Challenge”

    You can enter the IT Pro“Cloud OS Challenge” Sweepstakes by completing all of the THREE EASY TASKS below to download and build your Private Cloud foundation with Hyper-V Server 2012 R2.  Be sure to complete the last task to submit your proof-of-completion for entry into this sweepstakes.

    • Entries must be received between November 1, 2013 and November 30, 2013 to be eligible. One entry per individual.
    • This Sweepstakes is open to all IT Professionals Age 18 and over that are legal residents of the United States.
    • Estimated Completion Time: 20 minutes

    TASK 1 – Download Hyper-V Server 2012 R2

    Download the Hyper-V Server 2012 R2 installation bits using the link below.

    Download Hyper-V Server 2012 R2 for FREE!

    DO IT: Download Hyper-V Server 2012 R2

    TASK 2 – Install Hyper-V Server 2012 R2

    Install Hyper-V Server 2012 R2 in your lab environment using the installation steps linked below.

    DO IT: Install Hyper-V Server 2012 R2

    TASK 3 – Submit Proof-of-Completion

    Complete the steps in this task to submit your proof-of-completion entry into the IT Pro “Cloud OS Challenge” Sweepstakes for a chance to win one of the exciting prizes listed above.

    1. At the console command prompt of your new Hyper-V Server 2012 R2 server, run the following command to collect your server's configuration:
       
      systeminfo >CloudOSConfig.txt
       
    2. Copy the CloudOSConfig.txt file created in Step 1 above to a USB storage device or other location that is accessible for sending an email.
       
    3. Send a new email message to CloudChallenge@microsoft.com
       
    4. IMPORTANT: In the body of the email, include this exact text:
      “I’ve completed the Microsoft IT Pro Cloud OS Challenge for Hyper-V Server 2012 R2.”
       
    5. IMORTANT: Attach the file created in Step 1 into the body of the new email message created above.
       
    6. Click the Send button in your email client to submit the email message as your proof-of-completion and sweepstakes entry.

    Upon submitting your entry, you will receive a confirmation email within 24-hours.

    COMPLETED! But … Want more?

    Now that you’ve installed Hyper-V Server 2012 R2, continue your learning and evaluation with these additional resources.

    • Want to learn more about Hyper-V Server 2012 R2 and Microsoft Private Cloud?
      • COMPLETE this Step-by-Step Guide for Hyper-V Server 2012 R2.
      • MANAGE Hyper-V Server 2012 R2 with local console tools.
      • CLUSTER Hyper-V Server 2012 R2 for highly available virtual machines.
      • MIGRATE Virtual Machine workloads to Hyper-V Server 2012 R2.
      • BUILD Your Private Cloud with System Center 2012 R2.

    *NO PURCHASE NECESSARY. Open only to IT Professionals who are legal residents of the 50 U.S. states or D.C., 18+. Sweepstakes ends November 30, 2013.  For Official Rules, see http://aka.ms/CloudChallenge201311Rules.

  • SWMOAITP Charitable Downloads Terms and Conditions

    About

    For each member of the Southwest
    Missouri Chapter of the AITP (SWMOAITP) who downloads Window Server 2012 R2 or
    Hyper-V 2012 R2 from the below links between 11/4/13 and 11/30/13, Microsoft
    Corporation (“Microsoft”) will donate USD $2 to the Council of Churches of the
    Ozarks (a 501c3 organization; see http://www.ccozarks.org).

     

    Description

    When SWMOAITP members download Windows
    Server, we’ll point you to instructive videos, hands-on labs, and more available
    at http://aka.ms/SWMOAITPFor each completed download by registered SWMOAITP members
    during the promotional period, a USD $2 donation, up to a maximum USD $3,000,
    will be made to the Council of Churches of the Ozarks.  See the official
    terms and conditions at: http://aka.ms/SWMOAITP.

     

    Terms & Conditions

    Offer good only to legal residents of the 50 United States & D.C.
    aged 18 or older who are registered members of the Southwest Missouri Chapter
    of the AITP (SWMOAITP).  Offer is not valid where prohibited by law.

    Must complete full download from below links
    between November 4, 2013 and November 30, 2013.  Offer good only to the
    first 1,500 registered members who complete downloads of Windows Server 2012,
    Window Server 2012 R2 Preview, Hyper-V 2012 or Hyper-V 2012 R2 Preview until
    the end of the promotional period, whichever comes first.  Limit 1 download
    per member, and up to USD $3,000 for donation on behalf of SWMOAITP to the Council
    of Churches of the Ozarks. May not be combined with other offers. This offer
    will be fulfilled in the form of a monetary donation to the Council of Churches
    of the Ozarks charity within 90 days after the end of the promotional period.
    Microsoft reserves the right to modify or cancel the terms of this offer at any
    time.  Your download for the purpose of this offer does not create an
    employment relationship of any kind between you and Microsoft or otherwise
    entitle you to compensation or remuneration from Microsoft. Due to government
    ethics and procurement laws, employees of certain government agencies
    (including but not limited to military and public education institutions) may
    not be eligible to participate. It is your sole responsibility to review and
    understand your employer’s policies regarding your eligibility to participate
    in offers and promotions. Microsoft employees are not eligible to participate.
    Microsoft disclaims any and all liability or responsibility for violations of
    laws, or for disputes arising between an employee and their employer related to
    this offer. Microsoft reserves the right, as determined by Microsoft in its
    sole discretion, to disqualify any person not complying with these offer Terms
    and/or acting fraudulently with the intent to avoid offer restrictions or other
    limitations.

     

    Name

    FY14 EP URL

    Windows Server 2012 R2
      Download

    http://www.microsoft.com/click/services/Redirect2.ashx?CR_CC=200328027

    Hyper-V Server 2012 R2
      Download

    http://www.microsoft.com/click/services/Redirect2.ashx?CR_CC=200328028

  • A New Blog Series: Why Windows Server 2012 R2

    Why Windows Server 2012 R2

    Yes, it’s been a few weeks since our last series wrapped up (“VMware or Microsoft?”), so it’s about time we started a brand new series of blog articles.

    “Who’s ‘we’?”

    A fair question.  The ‘we’ I’m talking about is the 11 Microsoft US DPE IT Pro Evangelists in these here 48 contiguous United States.  The series runs to the end of November (just before Thanksgiving here in the U.S.), and is all about answering in as many useful ways as possible, the magical question: Why?

    • Why should I care about Windows Server 2012 R2?
    • What does it do that I can’t already do with older versions of Windows Server or other operating systems?
    • What do I need to do to take advantage of it?
    • Where can I go to get more detailed information on a particular subject?

    …and so on.

    My friend Dan Stolts is the organizer of the series, and owner of the official landing page: “Why Windows Server 2012 R2

    Keep watching his landing page and the complete list of articles and their anticipated dates of publication. 

    RECOMMENDED: To follow along with the dozens of examples we’re going to be writing about, we highly recommend that you download and install the following newly-available R2-version evaluation software:

  • TechNet Radio - Understanding BYOD: What it Means for My Company (Part 1)

    In this two part series with Sr. Knowledge Engineer Yuri Diogenes, we explore the world of “Bring Your Own Device” (BYOD) scenarios and how more IT organizations are trying to support it.

    In part one we try to help explain the benefits, challenges and considerations that need to be made around BYOD.

    Download

    Download the “BYOD Survival Guide” Here!

    __________________________

    Experience Microsoft's latest products with these FREE downloads!
     Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2 and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

     Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE TRIAL

    __________________________

    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

    Videos:

    clip_image005622Follow the conversation @MS_ITPro
    clip_image0061122Become a Fan @ facebook.com/MicrosoftITPro

    clip_image005922Connect with Kevin @KevinRemde
    clip_image0061222Become a Fan @ facebook.com/KevinRemdeisFullofIT

    clip_image008322Subscribe to our podcasts via iTunes, Stitcher, or RSS

  • Welcome Back!

    Happy Monday!

    “Monday?  It’s Thursday, dummy.”

    What better way to start the new year than by evaluating some great solutions from Microsoft?Right.  But it feels like Monday.  Today is the dreaded first day back to work after a nice long Christmas and New Year vacation.  For many (like me), it’s the most difficult-to-get-out-of-bed morning there is. 

    So this note to you (in the form of a blog article) is just my way welcoming you back, and  wishing you all a productive return to your normal routines. 

    I sincerely hope you all had as nice a Christmas break as I did.  And you can all un-decorate the house and toss out the tree on Saturday, but for today and tomorrow, let’s kick some serious I.T. butt.

    …once we get caught up on e-mail, that is.

  • TechNet Radio - Understanding BYOD: How to Make it Happen (Part 2)

    Yuri Diogenes and I are back for Part 2 of our BYOD solution series.  In today’s episode we explore some of the technologies from Microsoft and how you can implement them into your organization’s BYOD strategy.

    Download

    Download the “BYOD Survival Guide” Here!

    __________________________

    Experience Microsoft's latest products with these FREE downloads!
     Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2 and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

     Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE TRIAL

    __________________________

    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

    Videos:

    clip_image005622Follow the conversation @MS_ITPro
    clip_image0061122Become a Fan @ facebook.com/MicrosoftITPro

    clip_image005922Connect with Kevin @KevinRemde
    clip_image0061222Become a Fan @ facebook.com/KevinRemdeisFullofIT

    clip_image008322Subscribe to our podcasts via iTunes, Stitcher, or RSS

  • How should I backup my Windows Azure VMs? (So many questions. So little time. Part 51.)

    This excellent question was asked by Ralph at our IT Camp in Saint Louis a few weeks ago:

    Sign up for the Azure trial“One of the questions asked by our VP relates to Azure backups protecting from user error rather than hardware failure or disaster recovery.  What is the Microsoft guidance on backing up VMs in the cloud?”

    How do you protect the data on your servers today?  The quick answer to this question is that you need to protect OS and application configuration and business data the same way on your physical virtual machines; no matter where they reside.  A benefit of putting any storage (which includes your virtual machines) in Windows Azure is that it is all kept highly-available and geo-redundantly replicated; and that’s just automatic.  But beyond that, you are responsible for any machine or data backups or archiving that you may feel is needed.

    “Okay.. but what about Azure storage BLOB snapshots?”

    Well.. yes, Windows Azure actually does have the ability to take and maintain BLOB snapshots through the REST APIs.  And a few vendors have created solutions to use this as a way to keep point-in-time copies of virtual machine disks, and then restore machines from those snapshots.  But using BLOB snapshots for Virtual Machines in Windows Azure is currently not supported by Microsoft.

    I repeat: As of October 11, 2013, using BLOB snapshots for VMs in Windows Azure is not supported by Microsoft

    That said, Chris Clayton has a script that you can use to backup and restore Azure VMs using BLOB snapshots.  But: “This is a demonstration and should not be used for production scenarios”…”This should not be used to replace your current backup and restore strategy.”

    Companies like Cerebrata (Cloud Storage Studio and Azure Management Cmdlets) and ClumsyLeaf (CloudXplorer) and others also have tools and operations for taking and restoring Azure storage BLOB snapshots, but the process of restoring a snapshot currently involves saving a copy of the VM configuration, deleting the VM, deleting the original disks, restoring the snapshots, and then re-restoring the machine configuration.  It’s still cumbersome, and prone to error. 

    And if you don’t do it right, you can end up with a corrupted VM. (Trust me.. I know from experience.)

    “Will we have a supported way to do this in the future?”

    I don’t know.  Personally, I hope so. 

    In the meantime, treat your machines the same as you would any other machine.  Backup their configuration and data according to your policies as required. 

    “Okay.. so what if I just want to make offline copies of my VMs?  Can I do that?”

    Absolutely.  For the backup, what you’ll want to do is:

    1. Shutdown the VM
    2. Save the VM configuration
    3. Make a copy of the VM’s disks (maybe with a date-stamped disk name for easy retrieval)
    4. Optionally download the disks to local storage and delete them from Azure storage

    And then for the restore:

    1. If not already in storage, copy the disks into Azure BLOB storage and designate them as “disks”
    2. Build an Azure VM from the saved configuration, but referring to the new disks
    3. Start the restored VM

    EXTRA CREDIT: Someone who has more time than I do today – build us two PowerShell scripts for doing this! 

  • Can Windows Azure Backup support a bare-metal restore? (So many questions. So little time. Part 52.)

    Recently we’ve been showing off a capability (currently in preview) called “Windows Azure Backup”, which is a simple file system backup and restore to/from Windows Azure storage. 

    At our IT Camp in Saint Louis a few weeks back, David asked:

    Sign up for the Azure trial“Can Windows Azure Backup do a bare metal restore in the event of total failure of a physical server?”

    Short answer: no.

    Longer answer: Not directly, no.  But consider this…

    You have other tools such as Windows Server Backup and System Center 2012 SP1 Data Protection Manager that can do a full system, system state, or even bare-metal image restore of a backed up machine. 

    With Window Server Backup, you could use a two-step process of additionally saving the WSB-created image up to Windows Azure storage using Windows Azure Backup.  And the restore would be to retrieve the image using WAB and then recover it.

    With Data Protection Manager, the new functionality to store your backup data into Windows Azure already exists as of System Center 2012.

    “So I can just put my image backup into Azure, right?”

    No.  DPM only supports Volume, SQL DB, and Hyper-V Guest backups to Azure.  So, in the same two-step process we discussed for Windows Server Backup, you could do your bare metal backup to a file share and then use DPM to protect that share to Windows Azure.

  • Windows Azure IaaS and File Security (So many questions. So little time. Part 53.)

    In the context of Windows Azure Infrastructure Services and our IT Camp in Saint Louis a few weeks ago, Lettie asked this question:

    Sign up for the Azure trial“If we had one large storage pool and added individual user folders, do we have the ability to setup file security access to each individual user folder? Is there the ability to limit a user’s folder size? We need a better backup solution for our 800+ remote users.”

    In order to answer this one, I have to make an assumption about the specific topic it relates to.  So I’ll answer this question in two ways.

    If you’re wondering (and I think you are) about whether or not ACLs can be assigned to or sizes restricted for containers within Windows Azure storage accounts, the answer is no. 

    But another thing to remember is that a network of virtual machines in Windows Azure can be treated as just another subnet in your corporate network.  And if your users connect via VPN or Direct Access to your network, they’ll have access to the servers “in the cloud”.  Those servers “in the cloud” can be hosting file services, with Storage Spaces storage pools and virtual disks containing user documents.  As long as those file servers are domain joined, you can easily add ACLs to those folders. 

    I’m only giving you one of what could likely be dozens of solutions out there.  If you’re reading this and have other recommendations for Lettie and her company, please share them in the comments.

  • FREE Virtualization IT Camps coming to a town near you

  • TechNet Radio: Building Clouds - An Inside Look at Virtual Machine Migration Tools

    In this episode I welcome “Migration Mark” from the Building Clouds blog series on TechNet to discuss best practices for migrating your virtual machines to Microsoft Hyper-V as well as some free virtual machine migration tools that are available. Check out this great discussion on MAP 8.5, MVMC and the Migration Automation Toolkit (MAT) .

    __________________________

    Experience Microsoft's latest products with these FREE downloads!
    clip_image002Build Your Lab! Download  Windows Server 2012System Center 2012 and  Hyper-V Server 2012 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

    clip_image004Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial

    __________________________

    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

    Tools:

    Videos:

    clip_image005Follow the conversation @MS_ITPro
    clip_image006Become a Fan @ facebook.com/MicrosoftITPro

     Follow @KevinRemde
     Become a Fan @ facebook.com/KevinRemdeIsFullOfIT

    clip_image008Subscribe to our podcast via iTunes, Stitcher, or RSS

    Download

  • Why doesn’t remote desktop to my Windows Azure VM work? (So many questions. So little time. Part 48.)

    Sign up for the Azure trialAn attendee at our IT Camp in Saint Louis a few weeks ago had an problem that is understandable:

    “Thanks for training session, I have a question.  Tried to RDP one of my VM’s at work and I can’t connect.  Possible firewall port issue?  I am going to try and connect from home tonight.”

    You're already onto the issue.  It’s important to remember that the port that you’re using for RDP is not the traditional 3389. 

    “It’s not?  How does that work?”

    Let’s step back for a second and consider what you see when you first create a virtual machine in Windows Azure and you get to the screen where “endpoints” are defined.  By default, it looks something like this…

    Virtual Machine Configuration

    …Notice that, even though the operating system is going to have Remote Desktop enabled and will be listening on the traditional port 3389, the external “public port” value that will be redirected to the “private port” 3389 is going to be something different.

    “Why?”

    Security.  We take the extra precaution of randomizing this port so that tools that are scanning for open 3389 ports out there won’t find those machines and then start attempting to log in.

    So the answer to your question: Yes, it’s a firewall issue.  And I bet it worked from home later that night.

    ---

    Let’s go one step further here and propose a couple of solutions to this, in case you also run into this problem.

    Solution #1: Open up the proper outbound firewall ports

    In the properties of your virtual machine, you can find what “public port” was assigned to the VM under the endpoints tab…

    VM Properties - Endpoints tab

    So this web server of mine is answering to my RDP requests via my ability to connect to it’s service URL and port 56537.  Since I am not restricting outbound ports, this isn’t a problem for me.  But knowing what this port is can help you understand what needs to be opened for a particular machine.

    “Is there a range of ports that I need to have open outbound?”

    The port that will be assigned automatically is going to come from the “ephemeral port range” for dynamic or private ports (as defined by the Internet Assigned Numbers Authority) of 49152 to 65535.  So if you simply enable outbound connections through that range, the defaults should work well for you.

    Solution #2: Modify the VM End Points

    You’ll note on the above picture that there is an “edit” option.  You have the ability to edit and assign whatever port you want for the public port value.  For example, I could do this…

    image

    …and just use port 3389 directly.  Of course, this would defeat the purpose for using a random, non-standard port for remote desktop connections.  But it could be done. 

    Solution #3: Use some other remote desktop-esque tool over some other port.

    The server you’re running as a VM in Windows Azure is your machine, so there’s no reason you couldn’t install some other tool of choice for doing management or connecting to a remote desktop type of connection.  Understand the application, what port needs to be enabled on the firewall of the server, and then add that port as an endpoint; either directly mapped with the same public/private port or using some other public port.  It  is entirely configurable and flexible.  And as long as you’ve enabled the public port value as a port you’re allowing outbound from your workplace, you’re golden.

    Solution #4: Use a Remote Desktop Gateway

    How about instead of connecting to machines directly, you do something more secured, manageable, and along the same lines of what you would consider for allowing secured access into your own datacenter remote desktop session hosts: Configure one server as the gateway for access to the others.  In this way you have the added benefits of just one open port; and that port is SSL (443).  You’re very likely already allowing out port 443 for anyone doing secured browsing (HTTPS://…), so the firewall won’t get in the way.

    ---

    I hope you found this useful!  Don’t hesitate to ask questions in the comments if you’d like me to clarify anything, or share your ideas if you have other solutions I haven’t yet considered.

    ---

    Still haven’t tried Windows Azure yet?  We’ll give you $200-worth of Azure in a one-month free trial.

  • How safe is my Windows Azure virtual machine? (So many questions. So little time. Part 50.)

    In Saint Louis a couple of weeks ago at our Windows Azure IT Camp, Joe asked me this question:

    Sign up for the Azure trial“When dealing with virtual machines and cloud for R&D. If during the process of researching you happen to download a contaminated file, can that file do harm to the actual machine that you are running? Wouldn't that file be saved on the parent machine in order to be accessed on the virtual machine?”

    What Joe was concerned about was whether or not the virtualization host is vulnerable from something bad happening in the virtual machine.  If a virtual machine gets compromised and some harmful or malicious (likely both) files get saved on the virtual machine’s hard disk, isn’t that file also a threat to the virtualization host on which it’s running?

    The short answer: No.

    The longer answer: Not really, no

    Remember that, when using virtualization, whether it’s vSphere, Hyper-V, or some other solution, typically a virtual machine’s operating system disk is really just a file as far as the host hypervisor and operating system is concerned.  That .vmdk or .vhd file is sitting in storage, and its contents are only being used by the virtual machine.  So even if that VM installs something bad, the host on which it is running won’t ordinarily know or care about it.

    Can the host operating system get at the files within the VM’s disk?  Yes, there are ways to do that when you’re running your own virtualization.  But you have to go out of your way to do that, and only when the virtual machine isn’t currently using the disk. 

    The same holds true for any interactions between the VM and other computers; virtual or physical.  You treat the VM as just another machine that needs to be networked and protected. 

    If the malicious file gets saved on an SMB file share, or some other networked storage that is shared, then of course other machines may be exposed to it.  Here is where Windows Azure actually gives you better protection of the platform.  While a local virtualization host might also share access to that same compromised storage, in Windows Azure there is no way for the virtualization hosts to interact with a virtual machine’s data in any way.  Period.

    For the security minded among us, I highly recommend you bookmark this page: The Windows Azure Trust Center.  This is where you’ll find our documented security practices, privacy rules, compliance standards, and so on.

  • Blog Series: Windows 8.1 for Business

    Windows 8.1 Powers BusinessWelcome to March!  And not that I mean to alarm you, but welcome to the final month before support ends on Windows XP.  I know that many of you supporting IT and devices for your businesses have known this for a while, and are either already done or continuing to work on migrating to Windows 7 or Windows 8But which one, and why?

    What’s interesting to me is that there is a lot of fear, uncertainty, and doubt (FUD) surrounding Windows 8.1 and whether or not there is any real benefit to providing and supporting it as the default, best-choice for business devices.  And while I know that most of you have indeed done proper due-diligence in order to come to the conclusion that Windows 7 is a better choice for your businesses, it just may be that not all of your information was based on fact, or was missing some very important beneficial tidbits which, if you had known, might very well have changed the equation.

    That’s the purpose of this March blog series: “Windows 8.1 for Business”We, the 9 Microsoft Technology (IT Pro) Evangelists in the US, plus a few special guest authors, want to take this month to help dispel some myths and provide some useful resources for you as you evaluate (and hopefully choose) Windows 8.1 as your business desktop/laptop/tablet/phablet platform of choice.

    Below is our schedule, which will be continually kept up-to-date with links to completed articles as they become available.  Stop back often, because we sincerely want you to benefit from this information.  And if you have any questions or comments, please please please post them in the comments either here, or at the articles themselves.

    UPDATE: Thank you for your patience!  Due to the importance of the topics we are going to cover, we’ve had to delay posting to this series.  We will continue soon (this week of March 17), and I’ll add items to  the schedule as soon as we’re sure of their availability.  Keep watching…

    All the best!
    Kevin Remde

    Date

    Article

    Author

    March 3

    Series Introduction (this article)

    Kevin Remde / @KevinRemde

    March 4

    Oh Start menu, how do I miss thee…or do I?

    Matt Hester / @MatthewHester

    March 5

    Beloved Desktop, Where Art Thou?

    Jennelle Crothers / @jkc137

    March 6

    Windows 8 works great without a touch screen

    Keith Mayer / @KeithMayer

    March 7

    Does Windows 8.1 require more hardware than Windows 7?

    Kevin Remde / @KevinRemde

    March 19 Getting started with Client Hyper-V Matt Hester / @MatthewHester
    March 20 Is the “Cloud” a really big deal? Blain Barton / @Blainbar 
    March 21 Remember Our Good Friend Group Policy Matt Hester / @MatthewHester
    March 28 Build No-code Business Apps with Windows 8.1, Project Siena and Microsoft Azure

    Keith Mayer / @KeithMayer

    March 31 Build No-Code Business Apps with Windows 8.1, Project Siena and Microsoft Azure (Part 2) Keith Mayer / @KeithMayer
    April 1 Build No-Code Business Apps with Windows 8.1, Project Siena and Microsoft Azure (Part 3) Keith Mayer / @KeithMayer
    April 8 Top 5 Key Security Improvements Anthony Bartolo / @WirelessLife
    April 10 XP EOS – Guidance for Small/Medium Businesses and Individual Consumers Pierre Roman / @PierreRoman
    April 14 Series Wrap-up and Resources Kevin Remde / @KevinRemde
  • Can I use an ACL to protect my Azure SQL Server VM? (So many question. So little time. Part 49.)

    Sign up for the Azure trialAt our IT Camp in Saint Louis a few weeks ago, Todd had a great question on protecting his cloud-based SQL Server:

    Kevin,

    Not sure this question was asked at the Azure IT boot camp but is there any future plans to segregate or ACL off the subnets in Azure?  Most of our web front ends are in our DMZ, in a lower security zone, and our SQL servers are in a higher protected zone.  The ACL allows communication between the two but I did not see that in the Azure portal.  So as it stands I could stand up a WFE and it could be talking directly to the SQL server and get compromised? 

    Is it the position of Microsoft to use Windows firewall between the servers? 

    I didn’t cover it in too much detail in our event, and it’s not something that is (yet) exposed in the Windows Azure Portal, but you do have the ability through PowerShell to assign complex network ACLs to a Windows Azure virtual machine. 

    From the article “About Network Access Control Lists (ACLs)”:

    Using Network ACLs, you can do the following:

    • Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint.
    • Blacklist IP addresses
    • Create multiple rules per virtual machine endpoint
    • Specify up to 50 ACL rules per virtual machine endpoint
    • Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest)
    • Specify an ACL for a specific remote subnet IPv4 address.

    The most simple example of an ACL is the fact that a VM created running Windows likely has a public endpoint that maps to a private 3389 endpoint for the sake of remote desktop connections.  Without that endpoint definition, the default is to just block everything.  As you see from the previous list, we can be even more selective than just opening or closing ports. 

    For the complete description of what ACLs are, read “About Network Access Control Lists (ACLs)”

    To learn how to manage and use them in Windows Azure, read “Managing Access Control Lists (ACLs) for Endpoints”

    $200 worth of Windows Azure for a free month!