Presentation – Microsoft Azure And Hybrid Cloud

I recently presented in the MicroWarehouse and Microsoft Ireland road show to Irish Microsoft partners on the topic of the Cloud OS, comprised of Azure, Windows Server 2012 R2, Hyper-V, and System Center 2012 R2. You can find the slide deck below.


Mapping The Microsoft Hybrid Cloud – Work In Progress

I am attempting to map out the infrastructure elements (not the app/dev elements) of the Microsoft hybrid cloud. This is a work in progress. If you spot any missing pieces then please comment and I will update.

You’ve heard terms like Cloud OS and hybrid cloud. What do they mean? I will attempt to map out the Microsoft hybrid cloud’s infrastructure-as-a-service (IaaS) ans software-as-a-service (SaaS) elements in this post.

The Hybrid Cloud

A private cloud is a single-tenant (but many users) service that is typically run on-premise. Note that there is a concept of a hosted private cloud; this is where a hosting company runs your single tenant infrastructure. An example of a private cloud is Hyper-V with elements of System Center (VMM, App Controller, Windows Azure Pack, etc) running in your data centre.

A public cloud is a hosted multi-tenant service that you do not own, but you consume services from. The perfect examples of this are Amazon Web Services (AWS) and Microsoft Windows Azure. The hosting company runs and hides the infrastructure from you. You subscribe to services from this shared infrastructure and have no visibility of other tenants. Those offerings are IaaS. There is platform-as-a-service (PaaS) which Windows Azure also offers for developers to run their applications without worrying about VM guest operating systems. And there is software-as-a-service (SaaS) such as Office 365 and Windows Intune where you use some software that the hosting company runs and sells to you from the cloud.

A hybrid cloud is where you mix elements of private cloud with public cloud. Microsoft is in a very unique position because they operate/sell IaaS, PaaS, and SaaS in public and private cloud. This allows you to integrate the best elements (for you) of on-premise with the public cloud offerings of Microsoft to create a hybrid offering.

The Map

image View the image to see full size

Windows Azure Site-Site VPN

You can deploy virtual machines in Windows Azure. They are very similar to Hyper-V VMs, because at this point, Windows Azure is running WS2012 Hyper-V (not WS2012 R2, as you can tell by digging around). You can deploy Software-Defined-Networking (SDN) within Windows Azure in the form of Virtual Networks; you define a network and then you define automatically routed subnets. You can configure a remote gateway to enable site-to-site VPN connectivity between your on-premise infrastructure and the network within Windows Azure. That creates intriguing possibilities where you run some services within Windows Azure to take advantage of elasticity and instant resource availability, and take advantage of on-premise where you can customise and specialise to your heart’s content.

An MPLS alternative has gone into beta with AT&T in the USA. Basically the Windows Azure network becomes another branch office on your WAN. That would be a much nicer and more fault tolerant option than single site-to-site VPN.


You will use SCVMM to manage your on-premise cloud(s) and use System Center App Controller to enable easy deployment of VMs/services in your hybrid cloud.

Active Directory

One of the biggest historical pains in IT for users is having multiple usernames and passwords. You can have single-sign-on (SSO) across your on-premise and Microsoft public cloud services by synchronising Active Directory with Windows Azure Active Directory (WAAD). WAAD is used in a couple of ways:

  • PaaS: Developers can use synchronised IDs for their custom applications.
  • SaaS: Office 365 (Midsize [M] plan and up) and Windows Intune can use the same user names for Exchange Online, SharePoint Online, Lync Online, etc, as are entered when users sign into their PC every day.

There are two ways to synchronise AD with WAAD:

  • DirSync: Is a simple-to-install and manage solution for smaller businesses.
  • ADFS: Active Directory Federation Services is used for larger installs. It requires HA because ADFS becomes a point of dependency to sign into services.

Another interesting option is to deploy VMs into Windows Azure, promote one or more to be domain controllers, and treat that as another site in your Active Directory forest. Your on-premise DCs will replicate with the DCs running in Windows Azure. This is used to enable traditional user & computer join/login to your AD forest.

Note: You must follow specific guidelines for creating DCs in Windows Azure. For example, all domain databases must be placed on an additional data drive that you attach to the VM. This is required to avoid corruption.

Office 365

I’ve already mentioned how users can sign into Office 365 (M plan and higher) using the same username and password as they use on their PC. You can also run hybrid Office services. For example, an Exchange organisation can span on-premise Exchange servers and the cloud.

Windows Intune & System Center Configuration Manager

System Center Configuration Manager (SCCM) is Microsoft’s corporate device deployment & management solution. I believe it is best used when limited to direct management of domain-joined Windows computers. Note that SCCM does allow you to deploy a distribution point (a content library that users/computers install from) in the cloud (hosted by Windows Azure).

You can also get Windows Intune, Microsoft’s cloud-based device management solution. Being cloud based makes it easy to deploy, and better for managing remote or widely distributed devices. Intune is less AD-centric, and that also makes it a great product for dealing with bring-your-own-device (BYOD). And Intune is also designed from the ground up to manage non-Windows OSs such as Android, iOS, and Windows Phone.

You can integrate Windows Intune into SCCM so admins have a single console to manage. I see Intune as the mechanism for dealing with widely distributed devices, roaming devices, mobile devices, and BYOD. SCCM is the solution for dealing with domain-joined corporate computers.

System Center Operations Manager

SCOM is Microsoft’s service-focused monitoring solution. You can get lots of Microsoft developed (free) management packs for monitoring on-premise stuff such as Windows Server, AD, SQL Server, and much more. There are also free third-party management packs (HP, Dell, Citrix, and more), and paid-for products from the likes of Veeam (which happens to have a limited free package for vSphere monitoring).

SCOM can also be used with the cloud in a few ways:

  • Global Service Monitor: GSM allows you to monitor the availability and quality of web services from Microsoft’s data centres around the world. This accounts for the fact that the Internet is complex and localised failures can affect international service availability in unpredictable ways. You configure GSM to monitor site(s) and the results appear in SCOM.
  • System Center Advisor: Think of this as a best practices analyzer from the cloud. SCOM can monitor the results of Advisor scans.
  • Windows Azure: You can monitor the services that you deploy in Azure in two ways. You can monitor the Azure service itself for failures. You can also install SCOM agents into the guest OS of your VMs to monitor the OS and services from within the VMs.


Many businesses struggle with retaining archive data. Microsoft acquired StorSimple to deal with that issue. This is a on-premise installed 1 GbE iSCSI storage appliance that offers local SSD and HDD tiers with a third colder tier residing within the storage services of Windows Azure.

The appliance is not suitable for all workloads. A key requirement is that your data must have a concept of a “working set”. In other words, there is hot data that you use frequently, and cold data that your do not look at very often. VM VHD/VHDX files are not examples of this. Think of a corporate file server, an CAD library, etc. Those are good examples.

StorSimple also has a built-in backup system that uses snapshot mechanisms to backup your hot/cold data.

Windows Azure Online Backup

There are many ways to use the storage mechanisms in Azure. Another one is to use Online Backup to automate the off-site storage of your backup data. A basic system for a single server would be to let Windows Server Backup send its data directly to the cloud. Larger customers might use something like System Center Data Protection Manager or Commvault Sympana to send their backup data to Windows Azure.

The data is encrypted using your private key. Microsoft never sees this key, and therefore you must keep the key safe; they cannot rescue you if you lose it.

I’ve been told that there is a beta in the USA to assist with getting that first big backup into the data center using secure out of band couriers. This will be a much more complex service to export due to the nature of international cross-border complexities.

Hyper-V Recovery Manager

HRM is not a solution that I am convinced about, due to pricing and the fact that it lives in Azure. I prefer micro-payment and placement in the secondary site.

However, HRM is an orchestration solution that lives in Windows Azure for coordinating Hyper-V Replica between two VMM-managed Hyper-V sites. Asynchronous replication data flows directly between the two sites, never to Azure. HRM purely manages replication and failover.

SQL Server 2014

SQL  Server AlwaysOn availability groups can span on-premise and in-Azure VMs, enabling hybrid cloud HA of your relational data services.

UR1 For System Center 2012 R2 Is Available – Be Careful

Microsoft has released Update Rollup 1 for System Center 2012 R2, covering everything except Endpoint Protection and Configuration Manager (they’re almost a separate group).

As usual with update rollups, I would caution you to let others download, install, and test this rollup. Don’t approve it for deployment for another month. And even then, make sure you read each product’s documentation before doing an installation.

Those who lived through URs over the last 12-18 months will remember that System Center had as bad, if not worse, time than Windows Server 2012 with these Update Rollups.


Update Rollup 5 for System Center 2012 Service Pack 1 was also released. The same advice applies; don’t deploy for 1 month and let others be the guinea pigs.

Launch Event – Learn From The Best; Not From The Rest

There are only hours now between now and the start of TechCamp 2013 in City West in Dublin, where Irish MVPs (and a couple of Microsoft folks) will be presenting on:

  • Windows Server 2012 R2
  • Service automation using System Center 2012 R2
  • Hybrid cloud using Hyper-V Network Virtualization, NVGRE, SCVMM 2012 R2 and Windows Azure Pack
  • Service level management using System Center 2012 R2
  • Windows 8.1 in the business
  • New Windows devices
  • BYOD, consumerisation of IT, and mobile device management
  • Enterprise desktop management using System Center 2012 R2

You could wait for a sales person come to town and tell you stuff that they’ve read about.

Or, you could make a little effort to come to TechCamp 2013 where some of the worlds leading experts independent experts (all with international followings and tech book credits to their names) on these technologies (who are Irish BTW) will be there to present an honest appraisal of this technology that they have worked with every day since the 2012 R2/8.1 previews were launched.

Update Rollup 3 For System Center 2012 Service Pack 1

Microsoft released UR3 for System Center 2012 SP1 overnight.  It contains bug fixes for:

  • App Controller
  • Operations Manager
  • Virtual Machine Manager

Download links and installation instructions are on the site.

My advice: considering the quality of patches coming out of Redmond recently, I’d wait a month before installing these updates.


FYI, it appears some download links aren’t active just yet.

Windows Server and System Center 2012 R2 Previews Are Available

It’s all over social media this morning; You can download WSSC 2012 R2 (That’s WS2012 R2 and SC/SysCtr 2012 R2) from TechNet and MSDN right now.  The previews for the following are available now:

  • Hyper-V Server 2012 R2
  • Windows Server 2012 R2 Essentials
  • Windows server 2012 R2 Datacenter
  • System Center 2012 R2 Virtual Machine Manager (x86 and x64)
  • System Center 2012 R2 Service Manager (x86 and x64)
  • System Center 2012 R2 Data Protection Manager (x86 and x64)
  • System Center 2012 R2 App Controller (x86 and x64)
  • System Center 2012 R2 Configuration Manager (x86 and x64)
  • System Center 2012 R2 Orchestrator (x86 and x64)
  • System Center 2012 R2 Operations Manager (x86 and x64)
  • Windows Server 2012 R2 Virtual Machine
  • Windows Server 2012 R2 Virtual Machine Core

SQL Server 2014 CTP1 is also up there for you to test.


Remember that these are preview releases – that’s like a beta (the product is not finished and has no support unless you are in a MSFT supervised TAP program) but without the feedback mechanism of a beta.  Do not use these preview releases in production!

I have the bits downloading now.  I’m on a customer site today so I don’t know if I’ll be deploying the bits or not until tomorrow.

Update Rollup 2 For System Center 2012 SP1 Is Released

Microsoft has released UR2 for System Center 2012 SP1 via Windows Update.  That means you’ll auto download and deploy (pending manual/auto approval on your part) this update via WSUS, etc.  You can also manually download the updates to each product. 

Note that VMM is not included this time around and OpsMgr has quite a few updates.

Please test and then update yours or your customers’ sites to improve the performance and stability of your System Center deployments.  For consultants, this is an opportunity for you do do a little *ahem* sales, and see if there are some further deployments/customisations that you can do for your clients.

App Controller (KB2815569)

  • Issue 1: You cannot change the virtual machine network of deployed virtual machines.
  • Issue 2: The network connection is set to None after you view the network properties of a deployed virtual.
  • Issue 3: You cannot view the virtual networks for a virtual machine.
  • Issue 4: When you change the virtual network in App Controller, you receive the following error message:
  • Issue 5: You cannot copy VMs that have multiple processors or large amounts of memory from VMM to a Windows Azure.
  • Issue 6: App Controller requires Microsoft Silverlight 5 but links to the download page for Silverlight 4.
  • Issue 7: An argument null exception may occur if network connectivity is interrupted.

App Controller Setup (KB2823452)

  • Issue 1: App Controller cannot be installed if the Microsoft SQL Server database server name starts with a number.
  • Issue 2: Setup incorrectly reports that the SQL Server database has insufficient disk space.
  • Issue 3: Setup is unsuccessful when it tries to enable Internet Information Services (IIS).

Operations Manager (KB2826664)

  • Issue 1: The Web Console performance is very poor when a view is opened for the first time.
  • Issue 2: The alert links do not open in the Web Console after Service Pack 1 is applied for Operations Manager.
  • Issue 3: The Distributed Applications (DA) health state is incorrect in Diagram View.
  • Issue 4: The Details Widget does not display data when it is viewed by using the SharePoint webpart.
  • Issue 5: The renaming of the SCOM group in Group View will not work if the user language setting is not "English (United States)."
  • Issue 6: An alert description that includes multibyte UTF-8 characters is not displayed correctly in the Alert Properties view.
  • Issue 7: The Chinese (Taiwan) Web Console displays a wrong message.
  • Issue 8: The APM to IntelliTrace conversion is broken when alerts are generated from dynamic module events
  • Issue 9: Connectivity issues to System Center services are fixed.
  • Issue 10: High CPU problems are experienced in Operations Manager UI.
  • Issue 11: Query processor runs out of internal resources and cannot produce a query plan when you open Dashboard views.
  • Issue 12: Path details are missing for "Objects by Performance."

Operations Manager – UNIX and Linux Monitoring (Management Pack Update) (KB2828653)

  • Issue 1: The Solaris agent could run out of file descriptors when many multi-version file systems (MVFS) are mounted.
  • Issue 2: Logical and physical disks are not discoverable on AIX-based computers when a disk device file is contained in a subdirectory.
  • Issue 3: Rules and monitors that were created by using the UNIX/Linux Shell Command templates do not contain some parameters.
  • Issue 4: Process monitors that were created by the UNIX/Linux Process Monitoring template cannot save in an existing management.
  • Issue 5: The Linux agent cannot install on a CentOS or Oracle Linux host by using FIPS version of OpenSSL 0.9.8.

Service Manager (KB2828618)

  • Issue 1: If the number of "Manual Activities" displayed in the Service Manager Portal exceeds a certain limit, page loads may time out.
  • Issue 2: Incorrect cleanup of a custom related type causes grooming on the EntityChangeLog table to stall.
  • Issue 3: Service requests complete unexpectedly because of a race condition between workflows.
  • Issue 4: The console crashes when you double-click a parent incident link on an extended incident class.
  • Issue 5: PowerShell tasks that were created by using the authoring tool do not run because of an incorrect reference.
  • Issue 6: The Exchange management pack is stuck in a Pending state after management pack synchronization.

Orchestrator (KB2828616)

  • Issue 1: The Monitor SNMP Trap activity publishes incorrect values for strings when a Microsoft SNMP Trap Service connection is used.
  • Issue 2: Inconsistent results when you use Orchestrator to query an Oracle database.

Data Protection Manager (KB2822782)

  • Issue 1: An express full backup job in SC 2012 SP1 may stop responding on a Hyper-V cluster that has 600 or more VMs.
  • Issue 2: When a SC 2012 SP1 item level restore operation is performed on a SharePoint the restore is unsuccessful.
  • Issue 3: When you open DPM on a computer that is running SC 2012 SP1, the Welcome screen does not indicate the correct version of SP1.
  • Issue 4: When you perform a disconnected installation of the DPM 2012 SP1 agent, you receive an error message.
  • Issue 5: When you use DPM 2012 SP1 for tape backup, a checksum error may occur when the WriteMBC workflow is run.
  • Issue 6: Backups of CSV volumes may be unsuccessful with metadata file corruption in DPM 2012 SP1.
  • Issue 7: The DPM console may require more time to open than expected when many client systems are being protected.

Monitor Web Site Health From Around The World Using System Center 2012 SP1

When I worked in the VM hosting business, we offered monitoring via System Center Operations Manager as a part of the service.  It was great for us as a service provider because we were aware of everything that was happening.  One of the things I tried to do for customers was website monitoring, using an agent to fire client perspective tests at the customers’ website(s) to see if they were responsive.  On more than one occasion, a customer would upload new code, assume it was OK, and OpsMgr would see the code failure in the form of an offline website.  The customer (and us) got the alerts and they could quickly undo the change.

When you work in hosting, you learn what a mess the Internet is.  Consider this example.  I worked for a hosting company in Dublin (that’s on the east coast of Ireland).  Our helpdesk got a bunch of calls from customers saying that the services we were providing to them were “offline”.  That sent the networking engineers into a bit of a tizzy – oh, did I mention this was happening as 99% of the staff were leaving for our Christmas party?  Nice timing!  The strange thing was that not all customers were having a problem.  That suggested a routing issue and the networking folks started making calls.  In the end it turned out that only customers of a certain ISP were affected.  Their route sent packets to a router in Dublin, possibly only a kilometre away from our data centre (almost all of the major datacenters, including the Dublin “Azure” one, are on one glow-in-the-dark road in south-west Dublin).  From there, packets were routed to Germany.  They bounced around there, and normally, came back to Dublin to our data center.  Something went wrong in Germany and packets went in a loop before timing out.  From the customers’ perspective, we were offline.  A simple traceroute test would have highlighted the issue but most (not all) hosting customers are … hmm … how do I put this? … special Smile


Hosting (or as it’s called now, the public cloud) customers typically sell services globally.  They need their product available everywhere.  That means you have routes all over the globe to contend with.  Take the above example, and turn it into a rats nest of ISPs and peering all over the world.  Those global;y available web services are typically not just simple websites placed in a single site, either.  Any service needing a responsive user experience must use content distribution.  That throws another variable into the mix.  Testing the availability of the website from a single location will not do.  You need to test globally.

Using an older style tool, including client perspective website monitoring in OpsMgr 2007, you could do this by renting VMs in globally located data centres and installing agents on them.  The problems with this are:

  • Increased complexity.
  • A reliance on those global data centres – would you rely on the Virginia Amazon data centre that’s made lots of headlines in recent months?  What about Honest Jose’s Hosting in Argentina?
  • Renting VMs is adding a cost to the hosting company, that must be passed onto the customer, and every cent add to the per-month charges makes the cloud service less competitive.

System Center 2012 SP1 Operations Manager includes a new feature called Global Service Monitoring (GSM).  It’s an Azure based service that will perform the synthetic web transactions of client perspective monitoring for you, from locations around the world.  This is an invaluable feature for any public facing service, such as a public cloud (IaaS, web, or SaaS).  The hosting/service provider can see how available (uptime and performance) their service is to customers worldwide, whether the problem is internal infrastructure or an ISP routing related issue.

The most difficult helpdesk ticket is the “slow” website.  Using traditional tools you can do only so much.  The warehouse in OpsMgr can rule out disk, memory, and CPU bottlenecks, but that doesn’t satisfy the customer.  I haven’t tried this yet, but apparently GFSM adds  360 degree dashboards, offering you availability and performance information using internal (from the data centre) and external (from GSM) metrics.  That would be very useful when troubleshooting performance issues; you can see where the slowness begins if it happens externally, and you can redirect the customer to their local ISP if the fault lies there.

If I was still in the hosting business, GSM is one of the features that would have driven me to upgrade OpsMgr to 2012 SP1.

See these Microsoft TechNet posts for more:

Infrastructure Planning & Design Guide For OpsMgr 2012

Microsoft has released an IPD for System Center 2012 – Operations Manager.

This guide outlines the infrastructure design elements that are crucial to a successful implementation of Operations Manager. It guides you through the process of designing components, layout, and connectivity in a logical, sequential order. You’ll find easy-to-follow steps on identification and design of the required management groups, helping you to optimize the management infrastructure.

Infrastructure Planning and Design streamlines the planning process by:

  • Defining the technical decision flow through the planning process.
  • Listing the decisions to be made and the commonly available options and considerations.
  • Relating the decisions and options to the business in terms of cost, complexity, and other characteristics.
  • Framing decisions in terms of additional questions to the business to ensure a comprehensive alignment with the appropriate business landscape.

Mastering System Center 2012 Operations Manager

Congratulations to the authors of Mastering System Center 2012 Operations Manager, particularly to Irish System Center MVPs Paul Keely and Kevin Greene.  I know this book was an odyssey for the guys, but they probably feel like champs now that the book is on sale.

I expect that it’s going to be a very detailed book. Kevin and I have chatted about what he was writing over the months and I know he was digging deep.  Go check it out for yourself!


By the way, how many of us Irish are now writing technology books? There’s me (MVP), Damian Flynn (MVP), Kevin Greene (MVP), Paul Keely (MVP), and John McCabe (former Lync MVP, and MSFT PFE) is joining the ranks in a 2013 update to the Mastering Lync book for Sybex.  And those are just the people that I’m aware of.  We Irish are certainly punching above our weight in the technology writing biz.