Rachel has asked us (Simon & Andrew) to identify the key skills that will help your career survive and thrive as businesses start to transition some or all of their services to the cloud. We aren’t suggesting you learn all of these, but if you focus on at least one technology plus the ‘soft’ skills below your future will be more secure as a result. We’ve also pulled in some resources to get you started.
Authentication and Identity
No matter where your data and services are, your users are going to need to get at them, and to do that they need to identify who they are and be accorded the appropriate privileges. Traditionally Active Directory has been providing this service in the local data centre and has been extended over the years to allow users and services on other operating systems e.g. Linux and Apple Macs, and more recently iPads, to work seamlessly across them to get mail, docs and services. Active Directory Federation Services (ADFS), extends this interoperability to the cloud - not just Microsoft’s, but third parties like SalesForce - and supports OpenID used by Yahoo Google and others.
To find out more:
I am an ex-DBA so my top recommendation is to get to know SQL Server. SQL Server has provided me with a great career and is another area of technology that won’t be much changed by the cloud. First of all no matter where the data is, DBAs will be needed in some capacity to manage it. Not only that but databases are only ever-increasing as storage becomes cheaper and cheaper.
Not every database will move to the cloud, and alongside the CloudPower messaging from Microsoft you’ll also see that in partnership with the server manufacturers there's a raft of new appliances specifically designed for different workloads of SQL Server e.g. business intelligence, data warehousing and OLTP (On-Line Transaction Processing), so there will still be some high-end databases that remain un-virtualised. Many organisations will be moving to hybrid clouds – I can see many web applications having a SQL Azure backend database, and SQL Azure does actually remove some of the work of the DBA e.g. high availability and configuration. However it also presents new challenges such as synching data between cloud and local, audit, query optimisation.
A final thought: typically 12% mention SQL Server as a skill on any of the top job sites.
The best resources for learning what SQL Server can do are
Process and automation
Given that cloud is supposed to be about agility you would think that standardising business processes and adopting ITIL standards for process management might be at odds with each other. The answer is simply process automation – taking those standard procedures and making them happen across the disparate systems in your infrastructure. So as well as looking at getting ITIL accredited you might want to think about putting your processes into code. You could become a PowerShell/PowerCLI guru and write miles of code to do this but there is a better way - System Center Orchestrator (SCOrch), the glue and gaffer tape in the System Center armoury. This allows you to hook your help desk up to the hardware, the hypervisor (theirs or ours), the virtual machine , the operating system and the application itself and map out your process so the business can understand it and sign it off. This then gets rid of the drudgery, leaving you to get on with the new project work that's been backing up on your desk over the last year.
It's an interesting time to get into this space, as the System Center lineup is in the process of being completely overhauled. There are beta releases of some of the new versions available now including SCorch, Virtual Machine Manager, Operations Manager, and Configuration Manager, with more due over the next couple of months. This will mean more detailed training on the Microsoft Virtual Academy, as well as various events we will be running in the UK this autumn.
Not really my world but the network engineers are all doing very well out of the cloud, the storage explosion, and the challenges of running lots of virtual machines on consolidated physical servers.
I put this in partly to be controversial but mostly because it’s too important to be left to the marketing department. The IT department and its members in particular need to be much better at promoting their work to the business and setting out the services on offer. On an individual level you need to build your internal brand, hopefully as a can-do trusted advisor who understands the business. Some of this is part of the day job - the way you respond to requests and follow through to see that your users are happy - some of it should be proactive, like going to business meetings to brief them on your latest projects and ideas. Building your brand outside the office can also be useful, so joining special interest groups on LinkedIn and Facebook, and helping and asking for advice on Twitter and forums can establish your credibility for your next role.
Not so much a networking role as skills around bringing different parts of cloud architectures together as one holistic unit. I think it's difficult for businesses to identify solutions that can be "pure cloud" beyond those Internet-based services that they moved long ago and new solutions they create from scratch - a far more realistic approach is hybrid cloud in which public and private clouds are stitched together. In addition to the networking and identity/authentication skills above, there's a strong need for people who understand the plumbing. That is, how to connect a cloud service to data stored in a private data centre or how to connect two public clouds together. Parts of this role depend on having some developer skills and some IT pro skills.
You'll see increasingly from Microsoft that management of the public cloud is a BIG deal. It's not just about a place to put something and have it run cheaply (although it partly is), it's also about being able to make sure that what happens there is what you expect is happening. To that end you'll see more and more that Windows Azure and System Center work well together. Right now the best thing to do is to try out monitoring a Windows Azure application using this evaluation for Windows Azure monitoring with SCOM. You don't even need an application to monitor as there's one included in the eval. As we move forward to System Center 2012 you'll see even more deep integration and you can try the betas for System Center here: System Center Configuration Manager 2012 Beta 2 and System Center Virtual Machine Manager 2012 Beta
Data Security Architecture
Deep understanding of data and what it contains has always been a pivotal part of security, and this is going to become even more important in the future. We currently live in a world without harmonised data laws and that means it's hard to place all your data into the public cloud immediately. What you can do is place safe portions of it there. By understanding the data you know what's safe to place in the cloud and what could create too much risk for your business to accept. This role is much more about providing insight back to the business to enable it to make better decisions about what to do, rather than preventing it from doing anything. It's important not to paralyse your business by over analysing risk without understanding of reward.
The list above doesn't really look all that different from one we'd have written a couple of years ago; the roles and the content of those roles have changed somewhat. but guess what - that's the nature of our industry. Technology changes. The really big shift here is one that's been happening for years, it's the integration of business skills and understanding them as a core of the technology skill set. Are we seeing this spread happen across all segments? To answer that lets look at things simplistically - big businesses and small - big having large dedicated IT depts and small having as many as four IT guys. IT guys in small businesses have always had to have many strings to their bow, often requiring them to have more general skill sets and giving them less time. These folks have always needed broad business knowledge as a part of that skill set. For them, cloud technologies, especially public cloud, are likely to free up more time to do more interesting things. In large IT teams business skills were often forsaken for deep, deep technical skill sets that the business didn't understand so they needed more people to translate those deep skills back to the business. Today we see a shift towards the end users becoming more tech savvy and so the need for translators is lessened as there's a smaller gap for the deep, deep techies to fill when translating things back to the business. It looks as if that gap is shrinking further as some of the clunky work done at that deep level is automated with the cloud, again giving the deepest of techies more time to do what the business actually values.
Microsoft Virtual Academy
Featuring a wide range of customer references, covering Server Virtualization (Hyper-V), Datacenter Management (System Center), Identity & Security (Forefront), DirectAccess/BranchCache (Windows Server 2008 R2) and Desktop Virtualization (VDI), the Black Book of Core Infrastructure References is free to download. Among the contents you’ll find customer stories from:
· Welsh Rugby Union (Server Virtualization)
· Strathclyde Fire & Rescue (Server Virtualization & Management)
· Paul Smith (Server Virtualization & Management)
· Outsourcery (Server Virtualization & Management)
· Wiltshire Council (Management)
Download and have a read today.
Something rather interesting just crossed my desk and I thought it was worth sharing. This free eBook just landed (virtually) on my desk and it really is an eBook at circa 300 pages of explanation about Office 365 how it works and who it’s useful for. It’s not a deeply technical book but it is a great introduction and if you’re trying to convince anyone that using Office 365 is for them then it’s a great book for them to be able to flick through. The book’s also really good at helping you to get to grips with using Office 365 to collaborate with 6 chapters dedicated to just that.
Download the free Office 365 eBook by Katherine Murray and let us know what you think.
The TechNet library’s been updated with a long list of downloadable SharePoint Server 2010 content. You’ll find getting started info, planning and deployment guides, poster-sized technical diagrams and a whole lot more. The best thing is, it’s all at your fingertips, just here.
Visit TechNet to download the SharePoint Server 2010 trial.
Some posts stand the test of time and stay top of the popularity heap – here’s a small handful you might have missed over the past few months:
Download the Windows 7 Power Users Guide eBook FREE!
Microsoft Hyper-V Cloud: helping you deploy private and public clouds
What do you know about Microsoft desktop virtualisation?
Windows Phone 7 powered by Windows Azure heads above the clouds
The brand new Building Windows 8 blog, launched yesterday, is the place to keep up with the latest news about Windows 8 engineering and, importantly, give your feedback to the Windows team. Suggestions for blog posts are welcome, as are your thoughts and comments as specifics and features are discussed - you can mail Steven Sinofsky direct via the blog.
Visit the Building Windows 8 blog.
Short days and dark nights might seem like ages away, but they’ll come round fast, so mark this event on in your diary now. On 4 November the Windows Management User Group (WMUG) will be presenting a day of System Center Configuration Manager (SCCM) with Wally Mead, Senior Program from Microsoft in Redmond. One of the most knowledgeable SCCM people you could wish to meet, Wally's planning a day rammed full of information, hints and tips. With giveaways and plenty of opportunities for networking with your fellow WMUG members, this is a day not to be missed.
Register here and view the agenda below.
What is System Center Configuration Manager?
System Center Configuration Manager assesses, deploys, and updates servers, client computers, and devices-across physical, virtual, distributed, and mobile environments
Configuration Manager 2012 Overview and What’s new since beta 2
Configuration Manager 2012 is close to being released as a product. This session will describe (and demonstrate) some of the new features from Configuration Manager 2007, as well as some of the changes implemented from the Beta 2 version you may have played with.
Migration to Configuration Manager 2012
With the impending release of Configuration Manager 2012, you need to know how to move from your current Configuration Manager 2007 environment to the new Configuration Manager 2012 product. This session will demonstrate the migration process and what you can do to prepare for your own migration.
Overview of the Configuration Manager 2012 Application Model
Configuration Manager 2012 software distribution takes a large leap in functionality with the new application model. This session will discuss the benefits of application management over software distribution packages, and how to use the new application model for application management.
Endpoint Protection in Configuration Manager 2012
Microsoft Forefront Endpoint Protection is now integrated into Configuration Manager 2012. This session will show you how to implement FEP 2012 into Configuration Manager 2012.
The consumerisation of IT trend is hurtling towards most IT shops and it’s clear from those I talk to that they’re just trying to deal with things as they happen. The MD wants to attach his cool new device but what does that mean for IT – are they expected to support it? What’s the cost of doing that? What else needs to change? It’s clear to me we need a more strategic approach to consumerisation that allows for flexibility and helps reduce costs whilst still permitting the choice that end users now demand.
It’s something Microsoft has been thinking about and you’ll start to see us talking about consumerisation in terms of devices, security and management, productivity and application development. A clear understanding of an evolving trend is always going to be difficult to build, but it’s good to see that we’ve thought about a way to frame our thinking. Whilst it clearly needs deep thought, it’s a good place to start from.
At the forefront of the trend is probably the fact that new devices are coming into organisations at an uncontrollable rate. More tech-savvy consumers are bringing their kit into the office excited by the potential that those devices hold. People expect access to their email at any time and many even expect to converse with their friends or organise their social lives when they’re in the office. They will find whatever way they can to use their devices, and sometimes that will comply with IT policy, but often it won’t.
We’ll tackle the management of those devices in a few paragraphs. First, let’s just have a little look at the potential advantages that using those devices will bring to your business. Strategically you should consider allowing a couple of options over device choice for your users. The first is to allow them to Bring Your Own Computer, or BOYC. BYOC has a number of advantages for you as an organisation, not least of which is that you don’t need to own the asset or have it on your books and depreciate it over time. You could consider a couple of ways of doing this; one might be to give your employees a “technology allowance” that works in a similar way to a car allowance. Obviously there are tax implications for doing this for your employees, but it would move the cost to Opex from Capex.
That wider choice will also help make your employees feel more valuable and more trusted because you’ll be giving them the chance to make their own decisions. You can still centralise purchasing control and exercise some guidance around devices by bringing in a computer leasing company, just like with a car scheme. Just be aware that, unlike cars, computers are actually quite cheap and this could backfire on you if people choose not to lease from your list. It may just be better to allow your employees to buy whatever they like off the shelf.
The other option for device acquisition is to spruce up your list of approved devices. Select kit that appeals to your user base but that is still worthy of your support and the time required for your IT team to support it.
You should also think about the types of devices you’ll support. You also need to be really crisp and clear about what “support” means to your end users. This is where clear communication comes in and it leads to the idea of having a communications team or (better still) a marketer whose job it is to communicate IT services updates to your organisation. If you’re wondering why I’ve suggested a marketer it’s because marketers understand the environment into which they are selling (and your IT department is now selling itself). You may find that you need to redefine the term “support” within your organisation, changing user expectations dramatically.
Not sure what I mean by redefining support? Well, with consumerisation you need to focus on providing flexibility, and that will probably mean evolving your support functions into connection functions, ensuring that any device can be connected in a safe and secure way that meets business requirements. Realistically, you want to be looking at a way to support the people for whom you need to be most flexible (you know the ones - usually they have a C at the start of their job title!) in a way that seems similar to everyone else – it’s far easier to play to the highest common denominator in this case.
We’re starting to get into some familiar ground here around security and management, but before we do and whilst we’re on support, it’s important to note that you probably need to do some heavy lifting using self-service to reduce the load for simple fixes. General things like “how do I do this formula in Excel” are best handled by a Bing search or something similar internally. You can find out more in this post about why self service is so important to consumerisation and cloud.
Device selection is an obvious area for concern. It would be helpful if you could guide your employees to use the right kind of kit, because if they’re buying their own devices you need to make sure they will still be securable and manageable. Think, for example, about how you remote wipe a device. It’s really easy when you have a device with a 3G connection, but how do you remote wipe a device that only has WiFi if it gets stolen? Food for thought.
Security and management
When you think about management and security you probably first think of managing and securing Windows PCs. Given that you’re reading this on a Microsoft blog you might be thinking I’d be extolling the virtues of that. I am, but it’s about far more than that. Your management software and security strategy needs to be able to manage your users’ Windows devices, but it must also be able to manage and secure other devices. If your CEO wants to use his iPad you need to be able to secure it, and critically you need to be able to remote wipe it if it goes wrong and he’s syncing his corporate email. Tricky if it only does WiFi. So what do you do in that case? Well, firstly you only allow the devices that you trust to access some parts of your IT. For example, it’s fine to trust people to access their email on a mobile device, but to ensure security and to reduce operational risk you probably want to ensure your users have access to (and know how to use) rights managed email. With that technology you can ensure that sensitive emails are only accessible to the intended recipient and also that they can only access that specific, sensitive email on a secure device, or possibly just through a HTTPS secured web page.
You can probably see now that security and management in a consumerised IT shop needs to take a data-security led approach, but one that differs to most you might have come across before. Traditional data security has a (user perceived) focus on preventing access by working against a lowest common denominator model of ‘block access to people who shouldn’t have access’. It’s been a good approach for the greater part but has led to disenfranchisement of the user base in many organisations. Far better to promote a security model based on circumstance.
The HR Director has access to all personnel records, for example, except if she’s accessing the HR system from a PC that’s facing the window. If you don’t think this is possible then you should have a look at some of the solutions for Remote Desktop from Quest. Perhaps the HR Director also shouldn’t be able to have access to the HR system, which is web based, from a slate device or even from a PC that doesn’t have up-to-date anti-malware. Again, perfectly possible scenarios using solutions like the Forefront family. The big thing to do then is understand the data in your organisation and grant access based on circumstance and identity. Deep understanding of data is something you need for the cloud, too, so it’s a good project to kick off.
Flexibility in security and management solutions is also required, because in order to deal with security based on circumstance you need to be thinking about a devices lifecycle. When you think about lifecycle you start to realise that a device tends to go through stages - things like power on, load OS, pre-logon, sleep, hibernate, wake from sleep, power down, internet connected, no internet connected, LAN connected, WAN connected, VPN connected…the list goes on. Here you soon start to notice you need security solutions that start and stop as early as possible and remain constantly pervasive.
This is where solutions such as DirectAccess (a remote network solution enabled by Windows 7 and Windows 2008 R2 and enhanced by ForeFront) come in. DirectAccess starts early on in the lifecycle of a Windows 7 device and creates a tunnel back into your corporate network that effectively brings the devices onto your LAN and into your management sphere. This means it’s possible to quickly deliver patches, do remote control and manage every aspect of the device. Windows Intune provides a similar solution in a different way. Rather than forming a tunnel into the corporate network, the management agent simply talks to the cloud. That immediately means that patches, antivirus and policies can be deployed, and soon you’ll be able to deploy your own software over the Internet, too – a feature already in the beta.
Questioning the idea of “secure” also needs to be a prime concern when dealing with consumerisation. Do you trust your LAN? Unfortunately the answer should probably be no. You’ve probably had to deal with a virus outbreak already in your life, possibly more than one, and they typically happen because a device on your network doesn’t have enough security to prevent infection. That infection will spread and eventually take hold, leading to lost weekends and overtime. Technology like Network Access Protection (NAP) allows you examine devices connecting to your network and if they don’t match your standards they don’t receive an address, or are placed into a “remediation” network. A remediation network can provide access to services like Windows Update for patching but perhaps doesn’t allow access to your internal HR or email systems. In a consumerised IT shop, though, it could be a good idea to treat your remediation network as the Internet – give people access to everything if at all possible.
In part 2 we’ll take a look at some of the thoughts you need to keep in mind around productivity and application development. For now though knowing that a modern desktop and management are key parts of the puzzle I’d suggest deepening your thoughts about getting off XP and onto Windows 7 and implementing management with System Center. The Springboard resources that we have available are a good place to start investigating Windows 7 deployment.
Calling all Windows 7 experts, we want YOU to present the closing slot at our upcoming ‘Windows 7 Deployment – Why and How? ’ online conference (more info about that to follow shortly). If your company is currently migrating to Windows 7 or has already successfully moved, we need you to help others rise to the challenge.
The Windows 7 Deployment online conference will take place on 25 October, providing IT pros with the opportunity to learn why Windows 7 is the desktop operating system of choice for your business. We’ll discuss the security, compatibility, productivity and deployment aspects from both a technical and business viewpoint before taking a technical deep-dive covering the most challenging aspects of Windows 7 deployment as suggested by TechNet readers.
This is where you come in. If you have experience of carrying out a company migration, be it on-going or complete, and are available to discuss your experiences at Microsoft Campus in Reading on 25 October, we want to hear from you!
To nominate yourself, email Alex Guy at email@example.com with “Windows 7 Conference Entry” in the subject line by 15 September, telling us in no more than 100 words why you’re the expert for the job.
As usual with this kind of thing there are a few terms and conditions, so have a read before you enter.
Terms and Conditions
1. ELIGIBILITY: This competition is open to any person resident in the UK who is 18 years of age or older at the time of entry. Employees of Microsoft or its affiliates, subsidiaries, advertising or promotion agencies are not eligible, nor are members of these employees’ families (defined as parents, children, siblings, spouse and life partners).
2. TO ENTER: Send an e-mail to firstname.lastname@example.org explaining in no more than 100 words why you should be chosen to present at the ‘Windows 7 Deployment – Why and How?’ online conference.
Microsoft is not responsible for lost, corrupted or delayed entries. Only one entry per person will be accepted. No purchase necessary. Entry constitutes full and unconditional acceptance of these Terms and Conditions. Microsoft reserves the right to disqualify anyone in breach of these Terms and Conditions.
3. TIMING: This competition runs from 09.00:00 am BST on 31 August 2011 until 11.59:59 p.m. on 15 September 2011(inclusive). Completed entries must reach Microsoft no later than the closing date.
4. USE OF DATA: Personal data which you provide when you enter this competition shall be used for the purposes of this competition only.
5. SELECTION OF WINNERS: The winner will be determined by a panel of 3 judges on 16 September 2011 based on the following criteria:
- Level of experience in deploying Windows 7; - Relevance to the audience attending the conference; - Clear communication of why they are best suited.
The panel of judges will include at least one independent member. The winners will be notified by email by 16 September 2011. If a potential winner cannot be contacted, through no fault of Microsoft, within FIVE (5) working days after the first attempt, an alternative winner will be selected. The winner may be required to become involved in further publicity or advertising.
The winner must prepare content for presentation and to email this content to Alex Guy at email@example.com no later than 09:00:00 on 26 September 2011. The winner’s opportunity to partake in the conference is subject to review of this content. If the content provided is determined to not meet the above criteria by a panel of 3 judges, including at least one independent member, then the winner forfeits their prize and Microsoft may choose another speaker at its discretion. Microsoft will in good faith offer the Winner assistance in revising their presentation prior to 26 September 2011.
6. PRIZE: The prize consists of a 30 minute presentation slot and 30 minute Questions and Answer session during the ‘Windows 7 Deployment – Why and How?’ online conference, to be held on the 25 October 2011.
Prizes are as stated and are not transferable. No cash alternatives available.
7. WINNERS LIST: The winner consents to their first name and surname being made publicly available. The winners surname will be available for a period of 30 days after the closing date by emailing Alex Guy at firstname.lastname@example.org.
8. OTHER: No correspondence will be entered into regarding either this competition or these Terms and Conditions. In the unlikely event of a dispute, Microsoft’s decision shall be final. Microsoft reserves the right to amend, modify, cancel or withdraw this competition at any time without notice.
Promoter: Microsoft Limited, Microsoft Campus, Thames Valley Park, Reading, RG6 1WG, England
The course describes how to implement and brand a SharePoint-based public website using SharePoint web content management (WCM). No development experience is required, but experience with HTML and CSS is recommended.
Here are the chapters you’ll work through:
1 Basics of WCM
2 CSS and Master Pages
3 Design Tools
4 Deployment Tools
6 Navigation and SEO
7 Content Query Web Part
9 Custom Publishing Artifacts
10 Putting It Together
11 Social Media
12 Multi-Lingual Sites
13 Performance and Caching
15 Managing Deployment
Let us know what you think.