Like TechNet UK on Facebook
TechNet Team Blogs
Neil Hodgkinson has provided a step by step guide to getting started with System Center 2012 Configuration Manager. This is part of a 15 part series which will cover the installation, setup, configuration and usage of Microsoft System Center 2012 Configuration Manager. To find the additional articles in the series please take a look at Neil’s site.
http://SCCM2012 IIS Default for group policy is not needed if you are using SCCM push, read more about it here http://technet.microsoft.com/en-us/library/bb632380.aspx
Remote Differential Compression for site server and branch distribution point computers
Site servers and branch distribution points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison. By default, RDC is not installed on Windows Server 2008 or Windows Server 2008 R2 and must be enabled manually.
Use the following procedure to enable Remote Differential Compression for Windows Server 2008 and Windows Server 2008 R2 and now 2012
Delegate Permission to the System Management Container
Open Active Directory Users and Computers. Click on view, select Advanced Features. Select the System Management Container, and right click it, choose All Tasks and Delegate Control.
When the Welcome to Delegation of Control Wizard appears click next, then click Add. Click on Object Types, select Computers. Type in your SCCM server name and click on Check Names, it should resolve.
Click Ok, then Next. Choose Create a Custom Task to Delegate, click next, make sure this folder, existing objects in this folder and creation of new objects in this folder is selected.
Click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in FULL CONTROL, and click next then Finish.
Extent the AD schema for sccm
Perform the below on your Active Directory server, simply browse the network to your AD Server server \\adminserver\c$ and copy the contents of SC2012_SP1_RTM_SCCM_SCEP and find \SMSSetup\Bin\x64\Extadsch.exe, right click and choose Run As Administrator.
Open SQL ports
Create an OU for your SCCM server and allow port 1433 and 4022 for SQL replication with group policy – Select Computer Configuration, Policies, Windows Settings, Windows Firewall with Advanced Security and select Inbound Rules, choose New and follow the wizard for opening up TCP port 1433, repeat for port 4022.
If using group policy refer to step 2 below Image
To open a port in the Windows firewall for TCP access
To open access to SQL Server when using dynamic ports
Install .net frame work and IIS WCF activation and BITS
In Server Manager select Features, Add Features, Select .NET Framework 3.5, also select WCF Activation and when prompted answer Add Required Role Services click next and next again. (Make sure the BIT and IIS service is running/restart after install).
SQL Server 2012
Install SQL on D:\Program Files... and when running setup.exe right click and choose Run as Administrator, Select all options on install, click on the account name and enter the admin username and password.
Click next and finish install (takes a long time).Make sure SCCM computer is a member of the built-in administrators.
Check TCPIP properties for listening IP address in SQL Server Configuration Manager Start up the SQL Server Configuration Manager, and expand SQL Server Network Configuration on the left pane, highlight Protocols for <Instancename> and double click on TCPIP in the right pane
Click on IP addresses
Change IP2 to enabled yes
Leave default IP
Change IP4 to enabled yes
SQL Memory Configuration
The logon account for the SQL Server service cannot be a local user account, NT SERVICE\<sql service name> or LOCAL SERVICE. You must configure the SQL Server service to use a valid domain account, NETWORK SERVICE, or LOCAL SYSTEM. SEE BELOW PIC
Installation of System Center 2012 Configuration Manager with SP1
Here is the download link for the Assessment and deployment kit http://www.microsoft.com/en-us/download/details.aspx?id=30652 this is one of the prerequisites.
Also restart your server
When the wizard appears, click on Install, click next and then select Install a Configuration Manager Primary Site
Click next, and then create a folder on your D/E Drive called rc_updates
Click next on your Language of choice and enter your site installation settings install on D/E not C:
Install as the first site in a new hierarchy
Click next, leave the FQDN as default
Select Configure the Communication method on each site system role and review all setting.
Client Computer Communication Settings (HTTP or HTTPS). Select Configure the communication method on each site system role.
Any warnings can be fixed after the install
Make a brew this part can take a while!
After the install has finished restart the server.
The next step in the guide we will be going through the different discovery methods and creating boundary Groups.
Head on over to http://www.technodge.co.uk for more Deployment guides.
Neil Hodgkinson has been working in the IT industry for 14 years with 9 of those working in the education sector, I have worked with many versions of Windows Server, Exchange and Group Policy . Over the last few years I have been specializing in Deployment methods starting with Microsoft's deployment tool kit and the migrating over to Microsoft System Center, the Holy grail of servers- for Endpoint Protection, Deployment, App Control for windows 8 and the ability to manage smart phones.
I also do a lot of free consultancy for all the local primary schools on the best way to deploy and control their windows environment Via system center and Group policy's.
IT is a passion and I feel you have to be passionate about the IT industry for things to keep things moving forward.
At first glance you could be forgiven for thinking that deploying a Windows 8 to a bunch of enterprise devices is hard, complex or time consuming. The reality is that Windows 8 apps are actually quite easy to deploy once you understand the basic requirements and methods for deployment. The nomenclature that we use here has changed a little since the source of our apps has changed with the Windows Store. Deeplinking is the process of deploying an advertisement through a company portal that an app is available (or recommended you could say) for installation by your company, the application package remains in the store. Sideloading is the process of taking the application package provided to you by your in house Line of Business (LoB) developers or a 3rd party software vendor (ISV). Let’s take a look at both more carefully.
Requirements for modern UI apps
Before we look too deeply (pun intended) at Deeplinking and Sideloading lets look at the requirements for successful installation of a Windows 8 app.
With that understood lets take a look at how we install an app on a device. Typically a user finds the app in the Windows Store and taps Install or Buy, both of which start the app installation although Buy obviously also completes a purchase transaction with the Windows Store. The key thing though is that installing and buying an app are essentially the same process – essentially the user is consenting to the install, and more importantly they are consenting to the association of the app with their personal Microsoft account.
Now lets consider the Deeplinking process. Deeplinking can be performed using either System Center Configuration Manager 2012 SP1 or Windows Intune for Windows 8 devices. For Windows RT devices System Center Configuration Manager 2012 SP1 can be linked up with Windows Intune to support deeplinking. The two products can also be linked to support Windows 8 clients if you want to centralise management too. I’ve created a series of videos, The Deployment Sessions, that explain how to make the links required and how do the deployments.
Once you’ve decided upon your deployment targets and your deployment method it’s time to build your deployment. The first thing you’ll need to do is to designate a device as your reference device, just as you would for any other type of applications packaging. In this case though you won’t need to run a monitor app to capture what the app is doing. Simply go to the Windows Store and install the app. Now go to a Configuration Manager console and create an application in the Software Library making sure to select Windows app package (in the Windows Store). You’ll then be asked to specify the location which you do by connecting to your reference computer by name (you’ll need to have run winrm quickconfig on the reference machine first). The wizard will return a list of all the apps installed on the device, then simply select the app you need, complete the Wizard and deploy just like you would any other (msi or App-V) application. Whilst completing the deployment wizard you’ll be able to say if the app should be available or required, normally a required app will be installed for the user and an available app will just appear in the Configuration Manager Application Catalog. However with deeplinked apps this isn’t the case.
When deeplinking in Config Manager 2012 SP1 a required installation will still need user interaction, the store will open for them to the right app but they will have to click / tap Install. This is because the app is being added to their personal Microsoft account so they need to consent. Required then becomes a constant reminder to the user to install the app, and arguably this looses it’s value. Most users are today comfortable with the idea of a store, the device in their pocket almost certainly has one, so self service should be a key consideration in your deployment plan.
Deeplinking with Windows Intune differs from the above in that you don’t need to install the app onto the reference device, you simply need to get the URL for the app from the Windows Store. There are a couple of ways to achieve this, but I commonly email the app to myself using the Share charm. You will also notice that available is the only option within Windows Intune for a deeplinked app.
The only other thing to mention on deeplinking is that it’s available on platforms other than Windows. Deeplinking works for Windows 8, Windows RT, Windows Phone 8 and also for Android from Google Play and for iOS devices from the Apple App Store.
Lets take a look at the Sideloading process. Sideloading is the business of taking an Appx Package which is generated from Visual Studio at build time and installing that package onto a target device. The appx package is signed at the time of building the app by the developer, usually with a certificate issued by your enterprise CA but a certificate issued by any trusted CA can be used. This type of deployment is most commonly used for Line of Business (LoB) apps. As with Deeplinking both Windows Intune and System Center Configuration Manager 2012 Sp1 can be used but also PowerShell can be used.
The first step to Sideloading is to obtain the appx package and to place it on a share that you can access from Configuration Manager or from Windows Intune. The second step is to add the app into the Configuration Manager console and create an application in the Software Library making sure to select Windows app package (appx file). You’ll then be asked to specify the location of the appx file and specify details about the app. You’ll then need to deploy the app to a collection of users that you want to have access to it. If you want you can also add the app to any Task Sequences you use to deploy your operating systems.
If you’ve chosen to do your deployment to a Windows RT device using Windows Intune and you’re using an enterprise CA to sign the Appx package you’ll need to provide that certificate to your Windows RT devices since they cannot join your domain. Windows Intune takes care of this for you and if you’ve got your Windows Intune account linked to Configuration Manager you can add the certificate you’ll use to sign your apps through the Windows RT tab of your Windows Intune subscription in the Hierarchy Configuration node of the Administration Workspace. Once provided this certificate will be automatically added to your Windows RT device. You’ll also need to provide a Sideloading Product Key which is available from the Volume Licensing Portal in the same place and again Windows Intune will allocate a key and enable sideloading on any enrolled Windows RT devices.
I’ve created an ongoing series of videos on my blog entitled The Deployment Sessions that will walk you through most of the permutations of deployment of Windows 8 apps, using Configuration Manager 2012 Sp1 and Windows Intune.
For those of you who were lucky enough to join is in sunny Southampton for the Windows 8 IT Pro camp last week, you would have had the opportunity to speak to our licensing guru Vicky Lea. The main focus was on Virtual Desktop Infrastructure and what are the licensing implications.
PCs in organisations are licensed per device with Windows 8 Pro, when you add SA this allows you to host the desktop on a server to then be virtualised onto the licensed client machine using the VDA rights. Software assurance is a vital part of the VDI licensing story!
You get 3 key benefits with SA
1. VDA - Virtual Desktop Access rights
2. Windows RT Companion VDA rights
3. Roaming Use Rights
As a primary user of a device licensed for Windows 8 Pro with SA you get extra rights, numbers 2 and 3 in your SA list. A primary user is anyone who has used the computer for more than 50% of the time in a 90 day period.
One of those benefits is the Windows RT Companion VDA Rights. To have a companion device you must be a primary user of another device, and the companion device must not be any one else's primary device. The Windows RT Companion VDA Rights then allow you to virtualise your desktop onto your Companion Windows RT device without any extra licensing required.
The primary user of a Windows SA licensed device at work can also access their VDI desktop from any device that is not owned or affiliated with the user’s organisation, outside of the corporate premises, without the need for an additional Windows VDA license via the Roaming Use Rights Software Assurance benefit. This enables VDI users to access their secure corporate desktops through an unmanaged device such as a home PC or an Internet kiosk, without the need for a laptop. However, if the user does not have a primary device at work, and needs to access his VDI desktop from a non-corporate device such as a home PC, then that device would need to be covered with a separate Windows VDA license.
How does Microsoft license the Windows desktop for virtual environments?
Microsoft licenses Windows for virtual desktops by access device:
• Virtual desktop access rights are a benefit of Windows Client Software Assurance (SA). Customers who intend to use PCs covered under SA have access to their Virtual Desktop Infrastructure (VDI) desktops at no additional charge.
• Customers who want to use devices that do not qualify for Windows Client SA, such as thin clients, will need to license those devices with Windows Virtual Desktop Access (VDA) in order to access a Windows VDI desktop. Windows VDA is also applicable to third party devices, such as contractor or employee-owned PCs.
Do you need to buy additional CAL's?
You need to make sure you have RDS CALs as well, also of the User variety if you are going to be using many devices.
We had a few questions at the camp regarding reimaging. We cover this in a nutshell below:
Reimaging is permitted if the copies made from the Volume Licensing media are identical to the originally licensed product. Volume Licensing customers who have licensed Microsoft software products from an OEM, through a retail source, or under any agreement other than their Microsoft Volume Licensing agreement can use copies made from Microsoft Volume Licensing media. Customers can use these copies from Microsoft media only if they are the same product and version, contain the same components, and are in the same language. The following are examples that do not meet the eligibility criteria for reimaging:
Microsoft Volume Licensing programs do not offer licenses for the full version of the Windows operating system for desktop PCs. However, the media for both the full version and the Volume Licensing upgrade version of the operating system are available under those programs. Reimaging using Volume Licensing full version media requires that customers have licensed the Windows desktop operating system either preinstalled through the OEM or as an FPP retail product. Volume Licensing customers can use their Volume Licensing media to reimage their Windows desktop operating system from an OEM only if it is the same product and version as that on the Certificate of Authenticity (COA) label that came with the PC.
Do I have the right to reimage with a prior version of my licensed product?
You can reimage using a prior version if the license terms for the software that you want to reimage permit you to use a prior version in place of the licensed version. The eligibility requirements as stated above regarding product and version, components, and language apply.
This is one scenario and licensing situation. Each customer scenario can vary by deployment, usage, product version, and product use rights. Always check your contract, and the current Products Use Rights document to confirm how your environment should be fully licensed. The blogging team does not warrant that this scenario will be the right licensing solution for other similar cases.
By Vicky Lea
In a previous blog I discussed how the licensing of Windows 8 works at home. As a natural follow on to that we now need to think about how applications are also licensed to run on employee’s own devices, so that is what I am going to cover in this blog.
When we think about Office nowadays we need to consider Office 2013 and Office 365 ProPlus. I am going to start with Office 2013, the on-premises licensing option for the new Office.
Office 2013 is licensed Per Device. This means every device that runs Office 2013 needs a licence to do so, irrelevant of whether Office 2013 is installed locally on that device, or whether Office 2013 is being delivered to that device in another manner, such as via RDS or VDI. So for any device that is on the corporate premises accessing Office 2013 you would need to purchase an Office 2013 licence. However, it could be that you want access Office 2013 from a home computer, how do we make sure that home computer is licensed for Office 2013?
Well, there are a number of ways to tackle this:
First of all we could make use of the Office Roaming Use Rights Software Assurance benefit. When you purchase Office 2013 with Software Assurance you receive a number of benefits. One of these is the Office Roaming Use Rights which by definition (from the PUR) allows the primary user of the device licensed with Office SA to:
· remotely access the software running on your servers (e.g., in your datacenter) from a Qualifying Third Party Device,
· run the software in a virtual OSE on a Qualifying Third Party Device, and
· install and use the software on an USB drive on a Qualifying Third Party Device.
· When the primary user is on your or your affiliates’ premises, Roaming Use Rights are not applicable.
· You may not run the software in the physical OSE on the third party device under the Roaming Use Rights.
We can see from the definition then that Roaming Use Rights will allow Office to be delivered to an employee’s computer in a virtual OSE, via RDS or VDI for instance, whilst outside of the corporate premises. However, what happens if we would like Office 2013 to be installed locally on the employee’s device rather than virtualised onto that device?
Well here we could make use instead of the Home Use Program. This is another Software Assurance benefit that you receive when covering Office 2013 with SA. The Product List states:
Under the Home Use Program, customers’ employees, who are users of the licensed qualifying applications, may acquire a single license for the corresponding Home Use Program software, to be installed on one home computer. The license terms for that software permit the primary user of the home computer to install and use another copy on a portable device.
So with the Home Use Program an employee can purchase the Office 2013 Professional Plus media and then install the software on their own computer for use whilst they are an employee of the organisation and Software Assurance has been maintained on the underlying Office 2013 licence.
Another alternative is to license Office 2013 via the Work at Home rights received with some volume licensing agreements. Select Plus and Enterprise Agreement customers receive Work at Home rights for Office 2013. The Work at Home right allows the organisation to acquire a Work at Home licence for use on the employee’s home computer, but this licence must correspond to a licence purchased for the same product that has been deployed on an “at work computer”.
The above options all relate to licensing Office 2013, the on-premises offering of Office, but as I mentioned before there is another way in which to license the new Office. And that is via an Office 365 subscription. Office 365 is Microsoft’s cloud offering of their user productivity products, including amongst other things Office 365 ProPlus, Exchange Online, SharePoint Online and Lync Online. Office 365 is licensed via a USL (User Subscription Licence), meaning that you license each user, on a subscription basis, to access the services provided through Office 365.
Office 365 ProPlus provides the licensed user access to an always-up-to-date Office experience, with the licensed user being able to install Office on up to 5 PCs, as is confirmed in the PUR:
· Each user to whom you assign a User SL may activate the software for local or remote use on up to five concurrent OSEs.
These 5 devices can include home owned computers as well as corporate ones, which means that you can easily license your users to access Office 365 ProPlus on home owned devices just via their Office 365 subscription.
The last area I wish to discuss today, and then I will leave you in peace, is the licensing of Office 2013 on a Windows RT device. When you purchase a Windows RT device it comes with a copy of Office Home and Student 2013 RT preinstalled. This suite includes Word RT, Excel RT, PowerPoint RT and OneNote RT. There is one very important factor you need to be aware of with Office Home and Student 2013 RT, and that is the fact that the default usage rights of the product do not allow it to be used for commercial purposes.
This obviously has an impact when you need to use the copy of Office preinstalled on a Windows RT device for commercial purposes, but it is possible to acquire commercial usage rights for Office Home and Student 2013 RT. This can be done in a couple of ways:
Firstly the commercial usage rights for Office Home and Student 2013 RT can be accessed via Office 2013 or Office 365 ProPlus. When you license a PC for Office 2013, or a user for Office 365 ProPlus, the primary user of the device licensed with Office 2013, or the user licensed for Office 365 ProPlus is then provided with commercial use rights for Office Home and Student 2013 RT that can be applied to their Windows RT device and the copy of Office that comes with it.
Alternatively, it is possible to purchase Office Home and Student 2013 RT Commercial Use Rights. These are purchased per device and will remove the non-commercial usage restriction from the licensed Windows RT device, as detailed in the PUR:
1. You must assign each license to a single device.
2. This license modifies your right to use the software under a separately acquired Office Home & Student 2013 RT license, by waiving the prohibition against commercial use of the software.
I have covered a number of areas here, and just as a reminder, if you want to check out any of the detail referred to in this blog the Product Use Rights and Product List documents are a good place to look!
By Robert Marshall - Consultant at SMSMarshall
In this article I will cover key areas of the enhancements to the Alerts feature that come with System Center 2012 Configuration Manager Service Pack 1 , primarily the ability to send emails when Alerts have been triggered for non-Endpoint Protection Alerts. We will accomplish this in a guide form, and go over configuring a site server and triggering an alert so that the email notification is sent which we can then view.
Email notification came into System Center Configuration Manager due to the inclusion of Endpoint Protection, which at the time was the sole component that email notifications could be configured for. In service pack 1 this has been extended across several areas of the product and is no longer just an anti-virus email notification system.
We can now set subscriptions on all the Alerts that are available and target multiple recipients with email notifications as a result. Most of the alerts provide a percentage that governs how low the measurement can go before the alert is trigged. This allows the alert to be fine-tuned and a baseline for notification defined. For further information on alerts visit the documentation library.
Before we can use the email notification feature we need to switch it on and configure it. Open the System Center 2012 Configuration Manager Console to begin.
Navigate to Administration > Overview > Site Configuration > Sites, Select Configure Site Components on the Ribbon and then select Email Notification
After enabling email notification for alerts and filling in the dialogs properties click Test SMTP Server to perform a quick test. If you encounter failure here review your settings, make sure firewalls are not getting in the way (SMTP port 25) and that the account you have specified, if not using anonymous and configured for it, has adequate rights to use the SMTP server.
We're not able to create alerts for everything happening in ConfigMgr, there are other alerts that can be generated, such as from the migration feature, but we can enable alerts for the following objects so far documented or discovered:
Site server Alerts
Database (drive capacity)
Low sideloading activations (Windows 8)
Site System Alerts
Software Update Point
Client Health Alerts
Client check pass or no results for active clients falls below threshold
Client remediation success falls below the threshold
Client activity falls below threshold
Endpoint Protection Alerts
Malware is detected
The same type of malware is detected on a number of computers
The same type of malware is repeatedly detected within the specified interval on a computer
Multiple types of malware are detected on the same computer with the specified interval
The last two category of alert are handled differently than the first two, these alerts are created and configured at the collection level. I've not focused on these types of alerts but for further information visit the documentation library.
Ok let's proceed to test the email notification feature using the management point alert.
You will find the option to enable the management point for alerts in the management point roles properties itself, which can be found under Administration > Overview > Site Configuration > Servers and Site System Role, simply select the site server containing the role, select the management point role itself, select properties from the ribbon and finally select Generate alert when the management point is not healthy. Once the management point is configured for alerts, the alert itself should show in the alerts view.
Navigate to Monitoring > Overview > Alerts > All Alerts to view the newly configured alert
To get an email notification sent out we'll subscribe to the new alert (highlighted above) in readiness for the alert to be triggered.
Select the new alert and then select the Create subscription button on the ribbon.
It will be important to create a standard around the subscription name, for my example I've placed the server name and the role type in the subscription name for easy reference in the console. The Email address field is semicolon delimited and thus can be loaded with multiple recipients. For further information on configuring a subscription refer here and expand the To subscribe to alerts section.
We now configure the alert with a comment, this comment is included in the email notification and we can use this to provide some further information about the alert to the recipients.
Select the new alert and Select Edit Comments from the ribbon and enter some details:
Note that I have included the management point server name and that mentioned that it is a management point failure being monitored, this is useful for later on as the comment is mentioned in the email to the recipients.
Now navigate to Monitoring > Overview > Alerts > Subscriptions
From this view we can see all the available subscriptions configured so far, and in this screenshot we have a solitary subscription created from the previous steps. Any recipients on the delimited email address list will now receive an email notification once the alert has been triggered.
To trigger the alert we can cause the management point to fail simply by stopping the SMS Agent Service on the site server hosting the role. The SMS_MP_CONTROL_MANAGER component on the site server checks the status of the management point every five minutes, you can monitor the MPCONTROL.LOG on the site server to see when this event takes place. Obviously you would do this on a non-production management point and not risk inducing a brief production outage. Now let's head back to the alerts node
Navigate to Monitoring > Overview > Alerts > Active Alerts
Alerts are handled with high priority, within moments of the component noticing that the role is unhealthy we see an alert appear in the console:
We can see here that the alert state is Active which means the management point is most likely still down, we also get the time the alert was created or last modified.
My mailbox received an email almost immediately after:
As you can see in the above screenshot the alert name isn't being converted from its token-form into the name of the alert and the alert text hasn't expanded the role name, there is a DCR logged for this on connect, but the comment was passed down properly and we can now tell from the Alerts email notification which management point failed, and it all happened in near real-time. Of course there could be latency involved here and a delay in the email being sent due to a busy Exchange server, or a very busy site server, but these alerts should get triggered the moment a status message is created and processed on the site server.
To resolve the alert I simply restart the SMS Agent Host service and wait for the 5 minute Management point periodic health check to take place and for the SMS_MP_CONTROL_MANAGER component to report that the management point is healthy again, at which point the alert will be switched to the cancelled state.
An alerts state is useful diagnostic information. For some of these alerts, the alert state shouldn't change for several months, for example the database warning and critical alerts most likely will never be triggered, but if it they are, and the issue is resolved, you can see from the alert state that the alert was triggered and then Cancelled. Thereafter the alert will not show as Never Triggered unless the alert is recreated. It would be a good idea to set subscriptions on the database related alerts.
To test alerts further, either configure deployments that are destined to fail then configure the alert and create a subscription, or test using the Low Client remediation rate alert and exclude some of the clients assigned to your site from automatic remediation, setting the alerts success percentage to 100% and then causing client failure by stopping the SMS Agent Host or BITS service and running CCMEVAL from the clients installation folder. The client health check will report back to the site server which in turn will trigger the alert. You can find further information on how to exclude computers from automatic remediation in the documentation library.
Overall this new feature gives us a little more monitoring capability straight out of the box. I’m looking forward to the growth that will take place in this area of the product over coming releases.
Robert Marshall an IT professional who specialises in System Center 2012 Configuration Manager, is based in the City of London and works as a Consultant for SMSMarshall. He has been an MVP for 5 years and is a founder of the Windows Management User Group.
Twitter LinkedIn Blog User Group
Twitter LinkedIn Blog User Group
Do you wonder how the different cloud storage offerings stack up? Nasuni.com have been doing some research and have produced the following infographic for you to enjoy.
Pop over to their website to view the full report.
By Dan Scarfe, CEO of Dot Net Solutions
I remember the day clearly. It was February 25th 2009 and I was sitting in the Platform Adoption centre in Redmond at a Software Design Review for Windows Azure. I recall us having a debate about IaaS and PaaS. Coming from a development background myself, a number of us argued passionately and religiously that PaaS was the true definition of Cloud Computing. Software virtualisation was the key, not hardware. Oh how wrong we all were.
I still genuinely believe PaaS is a better software design pattern and I’d choose it 99 times out of 100 for new software projects. What not all of us in that room recognised that day was just how difficult it is to move legacy software in to a PaaS environment, especially off-the-shelf solutions, and that these solutions typically comprise 90%+ of an enterprise IT estate. Other vendors in the marketplace offering IaaS did a great job of delivering simple to consume VMs that worked the way traditional on-premises servers did. Just in the Cloud.
So today, with Microsoft, we find ourselves in an unbelievably exciting place. Windows Azure IaaS is GA. Not generally awesome, which it already was, but generally available. The icing on the cake is that Virtual Networking, which underpins IaaS, has also gone live. Both of these are in additional to Windows Azure Active Directory, which went live last week.
Microsoft is now unique in the marketplace offering a true hybrid IaaS / PaaS environment. Other providers have both parts, but none have a unified platform with unified networking and unified identity. Windows Azure Virtual Networking also offers compelling hybrid scenarios where Windows Azure can become part of one single, unified IT infrastructure.
This notion of multi-datacentre fabrics is what underpins the Cloud OS, Microsoft’s vision for enterprise IT. For the very first time, we now have an ability to run a true hybrid estate with a common identity model (Active Directory), virtualisation (Hyper-V), management (System Center) and development tools (.NET/Java/PHP et al). The Cloud OS delivers on-premises private Clouds, public and private Clouds from service providers and a global public Cloud using Azure.
Customers can now choose to deploy individual pieces of software to an appropriate Cloud on a case by case basis, from a unified platform using unified tools. Not long ago it would have been the stuff of dreams. Today those dreams became reality.
At Dot Net Solutions IaaS is something we’re really excited about. The scenarios it now unlocks for us are limitless. In almost all cases we are delivering a hybrid solution with Windows Azure. That just got a whole heap easier. The new virtual networking components are a great complement, allowing Azure to become a seamless extension of a customer’s IT infrastructure. Many large enterprises are now looking to Azure to provide controlled access, in line with company security models, to the public Cloud. Along with reducing cost and providing better service, it helps manage the dangers of credit-card-dependent IT systems showing up in production.
This massive vision is not only relevant to large enterprises, everybody can benefit. The small business or entrepreneur can create a large and complex infrastructure that would normally be completely out of reach because of the cost of capital investment. IaaS services level the playing field such that it is no longer the businesses with the biggest budgets that are most successful, but the businesses with the best ideas. IaaS services and the advent of pop-up labs have the potential to change the way everybody from end-customers, to small one-man bands, to small and medium sized businesses, government departments and large multi-national companies do business.
With our ADFS Online service we have made extensive use of Windows Azure IaaS, Virtual Networking and Windows Azure Active Directory. We’ve soak tested it, automated it within an inch of its life and really pushed the boundaries. It’s great to see how well it performs, how reliable it is, and easy it is to use.
If you haven’t had a chance to play with Azure, please do. If you have any questions about what Azure means for your business, get in touch.
CEO, Dot Net Solutions
By Raphael Perez
As mobile devices continue to proliferate, users want to use their own personal devices in a work related environment, the known Bring Your Own Device (BYOD) concept. Having a heterogeneous environment is always a challenge for the IT departments on many organizations.
With the release of Configuration Manager 2012 SP1, Microsoft introduces a "single pane of glass" for device management. This single view for both cloud and on-premises activities, allow IT to manage Windows Servers, Windows Clients, Windows To Go, Windows Embedded devices, Unix and Linux, Mac OS as well as Mobile Devices.
Out of the box, SCCM 2012 SP1 can manage older Microsoft mobile devices (Windows Mobile 6.x), Nokia Symbian as well as any device capable of Exchange ActiveSync connection. But, what about new devices, such as Windows Phone 8, Windows RT, iOS (iPhone, iPad) and Androids? This can be achieved with the Windows Intune integration. It's not a Windows Intune vs. SCCM 2012 world anymore, but a combination of the best of both worlds.
The integration between cloud and on-premises mobile device management is just the start for the "unified device management" within System Center Configuration Manager.
To dive deeper into how this can be achieved take a look at Simon May’s recent article on Sideloading on Windows RT with Windows Intune & System Center Configuration Manager 2012 SP1.
In a previous blog I talked about what you could do with free software, and referred to TechNet subscriptions and MSDN subscriptions. In this blog I am going to look into some more detail as to what your TechNet or MSDN subscription will allow you to do, starting first with TechNet.
There are a number of ways to gain access to a TechNet subscription; one is as a Microsoft partner with a silver or gold competency where you will be eligible for TechNet for Microsoft Competency Partners subscription, another way is as an Action Pack Solution Provider subscriber where you will receive TechNet for Microsoft Action Pack Solution Provider. Alternatively if you are not a Microsoft partner you can purchase a Microsoft TechNet subscription.
But what does your TechNet subscription give you access to?
Well, TechNet subscriptions allow the licensed user to download and evaluate the latest full-version software and beta releases as well as giving access to extensive technical information about Microsoft technologies. Meaning that you can confidently evaluate Microsoft software and plan deployments. There are two main subscriptions you can purchase, TechNet Subscription Standard and TechNet Subscription Professional. The benefits that you receive do vary between the two subscriptions but include:
· Access to full-version software for 12 months with no feature limits – for evaluation purposes only
· Microsoft E-Learning
· 24/7 online chat for site assistance
· Priority Support in TechNet forums
· Access to Microsoft infrastructure products
· Two complimentary Professional Support Calls – TechNet Professional Subscription only
To see more detail around these benefits can I recommend you visit this site: http://technet.microsoft.com/en-gb/subscriptions/bb892759.aspx
It is also worth being aware that customers with Software Assurance on qualifying products do also have access to certain TechNet benefits such as the TechNet Subscription SA Services which provide IT Professionals with answers to technical questions from industry colleagues, and TechNet Plus Direct which consists of the same benefits as TechNet Subscription Professional. Check out the Product List document to see more information about the qualifying products for these SA benefits.
The other area to discuss is what you can do with your MSDN subscription.
MSDN subscriptions can be purchased for individual users either alongside Visual Studio or as a standalone subscription in the form of MSDN Operating Systems. Each MSDN subscription has its own set of benefits including:
· Software and Services for Production Use – only with Visual Studio with MSDN
· Software for Development and Testing
· Technical support incidents
· Priority support in MSDN forums
· MSDN Magazine
· MSDN Flash Newsletter
· MSDN Online Chat
The key element that varies with each MSDN subscription is the list of software that is available for production use and the software available for development and testing. To see a complete list of the benefits per subscription check out this site: http://msdn.microsoft.com/en-us/subscriptions/buy.aspx
And if you wish to see more detail on the individual benefits can I recommend you look here: http://msdn.microsoft.com/en-us/subscriptions/aa718661.aspx
As with TechNet, MSDN subscriptions are licensed per named user, allowing that user to access the software, services and support associated with the particular subscription. But whereas with a TechNet subscription access to Microsoft software is for evaluation purposes only, with an MSDN subscription the licensed user has access to Microsoft software for design, development, testing and demonstration purposes as well as being able to evaluate software and simulate customer environments in order to diagnose issues related to their programs.
NOTE: TechDays Online (Autumn) 2013 full agenda and dates can be found here .
It’s not long now until TechDays Online 2013 will be in full swing! If you haven’t registered already for this unique online 3 day event then register now!
Join Microsoft experts for three, free days of interactive learning; online and direct from your browser. Learn all about the latest Microsoft Technologies and with even more exciting topics, discussion and interactivity.
For a chance to win a HTC Windows Phone 8, all you need to do is follow @TechNetUK and tweet the following: Tech.Days Online is back!! http://aka.ms/k35pwq RT & follow @TechNetUK for a chance to win a Windows Phone 8 #UKTechDays2013
By registering for Tech.Days Online 2013, you will also be automatically entered into a prize draw to win a Sony VAIO laptop (Terms and Conditions apply)