I first saw this earlier in the week and thought it was a brilliant project, but I didn’t take much of a look under the covers as it was embedded on someone else’s site, might have been my boss’s blog.  Anyway this project uses the Lync 2010 SDK and that makes is super amazing because it shows some of the cool things you can do with great software, connected people an SDK and a bit of code.

LED Christmas Lights as IM presence indicators from Andrej Kyselica on Vimeo.

You’re trapped by snow, you tried to escape in the car but hit some ice and and skidded into the curb at less than 10 mph and bent your wheel axle.  There’s limited mobile reception.  There’s internet but only directly connected by cable to one PC.  You’re a geek who needs to work and that involves 2 laptops.  Your wife also needs to work on her laptop and connect to work remotely.  Your hosts , providing the house to keep you warm, also need to be able to work…this was the situation I found myself in (and still do) this weekend.  The answer, turning one of the laptops into a WiFi hotspot and sharing that single Internet Connection (aka SoftAP)  And also calling the car insurance!

So what’s involved?

Well first off I turned a laptop into an WiFi hotspot, which is simple with the right drivers from Intel and Windows 7.  What happens here is a virtual network adapter is created to handle to the hotspot traffic.

netsh wlan set hostednetwork mode=allow ssid=SiWiFi key=password

Once the connection is setup you need to share whatever network connection is providing internet access with the new hotspot.  To do that simple open the adapter settings, select the sharing tab, tick the box and select your new virtual network adapter. Obviously change SiWiFi and Key= to a ssid and key that you like.  This can be used to share any internet connect, be it coming from WiFi or from Mobile or a wired connection.

The next step is to start the new adapter and hotspot whenever you need it done with a simple command at the command line:

netsh wlan start hostednetwork

Finally connect to the hotspot as you would from any laptop to a wireless hotspot.

I remembered hearing about this ages ago from Long at iStartedSomething.com but I got the detail from MSDN this time around and if you don’t like the sound of this in your corporate environment then this video on Edge will help you prevent it being used in your organisation.

Sound scary?  Well it’s not, but it’s critically important in spurring cloud adoption in your organisation and therefore a set of key skills for IT Professionals.  We have a technology toolset called Active Directory Federation Service (ADFS 2.0) that uses a set of secure protocols like SSL and Public Key encryption to provide Single Sign On to applications that are not hosted inside your network.  It doesn’t even require a physical connection between your Active Directory Directory Service (AD DS) and the application, or even for you to dangle your AD DS on the internet like tasty shark bait.  In fact you don’t even have to place your AD DS into a DMZ.  All this means you can provide secure single sign on…but why would you and how do you?  (hint the how is at the bottom).

Lets take a look why.  What are the applications that your users use most frequently and easily?  Probably Word, Excel, PowerPoint…then probably some line of business apps (LOB).  How do people sign onto those LOB apps?  If you’re in a good place then they don’t need to, they just launch the app and get signed in automatically but if you aren’t then they probably need extra user names and passwords.  How many helpdesk calls does that create?  What perception of IT services in your organisation does that create?  I know, I’ve been there….the answer is usually lots of calls, poor perception.  That user experience can be better with simple AD authentication for the application.

The pain not having single sign on with a cloud application can be extreme.  Imagine this scenario:

But with ADFS 2.0 in place all that has to happen is that the user remembers their Windows password and logs in.  Just once and it’s far more secure because your organisation is in charge of the password reset policy, the complexity policy and most importantly – because they don’t have to remember lots of passwords they stop writing them down on their desks.

We’re pretty serious about this being a major piece of the cloud for the IT Professional, so much so that both @deepfat and I took two days out a week or so ago for offsite training on how to build ADFS 2.0 infrastructures.  It’s not all that complex either…once you have an understanding of PKI.  But to make it even easier you’ll find whitepapers that take a step by step approach to the technology just here: Single Sign-On from Active Directory to a Windows Azure Application Whitepaper .  Not only is this essential for Azure it’s also essential to know for the best possible Office365 integration.

One of the top cloud questions I get asked when I’m out and about is “how secure is my data in the cloud”.  It’s a simple question with a complex answer that spans dimensions, physical security, data redundancy, data protection, service levels and an underlying reliance on everything being trusted because it’s out of your own hands.  Traditionally your business would have been trusting you, the IT Department, and that trust would have been based on the premise that you’re part of the organisation and so working to a common goal.  So how do you build up trust if you’re in an outsourced situation where your data is being looked after by a cloud provider?

Mutual pain

Well if you look at the basis of the reasons that you trust the people in your IT department (and conversely the reasons why you loose trust) you start to gain a peak at the answers.  First and foremost the people in your IT department were probably employees or contractors under a contract of employment to provide services, 37.5 hours of work for example, in exchange for remuneration.  In a cloud or outsourced situation it’s fairly obvious that this is a very similar relationship.  You have a contract with your provider and you pay them to perform the the level of service that you agreed with them when you last renewed your relationship.  So you (and they) have the protection that the contracts affords you both.  With Microsoft if we don’t match up to those levels of service we give you a discount against the time you have remaining on the contract – so much like you could dock an employees pay for not turning up to work.  This builds trust because you have an element of mutual loss if something goes wrong.  If you had an employee and they didn’t turn up to work one week would you probably prefer not to have to pay them than have them work for an extra week (and possibly not turn up again) for free. 

Skills and training

Being well skilled as an IT Professional is essential and everyone expects their IT Department to be well skilled.  In the scenario of a cloud provider you want to know that they really know what they are doing.  You want to be able to see that they’re running this stuff, just like you want to see people in your IT Department running the same laptops as their users, you want to know that a cloud provider is using it’s own stuff.  We do.  This builds trust in two ways, firstly because you know that you share similar values to the company providing the service, we tend to trust people who are like us.  In a business situation it’s actually comforting to know that you’re trusting people who are in it to make money, but it’s also important to know that there’s more to it than that like pushing things forward with innovation in the right space.  In addition we also have International Organization for Standardization / International Society of Electrochemistry 27001:2005 (ISO/IEC 27001:2005) and Statement of Auditing Standard (SAS) 70 Type I and Type II attestations.  Which is a bit like trusting an employee to do a job because they have an MBA from Oxford.

Management

I’m pretty positive that 99.999% of people reading this will have a manager.  Even if you are the CIO you have a manager, they’re called shareholders or owners or partners or your family.  They tend to make sure you are doing the right things in the right way.  In most larger businesses this role gets devolved to a compliance or risk manager who overseas operations to make sure they’re done in the right.  You trust them, again usually through a combination of some of the above but their over watch assures trust in other people and helps you correct mistakes.  In cloud computing we’ve recognised this in buckets and so all good vendors strive to achieve the highest standards and to be audited with regularity.

Microsoft’s data centres were recently granted authorisation to operate under FISMA approval allowing them to host US Federal data.  That means that Microsoft has met a whole bunch of requirements and recommended security controls that the US Federal government requires to be in place to allow customer data into the hands of a 3rd party, in other words the US Government trusts the processes and procedures behind our data centres.  The same is true of passing those ISO/IEC standards they require upkeep and management.  In fact there’s a bunch more:

• Payment Card Industry Data Security Standard – Requires annual review and validation of security controls
  related to credit card transactions.
• Media Ratings Council – Relates to the integrity of advertising system data generation and processing.
• Sarbanes-Oxley – Selected systems are audited annually to validate compliance with key processes related to
  financial reporting integrity.
• Health Insurance Portability and Accountability Act – Specifies privacy, security, and disaster recovery
  guidelines for electronic storage of health records.
• Internal audit and privacy assessments – Assessments occur throughout a given year.

Transparency

Experience tells me people loose trust in their IT Departments due to lack of transparency.  The best laptops go to “special” people.  The most senior guys get “admin” accounts.  The IT Guy lords his skills over someone not from IT.  People don’t know the progress of their problem tickets.  Transparency around process and procedure goes a long way, a very long way, to helping give people trust in a system or cloud vendor.  With our cloud services you can actually see the processes we go through to run our cloud, so can anyone else who fancies doing it right.

Trust at depth

Security at depth is a term often used to describe how you get more security by layering different security sub systems (AV, Spyware, Patching, Encryption) on top of one another.  I think the above represents a similar idea for trust.  You know you can trust your cloud provider because they provide you with a number of indicators, some of which will be comfort some necessity, that build up into a model of trust.  Also there’s some law to revert to if you are in doubt.

Now that you know that you’ll be wanting to try Azure, BPOS or Office365 and you might find this whitepaper useful.

My buddy @deepfat and I were just having a chat and we thought we’d see if we could work out how much kit you guys are huggin.  So we've produced a couple of posts, mines on the desktop…his is on Servers.  So here’s my magical poll….