Microsoft

Changing your Mindset – Monitoring Solutions are Necessary for Successful IT Digital Transformation

Theresa Miller - Tue, 09/19/2017 - 05:30

The way we consume technology is changing rapidly, and the term digital transformation seems to be used in many ways.  So, what does it mean?  To me it means that organizations have adopted their technology base, and have workflows and processes in place that are successful.  But now with technologic advancements changing and reshaping how […]

The post Changing your Mindset – Monitoring Solutions are Necessary for Successful IT Digital Transformation appeared first on 24x7ITConnection.

Microsoft Teams announces external access, with caveats

Theresa Miller - Mon, 09/18/2017 - 05:30

When Microsoft announced its “Slack-killer” conversation-style Teams product, one piece of functionality was glaringly lacking – access into a team for people outside of your own organization. This week, external access was announced, but only partially. You can now invite guests into your teams IF they already have an Azure AD account (which for most […]

The post Microsoft Teams announces external access, with caveats appeared first on 24x7ITConnection.

#VMworld 2017 Brings New Features to VMware Workspace ONE Powered by AirWatch

Theresa Miller - Tue, 09/12/2017 - 05:30

At #VMworld 2017 US, VMware announced a number of new features and new innovations to VMware Workspace ONE powered by AirWatch, and their end user computing portfolio.  Let’s take a look at some of the things VMware has added to the already powerful software suite. One Platform to Rule All Devices One of the biggest […]

The post #VMworld 2017 Brings New Features to VMware Workspace ONE Powered by AirWatch appeared first on 24x7ITConnection.

Delivering Safer Apps with Windows Server 2016 and Docker Enterprise Edition

Microsoft Virtualisation Blog - Tue, 09/05/2017 - 09:00

Windows Server 2016 and Docker Enterprise Edition are revolutionizing the way Windows developers can create, deploy, and manage their applications on-premises and in the cloud. Microsoft and Docker are committed to providing secure containerization technologies and enabling developers to implement security best practices in their applications. This blog post highlights some of the security features in Docker Enterprise Edition and Windows Server 2016 designed to help you deliver safer applications.

For more information on Docker and Windows Server 2016 Container security, check out the full whitepaper on Docker’s site.

Introduction

Today, many organizations are turning to Docker Enterprise Edition (EE) and Windows Server 2016 to deploy IT applications consistently and efficiently using containers. Container technologies can play a pivotal role in ensuring the applications being deployed in your enterprise are safe — free of malware, up-to-date with security patches, and known to come from a trustworthy source. Docker EE and Windows each play a hand in helping you develop and deploy safer applications according to the following three characteristics:

  1. Usable Security: Secure defaults with tooling that is native to both developers and operators.
  2. Trusted Delivery: Everything needed to run an application is delivered safely and guaranteed not to be tampered with.
  3. Infrastructure Independent: Application and security configurations are portable and can move between developer workstations, testing environments, and production deployments regardless of whether those environments are running in Azure or your own datacenter.

Usable Security Resource Isolation

Windows Server 2016 ships with support for Windows Server Containers, which are powered by Docker Enterprise Edition. Docker EE for Windows Server is the result of a joint engineering effort between Microsoft and Docker. When you run a Windows Server Container, key system resources are sandboxed for each container and isolated from the host operating system. This means the container does not see the resources available on the host machine, and any changes made within the container will not affect the host or other containers. Some of the resources that are isolated include:

  • File system
  • Registry
  • Certificate stores
  • Namespace (privileged API access, system services, task scheduler, etc.)
  • Local users and groups

Additionally, you can limit a Windows Server Container’s use of the CPU, memory, disk usage, and disk throughput to protect the performance of other applications and containers running on the same host.

Hyper-V Isolation

For even greater isolation, Windows Server Containers can be deployed using Hyper-V isolation. In this configuration, the container runs inside a specially optimized Hyper-V virtual machine with a completely isolated Windows kernel instance. Docker EE handles creating, managing, and deleting the VM for you. Better yet, the same Docker container images can be used for both process isolated and Hyper-V isolated containers, and both types of containers can run side by side on the same host.

Application Secrets

Starting with Docker EE 17.06, support for delivering secrets to Windows Server Containers at runtime is now available. Secrets are simply blobs of data that may contain sensitive information best left out of a container image. Common examples of secrets are SSL/TLS certificates, connection strings, and passwords.

Developers and security operators use and manage secrets in the exact same way — by registering them on manager nodes (in an encrypted store), granting applicable services access to obtain the secrets, and instructing Docker to provide the secret to the container at deployment time. Each environment can use unique secrets without having to change the container image. The container can just read the secrets at runtime from the file system and use them for their intended purposes.

Trusted Delivery Image Signing and Verification

Knowing that the software running in your environment is authentic and came from a trusted source is critical to protecting your information assets. With Docker Content Trust, which is built into Docker EE, container images are cryptographically signed to record the contents present in the image at the time of signing. Later, when a host pulls the image down, it will validate the signature of the downloaded image and compare it to the expected signature from the metadata. If the two do not match, Docker EE will not deploy the image since it is likely that someone tampered with the image.

Image Scanning and Antimalware

Beyond checking if an image has been modified, it’s important to ensure the image doesn’t contain malware of libraries with known vulnerabilities. When images are stored in Docker Trusted Registry, Docker Security Scanning can analyze images to identify libraries and components in use that have known vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database.

Further, when the image is pulled on a Windows Server 2016 host with Windows Defender enabled, the image will automatically be scanned for malware to prevent malicious software from being distributed through container images.

Windows Updates

Working alongside Docker Security Scanning, Microsoft Windows Update can ensure that your Windows Server operating system is up to date. Microsoft publishes two pre-built Windows Server base images to Docker Hub: microsoft/nanoserver and microsoft/windowsservercore. These images are updated the same day as new Windows security updates are released. When you use the “latest” tag to pull these images, you can rest assured that you’re working with the most up to date version of Windows Server. This makes it easy to integrate updates into your continuous integration and deployment workflow.

Infrastructure Independent Active Directory Service Accounts

Windows workloads often rely on Active Directory for authentication of users to the application and authentication between the application itself and other resources like Microsoft SQL Server. Windows Server Containers can be configured to use a Group Managed Service Account when communicating over the network to provide a native authentication experience with your existing Active Directory infrastructure. You can select a different service account (even belonging to a different AD domain) for each environment where you deploy the container, without ever having to update the container image.

Docker Role Based Access Control

Docker Enterprise Edition allows administrators to apply fine-grained role based access control to a variety of Docker primitives, including volumes, nodes, networks, and containers. IT operators can grant users predefined permission roles to collections of Docker resources. Docker EE also provides the ability to create custom permission roles, providing IT operators tremendous flexibility in how they define access control policies in their environment.

Conclusion

With Docker Enterprise Edition and Windows Server 2016, you can develop, deploy, and manage your applications more safely using the variety of built-in security features designed with developers and operators in mind. To read more about the security features available when running Windows Server Containers with Docker Enterprise Edition, check out the full whitepaper and learn more about using Docker Enterprise Edition in Azure.

Categories: Microsoft, Virtualisation

Solaris changed our industry; lighting a candle

Theresa Miller - Tue, 09/05/2017 - 05:00

Solaris changed our industry. But according to reports, the Solaris operating system may be nearing death. Oracle, who acquired Sun Microsystems in 2010, has laid off most of the remaining staff who were working on Solaris. There will be support for the OS until 2030, but this news feels like it needs a memorial.   […]

The post Solaris changed our industry; lighting a candle appeared first on 24x7ITConnection.

What to Expect at VMworld 2017

Theresa Miller - Thu, 08/24/2017 - 05:30

VMworld 2017 is just about to get into full swing. For all of your VMware fans out there, get ready for a week of fantastic announcements from the virtualization giant. Let’s take a look at what we can expect at VMworld 2017 The Keynotes The first clue on what to expect at VMworld 2017 can […]

The post What to Expect at VMworld 2017 appeared first on 24x7ITConnection.

HPE Nimble Storage at Cloud Field Day

Theresa Miller - Wed, 08/23/2017 - 05:30

I recently was invited to Cloud Field Day in the Bay area.  While in attendance the group heard from many different companies.  One of them was HPE Nimble Storage.  I really didn’t know what to expect for this presentation, but as the discussion took form the strategy being used was quite interesting. Imagine this In […]

The post HPE Nimble Storage at Cloud Field Day appeared first on 24x7ITConnection.

Thwack – HOW TO WORK IN IT WITHOUT LOSING YOUR MIND

Theresa Miller - Tue, 08/22/2017 - 05:30

Recently I wrote a post for Solarwinds Thwack discussing “How to Work in IT Without Losing your mind”.  If you work in IT which I suspect you do this topic may hit you close to home.  From deciding what to learn, to long hours, this topic really could have gone anywhere, but in the end […]

The post Thwack – HOW TO WORK IN IT WITHOUT LOSING YOUR MIND appeared first on 24x7ITConnection.

Rubrik at Cloud Field Day – Backup your Cloud Today

Theresa Miller - Thu, 08/17/2017 - 05:30

During Cloud Field Day in the Bay area we met with the Rubrik Team, Chris Wahl, Rebecca Fitzhugh and Andrew Miller.  I was excited to learn more about what they are doing with their product and the ability to do backups in the cloud.  More specifically their solutions work great with Amazon Web Services (AWS) […]

The post Rubrik at Cloud Field Day – Backup your Cloud Today appeared first on 24x7ITConnection.

Microsoft announces two new Azure regions in Australia

Theresa Miller - Tue, 08/15/2017 - 16:54

Australia’s capital city, Canberra, is a very important battle ground for the major technology vendors. Google and Microsoft both like to be seen in the press among the nation’s government heads and decision makers. While Google have had a few wins, Microsoft’s latest wins may give it the advantage in the Cloud wars within the […]

The post Microsoft announces two new Azure regions in Australia appeared first on 24x7ITConnection.

Can rock stars fuel impostor syndrome, and what you need to know to protect yourself

Theresa Miller - Mon, 08/14/2017 - 05:05

If you’re in tech, you’ve probably heard of impostor syndrome. You’ve also most likely encountered so-called rock stars. But have you ever wondered if one feeds into the other? If the two are related, what can you do to protect yourself and keep a healthy view of your own talents and accomplishments? Words construct our […]

The post Can rock stars fuel impostor syndrome, and what you need to know to protect yourself appeared first on 24x7ITConnection.

Amazon Connect Expands to Europe

Theresa Miller - Tue, 08/08/2017 - 05:30

Recently, Amazon Connect expanded its offering to Europe, in the Frankfurt AWS Region.  Previously, Amazon Connect was only available in the in the US East and Asia Pacific regions.  When we think of AWS, many of us technologists begin to think of instances hosting our applications in the cloud.  The fact of the matter is […]

The post Amazon Connect Expands to Europe appeared first on 24x7ITConnection.

ServiceNow at Cloud Field Day – Not just for IT Anymore

Theresa Miller - Mon, 08/07/2017 - 13:10

Recently I attended Cloud Field Day in the Bay area an one of the product presentations was delivered by ServiceNow.  I have used ServiceNow, and I instantly think helpdesk solution.  As the team unveiled their current initiatives it became clear that they are doing quite a bit more for the business side as well, and […]

The post ServiceNow at Cloud Field Day – Not just for IT Anymore appeared first on 24x7ITConnection.

NetApp at Cloud Field Day

Theresa Miller - Thu, 08/03/2017 - 05:30

I recently attended Cloud Field Day in the Bay area and one of the companies I had the privilege of meeting with for a product strategy review was NetApp.  If you are familiar with NetApp they are traditionally a storage provider, but they are moving forward with a new visionary shift that will change them […]

The post NetApp at Cloud Field Day appeared first on 24x7ITConnection.

Implement Windows Server 2016 Active Directory

Theresa Miller - Wed, 08/02/2017 - 05:30

Windows 2016 has been out some time now.  As as older operating systems continue to become outdated, and become closer to end of life Windows 2016 should be on your mind for your next Active Directory upgrade.  IT professionals and security teams are also are very interested in the why and how of the latest […]

The post Implement Windows Server 2016 Active Directory appeared first on 24x7ITConnection.

All-New Cisco Catalyst 9000 Series Switches

Theresa Miller - Thu, 07/27/2017 - 05:30

Earlier in my career I did quite a bit of work with Cisco Catalyst switches. Lately, I’ve been mostly working with Cisco Nexus products, due to the time I’ve been spending in the data center. I was excited to see Cisco recently refreshed their Catalyst line of switches by introducing the Cisco Catalyst 9000 Series […]

The post All-New Cisco Catalyst 9000 Series Switches appeared first on 24x7ITConnection.

Hyper-V virtual machine gallery and networking improvements

Microsoft Virtualisation Blog - Wed, 07/26/2017 - 01:42

In January, we added Quick Create to Hyper-V manager in Windows 10.  Quick Create is a single-page wizard for fast, easy, virtual machine creation.

Starting in the latest fast-track Windows Insider builds (16327+) we’re expanding on that idea in two ways.  Quick Create now includes:

  1. A virtual machine gallery with downloadable, pre-configured, virtual machines.
  2. A default virtual switch to allow virtual machines to share the host’s internet connection using NAT.

To launch Quick Create, open Hyper-V Manager and click on the “Quick Create…” button (1).

From there you can either create a virtual machine from one of the pre-built images available from Microsoft (2) or use a local installation source.  Once you’ve selected an image or chosen installation media, you’re done!  The virtual machine comes with a default name and a pre-made network connection using NAT (3) which can be modified in the “more options” menu.

Click “Create Virtual Machine” and you’re ready to go – granted downloading the virtual machine will take awhile.

Details about the Default Switch

The switch named “Default Switch” or “Layered_ICS”, allows virtual machines to share the host’s network connection.  Without getting too deep into networking (saving that for a different post), this switch has a few unique attributes compared to other Hyper-V switches:

  1. Virtual machines connected to it will have access to the host’s network whether you’re connected to WIFI, a dock, or Ethernet.
  2. It’s available as soon as you enable Hyper-V – you won’t lose internet setting it up.
  3. You can’t deleted it.
  4. It has the same name and device ID (GUID c08cb7b8-9b3c-408e-8e30-5e16a3aeb444) on all Windows 10 hosts so virtual machines on recent builds can assume the same switch is present on all Windows 10 Hyper-V host.

I’m really excited by the work we are doing in this area.  These improvements make Hyper-V a better tool for people running virtual machines on a laptop.  They don’t, however, replace existing Hyper-V tools.  If you need to define specific virtual machine settings, New-VM or the new virtual machine wizard are the right tools.  For people with custom networks or complicated virtual network needs, continue using Virtual Switch Manager.

Also keep in mind that all of this is a work in progress.  There are rough edges for the default switch right now and there aren’t many images in the gallery.  Please give us feedback!  Your feedback helps us.  Let us know what images you would like to see and share issues by commenting on this blog or submitting feedback through Feedback Hub.

Cheers,
Sarah

Categories: Microsoft, Virtualisation

Copying Files into a Hyper-V VM with Vagrant

Microsoft Virtualisation Blog - Tue, 07/18/2017 - 21:50

A couple of weeks ago, I published a blog with tips and tricks for getting started with Vagrant on Hyper-V. My fifth tip was to “Enable Nifty Hyper-V Features,” where I briefly mentioned stuff like differencing disks and virtualization extensions.

While those are useful, I realized later that I should have added one more feature to my list of examples: the “guest_service_interface” field in “vm_integration_services.” It’s hard to know what that means just from the name, so I usually call it the “the thing that lets me copy files into a VM.”

Disclaimer: this is not a replacement for Vagrant’s synced folders. Those are super convienent, and should really be your default solution for sharing files. This method is more useful in one-off situations.

Enabling Copy-VMFile

Enabling this functionality requires a simple change to your Vagrantfile. You need to set “guest_service_interface” to true within “vm_integration_services” configuration hash. Here’s what my Vagrantfile looks like for CentOS 7:

# -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure("2") do |config| config.vm.box = "centos/7" config.vm.provider "hyperv" config.vm.network "public_network" config.vm.synced_folder ".", "/vagrant", disabled: true config.vm.provider "hyperv" do |h| h.enable_virtualization_extensions = true h.differencing_disk = true h.vm_integration_services = { guest_service_interface: true #<---------- this line enables Copy-VMFile } end end

You can check that it’s enabled by running Get-VMIntegrationService in PowerShell on the host machine:

PS C:\vagrant_selfhost\centos> Get-VMIntegrationService -VMName "centos-7-1-1.x86_64" VMName Name Enabled PrimaryStatusDescription SecondaryStatusDescription ------ ---- ------- ------------------------ -------------------------- centos-7-1-1.x86_64 Guest Service Interface True OK centos-7-1-1.x86_64 Heartbeat True OK centos-7-1-1.x86_64 Key-Value Pair Exchange True OK The protocol version of... centos-7-1-1.x86_64 Shutdown True OK centos-7-1-1.x86_64 Time Synchronization True OK The protocol version of... centos-7-1-1.x86_64 VSS True OK The protocol version of...

Note: not all integration services work on all guest operating systems. For example, this functionality will not work on the “Precise” Ubuntu image that’s used in Vagrant’s “Getting Started” guide. The full compatibility list various Windows and Linux distrobutions can be found here. Just click on your chosen distrobution and check for “File copy from host to guest.”

Using Copy-VMFile

Once you’ve got a VM set up correctly, copying files to and from arbitrary locations is as simple as running Copy-VMFile in PowerShell.

Here’s a sample test I used to verify it was working on my CentOS VM:

Copy-VMFile -Name 'centos-7-1-1.x86_64' -SourcePath '.\Foo.txt' -DestinationPath '/tmp' -FileSource Host

Full details can found in the official documentation. Unfortunately, you can’t yet use it to copy files from your VM to your host. If you’re running a Windows Guest, you can use Copy-Item with PowerShell Direct to make that work; see this document for more details.

How Does It Work?

The way this works is by running Hyper-V integration services within the guest operating system. Full details can be found in the official documentation. The short version is that integration services are Windows Services (on Windows) or Daemons (on Linux) that allow the guest operating system to communicate with the host. In this particular instance, the integration service allows us to copy files to the VM over the VM Bus (no network required!).

Conclusion

Hope you find this helpful — let me know if there’s anything you think I missed.

John Slack
Program Manager
Hyper-V Team

Categories: Microsoft, Virtualisation

Microsoft Inspire delivers new Cloud products

Theresa Miller - Tue, 07/18/2017 - 05:30

Washington DC recently hosted Microsoft Inspire, the rebranded name for the company’s Worldwide Partner Conference. Alongside the One Commercial Partner announcement (a restructure of how the company engages with partners of all sizes), they snuck in some Cloud product news too. Microsoft 365 Not known for their brilliance with product names, Microsoft released Microsoft 365 […]

The post Microsoft Inspire delivers new Cloud products appeared first on 24x7ITConnection.

Today at Microsoft Inspire–Next generation architecture for RDS hosting

Terminal Services team blog - Wed, 07/12/2017 - 15:00

Join us today (find details at the end of this post) to see how you can make your hosted RDS environments more secure, scalable and efficient; discover the powerful new architecture that enables you to create the next generation of services for your customers, while taking your business to the next level of efficiency and growth.

The RDS modern infrastructure components we are showcasing today extend the current Windows Server 2016 RDS to enable partners to address new markets segments and customers while reducing the cost and complexity of hosted Windows desktop and application deployments.

Our Infrastructure and clients now utilize Azure Active Directory authentication to enable enhanced security features like conditional access, multi-factor authentication, taking advantage of the massive investments being made in our Intelligent Security Graph. We seamlessly integrate with classic Windows authentication to maintain application compatibility and provide a single sign-on user experience.

The RDS modern infrastructure components provide functionality that extends the current RD Web Access, RD Gateway, and RD Connection Broker services, as well as adding a new RD Diagnostics service. The RDS modern infrastructure components are implemented as .NET Web Services enabling a wide variety of deployment options. For example:

  • Both single and multi-tenant deployments, making smaller deployments (less than 100 users) much more economically viable, while providing the necessary security of tenant isolation
  • Deployments on Microsoft Azure, on-premises equipment, and hybrid configurations
  • Virtual machines or Azure App Services can be used for deployment

Azure App Services, part of Azures Platform-as-a-Service environment, simplifies the deployment and management of the RDS modern infrastructure because it abstracts the details of the virtual machines, networking, and storage. This simplifies administrative tasks like configuring scale out/in of a service to dynamically and automatically handle fluctuating usage patterns.

The new infrastructure will also include a web client that allows users to connect from any HTML5 browser. The web client, combined with the other RDS modern infrastructure features, allows many Windows applications to be easily transformed into a Web-based Software-as-a-Service (SaaS) application without having to rewrite a line of code.

Join us today to learn more and sign up for the upcoming technical preview!

Session details:

Remote Desktop Services (RDS): Why do you support 247 infrastructure for apps that run 8AM 5PM?
Wednesday, July 12, 2017 2:30 PM-3:30 PM (UTC-05:00) Eastern Time (US & Canada) – 202B, WEWCC

For related information, please see Windows Server 2016 Remote Desktop Services documentation and the RDS Azure Quickstart Templates.

Sign up today!

Categories: , Microsoft

Pages

Subscribe to Spellings.net aggregator - Microsoft