The Solution Accelerators team is pleased to announce the Microsoft Assessment and Planning (MAP) Toolkit 6.0 Beta.

Join the MAP 6.0 Beta

Members, bookmark this link to get the latest project details

Planning your journey to the cloud just got a bit easier. The next release of the Microsoft Assessment and Planning (MAP) Toolkit—version 6.0 Beta—includes assessment capabilities to evaluate workloads for both public and private cloud platforms. With MAP 6.0 Beta, you now have the ability to identify workloads and estimate the infrastructure size and resources needed for both Windows Azure and Hyper-V Fast Track. Also new to MAP 6.0 Beta is the Office 365 client assessment, enhanced VMware inventory, and Oracle schema discovery and reporting. Expanded assessment and discovery capabilities from MAP help you streamline planning for your next migration project. Plan what's next with MAP.

NEW FEATURES AND BENEFITS:

Analyze your portfolio of applications for a move to the Windows Azure Platform.

Are you considering a move to the public cloud for your portfolio of applications? The application evaluation process for migration to the public cloud involves many tools and considerations. The MAP 6.0 Beta Azure migration portfolio analysis makes the process easier by providing the ability to quantify and label applications and services in your organization's IT environment for Windows Azure migration consideration.

The Azure migration portfolio analysis helps you:

· Catalog all of the applications in your environment

· Estimate the needed capacity to run your applications on the Windows Azure platform

· Evaluate applications based on migration difficulty

· Stack rank applications in terms of migration suitability

· Obtain a TCO-ROI analysis for the application

Accelerate planning to private cloud with Hyper-V Cloud Fast Track onboarding.

Planning your private cloud just got easier. Hyper-V Cloud Fast Track onboarding, a new assessment available with MAP 6.0 Beta, provides consolidation guidance and validated configurations with preconfigured Hyper-V Fast Track infrastructures including computing power, network and storage architectures. Get a quick analysis of server consolidation on Hyper-V Cloud Fast Track Infrastructures to help accelerate your planning of P2V migration to Hyper-V Cloud Fast Track. Each assessment also provides guidance on next steps forward using Hyper-V Cloud Fast Track.

Identify migration opportunities with heterogeneous server environment inventory.

MAP has expanded its heterogeneous server environment inventory to include VMware Server, vSphere and VMware vCenter. Inventory and reporting on the number of servers and guests deployed and managed by VMware infrastructure helps you identify migration opportunities and accelerates the migration planning process. Because SQL Server, SharePoint and Exchange run better on Hyper-V, MAP 6.0 Beta has the added capability of identifying Microsoft workloads deployed on VMware guests.

Assess your client environment for Office 365 readiness.

If you are considering a move to the cloud with Microsoft’s award-winning business productivity solutions, MAP 6.0 Beta can help make your planning process easier and faster. MAP 6.0 Beta includes an Office 365 client assessment which evaluates the compatibility of Office suites deployed in your environment with Office 365, via a hardware and software readiness assessment. This assessment helps you quickly determine which client machines in your environment are ready to use Office 365. The tool obtains machine level detail about why a given machine is not capable of using Office 365, and identifies whether the Office suites currently being used in your environment are compatible with Office 365.

Determine readiness for migration to Windows 7 and Windows Internet Explorer 9.

Simplify your organization's migration to Windows 7 and Windows Internet Explorer 9 with MAP 6.0 Beta. The MAP Internet Explorer migration assessment—now updated for Internet Explorer 9 migration—inventories your environment and reports on deployed web browsers, Microsoft ActiveX controls, and add-ons, and then generates a migration assessment report and proposal for easier migration to Windows 7 and Internet Explorer 9.

Discover heterogeneous database instances for migration to SQL Server.

MAP 5.5 brought you heterogeneous database inventory and reporting capability to help you accelerate migration to SQL Server from MySQL, Oracle, and Sybase instances. MAP 6.0 Beta adds to this capability with Oracle schema discovery, and reporting on the size and use of each schema. Reporting also provides an estimate of the complexity of migration and suggests candidates for migration to SQL Server. Use this information to determine total cost of ownership for maintaining Oracle and the potential ROI from switching to SQL Server.

In a previous post, I described how you can use SCOM to create a custom alert that watches the security group on your DC’s for changes to the “Domain Admins” security group.

I mentioned in that post that I was using this as a backdrop for an Opalis demo that uses that alert to start a workflow that disables the user account, removes it from the domain admins group, populates a ‘notes’ field in AD with information about why the account was disabled, clears the alert in SCOM and finally sends an Exchange email with the details to the administrator.

Folks have asked for more details on the Opalis workflow behind this – so here you go.

You can download the OIS file here and import into Opalis to see what I did.

Let’s get started…

First off, here’s the workflow I use:

Here are the steps:

1) Monitor Alert:  We’re watching for any NEW alerts in SCOM that contain the string “DAACESS” in the CustomField2 property (there's more detail on this in the blog post I reference above)

2) Query XML:  We need to query the description CONTEXT from our SCOM alert to extract the CN name for the offending user account that was added to the domain admins group

*You can find what you want to query from by clicking the ‘alert context’ tab on the SCOM alert.  In this case we want the full CN of the user account so we use “MemberName”.

3) Disable User:  Using the result from the XML query, we’re disabling the user account

4) Remove User From Group:  Next, we remove the offending account from the domain admins group.  In my case, I just setup a variable for the domain admins group – you can pull that via XML as well if you want.

* Here’s my detail for the ‘group’ variable

5) Update User: We can update the “notes” field in the AD account to put some detail around why the account was disabled (there are other options you can pick as well if you want to update other properties – just use the ‘select fields’ to choose)

6) Update Alert:  Now, we’re going to go ahead and close the alert in SCOM since we’ve successfully remediated this issue.  Alternatively,  you could branch here if you had a failure and send an email or alert in some other fashion (or start another workflow)

7) Send Exchange Email:  Finally, we’re going to send an email to the administrator with all the details

* You’ll need to have an Outlook profile configured to send Exchange email – on the connect tab, you’ll specify the name of the profile you’ll use.  Also, if you want proper formatting (line breaks, etc…) make sure you use ASCII formatting

This sends the following email:

That should get it done.  Enjoy!

One of the demos that I do in my lab uses an Opalis workflow that is triggered by a SCOM rule watching the security event log on my domain controller for any changes to the domain admins group.  Once the alert gets triggered in SCOM, Opalis picks it up, disables the offending account, removes it from the domain admins group, populates the ‘notes’ field with some text indicating why the account is disabled, closes the alert in SCOM and sends an Exchange email to the administrator.

This blog post describes how to configure the SCOM piece.  If you want to know how to configure the Opalis piece – I created a separate post HERE.

I’ve been asked a number of times how I did this in SCOM.  Here you go.  It’s pretty simple. 

The first thing you’ll have to do – if you haven’t done this already – is to enable auditing on your DC’s.  This is done via GPO.  I won’t cover the details of that here – but this KB will walk you through the process.  Basically, auditing of directory services objects (add/moves/changes) is not enabled by default - you have to do that manually and it's a prerequisite to making this process work properly.

Alright, enough of that...let's head over to the SCOM Admin Console...

Authoring –> Management Pack Objects –> Rules –> Create a New Rule

Essentially what we’re doing here is creating an alert that gets triggered by a specific event id in the DC’s security log.  In our case, it’s 4728 for Server 2008 R2 domain controllers.  If your DC’s are not 2008 R2, the event id is different – you’ll have to look it up.

Here are the steps.  Make sure you create a custom management pack – don’t stick this in the default…it’s not good practice.

Make sure that you select a DC in the ‘target computer’ field:

Data Source is where we configure the event id and parameters – Response is where we configure the description field of the actual event and any other customizations (in our case populating a custom field):

Click the “…” to configure “Parameter 3” – for the values, you’ll just type those in:

By the way – here’s what the actual event log looks like:

You do have options here – what priority level and severity (affects how it alerts in SCOM) and then what you want the alert description to look like.  You can also make changes to the Alert Name which is what you’ll see top line in the ‘alert view’ in SCOM:

In the Custom Fields section, I used #2 and populated that with the text DAACCESS.

I populate CustomField1 with the domain\username information (I use that in the Opalis workflow)

The reason I did this is because that’s how I’m telling Opalis what to look for when an event pops in SCOM.  Now, every time this rule gets triggered and this alert pops in SCOM, Opalis will pick it up and start our workflow.

Good stuff!  Hope this was helpful!

At TechEd we announced a new addition to the Hyper-V Cloud Fast Track Program offered from Cisco and NetApp. Hyper-V Cloud Fast Track partner offerings provide flexibility and choice while reducing risk and increasing the speed of deployment. You can find more about it here:

http://www.microsoft.com/virtualization/en/us/hyperv-cloud-fasttrack.aspx

Below are links to some of the announcements yesterday.

===========================================================================

Microsoft Blog:

http://blogs.technet.com/b/virtualization/archive/2011/05/17/hear-what-netapp-and-cisco-are-saying-after-joining-the-hyper-v-fast-track-program.aspx

http://www.microsoft.com/presspass/press/2011/may11/05-16TechEd11PR.mspx

NetApp Blog:

http://blogs.netapp.com/msenviro/2011/05/netapp-hyperv-cloud-fast-track-with-cisco.html

http://www.prwire.com.au/print/netapp-simplifies-customers-transition-to-private-cloud-through-collaboration-with-cisco-and-microsoft

The CentOS Linux distribution is now supported as a guest within Hyper-V. Please see Sandy Gupta’s blog post:

http://blogs.technet.com/b/openness/archive/2011/05/15/expanding-interoperability-to-community-linux.aspx

==============================================

FAQ

==============================================

Q: What CentOS versions are supported?

A: CentOS 5.2 through 5.6 (32-bit and 64-bit versions) are now supported as Hyper-V guests. Support will cover installation issues as well as configuration issues.

===========================================================================

Q: Will you be adding support for additional Linux distributions?

A: We continue to evaluate adding additional Linux distributions to the supported list.

===========================================================================

Q: What version of the Linux Integration Services support CentOS?

A: The existing Hyper-V Linux Integration Services for Linux Version 2.1 support CentOS. The following features are included in the Hyper-V Linux Integration Services 2.1 release:

· Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use up to 4 virtual processors (VP) per virtual machine.

· Driver support for synthetic devices: Linux Integration Services supports the synthetic network controller and the synthetic storage controller that were developed specifically for Hyper-V.

· Fastpath Boot Support for Hyper-V: Boot devices take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.

· Timesync: The clock inside the virtual machine will remain synchronized with the clock on the host.

· Integrated Shutdown: Virtual machines running Linux can be gracefully shut down from either Hyper-V Manager or System Center Virtual Machine Manager.

· Heartbeat: Allows the host to detect whether the guest is running and responsive.

· Pluggable Time Source: A pluggable clock source module is included to provide a more accurate time source to the guest.

The Linux Integration Services are available via the Microsoft Download Center here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=eee39325-898b-4522-9b4c-f4b5b9b64551

===========================================================================

Q: I’m unfamiliar with the different Linux distributions available. Can you tell me more about CentOS?

A: From Wikipedia:

CentOS is a community-supported, mainly free software operating system based on Red Hat Enterprise Linux (RHEL). It exists to provide a free enterprise class computing platform and strives to maintain 100% binary compatibility with its upstream distribution. CentOS stands for Community ENTerprise Operating System.

Red Hat Enterprise Linux is available only through a paid subscription service that provides access to software updates and varying levels of technical support. The product is largely composed of software packages distributed under either an open source or a free software license and the source code for these packages is made public by Red Hat.

CentOS developers use Red Hat's source code to create a final product very similar to Red Hat Enterprise Linux. Red Hat's branding and logos are changed because Red Hat does not allow them to be redistributed.

CentOS is available free of charge. Technical support is primarily provided by the community via official mailing lists, web forums, and chat rooms. The project is not affiliated with Red Hat and thus receives no financial or logistical support from the company; instead, the CentOS Project relies on donations from users and organizational sponsors.