Archives for May 2014

TechEd 2014: Building a web-scale Private Cloud

Session: DCIM-B395 Building a Web-Scale Private cloud (without losing your cool) by Steve Poitras, Nutanix (@StevenPoitras). This was a good session showing how the combination of the Windows Azure pack, Hyper-V, and Nutanix enable large scale-out private clouds. You can check out the full video and slide deck of the session here on Channel 9. Steve had a lot of diagrams and good tables that you should check out, which aren’t captured in my session notes.

Why are we here today?

  • Web-scale cloud is here
  • IT needs to be much more agile
  • Users want services on demand and IT needs to keep up with it
  • We want to spend time doing other things, like value add services instead of supporting legacy services

Objectives

  • Define web-scale
  • Focus is architecting a web-scale solution using Hyper-V on the Nutanix platform

Why web scale?

  • Inherent complexity in legacy infrastructure
  • Lack of availability
  • Unpredictable scaling
  • What’s in with web scale: Smart software, commodity hardware, local attached storage, highly distributed software, scale one x86 server at a time, heavily automated and resilient
  • What’s out: Customized hardware (ASICs), islands of resources, unused overprovisioned systems, frequent north-south traffic, lots of manual intervention

Web-scale made possible with Nutanix

  • Nutanix was founded in 2009
  • Shipping fourth generation operating system (NOS 4.0)
  • Hundreds of customers in a variety of vertical markets
  • Built for massive scale (3 to thousands of nodes)
  • Uses high performance commodity hardware
  • The secret sauce is the software (controller VM) which services all I/Os and enables web-scale functionality
  • Supports Hyper-V 2012 R2, ESXi and KVM

Nutanix under the Covers

  • Hypervisor sees the Nutanix distributed file system (NDFS) as one or more SMB 3.0 file shares
  • Supports features like snapshots, dedupe, web-scale out, and disaster recovery
  • Locally shared storage is comprised of both flash and spinning disks
  • Variety of models (compute heavy, storage heavy, etc.)
  • Mix and match models within the same cluster

2014-05-13_14-17-07

 

2014-05-13_14-20-06

The diagram below shows a multi-tenant example using Nutanix and the Windows Azure pack. The solution is modular, scales, is Microsoft Fast Track certified, and Nutanix published a full Reference Architecture guide which will be downloadable in the near future.

2014-05-13_14-51-56

Steve then goes on to describe various VM classifications (light, medium, heavy) and shows how many VMs can fit on various Nutanix models. He then describes one of the service pods, and that it looks like. Steve then goes into more depth on pool design and multi-availability zone deployments and shows how the solution can scale out with Nutanix is the foundational building block. Again, for the full slide deck and details check out the MSDN Channel 9 video here. The session provides a good overview how the Azure pack + Nutanix = highly web-scale like infrastructure for your private cloud.

2014-05-13_15-05-22

 

 

TechEd 2014: Hunting Malware with Sysinternals Tools

Session DCIM-B368: Malware hunting with Sysinternals Tools. This was a great session by Mark Russinovich on how to use his Sysinternals tools to find and rid your system of malware. He had a number of demos showing exactly how his tools find, and then can be used to remove the malware. Check out the Channel 9 video to see all of his great demos.

Introduction

  • The top 4 AV products detect less than 40% of all malware
  • Malware cleaning steps: Disconnect from network, identify malicious process/drivers, terminate identified processes, identify and delete malware autostarts, delete malware files, reboot and repeat.

Identify Malware Processes

  • Investigate process that: have no icon, have no description or company name, packed, live in user profile, open TCP/IP endpoints, suspicious DLLs
  • Don’t use task manager, use Process Explorer
  • A lot of malware uses randomly generated names
  • “Search online” in process explorer is not that useful these days
  • Pink processes host Windows services (background processes). Blue processes run as the user.
  • Cyan color is Metro apps
  • red/green show processes that are launched and terminated
  • Packed executables are shown in purple. Packed can mean compressed or encrypted
  • Add the “verified signers” column to the display view

Image Verification

  • Most all Microsoft code is digitally signed
  • New: VirusTotal Integration into Process Explorer
  • Add “virus total” column
  • Sigcheck -e -u -vr -s  c:\ (file versioning tool)
  • Strings: check the memory image for suspicious strings

Terminating Processes

  • First put the process to sleep (suspend), then terminate it

Cleaning Autostarts

  • Use “autoruns”
  • Tell autoruns to only show images not signed by Microsoft
  • Malware has started using WMI to start processes

Tracing Malware Activity

  • If in doubt run Process Monitor
  • Filtering is the key to using process monitor
  • Category is “write” is the best filter

TechEd 2014: Mark and Mark on the Cloud

Session DCIM-B386: Mark Russinovich and Mark Minasi on Cloud Computing. Mark and Mark are probably easily the top two speakers each year at TechEd. Between their delivery style and technical content, you can’t beat them. This session had zero slides, and was more of a Q&A format. Minasi asked Russinovich a variety of questions. I’ve captured some of the highlights in the session notes below. For the full effect, and lots of jokes, watch the video on Channel 9 whenever it gets posted.

  • Azure will double capacity this year, and then double again next year. They have over one million servers today and buy 17% of the servers worldwide.
  • Parts of Azure update from daily to every three weeks. Different components have different release cadences.
  • Azure hyper-v team branches the code base with new features, then the Azure features are rolled back into the general public release in the future. The merging and branching happens continuously.
  • Boxed products like Windows Server have a much longer test cycle than Azure releases. Different risk mentality.
  • Azure now runs on stock Hyper-V 2012 R2. Previously it was running a branched WS2012 hypervisor.
  • Building Azure is speeding up the pace at which features are added to Windows Server and other MS products.
  • The cloud is becoming cheaper and cheaper. Automation drives the cost of computing down. You must force yourself to automate.
  • Azure buys a zillion servers, custom white boxes, and intense automation drives down the prices.
  • Mark R. states there will be on-prem “forever”. For example, you still see mainframe today.
  • We are at the beginning of the hockey stick and haven’t hit the inflection point for cloud migrations.
  • On-prem wil still be growing for the next several years. But the cloud will be growing much, much faster than on-prem.
  • As the cloud scales up, that’s where all the innovation and investments will go.
  • On common path to the cloud is dev/test. Developers are in a hurry and can easily spin up VMs and don’t have to wait for IT. They are off and running and no need to wait for on-prem resources. Less security concerns.
  • Another common scenario is using the cloud for DR. Maybe companies will just leave it in the cloud after a failure.
  • Three major cloud players: Azure, Amazon, Google. The others in the short term will still exist, but over the years will fall away.
  • Cloud providers need a global presence and footprint, and takes 3 years and $1b per datacenter to build out. MS is building out 20 concurrent datacenters right now. Small cloud providers just can’t compete on that scale.
  • Microsoft thinks they are the best cloud player because customers already have MS software on-prem and know it well. MS has a good connection with customers/products. Azure has Active Directory, which lets you use on-prem credentials for the cloud. Same role based access controls.
  • Active Directory is the center of gravity for cloud identity.
  • Office + Active directory worked extremely well for on-prem, and Azure is duplicating that in the cloud.
  • Over the next two years MS will increase the ‘same experience’ between on-prem and Azure, first starting with developers. Second priority is production workoad similarity. Application and management consistency between on-prem and Azure.
  • IP addresses in Azure are not static. If you power cycle (not reboot) a VM it may/will get a different IP address.
  • This week MS announced true static IPs in Azure. You get 5 static IPs for free with every subscription.
  • Multiple NICs are coming to Azure VMs “soon”
  • Azuze storage can be geo-replicated at an additional cost
  • Azure offers “site recovery” feature. Symantec is offering Azure backup targets.
  • Microsoft says a bug that would expose customer data to other customers would be “catastrophic” and may be end of the cloud.
  • Microsoft is very concerned about data security
  • Microsoft does not datamine from VMs in Azure
  • MS is working on encryption technology where you can do compute on encrypted data but MS will not have access to the data.

Beyond informative, the session was very entertaining. I definitely recommend watching the video for the full effect.

 

 

TechEd 2014: Software defined storage in WS2012 R2

Session: DCIM-B349. Software defined storage with Windows Server 2012 R2 and System Center 2012 R2. This was a jam packed session with tons of content on each slide. Great in-depth talk about what’s new in the 2012 R2 wave which came out last year. I only captured 25% of the slide content below, so be sure to check out the Channel 9 video and slide deck when they get posed, for all the goodies.

Storage Enhancements

  • New approach to storage: File based storage (SMB3) other Ethernet networks. Cost effective storage.
  • Faster enumeration of SMI-S storage providers
  • Virtual Fibre Channel integration in SC 2012 R2
  • SC can now leverage ODX for fast VM copy operations
  • Investments in Fibre Channel switch discovery and pulling that into VMM. Shows a demo of creating a FC zone in VMM. Also shows provisioning a LUN from with VMM from a Fibre Channel array. You can configure a LUN in a service template, so all VMs get access to the LUN.

Focused Scenarios for 2012 R2 Wave

  • Reducing CAPEX and OPEX

Infrastructure-as-a-Service Storage Vision

  • Dramatically lowering the costs and efforts of delivering IaaS storage services
  • Disaggregrated compute and storage – Independent management and scale at each layer
  • Industry standard servers, networking and storage – Inexpensive networks, inexpensive shared JBOD storage
  • Microsoft is heavily investing in the SMB protocol and will use this going forward as the basis of storage
  • Overall objective is to reduce cost. The cheapest storage is the storage you already own.
  • Ability to use “Spaces” with low cost JBOD
  • Ability to manage the full solution within System Center

Storage Management in System Center 2012 R2

  • Insight, Flexibility, Automation
  • Storage Management API (SM-API)
  • New architecture for 10x faster enumerations
  • Capacity management, scale-out-file-server, and a lot more

Guest Clustering with shared virtual disks

  • Guest clustering with commodity storage
  • Sharing VHDX files
  • VM presented a shared virtual SAS disk

iSCSI Target Server

  • VHDX support
  • Support up to 64TB LUNs
  • Dynamically grow LUNs

File Based Storage

  • SMB Direct support (uses RDMA)
  • 50% improvement for small IO workloads

Scale out File Server

  • SMB session management for back-end IO distribution

Live Migration

  • SMB as a transport for live migration
  • Delivers performance using RDMA – so no CPU hit on the host
  • Adds compression (75% faster)

SMB Bandwidth Management

  • Restrict bandwidth for different workloads (e.g. file copy, live migration, storage access)

Data Deduplication

  • Can dedupe open files – VDI scenarios is a good use case
  • Good for high reads, low write VHDXs
  • Added support for CSV

Storage Spaces

  • Optimized data placement – Pool consists of both HDDs and SSDs with automated tiering
  • Write-back cache – Smooths out workload IOPS

TechEd 2014: Network tuning for specific workloads

Session: DCIM-B344, Network Turning for Specific Workloads. This was a great session, with a ton of Q&A during and after the main presentation was over. I’d highly encourage you to watch the full video on Channel 9 when it is uploaded to get all of the goodies. The session notes below are a small fraction of the gold nuggets that were discussed in the session. Confused about VMQ, RSS, vRSS, SMB multi-channel performance, virtual switches, NIC teaming and when to use what feature? Be confused no more after watching the video.

Terminology:

  • Socket is a NUMA node, and within the node is a core. On the core you have logical processors (with hyper-threading), on which you have virtual processors for VMs.

Scenarios

Problem 1: Enterprise physical web server and file server. Large volume of incoming packets, but one core is highly utilized.

Solution: Enable RSS on the server. RSS is for physical servers only. NIC spreads the network traffic by TCP/UDP flows across different cores to enhance performance and balance processor utilization.

Problem 2: A VM is deployed and the incoming packet processing is saturating a limited set of cores.

Solution: Virtual machine queue. VMQ spreads traffic per vNIC. RSS is disabled on the pNIC when a virtual switch is defined. A single core is bottlenecked at 4-5 Gbps of traffic, depending on processor speed. VMQ is enabled by default, so no manual configuration is needed. Number of queues depends on the physical NIC properties. New NICs have more queues (64+ not uncommon).

Problem 3: A VM has a large number of incoming packets, such as a web server. The workload is limited to using one vCPU. This is only for VMs with >3 Gbps of traffic. Less traffic can be serviced by a single core without any additional configuration.

Solution: vRSS can be used on WS2012 R2 VMs. This spreads traffic across multiple vCPUs. Flows are moved if a CPU has 90% or higher utilization. MS states they have seen line rate up to 40Gbps to a VM using vRSS with a 40 Gbps NIC. vRSS must be manually enabled inside of the VM.

Problem 4: A highly latency sensitive application, such as high speed financial trading.

Solution: Use SR-IOV. Bypasses the virtual switch, and directly connects the VM to the hardware NIC. Only for use with trusted VMs, since switch security is bypassed. Rarely used, but available for these very limited cases.

NIC Teaming

Windows Server 2012 R2 has a new dynamic NIC teaming mode. Continuously monitors traffic distribution. Actively adjusts traffic based on observed load. Download the Windows Server 2012 R2 NIC teaming guide here.

TechEd 2014: Deploying Windows 8.1

Session: WIN-B323 Deploying Windows 8.1 in the Enterprise

This was a high level session by two Dell employees covering some tips about deploying Windows 8.1 in the enterprise.

OSD Planning and Reference Build

  • Application compatibility: Antivirus, third party encryption, Office (32-bit or 64-bit), IE enterprise mode

Enterprise Mode in IE 11

  • EMIE is a bridge between modern browsing and investments in older applications
  • Locally – User can specify sites to be rendered in IE8 compatibility mode
  • Managed – Crowd sourcing centralizes compatibility lists
  • Can turn on via group policy or the registry

Group Policy Considerations

  • OneDrive options need to be reviewed to avoid overlap between home and work environments. Sync options are managed by group policy.
  • Personal account Sync items: Start screen, appearance, lots of other options with

Customizing Start

  • Why customize? Better OOBE, train by example, fit and finish
  • Options: Copy profile, appsFolderLayout, StartTiles, Group Policy. Dell uses AppsFolderLayout for customization.

UEFI Secure Boot

  • Enhances security in pre-boot environment
  • Windows 8 logo certification support for secure boot
  • UEFI: replacement for BIOS, secure, faster boot/resume times
  • Requires UEFI native (no legacy boot option ROMs)
  • OSD challenges with secure boot: x64 HW requires x64 OS boot disk and OS, manual touch to enable and configure

Refresh/Reset

  • Use your corporate image to refresh the PC
  • Can reduce time to repair for a corrupted machine down to 30 minutes
  • “Push button” reset capability for the enterprise
  • Great TechNet articles on how to do this
  • Adds about 20 minutes to the end of the build process
  • Great for remote employees
  • Tip: Shift-restart brings you into the recovery environment

Deploying Modern Applications

  • Deploy vs. Provision
  • Provision installs the app upon next login

 Patching

  • Install all monthly updates (including security and platform/office updates)

TechEd 2014: Effortless migration from VMware to Hyper-V

Breakout Session DCIM-B412: Effortless Migration from VMware to Windows Server 2012 R2 Hyper-V

If there was any session at TechEd that could initiate the self-destruction sequence for my VCDX certification, I think this session would be at the top of the list. That being said, it was a good session for folks looking to move VMs from VMware to Hyper-V. The session covered six tools, some free, some paid, that can make the conversion process fairly painless. Some require more downtime than others, or require scripting for mass migrations.

Quick look at Hyper-V 2012 R2

  • Consistent platform between Windows Azure, customer, and service providers

Microsoft Assessment and Planning toolkit (MAP)

  • Agentless inventory and assessment tool
  • Reporting, free, and now at version 9.0
  • Securely assesses IT environments on various platforms including physical and VMware
  • You can specify an inventory scenario, and it will directly connect to the VMware SDK (ESXi or vCenter) to do the inventory
  • Server consolidation report, VMware discovery report, Microsoft workload discovery (SQL, Exchange, etc.)

Six Migration Approaches

  • Microsoft Virtual Machine Converter, VMM, NetApp SHIFT, NetIQ platspin, Vision Solutions Double take Move, Migration automation toolkit

Microsoft VMM 2012 R2

  • Supports vCenter 4.1, 5.0, 5.1, ESXi 4.1, 5.0, 5.1
  • VMM can connect directly to vCenter or ESXi hosts via a simple wizard
  • VMM enables the direct migration from VMware to Hyper-V via a migration wizard
  • VM must be turned off during the migration (cold migration)
  • The wizard migrates the disk controller, allows you to select the SMB share to store the VM on, VLAN/port assignment, availability settings, and can start VM after the migration is complete.
  • 50GB VM takes about 15 minutes to migrate
  • VMM is not the best tool for mass migrations, but there are other tools for that

Microsoft Virtual Machine Converter 2.0 (MVMC)

  • Fully supported by Microsoft support
  • Free download from Microsoft.com
  • Enables VMware to Hyper-V or Azure migrations
  • Fully scriptable via PowerShell
  • Supports a wide ranges of OSes
  • Inventories VMware and enables
  • Windows Server 2003 through 2012 R2, and vSphere 4.1, 5.0, 5.1, 5.5 support
  • Does not depend on VMM (fully standalone tool)
  • Runs on a management computer
  • Requires a cold migration
  • Simple GUI migration wizard
  • Automatically de-installs VMware Tools, and installs Hyper-V integration pack
  • For Azure migrations it will just upload the VHDX to a storage container but will not create the VM (need extra steps for that)
  • Tool uses certificate authentication with Azure

Migration Automation Toolkit (MAT)

  • Allows to script and scale MVMC conversions
  • Free download from TechNet Gallery
  • Still uses MVMC under the covers
  • Limited to three concurrent migrations per management computer (can use multiple computers)
  • Driven by PowerShell, uses SQL Express, extensible and customizable
  • Provides simple reporting and management in the solution
  • Fully supported by Microsoft

NetApp SHIFT

  • Based on Microsoft MAT, but uses Data OnTap 8.2 to convert the VMDK at VHDX at lightening speed
  • Migrations take seconds per VM

Vision Solutions – Doubletake MOVE

  • Migrate physical to virtual, virtual to virtual
  • Not a free tool
  • Uses agent in the source VM and agents on the target
  • Performs a full copy while the VM is running
  • Block level changes are replicated during the migration process
  • Preserves write-order consistency
  • Performs a live failover of the VM
  • Performs a test failover (minus the network adapter)
  • Supports migrating to Azure as well
  • Can enable compression or bandwidth limits if replicating over the WAN

NetIQ Platespin Migrate

  • Supports Windows and Linux workloads
  • Multi-OS support
  • Supports hardware migration (Vendor A to Vendor B)
  • Virtual capacity planning and analysis tools
  • Updates hypervisor tools and drivers automatically
  • Minimal downtime

Summary

There are a variety of free and paid tools to enable your migration from VMware to Hyper-V. Some are more automated than others, and required downtime also varies. The bottom line is that migrations can be fairly easy, and you can even migrate VMs to Azure if you wish.

TechEd 2014: Converged Networking for Hyper-V

Breakout session: DCIM-B378

This was a great session which covered a multitude of NIC features (VMQ, RSS, SR-IOV, etc.), when to use them (or not), which features are compatible with each other, and other Hyper-V networking topics.

Historical topology for Hyper-V was discreet NICs for different traffic types (management, storage, migration, cluster, VMs, etc.). This resulted in a lot of physical NICs, and it got out of control. Now, we assume two 10Gb NICs with virtual networks all over the same physical interfaces. You can also have a converged topology using RDMA for high-speed, low latency requirements. Also, SR-IOV can be used for specific VMs for fast, low latency guest networking.

Demands on the network: throughput, latency, inbound, outbound, north/south, east/west, availability

NIC Teaming (In the host OS)

  • Grouping of 1 or more NICs to aggregate traffic and enable failover
  • Why use it? Better bandwidth utilization
  • Doesn’t get along with SR-IOV or RDMA
  • Recommended mode: switch independent teaming with dynamic load distribution
  • Managed via PowerShell (netlbfo cmdlets)
  • *-netadapter
  • You can create a NIC team in VMM, and there’s a wizard to create the NIC team

NIC Teaming (In the guest OS)

  • Why use it? Better bandwidth utilization
  • Loss of NIC or NIC cable doesn’t cut off communications in the guest
  • Provides failure protection in a guest for SR-IOV NICs
  • set-vmnetworkadapter

VMQ, RSS and vRSS

  • What is it? Different ways to spread traffic processing across multiple processors
  • RSS for host NICs (vNICs) and SR-IOV Virtual Functions (VFs)
  • VMQ for guest NICs (vmNICs)
  • Why use it? Multiple processors are better than one processor. vRSS provides near line rate to a VM on existing hardware.
  • RSS and VMQ work with all other NIC features but are mutually exclusive
  • Get-netadaptervmq to see how many hardware queues your hardware has
  • VMQ should always be left on (it is by default)
  • get-adapterrss from the guest

Large Send Offload

  • Allows a NIC to segment a packet for you and saves host CPU
  • LSO gets along with all Windows features and is enabled by default

Jumbo Frames

  • Way to send a large packet on the wire
  • Must be aware of end to end MTU
  • Reduces packet processing overhead
  • Gets along with all other Windows networking features
  • Use it for SMB, Live migration, iSCSI traffic..they will all benefit
  • ping -l 9014  and see if it succeeds or fails (use do not fragment flag too)
  • Must set the size on both the hyper-v host level and within the guest
  • Virtual switch will detect jumbo frames and doesn’t need manual configuration

SR-IOV

  • Highly efficient and low latency networking
  • Can see 39 Gbps performance over a single 40 Gbps NIC
  • Doesn’t play with NIC teaming (host), but does work with guest NIC teaming
  • ACLs, VM-QoS will prevent SR-IOV from being used
  • Should only be used in trusted VMs
  • Can’t have more VMs than NIC VFs (virtual function)/vPorts
  • The NIC can only support a single VLAN and MAC address

Demands on the Network

  • Bandwidth management – Live migration can saturate a 10Gb/40Gb/80Gb NIC

Quality of Service

  • Hardware QoS and software QoS cannot be used at the same time on the same NIC
  • Software: to manage bandwidth allocation per VM or vNIC
  • Hardware: To ensure storage and data traffic play well together
  • QoS can’t be used with SR-IOV
  • Once a Hyper-V switch is configured for QoS you can’t change the mode (weight, absolute bandwidth). Weights are better than absolute.

Live Migration

  • Microsoft’s vMotion
  • Three transport options: TCP, compression, SMB
  • SMB enables multiple interfaces (SMB multi-channel) and reduced CPU with SMB direct
  • Gets along with all Windows networking features but can be a bandwidth hog
  • 4-8 is a good number for concurrent migrations (default is 2)

Storage Migration

  • Microsoft’s storage vMotion
  • Traffic flows through the Hyper-V host
  • 4 concurrent migration is the default and recommended number

SMB Bandwidth Limits

  • Quality of service for SMB
  • Enables management of the three SMB traffic types: Live migration, provisioning, VM disk traffic
  • Works with SMB multi-channel, SMB direct, RDMA
  • Able to specify bandwidth independently for each of the three types via powershell

Summary

Converged networking falls apart if you don’t manage the bandwidth. Implement QoS! Don’t just throw bits on the wire and “hope” that everything will be fine, as it probably won’t be when you start having network contention.

 

 

 

 

 

TechEd 2014: Deploying the Azure Pack

Session: DCIM-B317

The Cloud OS is transforming IT to address new questions: Mobility, apps, big data, cloud. Provide a cloud platform regardless of the datacenter that it is deployed on (Azure, partner, on-prem). Cloud OS enables nodern business apps, empower people centric IT, unlock insights on any data, and transform the datacenter. Cloud platform includes Outlook.com, XBOX live, Bing, Office 365, MSN, Dynamics CRM online. It includes high performance storage, multi-tenant with isolation, software-defined networking, policy-based automation, and application elasticity.

Enterprises want: flexible cloud, no vendor lock-in, multi-tenant clouds, chargeback, simple, automated, tenant choice, dynamic control, integration with LOB systems, effective utilization of existing hardware assets.

Service providers want: Win more enterprise business, usage billing, extreme automation, opportunities to upsell, customized offerings, portal integration and branding.

Common requirements: Enterprise friendly, multi-tenant IaaS, usage billing, automation, maximize hardware utilization, tenant choice, offer management, portal integration.

Windows Azure Pack

In your datacenter MS is offering a tenant portal & API that layers on top of your existing infrastructure. It also adds an admin portal & API featuring automation, tenant management, hosting plans, and billing. This all sits on top of System Center + Windows Server. Delivers a customer-ready self-service to a private cloud environment.

Presenter shows a diagram that has many components including: firewall, web app proxy, WAP tenant, RD gateway, WAP admin, ADFS, VMM, SQL, DC, hyper-V hosts, and tenant workloads.

Windows Azure pack is comprised of 13 components/installers. This includes admin site, tenant site, admin auth site, tenant auth site, admin API, tenant public API, tenant API, PowerShell API, BPA, Portal & API express.

Authentication options include: out of the box, ADFS, web application proxy, Azure AD, multi-factor authentication.

At this point the presenter did several configuration demos. Those are best seen via the video, and would be hard to describe it a coherent manner otherwise.

Service Provider Foundation

  • Requires four groups in the management AD instance
  • Two service accounts, one in AD and one local on the SPF server
  • Must have admin rights in VMM and in SQL server

Service Management Automation

  • Key: Start with good use cases and layer on the complexity
  • Remember that SPF must trust the SMA certificate

Summary

For those customers wishing to deploy the Windows Azure pack, this was a good session.  If you want to deploy the Azure pack, then download the session video and get some good configuration pointers. Do keep in mind the configuration is not for the faint of heart. I hope in the next version of the pack/Windows (2015?) that it will be greatly simplified.

TechEd 2014: What’s new in Exchange

Microsoft TechEd 2014 is in full swing and this is the first general session that I’m attending. It will cover what’s new in Exchange, both in Office 365 and on-prem. As usual during conference this is live blogging, directly from content presented in the session. So editing is minimal, and please excuse any grammar issues.

Email Challenges

  • Too much stuff in my inbox
  • Important emails get buried
  • People keep sending documents as attachments
  • Hard to keep up with legal requirements
  • Need a better way of sharing data

Historically major Exchange releases are every three years. But the cloud is changing that. The same Exchange team handles both Office 365 and on-prem code bases. Microsoft is all about Cloud First delivery, with Office 365. Features continuous innovation and rapid feedback. Eventually everything in Exchange cloud will end up in Exchange on-prem. These come as cumulative updates and service packs, plus major new releases (which will be in 2015). Major new on-prem releases will still be every ~three years.

Future of Exchange

Email will have to be more social, more open, smarter.

Security and Compliance

  • Compliance Center
  • S/MIME in OWA
  • DLP document fingerprinting
  • Office 365 message encryption
  • DLP Policy tips in OWA for devices

Compliance center features across Exchange, SharePoint and Lync from one location. Targeted for end of calendar year 2014. eDiscovery, auditing, data loss prevention, retention policies, retention tags and journal rules. Demo showed document fingerprinting. You upload a sample file, such as a contract, then define rules. For example, set different rules for sending within the organization, or externally (with more restrictions). Demo continued to show a DLP policy tool tip when a contract was attached to an email, and this is now available in OWA.

Two new features: DLP for data at rest, and bring DLP to SharePoint (no dates mentioned).

Work Smarter

  • “Clutter” view
  • People View
  • Outlook web app search enhancements
  • Document collaboration
  • outlook web app rich content
  • App enhancements

Demo shows a ‘clutter’ button that filters in the inbox view to show only emails that need to be filtered. It will learn as you delete or otherwise mark emails. Demo also showed off a People view, where he clicked on a person and the mailbox view was filtered to show only emails from that person. The view learns which people are most important and only shows them. Demo shows easier to use search, where it shows search suggestions when you start typing in the search field. It also lists search refiners in the left pane when results are shown, to further narrow down the results.

Document Collaboration

Making attachments smarter. Deep integration with OneDrive for business. Send an attachment as a OneDrive for business link. Access it anytime, anywhere from any device. Edit attachments and reply in a single process. View the attachment in side-by-side view with the email. Multiple people can edit the same document. When attaching a file it will now allow you to send the whole file, or automatically upload to OneDrive and just send a link. It will then be automatically shared from OneDrive. Demo also shows the ability to drag and drop images into an OWA email (no more manual attaching), plus the ability to create tables and in-line preview of links in emails.

Social Email

  • Groups
  • Group email experience
  • Group calendar experience

One Groups System: One identity system (Azure Active Directory) is the master for group identity and membership across Office 365. Covers Exchange, SharePoint and Yammer (Lync in the future). Demo shows OWA, and a new Groups section on the left. Groups can be public or private. Shows a threaded conversation, with inline previews of web links. Also shows the side-by-side view of previewing docs such as a spreadsheet. The group conversation view looks very much like Yammer, and in fact you can view the conversation in yammer. A very seamless experience. Demo shows a group calendar and side-by-side view with a person’s own calendar. Demo also shows calendar search, which is new. Demo shows the GUI experience to create a new group and adding members. They also demoed the group experience from an Android phone, which looked like the OWA experience.

Additional information aka.ms/mec2014

Summary

This was a good high level session, which showcases the rapid feature development of the Exchange platform. All new features first debut in Office 365, then on a much more measured pace make it into the on-prem version of Exchange. Seeing the rapid feature enhancements and deep integration with Yammer, SharePoint, OneDrive, and Lync really provide a compelling story when compared to other hosted services such as those offered by Google. Gmail innovation and seamless integration with Office products just isn’t in the same ballpark.

 

 

 

© 2017 - Sitemap