Call For Speakers – Cloud Camp, October 17th

My employers, MicroWarehouse, are running a community event in the Dublin Convention Centre on October 17th. Cloud Camp is a tech event, with four tracks covering:

  • Azure Infrastructure: Virtual machines, storage, networking, etc
  • Azure Platform: Web Apps, Containers, etc
  • Productivity & Security: Office 365, EMS, etc
  • Windows Server 2019 & Hybrid: Windows Admin Center, virtualization, clustering, storage, networking, private cloud, etc

UPDATE: We have enough submissions on Office, Intune, and M365 overviews. We need more on Azure IaaS and Azure PaaS. But we really want sessions on Windows Admin Center, Windows Server 2019, and data protection using Azure Information Protection & Client App Security.


Samuel Beckett bridge and Dublin Convention Center – Daniel Dudek,

We’re looking for speakers from around Europe to fill the slots. Expenses are being covered:

  • Flights
  • 2 nights accommodation – the nights before and after the event
  • Tickets to the event

If you’re interested in speaking then please submit your bio and session proposal(s) here.

Windows Server 2016 is Launched But NOT Generally Available Yet

Microsoft did the global launch of Windows Server 2016 at Ignite in Atlanta yesterday. But contrary to tweets about an eval edition that you can download (but is useless for production), neither Windows Server 2016 or System Center 2016 are actually generally available; they are on the October pricelists but won’t be GA until “mid October”. You won’t find WS2016 or System Center 2016 GA yet on:

  • Azure
  • MSDN
  • MVLS

So you’ll have to wait until mid-October? Why the wait? It’s obvious, if you think about the last 2 releases. What do you do after installing a new OS from media? You run Windows Update. And what got installed after deploying GA bits for WS2012 or WS2012 R2? Hundreds of GB of a monster update. Microsoft is probably hard at work on a monster cumulative update that they need to get right for the GA of WS2016. It must not be ready yet, and they aren’t 100% sure when, and that’s why the time of the GA mentioned in public is mid-October and not a specific date.

Azure Stack was previously announced for GA in mid-2017. TP2 (which has been in TAP for a while, I am lead to believe) was made public yesterday with a number of improvements.

It was a quiet launch … I think the OS was mentioned once in the keynote, and there were no demos (which are actually pretty stunning this time around). System Center 2016 was also launched. Some in the media might use this quiet launch to continue their theory that Windows Server is walking dead and being replaced by Azure. That could not be further from the truth. Microsoft very much pushed (the following session by Jason Zander)  the hybrid cloud message, powered by WS2016, saying that their unique selling point will continue for enterprises that can never move (some or all services) to a public cloud. And, of course, this is why Azure Stack has been developed and is getting a lot of attention. There are countless sessions on WS2016, System Center 2016, and Azure Stack during the week at Ignite. Don’t forget, also, that hybrid goes down to the code – the same people work on Azure and Windows Server because they are one and the same.

The cloud-cloud-cloud keynote was a call rather than a sales pitch. It’s time to start learning the cloud – your bosses and your customers want it so it’s pointless for you to fight yourself out of a job. Most of the cloud solutions they showed actually supplemented on-prem installations rather than replaced them.

Ignite 2016–Cloud Infrastructure with Jason Zander

These are my notes from watching the session online, presented by the man who runs Azure engineering. This high-level session is all about the hybrid cloud nature of Microsoft’s offerings. You choose where to run things, not the cloud vendor.

Data Centre

Microsoft expects a high percentage of customers want to deploy hybrid solutions, a mixture of on-premises, with hosting partners, or in public cloud (like Azure, O365, etc). IDC reckons 80% of enterprises will run hybrid strategy by 2017. This has been Microsoft’s offering since day 1, and it continues that way. Microsoft believes there are legitimate scenarios that will continue to run on-premises.


A lot of learning from Azure has fed back into Hyper-V over the years. This continues in WS2016:

  • Distributed QoS
  • Network Controller
  • Discrete device assignment (DDA)


The threats have evolved to target all the new endpoints that modern computing have enabled. Security starts with the basics: patching. Once an attacker is in, they expand their reach. Threats are from all over – internal and external. Advanced persistent threats from zero days and organized & financed attackers are a legit threat. It takes only 24-48 hours for an attacker to get from intrusion to domain admin access, and then they sit there, undiscovered, stealing and damaging, for a mean of 150 days!


Windows Server philosophy is to defend in depth:


Shielded Virtual Machines

The goal is that even if someone gets physical access to a host (internal threat), they cannot get into the virtual machines.

  • VMs are encrypted at rest and in transit.
  • A host must be trusted by an secured independent authority.


Jeff Woolsey, Principal Program Manager, comes on stage to do a demo. Admins can be bad guys! Imagine your SAN admin … he can copy VM virtual hard disks, mount them, and get your data. If that’s a DC VM, then he can steal the domain’s secrets very easily. That’s the easiest ID theft ever. Shielded VMs prevent this. The VMs are a black box that the VM owner controls, not the compute/networking/storage admins.

Jeff does a demo … easy mount and steal from un-shielded VHDX files. Then he goes to a shielded VM … wait no those are VMware VMDK files and “these guys don’t have shielded virtual machines”. He goes to the write folder, and mounting a VHDX fails because it’s encrypted using BitLocker, even though he is a full admin. He goes to Hyper-V Manager and tries a console connection to a shielded VM. There’s no console thumbnail and console is not available – you have to use RDM. The shielded VM uses a virtual unique TPM chip to seal the unique key that protects the virtual disks. The VM processes are protected, which means that you cannot attach a debugger or inspect the RAM of the VM from the host.

This is a truly unique security feature. If you want secured VMs, then WS2016 Hyper-V (and it really requires VMM 2016 for real world) is the only way to do it – forget vSphere.

Software Defined

You get the same Hyper-V on-prem that Microsoft uses in Azure – no one else does that. Scalability has increased. Linux is a first class citizen – 30% of existing Azure VMs are Linux and they think that 60% of new virtual machines are Linux. The software defined networking in WS2016 came from Azure. Load Balancing is tested in Azure and running in the fabric for VMs in WS2016. VXLAN was added too. Storage has been re-invented with Storage Spaces Direct (S2D), lowering costs and increasing performance.


System Center 2016 will be generally available with WS2016 in mid October (it actually isn’t GA yet, despite the misleading tweets). Noise control has been added to SCOM, allowing you to tune alerts more easily.

Application Platform

We have new cloud-first ways to deploy applications.

Nano Server is a refactored Windows Server with no UI – you manage this installation option (it’s not a license) remotely. You can deploy it quickly, it boots up in seconds, and it uses fewer resources than any other Windows option. You can use Nano Server on hosts, storage nodes, in VMs, or in containers. The application workload is where I think Nano makes the most sense.


Containers are native in WS2016, managed by Docker or PowerShell. Deploying applications is extremely fast with containers. Coupled with orchestration, the app people stop caring about servers – all compute is abstracted away for them. Windows Server Containers is the same kind of containers that people might be aware of. Hyper-V Containers takes regular kernels so that they don’t have a shared kernel and are isolated by the DEP-backed Hyper-V hypervisor. Docker provides enterprise-ready management for containers, including WS2016. Anyone buying WS2016 gets the Docker Engine, with support from both Docker and MSFT.

Ben Golub, CEO of Docker, comes out. Chat show time … we’ll skip that.


The tenants of Azure are global, trusted, and hybrid. Note that last one.




This is Amsterdam (West Europe). The white buildings are data centers. One is the size of an American Football field (120 yards x around 53 yards). This isn’t one of the big data centers.



1.6 million miles of fibre around the world, with a new mid-Atlantic one one the way. There are roughly 90 ExpressRoute (WAN connection) PoPs around the world. The platform is broad … CSP has over 5,000 line items in the price list. Over 600 new services and features shipped in the last 12 months.

Some new announcements are highlighted.

  • New H-Series VMs are live on Azure. H is for high performance or HPC.
  • L-Series VMs: Storage optimized.
  • N-Series (already announced): NVIDIA GPU enabled.

An in-demand application is SAP HANA. Microsoft has worked with SAP to create purpose-built infrastructure for HANA with up to 32 TB OLAP and 3 TB OLTP.

New Networking Capabilities

Field-programmable gate array (FPGA) has gone live in Azure, enabling network acceleration up to 25 Mbps. IPv6 support has been added. Also:

  • Web application firewall (added to the web application proxy)
  • Azure DNS is GA


Azure has the largest compliance portfolio in cloud scale computing. Don’t just look at the logo – look at what is supported by that certification. Azure has 50% more than AWS in PCI. 300% more than AWS in FedRAMP. 3 more certs were announced:


Azure was the first to get the EU-US Privacy Shield certification.


Microsoft means run it on-prem or in the cloud when they hybrid (choice). Other vendors are limited to a network connection to hoover up all your systems and data (no choice).


SQL Server 2016 stretch database allows a table to span on-prem and Azure SQL. That’s a perfect example of hybrid in action.

Azure Stack Technical Preview 2 was launched. You can run it on-prem or with a partner service provider. Scenarios include:

  • Data sovereignty
  • Industrial: A private cloud running a factory
  • Temporarily isolated environments
  • Smart cities

The 2 big hurdles are software and hardware. This is why Microsoft is partnering with DellEMC, HPE and Lenovo on solutions for Microsoft Azure Stack. We see behind the HPE rack – 8 x 2U servers with SFP+ networking. There will be quarter rack stacks for getting started and bigger solutions.

Azure + Azure Stack

Bradley Bartz, Principal Group Program Manager, comes out on stage. He’s talking through a scenario. A company in Atlanta runs a local data center. Application are moving to containers. Dev/test will be done in Azure (pay as you go). Production deployment will be done on-prem. An Azure WS2016 VM runs as a container host. OMS is being used by Ops to monitor all items in both clouds. Ops use desired state configuration (DSC) to automate the deploy OMS management to everything by policy. This policy also stores credentials into KeyVault. When devs deploy a nwe container host VM, it is automatically managed by OMS. He now logs in as an operator in the Azure Stack portal. We are shown a demo of the Add Image dialog. A new feature that will come, is syndication of the Azure Marketplace from Azure to Azure Stack. Now when you create a new image in Azure Stack, you can draw down an image from the Azure Stack – this increases inventory for Azure Stack customers, and the market for those selling via the Marketplace. He adds the WS2016 with Containers image from the Marketplace. Now when the devs go into production, they can use the exact same template for their dev/test in Azure as they do for production on-prem.

When a dev is deploying from Visual Studio, they can pick the appropriate resource group in Azure, in Azure Stack, or even to a hosted Azure Stack elsewhere in the world. With Marketplace syndication, you get a consistent compute experience.

Hybrid Cloud Management

There’s more to hybrid than deployment. You need to be able to manage the footprints, including others such as AWS, vSphere and Hyper-V, as one. Microsoft’s strategy is OMS working with or without System Center. New features:

  • Application dependency mapping allows you to link components that make your service, and ID failing pieces and impacts.
  • Network performance monitoring allows you to see applications view of network bottlenecks or link failures.
  • Automation & Control. Path management is coming to Linux. Patch management will also have crowd sourced feedback on patches.
  • Azure Security Center will be converging with OMS “by the end of the year” – no mention if that was MSFT year or calendar year.
  • Backup and DR have had huge improvements over the last 6 months.

Jeff Woolsey comes back out to do an OMS demo. He goes into Alert Management (integration with SCOM) to see various kinds of alerts. Drills into an alert, and there’s nice graphics that show a clear performance issue. Application Dependency Monitor shows all the pieces that make up a service. This is prevent graphically, and one of the boxes has an alert. There is a SQL assessment alert. He drills into a performance alert. We see that there’s a huge chunk of knowledge, based on Microsoft’s interactions with customers. The database needs to be scaled out. Instead of doing this by hand, he makes a runbook to remediate the problem automatically (it was created from a Microsoft gallery item). He associates the runbook with the alert – the runbook will run automatically after an alert.

3 clicks in a new alert and he allows an incident to be created in a third-party service desk. He associates the alert with another click or two. The problem can now auto-remediate, and an operator is notified and can review it.

He goes into the Security and Audit area and a map shows malicious outbound traffic, identified using intelligence from Microsoft’s digital crime unit. Notable issues highlight actions that IT need to take care of (missing updates, malware scanning, suspicious logins, etc). Re patching, he creates an update run in Updates to patch on-prem servers.

Windows Server 2016 Launch in Ireland

I’m delighted to announce that my employers are running the community launch of Windows Server 2016 (WS2016) in Dublin, Ireland, on October 26th, starting promptly at 10:30.

You might have heard that Microsoft announced general availability yesterday at the Ignite conference in Atlanta, USA – actual GA is mid-October with the pieces being on the October price list. Unfortunately, this will be another Windows Server and System Center release that will not be publicly launched by Microsoft Ireland. In that absence, MicroWarehouse and a selection of expert speakers from around Europe will be gathering at the Marker Hotel in Dublin to share their knowledge.  These folks have been working with the technology since the first public preview nearly 2 years ago, and some have a deep knowledge that they’ve built up by working closely on testing the products, shaping their futures, and even running the previews in production!

Quite honestly, there has never been a panel of speakers put together like this before for a Microsoft event in Ireland. So far we have confirmed:

  • Carsten Rachfahl (MVP, Germany)
  • Didier Van Hoye (MVP, Belgium)
  • Damian Flynn (MVP, Ireland)
  • Kevin Greene (MVP, Ireland)
  • Me (another MVP, Ireland)

There will be a keynote followed by 2 tracks of breakout sessions. The two tracks are based on the fact that WS2016 + the new Azure Stack complete Microsoft’s hybrid cloud vision:

  • On premises track, focusing on Windows Server 2016 and Azure Stack
  • Hybrid cloud track, looking at how we can extend IT into Microsoft Azure

I cannot tell you how much new stuff there is in WS2016 – it’s a huge product, and there’s loads more to learn about in Azure! If you are paying attention, then it’s time to update awareness of what the new platforms can do, and this launch is the place to start.


  • The Marker Hotel, Grand Canal Square, Docklands, Dublin 2, D02 CK38, Ireland
  • Registration opens at 10:00 on October 26th



Intended Audience

Anyone from anywhere that wants to increase their awareness of what Windows Server 2016, Azure Stack, and Microsoft Azure can do:

  • Technical, consultants, administrators, engineers
  • IT sales
  • Technical pre-sales & architects
  • Microsoft partners
  • Microsoft customers
  • Students who want to be ready for the real world

There is a small fee to ensure that those who register online intend to attend the event and to discourage the “muffin munchers” that are more interested in free snacks.

Online Options

The event will not be streamed online and will not be recorded.

Note: Microsoft Ignite 2016 Keynote

I am live blogging this session. Press refresh to see more.

I am not attending Ignite this year. I’m saving my mileage for the MVP Summit in November. I have actually blocked out my calendar so I can watch live streams and recordings (Channel 9).


There was a preamble with some media types speculating about the future. I had that on mute while listening to a webinar. A countdown kicks the show off, followed by some interview snippets about people’s attitudes to cloud. The theme of this keynote will be work habits (continuous learning) and cloud.

Julia White

The corporate VP is the host of the keynote. In the pre-show, she acknowledge the negative feedback on Ignite 2015:

  • Over-long keynote – the session will be just 90 minutes long, instead of the 180 minute behemoths of the past.
  • Not enough “general” sessions


IT stands for “innovation & transformation” these days. Those that refuse to learn, adapt, change, and evolve, become as populous as the T-Rex. Change can be daunting, but it’s exciting and leads to new opportunities. We should embrace new and different, to figure out what is possible.

Scott Guthrie


Today will focus on solution to enable productivity, intelligent cloud platform, enable each of us to deliver transformational impact to our organizations and customers – making us IT heroes. Some blurby stuff now with business consulting terminology. I’ll wait for real things to be presented.

Some examples of BMW and Roles Royce (RR – aircraft engines) using Azure to transform their operations. Adobe is a cloud first company (SaaS) and are moving all of their solutions to Azure. Out comes a speaker from Adobe with Satya Nadella for a chat. It’s chat show time. I’ll skip this.


Something was said about digital transformation, I think – I was reading tweets. Guthrie comes back on stage. Now for a video of more customers talking about going to the cloud.

There are now 34 unique Azure regions, each with multiple data centres, around the world, more than twice what AWS offers. Here comes a video to show us inside a region. This is North Europe in Dublin (I’ve never been able to say exactly where due to NDA):


Hybrid cloud is more about connections. Hybrid is more than just infrastructure. It’s about consistency (psst, Microsoft Azure Stack). Use a common set of tools and skills no matter where you work. Microsoft leads in more magic quadrants than the competition combined, according to Gartner.


Guthrie starts to talk about Azure, what it is and it’s openness. You can use the best of the Linux and the best of the Windows eco-systems to build your solutions.

Donovan Brown


Demo time. Brown has a bunch of machines running in Azure and on-prem. He wants to manage them as a unified system. Azure Monitor is a new system for monitoring applications no matter where they are. Monitor in the nav bar shows us the items deployed in Azure and their resource usage. We can see Hyper-V and VMware resources too, using SCOM agent data (requires System Center). A lot of Monitor looks like duplication with Log Analytics (OMS). I’m … confused. We then see security alerts and recommendations in Azure Security Center.

Back to Guthrie.

Technical Preview 2 of Azure Stack is announced.

And we’re back to chat show time again. I’m completely tuning out this segment.

Windows Server 2016

This is a cloud platform, for a software defined data center. Just in time admin access, preventing DDOS attacks on a host by VMs, and Nano server offering new density. There is built-in support for containers, and Docker Engine is going to be available to all WS2016 customers, free of charge. Windows Serer 2016 and System Center 2016 general availability is announced. No dates mentioned, and no bits available on either MSDN or Azure. Yes, there’s an eval online, but that is meaningless.

I press pause here – I’ve a Skype Biz call I cannot get out of. Back later for more …

Conference call is over so I’m back watching the video on delay. Donovan is back on stage to talk DevOps – a big focus for MSFT, moving away from evangelizing IT pro stuff. He starts a demo with Team Services, and I check out Twitter. I fast forward past stuff that includes coding (!).

Yusuf Mehdi


There’s a video about Windows 10, with plenty of emphasis on ink/stylus and HoloLens/AR. It’s a classic Microsoft “future” video with things that are possible and others that are futuristic. By 2020, half the workforce will be millenials, so Microsoft needs to innovate on how people work and do. 44% of the workforce is expected to be freelancers (rubbish zero hour contracts?). There will 5 billion devices shipping annually – IDC predicts that Windows Phone will …. no; I’ll stop joking Smile Data growth will continue to explode (44 zettabytes). More devices and capabilities introduce more security challenges.

Microsoft product progress:

  • Windows 10 is on 400 million “monthly active devices”.
  • There are over 70 million monthly commercial users of Office 365.
  • I heard (from a player in this market) that EMS crushes MDM competition on seat sales in the EU. Azure AD protects over 1 billion logins.

Cortana demo is shown. That must be cool for the 10 countries that can use Cortana. Then there’s some inking in Office. And they do some ink sums/equations in OneNote. More Cortana – I’m not going to blog about this because it’s not relevant to 90% of us. Outlook now has Delve Analytics – so I can see who read my email and when. My Analytics in O365 is like Fitbit for your Office activity (meetings, email, multitasking, etc). Surface Hub demo (fast forward).

Another video – security threats and risks. It takes an average of 200 days to detect a breach and 80 days to recover (Source: Ponemon Institute – The Post Breach Boom, 2013). The average cost is $12m per incident. We are in an ever ending battle because every end point is under attack. End users and weaknesses in IT processes are the vulnerable targets.

Microsoft is spending over $1billion per year on security. Microsoft has the largest anti-malware system in the world, and they scan more email than anyone. They have the largest online services in the world (O365, Bing,, Azure, etc).


All this data gives Microsoft a great view of worldwide IT security, and the ability to innovate defences:


Microsoft announces protection for the browser (Edge first) in Windows Defender Application Guard. The Edge Browser is isolated using a hardware based container – that’s protection against malware, zero day threats, etc. So even if you browse an infected site, the infection cannot cross the security boundary to your machine, data, and network.

Ann Johnson


This section is all about security. Security is built from the base of the platform: Windows. Windows 10 (especially Enterprise edition) is the most secure version of Windows. We get a demo of Credential Guard. A machine with Windows 7 (no CG is running) as is a Windows 10 machine (with CG). The “hacker” launches attacks from both infected machines. The Windows 7 machine spits out password data to the hacker. The Windows 10 machine cannot retrieve passwords because they are secured in hardware by CG.

Nest up is Windows Defender Application Guard. This uses the same hardware tech as CG. Two browsers, one protected and one not, are run. The unprotected browser hits a “dodgy” website and we see that all of the Windows security features are turned off thanks to a silently downloaded payload. On another machine, nothing happens when the protected browser hits the malicious website – that’s because Application Guard isolates the browser session behind a hardware boundary.

Attacks will happen, it happens to everyone, so Microsoft is engineering for this. Windows Defender Advanced Threat Protection uses behavioural analytics to detect attacks across your network.  In a demo, an attack is opened. We can see how the attack worked. Outlook saved an attachment. This attachment is analysed. Office 365 Advanced Threat Protection is integrated with Defender ATP. We can see that this attachment attempted to send to 2 users, but O365 blocked the attachment because it received a signal from Defender that the attachment was malicious. A source is identified – a user whose identity might be compromised. The user is clicked and Microsoft Advanced Threat Analytics (ATA, a part of the EMS suite) tells us everything – the user’s ID was compromised from another user’s PC. So we have the full trace of the attack.


And other than more chat show, that was that. It was a keynote light on announcements. General sessions followed, so I guess that’s where all the news for techies will be.

Cloud & Datacenter Management 2016 Videos

I recently spoke at the excellent Cloud and Datacenter Management conference in Dusseldorf, Germany. There was 5 tracks full of expert speakers from around Europe, and a few Microsoft US people, talking Windows Server 2016, Azure, System Center, Office 365 and more. Most of the sessions were in German, but many of the speakers (like me, Ben Armstrong, Matt McSpirit, Damian Flynn, Didier Van Hoye and more) were international and presented in English.


You can find my session, Azure Backup – Microsoft’s Best Kept Secret, and all of the other videos on Channel 9.

Note: Azure Backup Server does have a cost for local backup that is not sent to Azure. You are charged for the instance being protected, but there is no storage charge if you don’t send anything to Azure.

Azure Stack Preview Is Public

Microsoft has launched the public preview of Azure Stack, something that has been in TAP for several months now. You can find the download on MSDN right now.


This is the first time that you can run services in Azure, a hosting partner, or on premises … with the same consistent experience. ARM (Azure Resource Manager) is at the heart of that consistency. On prem, you get Azure Stack (without requiring System Center) which integrates into resource providers for storage networking, etc in WS2016. Hyper-V, storage accounts, and the network fabric (Network Controller) are all in WS2016.

I’ve been told by folks in the TAP that MAS is gooood, and much easier to deploy than Windows Azure Pack (WAPack).

I doubt I’ll ever see MAS on any of my customers’ sites, but this is still a big day. And it puts Microsoft in a unique position ahead of VMware (the failed vCloud Air), Amazon and Google (public cloud only).

Microsoft News – 25-May-2015

It’s taken me nearly all day to fast-read through this lot. Here’s a dump of info from Build, Ignite, and since Ignite. Have a nice weekend!


Windows Server

Windows Client

System Center


Office 365


  • Announcing support for Windows 10 management with Microsoft Intune: Microsoft announced that Intune now supports the management of Windows 10. All existing Intune features for managing Windows 8.1 and Windows Phone 8.1 will work for Windows 10.
  • Announcing the Mobile Device Management Design Considerations Guide: If you’re an IT Architect or IT Professional and you need to design a mobile device management (MDM) solution for your organization, there are many questions that you have to answer prior to recommending the best solution for the problem that you are trying to solve. Microsoft has many new options available to manage mobile devices that can match your business and technical requirements.
  • Mobile Application Distribution Capabilities in Microsoft Intune: Microsoft Intune allows you to upload and deploy mobile applications to iOS, Android, Windows, and Windows Phone devices. In this post, Microsoft will show you how to publish iOS apps, select the users who can download them, and also show you how people in your organization can download these apps on their iOS devices.
  • Microsoft Intune App Wrapping Tool for Android: Use the Microsoft Intune App Wrapping Tool for Android to modify the behavior of your existing line-of-business (LOB) Android apps. You will then be able to manage certain app features using Intune without requiring code changes to the original application.