Thursday, June 10, 2010

My first Windows Azure application - Guestbook

So I started this a couple days ago, and finished the work on this today during lunch. 

Following the lab guide, I used Microsoft Visual Studio Ultimate and developed my first Windows Azure application.  This was a very interesting road to travel down for me.

I chose to write this in the C# language to give me some exposure to it.  I think I spent the majority of my time working through its inheritance model and getting my classes laid out appropriately.  I am also pretty rusty in the developer space, but it all came back pretty quick.  Here’s a screen shot of the IDE:

image

After I got the application to compile correctly I ran it on a local developers test environment using the “UseDevelopmentStorage” tag in the service configuration file.

<Setting name="DataConnectionString" value="UseDevelopmentStorage=true" />

At that point the application was tested (by me) and found to be adequate for cloud deployment!  With the Azure tools for visual studio - Windows Azure Tools for Microsoft Visual Studio - this was as easy as “right-click->publish”.

They gave me a temporary Azure account (expires on Monday June 14th, 2010) in order to accomplish the labs.  Azure was absolutely SIMPLE to configure for this.  All I had to do was create a Project name, create a service (define the webapp URL in here), create the cloud storage group, define some affinity, reconfigure the application to use the new cloud storage credentials (instead of the local developer instance) and presto, I was in business. 

Here’s a screenshot of the hosted service page:

azure-hosted

and here is the cloud storage page:

azure-storage

 

I decided to go with some High Availability.  That was soooooooooo terribly difficult (NOT!)  All I had to do was modify the config file and set  <Instances count="2" /> then restart the application server.  The load balancers were already setup to handle this. 

And ………….. here is my app! woot! 

I chose the URL:   http://kmac.cloudapp.net/ Feel free to sign my guestbook; it’ll be there until Microsoft shuts it down on Monday for not paying the bill. :P

 

azure-kmacs app

Last, but not least, I played with SQL Azure.  Absolutely easy to setup a new database! 

sql-azure-database

 

Neat stuff – and it was fun playing developer for a few hours.  Now I am off to learn more about Advanced Group Policy Management.

Posted by at No comments:

Using Microsoft Exchange Server 2010 to Achieve Rich Coexistence with Exchange Online

Evan Dodds, Senior Program Manager, Microsoft

Blog administrative note – this blog has content znd screen-scrapes straight from Evan’s powerpoint.  I would like to thank him for sharing the powerpoint as the session was on-going, this was extremely helpful.  Thanks Evan! –KMac.

Thinking of the email in the cloud? But wondering how workable it really is for your organization?

Do you like the high fidelity experience and fine-grained control you get with your on-premises Exchange organization?

Are you considering hosting some of your mailboxes in the cloud?

Are you worried about losing the former to gain the latter…?

Exchange Online Rich Coexistence gives you the look and feel of a single organization across the full on-prem and hosted surface!

 

Cutover Coexistence <—(focus of this blog)
Executed over a weekend; switch the MX record

Executed over some longer period of time (a week, a month, a year, etc)

All users moved as part of a “big switch” to the cloud

No requirement to ever flip “a switch” – can run in coexistence scenario indefinitely

No option to pilot mailboxes

  

No on-prem configuration or hardware requirement

Requires on-prem configuration and hardware

 

Rich Coexistence Feature-set

What does Exchange 2010 bring to the table?  Rich Coexistence!

image

Note: Rich Coexistence feature-set requires Exchange 2010 SP1 Hub+CAS on-prem and requires supplemental configuration steps (both on-prem and in the cloud)

Cross-Premises Free/Busy and Calendar Sharing
  • Creates the look and feel of a single, seamless organization for meeting scheduling and management of calendar
  • Works with any supported Outlook client; the heavy lifting is done by the Exchange 2010 CAS servers and the MS Federation Gateway and is transparent to the client

image

Cross-Premises Mail Tips
  • Creates the look and feel of a single, seamless organization. Correct evaluation of “Internal to” vs “External to” organization context.
  • Allows awareness and correct Outlook 2010 representation of mail-tips for size and quantity limits on DGs, etc.

image

Cross-Premises Message Tracking
  • Creates the look and feel of a single, seamless organization.
  • Message tracking started from on-prem or from the cloud will track through to the edge of the combined organization
    • Tracking fidelity across 2010 servers will be identical to fully on-prem organizations (ie – high fidelity)
    • Tracking fidelity across pre-2010 servers will be identical to fully on-prem organizations (ie – lower fidelity)

image

Cross-Premises mailbox search
  • Allows administrators to select/manage mailboxes for mailbox searches from on-prem or cloud-hosted mailboxes
  • Graphical representation allows to differentiate between on-premises and cloud-hosted mailboxes in the picker
  • Search results returned across all selected mailboxes, regardless of mailbox location!

image

Cross-Premises OWA Redirection
  • Single URL
    • Allows mailbox access to OWA via a single URL (pointed to on-premises CAS)
      • Ensures a good end-user experience as mailboxes are moved in-and-out of the cloud, since OWA URL remains unchanged
    • Better Cloud log in experience
      • Log in experience can be greatly improved by adding your domain name into your cloud URL. So that you can access your cloud mailbox without the interruption of Go There page
Cross-Premises Mailflow
  • Rich coexistence adds the ability to preserve internal organizational headers.
  • Most important header: Auth header
    • Allows us to treat a message from the cloud as authenticated. This means we trust the message and resolve the sender to a recipient in the GAL.
    • Restrictions specified for that recipient get honored.
    • When sender expanded in Outlook, GAL card is opened (not SMTP address).

image

 

  • Makes your on-prem organization and cloud organization work together like a single, seamless organization
    • Offers near-parity of features/experience on-prem and in the cloud
    • Seamless interactions between on-prem and cloud mailboxes
    • Migrations in and out of the cloud transparent to end-user

Stop drooling just yet ….  Remember: Exchange Online must upgrade to 2010 first!

RICH COEXISTENCE SETUP

Step 1:

image

Step 2:

image

 

RICH COEXISTENCE – GUI MANAGEMENT

Connecting on-prem GUI to the cloud

image

image

Most of the cool Rich Coexistence features require federated sharing be configured between on-prem and the cloud.


EMC in Exchange 2010 SP1 has GUI for this!

image

 

RICH COEXISTENCE MIGRATION

You’ve configured for cross-prem, now it’s time to move!

  • Administrator uses EMC on-prem tool to manage mailbox moves and other administrative cross-premise tasks
    • Note: There is no requirement to move mailboxes on-prem to an E2k10 server prior to moving them to the cloud
  • Dirsync keeps GAL in sync as mailboxes are moved

image

The Stuff you need to know!

  • It’s a true “online” move – user stays connected to their mailbox through the move
    • Client switchover happens automatically at the end
    • Traditional “offline” move when moving from Exchange 2003 source
  • Outlook uses Autodiscover to detect the change and fixes up the user’s Outlook profile automatically on the client machine
  • Since it’s a move (not a new mailbox + data copy), Outlook doesn’t see it as a new/different mailbox. End result = No OST resync.
  • Moves are queued and paced by the datacenter
    Object conversion for mail routing happens automatically after data move
    • Mailbox on-prem gets converted to Mail-enabled user automatically
    • Admin can override this automation and stage the move then convert steps

Mailbox Offboarding

  • Why might you care about offboarding?
    • Long term coexistence scenarios
    • Compliance requirements (retaining ex-employee data)
    • Piloting online but not committed to the move
  • What you need to know about offboarding?
    • Offboarding is available using EMC toolset while in Rich Coexistence scenario
    • Offboarding to on-prem E2k10 database is online mailbox move
    • Offboarding to on-prem E2k3/E2k7 database is an offline mailbox move
      • Can’t stay connected to cloud mailbox receiving mail during offline move
    • Offboarding without Rich Coexistence (ie – any other scenario, including V1 offboarding) is PST via Outlook or partner driven.

KEY TAKEAWAYS

  • Moving to Exchange 2010 On-prem sets you up for a smooth path to the cloud
  • It’s not the only option out there, but Rich Coexistence is super cool
    • You want it
  • “Federation” doesn’t always mean the same thing
  • Rich Coexistence setup has a bunch of steps, but it’s pretty straight-forward
  • Once you’re in fully-configured Rich Coexistence, toggling the federated sharing features on and off in Exchange is simple
    • These features are a real competitive differentiator and make the cross-premises Exchange Online experience quite seamless
  • Doing migrations in Rich Coexistence (including offboarding!) is really easy, and gives a great and seamless end-user experience
Posted by at No comments:

Virtualization Round Table Discussion

  • Kenon Owens, Microsoft
  • Nate Lasnoski, MVP, Data Center
  • Gene Ferioli, Microsoft (Appv team)
  • Taylor Broan, Microsoft
  • Robin Brandl, Microsoft

This is an open round table style discussion surrounding all of Microsoft's virtualization products.

Three reasons to switch from VMWare to Microsoft HyperV:

  1. Cost
  2. End-to-end Manageability
  3. something else … didn't really catch it … must not have been that important. :P

NIC Teaming

Taylor Broan (Microsoft) openly admitted that there is a gap with their product and VMware when it comes to NIC Teaming.  They are working hard at fixing this.  They mentioned that Microsoft NIC teaming works best with Intel NIC’s, but not so much with other vendors (*cough* broadcom *cough*).

Hyper-v wish list (from audience)

  • Improved performance on snapshot-ing
  • More integration with VMM
  • Better memory support (this is coming real soon)
  • Better monitoring
    • Microsoft countered that this is there, you just need to know how to get it.
  • Create virtual networks on all nodes of a cluster – or create a distributed virtual switch.
  • Multiple virtual CPU’s

Client side hypervisor (VDI)

There was a large discussion between the audience and the VDI team on whether the hypervisor should run client side or not.  Microsoft's stance was “it doesn't need to run client side until the industry demands it.”  The audience was mixed on whether this was needed.

Server AppV

The lead program manager for AppV was in attendance and announced that they are developing a Server side AppV capability.  He polled the audience if they would run apps and o/s’s 1:1 or 1:many.  Most of the audience chose 1:1 – for simplicity of management.  Helped him continue the product development path.

Overall this session made me feel vulnerable for switching to HyperV – I am glad we are “piloting” it this summer.  Although the cost savings is very attractive, the quality of product and lack of feature set has me concerned.  (Especially in the Linux side).  Well see how the pilot goes.

Posted by at No comments:

Wednesday, June 9, 2010

Data Center “In a box”: Microsoft’s ITPAC (IT Pre-Assembled Component)

I walked through an ITPAC this afternoon – very impressive.  This is Microsoft’s vision of the data center – a self enclosed box that has everything it needs from a facility perspective built in.  Microsoft’s strategy is to pre-manufacture every part of the data center:  the mechanical, electrical, and compute components.

The overall total cost of ownership for this model when compared to the conventional data center is going to be substantial.  They claim that the PUE is reduced to 1.15 from 1.32 (depending on outside conditions).


Here’s commentary from the web: 

“Our plan for the future is to have essentially everything but the concrete pad pre-manufactured and then assembled on site: the IT, mechanical and electrical components are all part of Pre-Assembled Components that we call an “ITPAC.” We actually think of the ITPACs not as containers in a traditional sense but as integrated air-handling and IT units.

The units will be assembled entirely from commercially available recyclable components such as steel and aluminum and the cooling requirements for the ITPACs will be met by more efficient means, such as a single water hose with residential levels of pressure to control ambient temperatures. The servers will be stacked in rows, sandwiched between air intake and output vents.“

Check it out by watching this video by clicking here

Posted by at No comments:

I now have soft copies of the Teched 2010 presentations for the following sessions:

 

I have downloaded powerpoints and/or PDF’s for the following sessions.  If you are interested in one, just email me.

1. Application Virtualization Troubleshooting

2. BitLocker To Go

3. BPOS - Whats Coming Soon

4. BPOS Identity and Access Solutions

5. BPOS Planning Preparation and Migration

6. Building Solutions with Microsoft Access 2010

7. Coexistence and Upgrading from Microsoft Exchange Server 2007 to Exchange Server 2010

8. Create a Windows Server 2008 R2 MSDTC Cluster

9. Data Tier Applications in Microsoft SQL Server 2008 R2 and Microsoft Visual Studio 2010

10. Deploying and Managing Microsoft ASP.NET Using Internet Information Services (IIS) 7.5 on Server Core (V3.0)

11. Deploying Microsoft System Center Configuration Manager

12. Developing a Microsoft SharePoint 2010 Workflow with Initiation Form in Microsoft Visual Studio 2010

13. Developing KPIs and Scorecards with PerformancePoint Services in Microsoft SharePoint Server 2010

14. Failover Clustering in Windows Server 2008 R2

15. Implementing High Availability and Live Migration with Windows Server 2008 R2 Hyper-V

16. Implementing Microsoft Forefront Online Protection for Exchange - Best Practices, Pitfalls and Support

17. Installing a Microsoft SQL Server 2008 + SP1 Clustered Instance

18. Introduction to F#

19. Introduction to Microsoft System Center Virtual Machine Manager (SCVMM) 2008 R2

20. Introduction to the AppFabric Service Bus for Visual Studio 2010 Developers

21. Introduction to Windows Azure for Visual Studio 2010 Developers

22. Introduction to Windows Server 2008 R2 Hyper-V

23. Lap around Microsoft SharePoint Server 2010 Enterprise Content Management

24. Maintaining a Microsoft SQL Server 2008 Failover Cluster

25. Microsoft Access Services- Under the Hood

26. Microsoft BPOS Suite Identity and Access Solutions Drilldown

27. Microsoft Communications Server "14" Monitoring and Reporting

28. Microsoft Exchange Server 2010 High Availability and Storage Scenarios

29. Microsoft Exchange Server 2010 Setup and Deployment

30. Microsoft Exchange Server 2010 Transport Routing

31. Microsoft System Center Virtual Machine Manager (SCVMM) 2008 R2 Advanced Topics

32. Moving Your School Communication and Collaboration to the Cloud

33. Moving Your School Communication and Collaboration to the Cloud

34. Opalis - Understanding, Designing and Configuring Process Automation

35. Patterns of Parallel Programming

36. Real-World Patterns for Cloud Computing

37. Rolling Upgrade to Microsoft SQL Server 2008

38. Security Tales from the Twilight Zone

39. Top 10 Hidden IT Costs and How to Avoid Them

40. Upgrading Microsoft SQL Server 2000-2005 to SQL Server 2008

Posted by at No comments:

Microsoft Communications Server “14”: Monitoring and Reporting

 

So you may be asking – why is Kevin posting blogs for every session now?  Truth is I took notes in every session, but now that I am actually taking the notes in live writer it is a one button publish and formatting happens close to real-time (when speakers are bullshiting).  Very nice Microsoft.  Now, back to the show.

CS 14 Health Monitoring Goals (Jared Zhang): 

  • Accurate Alerts
    • Filter out transient conditions to reduce noise
    • Distinguish alerts based on the impact to the system
    • Track the current state of alerts (active or resolved)
  • Actionable alerts
    • Cause and recommended actions
    • Relevant information to identify and isolate problems
    • Guidance for troubleshooting

CS 14 Health Monitoring

  • Health monitoring for CS 14
    • Service Monitoring
      • End-to-end verification of availability of CS services
    • Component monitoring
      • Monitoring components running on individual CS servers
    • Voice Quality Monitoring
      • Monitoring end-user-call reliability and media quality experience
  • CS 14 MP for SCOM 20017 R2
    • Monitoring and alerting on services, components, and voice quality
    • Central discovery of monitored objects from CS 14 Central Management Store (CMS)

Service monitoring with Synthetic Transactions

  • Synthetic Transactions (ST’s)
    • End-to-end scenario view
    • Powershell cmdlets starting with the Test verb
      • Examples: 
        • Test-CsIM
        • Test-CsPresence
        • Test-CsPstnOutboundCall
    • Run with configured test accounts or real credentials
    • Provide a success/failure response
  • SCOM Alerting
    • Core set of ST’s are run periodically to verify service availability
    • ST failures result in high priority alerts
    • Alerts are auto-resolved if ST’s succeed in the next run

For example, making an outbound call through powershell

c:> Test-CsIm –TargetFqdn myocs.domain.com

Component Monitoring

  • Health modeling for CS14 components
    • Key health indicator (KHI) and non-KHI’s
      • Events and performance counters are categorized as service impacting aspects (KHI’s) and non-service impacting aspects (non-KHI’s)
      • KHI indicates a service impacting condition
  • SCOM Alerting
    • KHI’s result in medium priority alerts
    • KHI alerts are auto-resolved if the component returns to healthy
    • Non-KHI’s result in informational alerts that need manual resolution.

Call Reliability Monitoring

  • Call reliability data are stored as Call Detail Records (CDR) data
  • Failures are classified as Expected and Unexpected, based on the ms-diagnostic ID.
    • Example: 52031 indicates media connectivity failure
  • SCOM Alerting
    • Categories for call reliability alerting:
      • Peer-to-peer audio/video calls
      • Audio/video conference calls
    • Alerts are raised for higher then expected failure rates
    • Each alert contains a CDR report link for troubleshooting

Media Quality Monitoring

  • Media Quality data are stored as Quality of Experience (QoE) data
  • Calls are classified as good/poor quality alerting:
    • A/V Conferencing Servers, Mediation Servers, Gateways
    • Network locations (subnets, sites, regions)
  • Alerts are raised for higher then expected poor quality call rates
  • Each alert contains a QoE report link for troubleshooting

 

The bottom line for this section is that there are really thorough monitoring and ST command applets built into Powershell (Test-CS*), and you can tie these into SCOM. 

Health Monitoring for CS14 is a must for success – Antwan, build good health monitoring into our CS14 deployment from the ground up.

 

Reporting CS14 with the Monitoring Server Role - Arish Alreja

Improvements for CS14 Monitoring Server Role

  • Call Detail Record (CDR) data collection
    • Improved diagnostics information for all modalities in CS14
    • Registration diagnostics data
    • IP Phone Device data
  • Quality of Experience (QoE) data collection
    • Richer Endpoint Data (OS, Mac Address, CPU)
    • Richer Audio Metrics (User facing diagnostics, audio healer metrics)
    • Coverage on Media Bypass, Mediation Server – Multiple Gateways,
  • Reporting Improvements
    • For ROI Analysis and Asset Management
      • Usage reports for visibility into deployment activity
      • IP Phone HW and SW versions
    • For Operational monitoring and diagnostics
      • Dashboard delivers a view into any call reliability/media quality issues
      • Call Reliability reports for monitoring and troubleshooting
    • For Helpdesk admins helping end users
      • User Activity Report
  • Reports can be configured for periodic email delivery
  • Reports are accessible from the CS Control Panel (CSCP)

Arish then moved directly into a demonstration of the reporting server and the CS Control Panel.  It was very impressive – this picture does not do it justice:

                                                ocs

I look forward to seeing this in Beta back at Vanderbilt!

Posted by at No comments:

Behind the SPAM: A look at BotNets, Malware, and the Spamers who run them.

 

Speaker:     Terry Zink, Program Manager, Microsoft

Goals:

  1. Understand the current threat landscape
  2. Understand what Microsoft is doing in this space
  3. Understand how Microsoft combats these threats

Variety

  1. (Terry performed a card trick at this time)
  2. Trick cards?
  3. Sleight of hand?
  4. Secret partner?
  5. Something else?

Spammers?

  1. Russian Business Network (RBN)
    1. worst of the worst.
    2. Responsible for the Storm botnet
    3. ISP – phishing, spam, malware
    4. Bullet-proof hosting “ISP allows you to do anything”
    5. Based in St. Petersburg, Russia
    6. Offers Web Hosting
      1. Now allegedly involved in Black SEO, DOS attacks and rogue Antivirus
  2. The Partnerka
    1. Use a lot of Web 2.0
    2. Affiliate marketing – will drive traffic to your site
    3. Black SEO, spam, malware
      1. Spam is less lucrative but still done by more elite spammers
      2. Upload spammy content to throwaway sites like facebook, twitter
  3. Glavmed

How much money do they actually make?

    1. Meds4U - $16,000/month
    2. CoolCodecs
      1. $6500/month
    3. MegaSales.ru
      1. $25/sale
      2. $4916/11 days
    4. I am a spammer (reddit.com)
      1. $1000/day

Forefront Online – Total inbound mail 400-600 billion per quarter.

                         teched spam

Spam Trends – Gambling and 419 are up

Phishing – sites are looking very legitimate

Avalanche – group responsible for 2/3’s of all phishing sites.

Phishing needs 3 things:  1.) Phish email sent.  2.) Bypass phishing filters. 3.) user clicking on link.

Sender Policy Framework (SPF) – Add authorized sender IP’s to the DNS text record.

Botnet distribution (July 2009)

  1. Rustock – 39.7%
    1. Older botnet (c.2005)
    2. #1 Spammer
    3. No discernable pattern in headers
    4. “Sleepy” behavior – slow drizzle
    5. Sophisticated polymorphic rootkit botnet
      1. Implemented as a driver – runs at lowest level
      2. Infects system drivers, features anti-rootkit protection
      3. Some become adjusted to hardware, wont run on other systems
      4. More prevalent on older versions of windows
      5. US, Korea, Japan, UK, Romania
    6. TLS – their preference.  decryption slows down mailgates
    7. Forefront online issued a fix to stop accepting TLS from botnet IP’s
  2. Bagle-cb – 28.6%
    1. Been around since 2004
    2. Spread by email or p2p
  3. Cutwail – 10.4%
  4. Lethic – 8.6%
  5. Grum – 6.7%
  6. Donbot – …
  7. Waledac
    1. Newbie – 2008. 
    2. Main purpose is to spam
    3. Propagates by spamming links to itself
    4. Binary is packed with several packers (obfuscated)
    5. Makes use of multiple fast-flux nodes
    6. Uses encryption between nodes – hard to track
    7. Characters in spam:
      1. Recognizable HELO string
    8. US, Brazil, South Korea, Spain, France

Operation b49

    1. Microsoft took down the Waledac Botnet
    2. Microsoft got a court order to shut domains down “home of botnet”
  1. Pushdo/Cutwail
    1. Pushdo malware, cutwail is spamming software
    2. Cutwail – key encryption: “reva gurd iuh an it ak-lehsoP” (means screw you, my friend AV’r.)
    3. Multi-threaded
    4. Recognizable HELO string
    5. US, Russia, Japan, Brazil, …

Fast Flux & Double Fast Flux

    1. Very clever spam technique
    2. check out http://www.rxcoenbitee.cn
      1. I looked up the following for a better description: http://en.wikipedia.org/wiki/Fast_flux 
    3. Changes DNS A records every 10 minutes – constantly redirecting victims 
    4. Double Fast Flux – uses DNS referrals to change the authoritative name server.
    5. Makes it very difficult for anti-spam to keep up with this.
    6. How do you stop double-fast-flux?
      1. You make really big lists.
      2. have listener programs throughout the world collecting real-time updates resolutions and sending them to the main list.
    7. Regex
      1. FOBE uses Regex’s to predict where spam is going to come from …hmm.
      2. Trafficconverter.biz
        1. -> conficker worm
        2. Started using MD6 in January
        3. Switched

Summary

  1. Spam up
  2. Phishing up
  3. Malware up
  4. Botnets up
  5. Piracy down
  6. Detection green up
Posted by at 1 comment:
Subscribe to: Comments (Atom)