Live Virtual Event Coming Soon on Security & the Cloud

A Look Ahead: Security & the Cloud Virtual Event is streaming LIVE Wednesday, March 25th.
Industry thought leaders, Microsoft experts and other Microsoft customers will share their perspectives on what’s next for security and the cloud.  Virtual attendees will have access to behind the scenes interviews and the opportunity to download related session materials, take polls, share ideas, ask questions to experts and speakers through live chat and Twitter.
Agenda Highlights:
·       What is the current cybersecurity landscape? Gartner Research Vice President Lawrence Orans will discuss the current state of cybersecurity and analyze trends going forward.
·       Explore real-world approaches. Tom Flanagan, VP of Technology at Alain Pinel Realtors, and Steve Novoselac, Director of Digital Technology for Trek Bicycle Corp., will discuss their experiences with migrating to the cloud and share best practices.
·       Get an insider’s view on fighting cybercrime. David Finn, Executive Director of the Microsoft Cybercrime Center, shows us what Microsoft does today to deter cybercriminals.
·       It’s all about Windows 10! Stephen Rose, Senior Product Marketing Manager for US Windows and Devices and a former IT Pro, will discuss Microsoft’s next-generation operating system and its security features.

 

·       Learn how to move ahead with the cloud. The cloud provider market is crowded and the process of moving to the cloud can sometimes be daunting. Microsoft’s Dennis Garcia, Assistant General Counsel, will tell you how to choose a trusted cloud provider and share tips and tricks that will make your transition to the cloud successful.
Register now so you don’t forget!

More Online Training!!

Since it’s Monday, it seems like a great day to tell you about some more free online training that’s coming up from the Microsoft Virtual Academy.

I know how it’s hard to find time during the work week, so if you miss the live online times, the on-demand streaming is usually available about 3 weeks after.

Azure Storage Redundancy Options

There are a lot of components that make Azure tick and storage is a big one.  Azure has four types of storage – blobs, files (in preview), table and queue.  Every storage account you create in your subscription has the ability to contain all four types.  In addition to those types, you can pick from four redundancy options:
  • Locally Redundant Storage (LRS)
  • Zone Redundant Storage (ZRS)
  • Geographically Redundant Storage (GRS)
  • Read-Access Geographically Redundant Storage (RA-GRS)
Locally Redundant Storage (LRS) is the  cheapest storage option you can select and the end result will be three synchronous copies of your data within a single datacenter.  The SLA offered is 99.9% availability for read and write functions.  LRS is a good choice for data if you have compliance requirement that dictates your data remain in a specific location.
Geographically Redundant Storage (GRS) is the big brother of LRS.  Data is copied three times within a single datacenter, plus multiple asynchronous copies to a second datacenter hundreds of miles away.  This results in six copies of your data.  By default when you create a storage account, it will be GRS.  You can see what secondary location would be used for your redundant copy in the configuration settings of your storage account.  The alternative copy provides protection against a major datacenter outage or disaster, however you don’t have control as to when the secondary copy is made available for access.
Read-Access Geographically Redundant Storage (RA-GRS) is the cool twin of GRS.  It’s the same as GRS, but you have the ability to access the secondary datacenter copy for read access whenever you like.  When you activate RA-GRS, you’ll be given a second endpoint URL for access to that copy. Because if this, the SLA for read functions increases to 99.99%.
If you create a storage account with any of the three choices above, you can easily change it after the fact within the storage configuration settings. 
Finally, there is Zone Redundant Storage (ZRS).  Similar to LRS, but the three copies of data are stored across multiple datacenters within or across regions.  It’s more durable than LRS and more economical than GRS, but is an option for block blobs only. There is no option to change from ZRS storage to the other options and you will see a warning that ZRS if for blob storage only.  Block blobs are used for VM storage as well as documents, videos, backups – any unstructured text or binary data –  but you can’t use the same storage account for table or queue storage.  Still this a great option if you are looking for a little extra durability due to outage, but don’t need the full on redundancy offered by GRS or RA-GRS.  Storage accounts used for testing purposes would be good use of ZRS.
In addition to these regular “spinning disk” storage options, you can also try out Azure Premium Storage (in Preview). Premium Storage gives you high-performance, low-latency support for I/O workloads running on Azure VMs.  These persistent disks are backed by SSD.  However, you need to have a premium storage account which can only be created using the Preview Portal and it’s currently only in limited regions.  Learn more about Premium Storage here.

If you need to know more about the specific pricing for Azure Storage you can visit the pricing page. Your total cost will depend on several factors, not just the redundancy option you pick.  As you look at the hybrid cloud scenarios for storage, you’ll find that the cloud won’t be the best location for ALL your data, but storing some data in the cloud can be cheaper than expanding storage devices you already own.  Also, if you missed yesterday’s series post on Azure Backup Solutions, check it at http://aka.ms/HybridCloudforITPro.

Hybrid Cloud – What’s all the Fuss?

You’ve probably been hearing a lot about the hybrid cloud lately and this post won’t be all that different.  But what is all the fuss?

We know the benefits of virtualizing compute and sharing other resources on-prem, but there are limits to what a lot of enterprises can obtain within their own four walls.  You can leverage what the cloud has invested in things such as storage, redundancy, failover and authorization services and use that to expand resources as your business needs them.  The hybrid cloud is the future because it’s not “one size fits all” – build based on the needs of the business service or application that you are making available or improving on.

That being said, if you are looking to learn a bit more about how Azure can meet you hybrid cloud needs be sure check out the Hybrid Cloud for the IT Pro Blog Series in progress right now, covering a variety of topics related to developing your plan for extending your datacenter beyond it’s current walls.

I also recommend checking out this MVA course on Moving to Hybrid Cloud with Azure. It’s only 90 minutes and it’s hosted by Keith Mayer and Brian Lewis, two of my favorite Tech Evangelists.  Plus they really know their stuff.


The Hybrid Cloud for the IT Professional – The Blog Series Begins Today!

Over the next three weeks, the US IT Pro Evangelists will be running a blog series on extending your data center with Azure.  You’ll find the complete series, with links updated daily at http://aka.ms/HybridCloudforITPro.

The series will include posts by Yung Chou, Kevin Remde, Dan Stolts, Tommy Patterson, Blain Barton, Jessica DeVita and myself.  We will be covering a variety of Azure IaaS topics like:

  • Infrastructure services
  • Backup solutions
  • Networking fundamentals
  • Connectivity and Remote Access
  • SQL Server
  • Multi-factor Authentication
  • Azure certifications
Enjoy!

Upcoming Community Tech Events in SoCal

For those of you in southern California, I’ve gotten wind of some upcoming events that might be of interest.  Check them out if you are in the area.

So-Cal Azure User Group – Costa Mesa, 2/24
     Register Here: http://www.meetup.com/SoCal-Microsoft-Azure-User-Group/events/220261351/

So-Cal System Center User Group – San Diego, 3/2 or Irvine 3/3
Wally’s Top SCCM 2012 Features with Cool Tips and Tricks
     Register Here for March San Diego Event: https://www.eventbrite.com/e/microsoft-system-center-so-cal-user-group-msc-scug-san-diego-march-2nd-tickets-15150502561
     Register Here for March Irvine Event: https://www.eventbrite.com/e/microsoft-system-center-so-cal-user-group-msc-scug-irvine-march-3rd-tickets-15149810491

San Diego SharePoint User Group – San Diego, 3/11
Fundamentals of Creating SharePoint Apps with Tim Odell
     Register Here: http://www.meetup.com/San-Diego-SharePoint-User-Group-SanSPUG/events/219661901/

PFE Days – San Diego, 3/19
Getting the Best from Azure IaaS with Javier Dominguez
     Register Here: http://www.meetup.com/Microsoft-PFE-Days-Technology-Event-SoCal/events/220098582/

Los Angeles Big Data Users Group – Multiple Events (visit their link)

Upcoming MVA Courses

I was poking around on Microsoft Virtual Academy today and discovered a bunch of great looking live events that are coming up in the next several weeks.  If you’ve never checked out MVA, now is the time to visit and register!

The Imperfect Lab: Check out the Microsoft Test Lab Guides

If you’ve been reading along for a while now, you know I’ve been having a blast building and expanding my Imperfect Lab. But I admit, if you are looking for a full step-by-step guide to what to actually put in you lab, I’ve haven’t given you all that.  But I do know somewhere you can look!
Available right inside the official Azure documentation is the details (including PowerShell) for setting up a hybrid cloud environment for testing.  Now, this first guide requires you to have a physical data center lab to connect to using RRAS, but you can easily rework it for a VNET-to-VNET if that’s what you desire, by following these instructions instead.
Once you have the basics in place, you can do things like build a full SharePoint Farm (on my short list), set up a Web-based LOB application or set up DirSync. Or do all of them!

The Imperfect Lab: Letting Additional Administrators Remotely Connect to Servers

An age-old server administration best practice is to make sure that everyone who is administering servers on your network are doing it with their own “admin” credentials.

Up until this point, I’ve done all my remote Azure sessions (PS-Session) with the built-in administrator account.  This works fine if you are only person connecting remotely to a server. But what if you want to grant others administrative rights to your machine and they would also like to connect remotely?

Your first step would likely be to add them to the local administrators group. Since you’ve already turned on the “remote management” feature for yourself, you might expect this to work out of the box.

But you probably overlooked this little note in the “Configure Remote Management” box when you enabled remote management – “Local Administrator accounts other than the built-in admin may not have rights to manage this computer remotely, even if remote management is enabled.”

That would be your hint that some other force might be at work here.  Turns out that UAC is configured to filter out everyone except the built-in administrator for remote tasks.

A review of this TechNet information gives a little more detail:

“Local administrator accounts other than the built-in Administrator account may not have rights to manage a server remotely, even if remote management is enabled. The Remote User Account Control (UAC) LocalAccountTokenFilterPolicy registry setting must be configured to allow local accounts of the Administrators group other than the built-in administrator account to remotely manage the server.”

To open up UAC to include everyone in your local Admins group for remote access, you’ll need to make some registry changes.

Follow these steps to manually edit the registry:

  1. Click Start, type regedit in the Start Search box, and then click regedit.exe in the Programs list.
  2. Locate and then click the following registry subkey:
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type LocalAccountTokenFilterPolicy for the name of the DWORD, and then press ENTER.
  6. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.

Now you will be able to remotely connect and administer your server using PowerShell with any account you’ve give Admin rights too for that particular server.  This would hold true for servers in Azure, as well as servers on your local network.

Special shout out to Bret Stateham for bringing this “remote admin road-bump” to my attention. Sometimes what looks like an “Azure” problem, is really a “Server” feature. 🙂

The Imperfect Lab: Not So SharePointed

On my list of thing to try with the Imperfect Lab was deploying a SharePoint Farm from the new portal since there is this nifty wizard that just does all the work of building the servers for you.  Just a few clicks and boom, SharePoint!
But alas, it was not quite to be. While the portal does do what it claims, produces a test/dev scenario of SharePoint, it’s completely isolated.  And completely isolated isn’t exactly what I wanted. When you use the portal configuration “wizard” you are prompted for several bits of information that you can’t get around.
  1. You are prompted to give a domain name for a new FOREST domain.
  2. You must create a NEW virtual network.

Because I wanted to create a little Imperfect Lab “team site” and experiment a bit with SharePoint 2013, I wanted to use my existing domain and my existing network.  But that isn’t an option allowed via the portal “journey”, to get what I want, I’ll have to build it out the old-fashioned way, one server at a time.
Had I know this before I started this project, I might have considered creating the SharePoint farm first, then using that domain and network as the basis for the rest of my lab projects.  Oh well, that’s why we experiment in the first place right?  Live and learn. I guess I’ll swing back around to this SharePoint project a bit later.
Meanwhile, if a completely isolated SharePoint playground is something you need, by all means check out the new Azure portal and give it go.  And if you need more than what the test environment provides, you might find the complete Planning for SharePoint 2013 on Azure Infrastructure Services guide useful.