Thursday, June 10, 2010

My first Windows Azure application - Guestbook

So I started this a couple days ago, and finished the work on this today during lunch. 

Following the lab guide, I used Microsoft Visual Studio Ultimate and developed my first Windows Azure application.  This was a very interesting road to travel down for me.

I chose to write this in the C# language to give me some exposure to it.  I think I spent the majority of my time working through its inheritance model and getting my classes laid out appropriately.  I am also pretty rusty in the developer space, but it all came back pretty quick.  Here’s a screen shot of the IDE:

image

After I got the application to compile correctly I ran it on a local developers test environment using the “UseDevelopmentStorage” tag in the service configuration file.

<Setting name="DataConnectionString" value="UseDevelopmentStorage=true" />

At that point the application was tested (by me) and found to be adequate for cloud deployment!  With the Azure tools for visual studio - Windows Azure Tools for Microsoft Visual Studio - this was as easy as “right-click->publish”.

They gave me a temporary Azure account (expires on Monday June 14th, 2010) in order to accomplish the labs.  Azure was absolutely SIMPLE to configure for this.  All I had to do was create a Project name, create a service (define the webapp URL in here), create the cloud storage group, define some affinity, reconfigure the application to use the new cloud storage credentials (instead of the local developer instance) and presto, I was in business. 

Here’s a screenshot of the hosted service page:

azure-hosted

and here is the cloud storage page:

azure-storage

 

I decided to go with some High Availability.  That was soooooooooo terribly difficult (NOT!)  All I had to do was modify the config file and set  <Instances count="2" /> then restart the application server.  The load balancers were already setup to handle this. 

And ………….. here is my app! woot! 

I chose the URL:   http://kmac.cloudapp.net/ Feel free to sign my guestbook; it’ll be there until Microsoft shuts it down on Monday for not paying the bill. :P

 

azure-kmacs app

Last, but not least, I played with SQL Azure.  Absolutely easy to setup a new database! 

sql-azure-database

 

Neat stuff – and it was fun playing developer for a few hours.  Now I am off to learn more about Advanced Group Policy Management.

Posted by at No comments:

Using Microsoft Exchange Server 2010 to Achieve Rich Coexistence with Exchange Online

Evan Dodds, Senior Program Manager, Microsoft

Blog administrative note – this blog has content znd screen-scrapes straight from Evan’s powerpoint.  I would like to thank him for sharing the powerpoint as the session was on-going, this was extremely helpful.  Thanks Evan! –KMac.

Thinking of the email in the cloud? But wondering how workable it really is for your organization?

Do you like the high fidelity experience and fine-grained control you get with your on-premises Exchange organization?

Are you considering hosting some of your mailboxes in the cloud?

Are you worried about losing the former to gain the latter…?

Exchange Online Rich Coexistence gives you the look and feel of a single organization across the full on-prem and hosted surface!

 

Cutover Coexistence <—(focus of this blog)
Executed over a weekend; switch the MX record

Executed over some longer period of time (a week, a month, a year, etc)

All users moved as part of a “big switch” to the cloud

No requirement to ever flip “a switch” – can run in coexistence scenario indefinitely

No option to pilot mailboxes

  

No on-prem configuration or hardware requirement

Requires on-prem configuration and hardware

 

Rich Coexistence Feature-set

What does Exchange 2010 bring to the table?  Rich Coexistence!

image

Note: Rich Coexistence feature-set requires Exchange 2010 SP1 Hub+CAS on-prem and requires supplemental configuration steps (both on-prem and in the cloud)

Cross-Premises Free/Busy and Calendar Sharing
  • Creates the look and feel of a single, seamless organization for meeting scheduling and management of calendar
  • Works with any supported Outlook client; the heavy lifting is done by the Exchange 2010 CAS servers and the MS Federation Gateway and is transparent to the client

image

Cross-Premises Mail Tips
  • Creates the look and feel of a single, seamless organization. Correct evaluation of “Internal to” vs “External to” organization context.
  • Allows awareness and correct Outlook 2010 representation of mail-tips for size and quantity limits on DGs, etc.

image

Cross-Premises Message Tracking
  • Creates the look and feel of a single, seamless organization.
  • Message tracking started from on-prem or from the cloud will track through to the edge of the combined organization
    • Tracking fidelity across 2010 servers will be identical to fully on-prem organizations (ie – high fidelity)
    • Tracking fidelity across pre-2010 servers will be identical to fully on-prem organizations (ie – lower fidelity)

image

Cross-Premises mailbox search
  • Allows administrators to select/manage mailboxes for mailbox searches from on-prem or cloud-hosted mailboxes
  • Graphical representation allows to differentiate between on-premises and cloud-hosted mailboxes in the picker
  • Search results returned across all selected mailboxes, regardless of mailbox location!

image

Cross-Premises OWA Redirection
  • Single URL
    • Allows mailbox access to OWA via a single URL (pointed to on-premises CAS)
      • Ensures a good end-user experience as mailboxes are moved in-and-out of the cloud, since OWA URL remains unchanged
    • Better Cloud log in experience
      • Log in experience can be greatly improved by adding your domain name into your cloud URL. So that you can access your cloud mailbox without the interruption of Go There page
Cross-Premises Mailflow
  • Rich coexistence adds the ability to preserve internal organizational headers.
  • Most important header: Auth header
    • Allows us to treat a message from the cloud as authenticated. This means we trust the message and resolve the sender to a recipient in the GAL.
    • Restrictions specified for that recipient get honored.
    • When sender expanded in Outlook, GAL card is opened (not SMTP address).

image

 

  • Makes your on-prem organization and cloud organization work together like a single, seamless organization
    • Offers near-parity of features/experience on-prem and in the cloud
    • Seamless interactions between on-prem and cloud mailboxes
    • Migrations in and out of the cloud transparent to end-user

Stop drooling just yet ….  Remember: Exchange Online must upgrade to 2010 first!

RICH COEXISTENCE SETUP

Step 1:

image

Step 2:

image

 

RICH COEXISTENCE – GUI MANAGEMENT

Connecting on-prem GUI to the cloud

image

image

Most of the cool Rich Coexistence features require federated sharing be configured between on-prem and the cloud.


EMC in Exchange 2010 SP1 has GUI for this!

image

 

RICH COEXISTENCE MIGRATION

You’ve configured for cross-prem, now it’s time to move!

  • Administrator uses EMC on-prem tool to manage mailbox moves and other administrative cross-premise tasks
    • Note: There is no requirement to move mailboxes on-prem to an E2k10 server prior to moving them to the cloud
  • Dirsync keeps GAL in sync as mailboxes are moved

image

The Stuff you need to know!

  • It’s a true “online” move – user stays connected to their mailbox through the move
    • Client switchover happens automatically at the end
    • Traditional “offline” move when moving from Exchange 2003 source
  • Outlook uses Autodiscover to detect the change and fixes up the user’s Outlook profile automatically on the client machine
  • Since it’s a move (not a new mailbox + data copy), Outlook doesn’t see it as a new/different mailbox. End result = No OST resync.
  • Moves are queued and paced by the datacenter
    Object conversion for mail routing happens automatically after data move
    • Mailbox on-prem gets converted to Mail-enabled user automatically
    • Admin can override this automation and stage the move then convert steps

Mailbox Offboarding

  • Why might you care about offboarding?
    • Long term coexistence scenarios
    • Compliance requirements (retaining ex-employee data)
    • Piloting online but not committed to the move
  • What you need to know about offboarding?
    • Offboarding is available using EMC toolset while in Rich Coexistence scenario
    • Offboarding to on-prem E2k10 database is online mailbox move
    • Offboarding to on-prem E2k3/E2k7 database is an offline mailbox move
      • Can’t stay connected to cloud mailbox receiving mail during offline move
    • Offboarding without Rich Coexistence (ie – any other scenario, including V1 offboarding) is PST via Outlook or partner driven.

KEY TAKEAWAYS

  • Moving to Exchange 2010 On-prem sets you up for a smooth path to the cloud
  • It’s not the only option out there, but Rich Coexistence is super cool
    • You want it
  • “Federation” doesn’t always mean the same thing
  • Rich Coexistence setup has a bunch of steps, but it’s pretty straight-forward
  • Once you’re in fully-configured Rich Coexistence, toggling the federated sharing features on and off in Exchange is simple
    • These features are a real competitive differentiator and make the cross-premises Exchange Online experience quite seamless
  • Doing migrations in Rich Coexistence (including offboarding!) is really easy, and gives a great and seamless end-user experience
Posted by at No comments:

Virtualization Round Table Discussion

  • Kenon Owens, Microsoft
  • Nate Lasnoski, MVP, Data Center
  • Gene Ferioli, Microsoft (Appv team)
  • Taylor Broan, Microsoft
  • Robin Brandl, Microsoft

This is an open round table style discussion surrounding all of Microsoft's virtualization products.

Three reasons to switch from VMWare to Microsoft HyperV:

  1. Cost
  2. End-to-end Manageability
  3. something else … didn't really catch it … must not have been that important. :P

NIC Teaming

Taylor Broan (Microsoft) openly admitted that there is a gap with their product and VMware when it comes to NIC Teaming.  They are working hard at fixing this.  They mentioned that Microsoft NIC teaming works best with Intel NIC’s, but not so much with other vendors (*cough* broadcom *cough*).

Hyper-v wish list (from audience)

  • Improved performance on snapshot-ing
  • More integration with VMM
  • Better memory support (this is coming real soon)
  • Better monitoring
    • Microsoft countered that this is there, you just need to know how to get it.
  • Create virtual networks on all nodes of a cluster – or create a distributed virtual switch.
  • Multiple virtual CPU’s

Client side hypervisor (VDI)

There was a large discussion between the audience and the VDI team on whether the hypervisor should run client side or not.  Microsoft's stance was “it doesn't need to run client side until the industry demands it.”  The audience was mixed on whether this was needed.

Server AppV

The lead program manager for AppV was in attendance and announced that they are developing a Server side AppV capability.  He polled the audience if they would run apps and o/s’s 1:1 or 1:many.  Most of the audience chose 1:1 – for simplicity of management.  Helped him continue the product development path.

Overall this session made me feel vulnerable for switching to HyperV – I am glad we are “piloting” it this summer.  Although the cost savings is very attractive, the quality of product and lack of feature set has me concerned.  (Especially in the Linux side).  Well see how the pilot goes.

Posted by at No comments:

Wednesday, June 9, 2010

Data Center “In a box”: Microsoft’s ITPAC (IT Pre-Assembled Component)

I walked through an ITPAC this afternoon – very impressive.  This is Microsoft’s vision of the data center – a self enclosed box that has everything it needs from a facility perspective built in.  Microsoft’s strategy is to pre-manufacture every part of the data center:  the mechanical, electrical, and compute components.

The overall total cost of ownership for this model when compared to the conventional data center is going to be substantial.  They claim that the PUE is reduced to 1.15 from 1.32 (depending on outside conditions).


Here’s commentary from the web: 

“Our plan for the future is to have essentially everything but the concrete pad pre-manufactured and then assembled on site: the IT, mechanical and electrical components are all part of Pre-Assembled Components that we call an “ITPAC.” We actually think of the ITPACs not as containers in a traditional sense but as integrated air-handling and IT units.

The units will be assembled entirely from commercially available recyclable components such as steel and aluminum and the cooling requirements for the ITPACs will be met by more efficient means, such as a single water hose with residential levels of pressure to control ambient temperatures. The servers will be stacked in rows, sandwiched between air intake and output vents.“

Check it out by watching this video by clicking here

Posted by at No comments:

I now have soft copies of the Teched 2010 presentations for the following sessions:

 

I have downloaded powerpoints and/or PDF’s for the following sessions.  If you are interested in one, just email me.

1. Application Virtualization Troubleshooting

2. BitLocker To Go

3. BPOS - Whats Coming Soon

4. BPOS Identity and Access Solutions

5. BPOS Planning Preparation and Migration

6. Building Solutions with Microsoft Access 2010

7. Coexistence and Upgrading from Microsoft Exchange Server 2007 to Exchange Server 2010

8. Create a Windows Server 2008 R2 MSDTC Cluster

9. Data Tier Applications in Microsoft SQL Server 2008 R2 and Microsoft Visual Studio 2010

10. Deploying and Managing Microsoft ASP.NET Using Internet Information Services (IIS) 7.5 on Server Core (V3.0)

11. Deploying Microsoft System Center Configuration Manager

12. Developing a Microsoft SharePoint 2010 Workflow with Initiation Form in Microsoft Visual Studio 2010

13. Developing KPIs and Scorecards with PerformancePoint Services in Microsoft SharePoint Server 2010

14. Failover Clustering in Windows Server 2008 R2

15. Implementing High Availability and Live Migration with Windows Server 2008 R2 Hyper-V

16. Implementing Microsoft Forefront Online Protection for Exchange - Best Practices, Pitfalls and Support

17. Installing a Microsoft SQL Server 2008 + SP1 Clustered Instance

18. Introduction to F#

19. Introduction to Microsoft System Center Virtual Machine Manager (SCVMM) 2008 R2

20. Introduction to the AppFabric Service Bus for Visual Studio 2010 Developers

21. Introduction to Windows Azure for Visual Studio 2010 Developers

22. Introduction to Windows Server 2008 R2 Hyper-V

23. Lap around Microsoft SharePoint Server 2010 Enterprise Content Management

24. Maintaining a Microsoft SQL Server 2008 Failover Cluster

25. Microsoft Access Services- Under the Hood

26. Microsoft BPOS Suite Identity and Access Solutions Drilldown

27. Microsoft Communications Server "14" Monitoring and Reporting

28. Microsoft Exchange Server 2010 High Availability and Storage Scenarios

29. Microsoft Exchange Server 2010 Setup and Deployment

30. Microsoft Exchange Server 2010 Transport Routing

31. Microsoft System Center Virtual Machine Manager (SCVMM) 2008 R2 Advanced Topics

32. Moving Your School Communication and Collaboration to the Cloud

33. Moving Your School Communication and Collaboration to the Cloud

34. Opalis - Understanding, Designing and Configuring Process Automation

35. Patterns of Parallel Programming

36. Real-World Patterns for Cloud Computing

37. Rolling Upgrade to Microsoft SQL Server 2008

38. Security Tales from the Twilight Zone

39. Top 10 Hidden IT Costs and How to Avoid Them

40. Upgrading Microsoft SQL Server 2000-2005 to SQL Server 2008

Posted by at No comments:

Microsoft Communications Server “14”: Monitoring and Reporting

 

So you may be asking – why is Kevin posting blogs for every session now?  Truth is I took notes in every session, but now that I am actually taking the notes in live writer it is a one button publish and formatting happens close to real-time (when speakers are bullshiting).  Very nice Microsoft.  Now, back to the show.

CS 14 Health Monitoring Goals (Jared Zhang): 

  • Accurate Alerts
    • Filter out transient conditions to reduce noise
    • Distinguish alerts based on the impact to the system
    • Track the current state of alerts (active or resolved)
  • Actionable alerts
    • Cause and recommended actions
    • Relevant information to identify and isolate problems
    • Guidance for troubleshooting

CS 14 Health Monitoring

  • Health monitoring for CS 14
    • Service Monitoring
      • End-to-end verification of availability of CS services
    • Component monitoring
      • Monitoring components running on individual CS servers
    • Voice Quality Monitoring
      • Monitoring end-user-call reliability and media quality experience
  • CS 14 MP for SCOM 20017 R2
    • Monitoring and alerting on services, components, and voice quality
    • Central discovery of monitored objects from CS 14 Central Management Store (CMS)

Service monitoring with Synthetic Transactions

  • Synthetic Transactions (ST’s)
    • End-to-end scenario view
    • Powershell cmdlets starting with the Test verb
      • Examples: 
        • Test-CsIM
        • Test-CsPresence
        • Test-CsPstnOutboundCall
    • Run with configured test accounts or real credentials
    • Provide a success/failure response
  • SCOM Alerting
    • Core set of ST’s are run periodically to verify service availability
    • ST failures result in high priority alerts
    • Alerts are auto-resolved if ST’s succeed in the next run

For example, making an outbound call through powershell

c:> Test-CsIm –TargetFqdn myocs.domain.com

Component Monitoring

  • Health modeling for CS14 components
    • Key health indicator (KHI) and non-KHI’s
      • Events and performance counters are categorized as service impacting aspects (KHI’s) and non-service impacting aspects (non-KHI’s)
      • KHI indicates a service impacting condition
  • SCOM Alerting
    • KHI’s result in medium priority alerts
    • KHI alerts are auto-resolved if the component returns to healthy
    • Non-KHI’s result in informational alerts that need manual resolution.

Call Reliability Monitoring

  • Call reliability data are stored as Call Detail Records (CDR) data
  • Failures are classified as Expected and Unexpected, based on the ms-diagnostic ID.
    • Example: 52031 indicates media connectivity failure
  • SCOM Alerting
    • Categories for call reliability alerting:
      • Peer-to-peer audio/video calls
      • Audio/video conference calls
    • Alerts are raised for higher then expected failure rates
    • Each alert contains a CDR report link for troubleshooting

Media Quality Monitoring

  • Media Quality data are stored as Quality of Experience (QoE) data
  • Calls are classified as good/poor quality alerting:
    • A/V Conferencing Servers, Mediation Servers, Gateways
    • Network locations (subnets, sites, regions)
  • Alerts are raised for higher then expected poor quality call rates
  • Each alert contains a QoE report link for troubleshooting

 

The bottom line for this section is that there are really thorough monitoring and ST command applets built into Powershell (Test-CS*), and you can tie these into SCOM. 

Health Monitoring for CS14 is a must for success – Antwan, build good health monitoring into our CS14 deployment from the ground up.

 

Reporting CS14 with the Monitoring Server Role - Arish Alreja

Improvements for CS14 Monitoring Server Role

  • Call Detail Record (CDR) data collection
    • Improved diagnostics information for all modalities in CS14
    • Registration diagnostics data
    • IP Phone Device data
  • Quality of Experience (QoE) data collection
    • Richer Endpoint Data (OS, Mac Address, CPU)
    • Richer Audio Metrics (User facing diagnostics, audio healer metrics)
    • Coverage on Media Bypass, Mediation Server – Multiple Gateways,
  • Reporting Improvements
    • For ROI Analysis and Asset Management
      • Usage reports for visibility into deployment activity
      • IP Phone HW and SW versions
    • For Operational monitoring and diagnostics
      • Dashboard delivers a view into any call reliability/media quality issues
      • Call Reliability reports for monitoring and troubleshooting
    • For Helpdesk admins helping end users
      • User Activity Report
  • Reports can be configured for periodic email delivery
  • Reports are accessible from the CS Control Panel (CSCP)

Arish then moved directly into a demonstration of the reporting server and the CS Control Panel.  It was very impressive – this picture does not do it justice:

                                                ocs

I look forward to seeing this in Beta back at Vanderbilt!

Posted by at No comments:

Behind the SPAM: A look at BotNets, Malware, and the Spamers who run them.

 

Speaker:     Terry Zink, Program Manager, Microsoft

Goals:

  1. Understand the current threat landscape
  2. Understand what Microsoft is doing in this space
  3. Understand how Microsoft combats these threats

Variety

  1. (Terry performed a card trick at this time)
  2. Trick cards?
  3. Sleight of hand?
  4. Secret partner?
  5. Something else?

Spammers?

  1. Russian Business Network (RBN)
    1. worst of the worst.
    2. Responsible for the Storm botnet
    3. ISP – phishing, spam, malware
    4. Bullet-proof hosting “ISP allows you to do anything”
    5. Based in St. Petersburg, Russia
    6. Offers Web Hosting
      1. Now allegedly involved in Black SEO, DOS attacks and rogue Antivirus
  2. The Partnerka
    1. Use a lot of Web 2.0
    2. Affiliate marketing – will drive traffic to your site
    3. Black SEO, spam, malware
      1. Spam is less lucrative but still done by more elite spammers
      2. Upload spammy content to throwaway sites like facebook, twitter
  3. Glavmed

How much money do they actually make?

    1. Meds4U - $16,000/month
    2. CoolCodecs
      1. $6500/month
    3. MegaSales.ru
      1. $25/sale
      2. $4916/11 days
    4. I am a spammer (reddit.com)
      1. $1000/day

Forefront Online – Total inbound mail 400-600 billion per quarter.

                         teched spam

Spam Trends – Gambling and 419 are up

Phishing – sites are looking very legitimate

Avalanche – group responsible for 2/3’s of all phishing sites.

Phishing needs 3 things:  1.) Phish email sent.  2.) Bypass phishing filters. 3.) user clicking on link.

Sender Policy Framework (SPF) – Add authorized sender IP’s to the DNS text record.

Botnet distribution (July 2009)

  1. Rustock – 39.7%
    1. Older botnet (c.2005)
    2. #1 Spammer
    3. No discernable pattern in headers
    4. “Sleepy” behavior – slow drizzle
    5. Sophisticated polymorphic rootkit botnet
      1. Implemented as a driver – runs at lowest level
      2. Infects system drivers, features anti-rootkit protection
      3. Some become adjusted to hardware, wont run on other systems
      4. More prevalent on older versions of windows
      5. US, Korea, Japan, UK, Romania
    6. TLS – their preference.  decryption slows down mailgates
    7. Forefront online issued a fix to stop accepting TLS from botnet IP’s
  2. Bagle-cb – 28.6%
    1. Been around since 2004
    2. Spread by email or p2p
  3. Cutwail – 10.4%
  4. Lethic – 8.6%
  5. Grum – 6.7%
  6. Donbot – …
  7. Waledac
    1. Newbie – 2008. 
    2. Main purpose is to spam
    3. Propagates by spamming links to itself
    4. Binary is packed with several packers (obfuscated)
    5. Makes use of multiple fast-flux nodes
    6. Uses encryption between nodes – hard to track
    7. Characters in spam:
      1. Recognizable HELO string
    8. US, Brazil, South Korea, Spain, France

Operation b49

    1. Microsoft took down the Waledac Botnet
    2. Microsoft got a court order to shut domains down “home of botnet”
  1. Pushdo/Cutwail
    1. Pushdo malware, cutwail is spamming software
    2. Cutwail – key encryption: “reva gurd iuh an it ak-lehsoP” (means screw you, my friend AV’r.)
    3. Multi-threaded
    4. Recognizable HELO string
    5. US, Russia, Japan, Brazil, …

Fast Flux & Double Fast Flux

    1. Very clever spam technique
    2. check out http://www.rxcoenbitee.cn
      1. I looked up the following for a better description: http://en.wikipedia.org/wiki/Fast_flux 
    3. Changes DNS A records every 10 minutes – constantly redirecting victims 
    4. Double Fast Flux – uses DNS referrals to change the authoritative name server.
    5. Makes it very difficult for anti-spam to keep up with this.
    6. How do you stop double-fast-flux?
      1. You make really big lists.
      2. have listener programs throughout the world collecting real-time updates resolutions and sending them to the main list.
    7. Regex
      1. FOBE uses Regex’s to predict where spam is going to come from …hmm.
      2. Trafficconverter.biz
        1. -> conficker worm
        2. Started using MD6 in January
        3. Switched

Summary

  1. Spam up
  2. Phishing up
  3. Malware up
  4. Botnets up
  5. Piracy down
  6. Detection green up
Posted by at 1 comment:

Microsoft Business Productivity Online Standard Suite (BPOS) v:Next Identity and Access solutions. June 9th, 2010

 

Microsoft Online Services:

Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.

  • SharePoint Online
  • Forefront Online
  • Exchange Online
  • Office Live Meeting
  • Office Communications Online

Financial Benefits:

  • Reduce both capital expenditure and operational expense
  • No hardware buildout cost
    • No more periodic server upgrade consulting projects
    • Software offered as a pure subscription
  • Make your cost even and predictable
    • Flat per-user per month fee
    • No need to renew software and hardware purchases every few years
    • Your piece is protected for the duration of you contract
  • Buy what you need when you need it
    • Avoid over purchasing
    • Scale as your business grows
    • Get the right license for the right users with deskless worker option

Current identity options summary

  1. Microsoft Online ID’s:
    1. ID’s are mastered in the service/cloud
    2. Password Policy is in the cloud
  2. Microsoft Online ID’s & Directory Sync
    1. ID’s are mastered on premise, and synchronized to the service/cloud in the form of Microsoft Online ID’s
    2. Password policy in in the cloud
  3. Directory Synchronization to Microsoft Online Services
    1. Syncs Users, Groups, and Contacts
    2. All users are synced as logon disabled and deactivated users initially. (process runs on local DC’s)

Feedback from customers:

  • No SSO with corporate credential
  • Painful to manage separate corporate and cloud credential
  • Password Policy is not configurable
  • Role-based administration not possible
  • Strong authentication (2FA) not available
  • Platform provisioning API’s are not available.

MS Online identity features roadmap

  • Federated ID’s
  • Directory Synchronization updates
  • Role Based Administration
    • Five admin roles
      • Company Admin
      • Billing admin
      • User Account Admin
      • Helpdesk Admin
      • Service Support Admin
  • “Admin on behalf of” for support partners

Authentication options

Microsoft Online ID

Federated ID

Sign in with cloud identity

Sign in with corporate ID

Authentication happens in the cloud

Authentication happens on premise

Users have two ID’s – one to access on-premises services & one for cloud services

Users have a single credential to provide SSO to on premises and cloud services

Users prompted for credentials

Users get true SSO

Manages password policy in the cloud and on premise

Manages password policy on premise only

Password reset for on premise & MS Online ID’s

  

No 2FA

  

Identity architecture: Federated ID’s

  1. Federation Gateway – runs in the cloud.
  2. Require ADFS 2.0 on premise and a trust between the Federation Gateway and ADFS
    1. You also need to still use Directory Sync to sync users, groups, etc.

GOAL: Establish a trust relationship with Microsoft Online Services

  1. Accomplished via the MS Online Identity Federation Management tool
  2. Configuring identity federation in a 2 step process
    1. Install and configure AD FS 2.0 server
    2. Run the tool to establish a trust for a domain

Online Identity Management Tool

  1. Powershell cmdlets and UI tool
  2. Tool functionality
    1. Add a new identity federated domain
    2. Convert a standard domain to an identity federated domain
    3. Convert an identity federated domain back to a standard domain
    4. Converts users back to Microsoft Online ID’s
    5. Update the identity federated domain
    6. Get the identity federated domain properties
    7. Remove the identity federated domain

Active Directory Federation Server 2.0 deployment options

  1. Single server configuration
  2. AD FS 2.0 server farm behind a load balancer
  3. AD FS 2.0 proxy server (for offsite users) deployed in DMZ

Identity federation

  1. Protocols supported
    1. WS-*, SAML1.1
    2. SAML2.0 (for EDU’s) coming later (Shibboleth)
    3. AD FS 2.0 supports SAML2.0
  2. Microsoft Online Services requirements
    1. MS Online business scenarios always use WS-*
    2. WS-Trust provides support for rich client authentication
  3. Strong authentication solutions for web applications
    1. Via ADFS Proxy sign in page

Check out how busy this conference is: 

teched halls

For some reason I keep choosing the sessions that are on opposite sides of the convention center too.  I estimate that its about a half mile in length.  My pedometer is putting me over 20,000 steps every day!

Blog note – taking notes in Windows Live Writer and then editing later is the BEST way to get a good formatted blog.  Sorry iPad. This darn laptop is heavy though…

Posted by at 2 comments:

Microsoft TechEd – June 9th, 2010

Yes; New Orleans is still hot.  When I leave the building my glasses fog up and my shirt gets drenched within minutes.

From a blogging perspective, today I switched to using my work laptop and Microsoft Live Writer – I need some formatting in these blogs.  I love my iPad but it just isnt ready for formatting prime time in blogging.

Here are my notes from a session I took yesterday afternoon:

Microsoft Communications Server 14: Voice Architecture and planning for high availability.

What constitutes good voice quality?
Starting point for most people is the PBX phone "narrow band audio".  Good voice quality is highly personal and context sensitive.   Up to a point, users will accept lower voice quality given other advantages:
      -cell phones
      -internet voip

Understanding the challenges
   Call reliability
      Dropped calls
      Failed calls
   Audio quality
      Broken up audio
      Delayed audio
      Distorted audio
      Low volume
      Noise
      Echo
      One way audio
4 big areas of concern
   1.) Network
   2.) Core performance (application)
   3.) Gateways
   4.) Devices

This is a great goal setting for network performance:

Network performance goals

   1.) Jitter average < 10 ms

   2.) Jitter max < 80 ms

   3.) Packet loss < 10%

   4.) Network latency RTT < 200 ms

Anatomy of a UC audio call
   SIP
   SRTP / RTCP
   FEC –> Forward Error Correction
      Allows for audio healing for missing packets (sounds metallic)

Audio/video bandwidth usage
   1.) How much bandwidth is required is determined by:
         a.) Codec choice
         b.) Network performance
         c.) Poor network performance results in redundant encoding of audio
         d.) Voice activity and video content
         e.) Media endpoints actively manage distribution of bandwidth across UC modalities
     

   Office communicator prioritizes audio first and distributes the remaining bandwidth to app sharing, video, and file transfer.

Codec choice     

   1.) Chooses the best quality codec and video resolution for the available bandwidth 
   2.) May dynamically change codec choices during a session
Audio/video bandwidth profiles
 

Codec typical bandwidth
  Rtaudio 8 kHz - 25.9 kbps
  Rtaudio 16 kHz - 34.8 Kbps
  Siren - 22 kbps
  G.711 - 59.8 kbps
  G.722 - 42.8 kbps
  Rtvideo - CIF 15fps - 203 kbps
  Rtvideo - VGA .....

Audio/video bandwidth controls:
   - End user maximum allowed bandwidth per modality 
   - Applied whether or not bandwidth is available
   - Configured via in band provisioning at signon
   - Wide area network link bandwidth policies (call admission control) CAC
    - Applied dynamically when session crosses network
Call admission control

   New policy server role introduced in wave 14
      Admins create logical network sites
      Enforce policies between sites
         Bandwidth available for audio/video   
         Max allowed per session
         Rerouting behavior when exceeded
      Seamless support for roaming users
      Allows internet to be used for overflow of traffic
          Avoids PSTN charges
          Support failover for video

What about application sharing?
   Bandwidth used by application sharing is highly dependent on session content and screen resolution
   Traffic is bursty - zero in steady state then bamn, spike
   Tcp based sessions
   End user policy limits available to cap spikes

Network QoS - DiffServ
   Where do we recommend Quality of Service
      When right provisioning is not possible and so constrained WAN links
      Audio prioritization already deployed for other VOIP solution
   Differentiated services code point (DSCP) - field in an IP packet to assign levels of service for network traffic.
Environmental factors
   Windows 7 only environments - can use windows policy based QoS
   OC communicator phones mark at endpoints.

VLAN discovery is changing in 14 - using LLDP plus e911 and power Mgmt

VPN's - use a split tunnel approach and IPSEC – just don't use; causes delays, setup failures, mid call drops

Session resiliency and recovery
  Signaling plane - tcp
  Media plane - udp or tcp
   Some middle box like hlb's causes tcp resets.  Need to keep them in sync

Core performance, devices, and gateways
   Media by-pass - calls can go directly to a PSTN gateway
      -Improves audio quality and reduces number of servers
   Default codec changing from siren to g.722 for quality in wave 14
  

Wave 14 brings with it a new suite of phones including conference room based phones

New feature - window reporting back to the user that their device may be causing choppy audio. - or it will say "network connectivity i causing audio quality issues"     

Notes taken on my iPad, published with Live Writer.

Posted by at No comments:

Tuesday, June 8, 2010

Microsoft TechEd - June 8, 2010

It is still hot as ever here in New Orleans. The humidity makes it like a sauna. Here's a summary from a session on Microsoft Azure:

Session "A lap around the windows azure platform" -Steve Marx, technical strategist, Microsoft

Note - during this presentation he was tricked by the no Internet thing - the entire conference was dark most of the afternoon. Steve wasn't prepared for an offline presentation and made due with what he had.

Microsoft Azure and SQL Azure have a few dimensions to them: Scale, developer experience, management, compute, data, and connectivity.

Scale
Global presence
Elastic resources
Utility billing
Pay for what you use
Simple meters (compute, bandwidth, storage, ...)
Developer experience
Familiar tools
Web standards
Language choice ( .net, java, php, ruby, ...)
Useful programming models
Easy provisioning. Right click, deploy to cloud.
Management
Automated "power assist"
Provisioning
Deployment
Upgrades
Failure recovery
Everything programmable

Management tools
Visual studio 2010
Web portal
API
Powershell
Mmc snap in
More being built

Diagnostics
Collect - all configurable at runtime
Performance counters
IIS logs
Crash dumps
Custom logs

Compute
Scalable hosting and storage
Simple development
Automated management
-Windows- if it can run on windows, you can get it to work.

Data
Reliable database as a service (SQL Azure)
1gb, 10 gb, 50gb
Scale out
Automated management
Configurable firewall rules

Windows Azure Storage
Scale out
TB's of data
REST API
four abstractions
Blobs (named files) up to 200gb optional CDN for videos etc
Tables - structured data, partitioned for scale, ado.net data services,
No schema - dynamically extended.
Drives - mountable NTFS volumes (backed by blob storage) up to 1TB
Queues - (this section misplaced?)
Asynchronous
Reliable
Simple
Backed by durable storage

Codename "Dallas"
Information marketplace
For developers - REST ATOM
For content owners - monetize your data

Connectivity
Service bus
Relay service running in the cloud to allow apps to talk to one another.
Common patterns
Eventing
One way communication
Unicast or multicast
Immediate or buffered
Remoting
Rpc, request/response or duplex
Access control
Any platform
Claims based authentication
OAuth WRAP & SWT
Integrates with AD FS v2
Simple delegation
One code base
3 ways - plaintext, AD, SAML

So what's a blog without a pic? Here's a pic from outside the convention center. This is a tribute to Katrina victims here in New Orleans.





- Posted using BlogPress from my iPad
Posted by at 1 comment:

Monday, June 7, 2010

Microsoft TechEd - June 7th, 2010

New Orleans Louisiana in June: Hot and Humid!

My focus this week is to learn as much about Microsofts technology, strategy, and capability regarding BPOS, Wave 14, cloud (azure & more), virtualization (server & desktop), and exchange 2010 offerings that I can soak in. Doing this on an iPad is an interesting challenge.

—-—-—-—-—-—-—-—-—-—-—-—-—-—-—-

Keynote Session

The Keynote address was given from Bob Muglia, President of Microsoft's Server and Business Tools.

Here is a summary of the various announcements made during the keynote address:

· SQL Azure has storage limits raised to 50G
· SQL Azure now has accommodations for spacial data
· Windows Azure - .net version 4 is now supported.
· Windows Azure – Intellitrace (Tivo like Debug capability)
· Opalis – included in Microsoft Systems Operations Manager (This enables production automation of processes)
· Windows Server 2008 R2 SP1 & Windows 7 SP1 will go Beta in July
· Windows Server 2008 R2 SP1 Beta:
o Main features of 2008 R2 SP1 -
- Microsoft Remote FX (High Definition remote desktop experience),
- Dynamic Memory for Hyper-V
· AppFabric is an application that connections Windows Azure back to applications and databases running back at the homefront.
· Windows intune - cloud based desktop management.
o Inventory and asset management
o System patching assurance
o Anti-malware

Most of the Keynote Session focused on the benefits of cloud computing. Here is a summary of my hasty written notes:

1.) The Server dimension- just in time scaling
a. There is a new hardware model (stop worrying about the hardware)
b. There is a new application model (deploy anywhere concept)
c. There is a new operations model (referring to SCOM for cloud management)
d. We need to extend our identity to the cloud using ADFS

2.) The cloud enables professional & social interaction (facebook & Twitter) exchange online, sharepoint online, UM online.

3.) Wave14 (Mr. Gurdeep Singh Pall)

a. Communicator now has a messenger look and feel
b. There are pictures for the user icons – pulled from sharepoint
c. It is now a “complete softphone”
d. There is a transcribed VoiceMail
e. This was cool – a new piece of meta data you can search on: "skill"
i. You can then search in your organization for someone who has the meta-tag associated with them. For example “.net development”
f. 720p video
g. Policy capability for network bandwidth utilization based on user/location
h. Powerpoint sharing in the app
i. Built in whiteboard
j. e911 support

4.) The cloud wants smarter devices. (Here comes Windows7 Phone)
a. It has a custom portal look and feel to it – using multi-touch technology much like the iPhone.
b. Has a separate “portal” screen for personal and business customizations.
c. You can sort your email by unread – something I wish I could do on my iPhone.
d. It is integrated with Sharepoint – retrieve, edit, and save new versions of documents back to Sharepoitn 2010.
e. For example, Augusto Valdez pulled down an excel document – modified a cell with a comment – saved it and pulled it up on his PC.
5.) Internet Explorer 9 is coming – with full HTML5 compliant support

6.) The cloud learns:
a. Excel 2010 has business intelligence built into it – they demo’d a rather compelling demonstration.
b. Excel 2010 - 100 million rows on a laptop
c. Excel 2010 has SQL azure connectors and can use any odata datasource
(netfkix database)
d. You can save excel documents to sharepoint and then manipulate the data like a common business intelligence application would. Analyze dimensions, etc.
e. powerpivot for Excel Services – built into Sharepoint 2010
f. Bing map API integration

A note from Tony Scott – “eat your own dogfood.” He said that moving your exchange and sharepoint implementations to the cloud at this point was a “no-brainer” business decision, and more is to come. He recommends getting started on Azure now.

The Chicago Tribune has moved several production critical applications to run on Windows Azure.

One final comment for this morning: All of these new applications are very integrated with Sharepoint. It is empirical that the Sharepoint 2010 (with BPOS capability) be deployed as a foundational measure.

Here's a screen shot of wave14 in action:






- Posted using BlogPress from my iPad
Posted by at No comments:

Friday, June 4, 2010

My truck on the morning of my 40th birthday.

I woke up this morning (40th birthday) and my wife and youngest son had decided to spice up my day. Not only was my bedroom completely toilet papered, but my truck was vandalized! See below.







- Posted using BlogPress from my iPad
Posted by at No comments:

Saturday, May 22, 2010

Test post from iPad

This is a test post from my ipad

Inserting a image here




- Posted using BlogPress from my iPad

Location:Mount Juliet, Tennessee

Posted by at 1 comment:
Labels:
Subscribe to: Comments (Atom)