Remote Desktop Services | Aidan Finn, IT Pro

Ignite 2016 – Discover What’s New In Windows Server 2016 Virtualization

This post is a collection of my notes from the Ben Armstrong’s (Principal Program Manager Lead in Hyper-V) session (original here) on the features of WS2016 Hyper-V. The session is an overview of the features that are new, why they’re there, and what they do. There’s no deep-dives.

A Summary of New Features

Here is a summary of what was introduced in the last 2 versions of Hyper-V. A lot of this stuff still cannot be found in vSphere.

And we can compare that with what’s new in WS2016 Hyper-V (in blue at the bottom). There’s as much new stuff in this 1 release as there were in the last 2!

Security

The first area that Ben will cover is security. The number of attack vectors is up, attacks are on the rise, and the sophistication of those attacks is increasing. Microsoft wants Windows Server to be the best platform. Cloud is a big deal for customers – some are worried about industry and government regulations preventing adoption of the cloud. Microsoft wants to fix that with WS2016.

Shielded Virtual Machines

Two basic concepts:

A VM can only run on a trusted & healthy host – a rogue admin/attacker cannot start the VM elsewhere. A highly secured Host Guardian Service must authorize the hosts.
A VM is encrypted by the customer/tenant using BitLocker – a rogue admin/attacker/government agency cannot inspect the VM’s contents by mounting the disk(s).

There are levels of shielding, so it’s not an all or nothing.

Key Storage Drive for Generation 1 VMs

Shielding, as above, required Generation 2 VMs. You can also offer some security for Generation 1 virtual machines: Key Storage Drive. Not as secure as shielded virtual machines or virtual TPM, but it does give us a safe way to use BitLocker inside a Generation 1 virtual machine – required for older applications that depend on older operating systems (older OSs cannot be used in Generation 2 virtual machines).

Virtual Secure Mode (VSM)

We also have Guest Virtual Secure Mode:

Credential Guard: protecting ID against pass-the-hash by hiding LSASS in a secured VM (called VSM) … in a VM with a Windows 10 or Windows Server 2016 guest OS! Malware running with admin rights cannot steal your credentials in a VM.
Device Guard: Protect the critical kernel parts of the guest OS against rogue s/w, again, by hiding them in a VSM in a Windows 10 or Windows Server 2016 guest OS.

Secure Boot for Linux Guests

Secure boot was already there for Windows in Generation 2 virtual machines. It’s now there for Linux guest OSs, protecting the boot loader and kernel against root kits.

Host Resource Protection (HRP)

Ben hopes you never see this next feature in action in the field This is because Host Resource Protection is there to protect hosts/VMs from a DOS attack against a host by someone inside a VM. The scenario: you have an online application running in a VM. An attacker compromises the application (example: SQL injection) and gets into the guest OS of the VM. They’re isolated from other VMs by the hypervisor and hardware/DEP, so they attack the host using DOS, and consume resources.

A new feature, from Azure, called HRP will determine that the VM is aggressively using resources using certain patterns, and start to starve it of resources, thus slowing down the DOS attack to the point of being pointless. This feature will be of particular interest to:

Companies hosting external facing services on Hyper-V/Windows Azure Pack/Azure Stack
Hosting companies using Hyper-V/Windows Azure Pack/Azure Stack

This is another great example of on-prem customers getting the benefits of Azure, even if they don’t use Azure. Microsoft developed this solution to protect against the many unsuccessful DOS attacks from Azure VMs, and we get it for free for our on-prem or hosted Hyper-V hosts. If you see this happening, the status of the VM will switch to Host Resource Protection.

Security Demos

Ben starts with virtual TPM. The Windows 10 VM has a virtual TPM enabled and we see that the C: drive is encrypted. He shuts down the VM to show us the TPM settings of the VM. We can optionally encrypt the state and live migration traffic of the VM – that means a VM is encrypted at rest and in transit. There is a “performance impact” for this optional protection, which is why it’s not on by default. Ben also enables shielding – and he loses console access to the VM – the only way to connect to the machine is to remote desktop/SSH to it.

Note: if he was running the full host guardian service (HGS) infrastructure then he would have had no control over shielding as a normal admin – only the HGS admins would have had control. And even the HGS admins have no control over BitLocker.

He switches to a Generation 1 virtual machine with Key Storage Drive enabled. BitLocker is running. In the VM settings (Generation 1) we see Security > Key Storage Drive Enabled. Under the hood, an extra virtual hard disk is attached to the VM (not visible in the normal storage controller settings, but visible in Disk Management in the guest OS). It’s a small 41 MB NTFS volume. The BitLocker keys are stored there instead of a TPM – virtual TPM is only in Generation 2, but it’s using the same sorts of tech/encryption/methods to secure the contents in the Key Storage Drive, but it cannot be as secure as virtual TPM, but it is better than not having BitLocker. Microsoft can make the same promises with data at rest encryption for Generation 1 VMs, but it’s still not as good as a Generation 2 VM with vTPM or even a shielded VM (requires Generation 2).

Availability

The next section is all about keeping services up and running in Hyper-V, whether it’s caused by upgrades or infrastructure issues. Everyone has outages and Microsoft wants to reduce the impact of these. Microsoft studied the common causes, and started to tackle them in WS2016

Cluster OS Rolling Upgrades

Microsoft is planning 2-3 updates per year for Nano Server, plus there’ll be other OS upgrades in the future. You cannot upgrade a cluster node. And in the past we could only do cluster-cluster migrations to adopt new versions of Windows Server/Hyper-V. Now, we can:

Remove cluster node 1
Rebuild cluster node 1 with the new version of Windows Server/Hyper-V
Add cluster node 1 to the old cluster – the cluster runs happily in mixed-mode for a short period of time (weeks), with failover and Live Migration between the old/new OS versions.
Repeat steps 1-3 until all nodes are up to date
Upgrade the cluster functional level – Update-ClusterFunctionalLevel (see below for “Emulex incident”)
Upgrade the VMs’ version level

Zero VM downtime, zero new hardware – 2 node cluster, all the way to a 64 node cluster.

If you have System Center:

Upgrade to SCVMM 2016.
Let it orchestrate the cluster upgrade (above)

Supports starts with WS2012 R2 to WS2016. Re-read that statement: there is no support for W2008/W2008 R2/WS2012. Re-read that last statement. No need for any questions now

To avoid an “Emulex incident” (you upgrade your hosts – and a driver/firmware fails even though it is certified, and the vendor is going to take 9 months to fix the issue) then you can actually:

Do the node upgrades.
Delay the upgrade to the cluster functional level for a week or two
Test your hosts/cluster for driver/firmware stability
Rollback the cluster nodes to the older OS if there is an issue –> only possible if the cluster functional level is on the older version.

And there’s no downtime because it’s all leveraging Live Migration.

Virtual Machine Upgrades

This was done automatically when you moved a VM from version X to version X+1. Now you control it (for the above to work). Version 8 is WS2016 host support.

Failover Clustering

Microsoft identified two top causes of outages in customer environments:

Brief storage “outages” – crashing the guest OS of a VM when an IO failed. In WS2016, when an IO fails, the VM is put in a paused-critical state (for up to 24 hours, by default). The VM will resume as soon as the storage resumes.
Transient network errors – clustered hosts being isolated causing unnecessary VM failover (reboot), even if the VM was still on the network. A very common 30 seconds network outage will cause a Hyper-V cluster to panic up to and including WS2012 R2 – attempted failovers on every node and/or quorum craziness! That’s fixed in WS2016 – the VMs will stay on the host (in an unmonitored state) if they are still networked (see network protection from WS2012 R2). Clustering will wait (by default) for 4 minutes before doing a failover of that VM. If a host glitches 3 times in an hour it will be automatically quarantined, after resuming from the 3rd glitch, (VMs are then live migrated to other nodes) for 2 hours, allowing operator inspection.

Guest Clustering with Shared VHDX

Version 1 of this in WS2012 R2 was limited – supported guest clusters but we couldn’t do Live Migration, replication, or backup of the VMs/shared VHDX files. Nice idea, but it couldn’t really be used in production (it was supported, but functionally incomplete) instead of virtual fibre channel or guest iSCSI.

WS2016 has a new abstracted form of Shared VHDX – it’s even a new file format. It supports:

Backup of the VMs at the host level
Online resizing
Hyper-V Replica (which should lead to ASR support) – if the workload is important enough to cluster, then it’s important enough to replicate for DR!

One feature that does not work (yet) is Storage Live Migration. Checkpoint can be done “if you know what you are doing” – be careful!!!

Replica Support for Hot-Add VHDX

We could hot-add a VHDX file to a VM, but we could not add that to replication if the VM was already being replicated. We had to re-replicate the VM! That changes in WS2016, thanks to the concept of replica sets. A new VHDX is added to a “not-replicated” set and we can move it to the replicated set for that VM.

Hot-Add Remove VM Components

We can hot-add and hot-remove vNICs to/from running VMs. Generation 2 VMs only, with any supported Windows or Linux guest OS.

We can also hot-add or hot-remove RAM to/from a VM, assuming:

There is free RAM on the host to add to the VM
There is unused RAM in the VM to remove from the VM

This is great for those VMs that cannot use Dynamic Memory:

No support by the workload
A large RAM VM that will benefit from guest-aware NUMA

A nice GUI side-effect is that guest OS memory demand is now reported in Hyper-V Manager for all VMs.

Production Checkpoints

Referring to what used to be called (Hyper-V) snapshots, but were renamed to checkpoints to stop dumb people from getting confused with SAN and VSS snapshots – yes, people really are that stupid – I’ve met them.

Checkpoints (what are now called Standard Checkpoints) were not supported by many applications in a guest OS because they lead to application inconsistency. WS2016 adds a new default checkpoint type called a Production Checkpoint. This basically uses backup technology (and IT IS STILL NOT A BACKUP!) to create an application consistent checkpoint of a VM. If you apply (restore) the checkpoint the VM:

The VM will not boot up automatically
The VM will boot up as if it was restoring from a backup (hey dumbass, checkpoints are STILL NOT A BACKUP!)

For the stupid people, if you want to backup VMs, use a backup product. Altaro goes from free to quite affordable. Veeam is excellent. And Azure Backup Server gives you OPEX based local backup plus cloud storage for the price of just the cloud component. And there are many other BACKUP solutions for Hyper-V.

Now with production checkpoints, MSFT is OK with you using checkpoints with production workloads …. BUT NOT FOR BACKUP!

Demos

Ben does some demos of the above. His demo rig is based on nested virtualization. He comments that:

The impact of CPU/RAM is negligible
There is around a 25% impact on storage IO

Storage

The foundation of virtualization/cloud that makes or breaks a deployment.

Storage Quality of Service (QOS)

We had a basic system in WS2012 R2:

Set max IOPS rules per VM
Set min IOPS alerts per VM that were damned hard to get info from (WMI)

And virtually no-one used the system. Now we get storage QoS that’s trickled down from Azure.

In WS2016:

We can set reserves (that are applied) and limits on IOPS
Available for Scale-Out File Server and block storage (via CSV)
Metrics rules for VHD, VM, host, volume
Rules for VHD, VM, service, or tenant
Distributed rule application – fair usage, managed at storage level (applied in partnership by the host)
PoSH management in WS2016, and SCVMM/SCOM GUI

You can do single-instance or multi-instance policies:

Single-instance: IOPS are shared by a set of VMs, e.g. a service or a cluster, or this department only gets 20,000 IOPS.
Multi-instance: the same rule is applied to a group of VMs, the same rule for a large set of VMs, e.g. Azure guarantees at least X IOPS to each Standard storage VHD.

Discrete Device Assignment – NVME Storage

DDA allows a virtual machine to connect directly to a device. An example is a VM connects directly to extremely fast NVME flash storage.

Note: we lose Live Migration and checkpoints when we use DDA with a VM.

Evolving Hyper-V Backup

Lots of work done here. WS2016 has it’s only block change tracking (Resilient Change Tracking) so we don’t need a buggy 3rd party filter driver running in the kernel of the host to do incremental backups of Hyper-V VMs. This should speed up the support of new Hyper-V versions by the backup vendors (except for you-know-who-yellow-box-backup-to-tape-vendor-X, obviously!).

Large clusters had scalability problems with backup. VSS dependencies have been lessened to allow reliable backups of 64 node clusters.

Microsoft has also removed the need for hardware VSS snapshots (a big source of bugs), but you can still make use of hardware features that a SAN can offer.

ReFS Accelerated VHDX Operations

Re-FS is the preferred file system for storing VMs in WS2016. ReFS works using metadata which links to data blocks. This abstraction allows very fast operations:

Fixed VHD/X creation (seconds instead of hours)
Dynamic VHD/X expansion
Checkpoint merge, which impacts VM backup

Note, you’ll have to reformat WS2012 R2 ReFS to get the new version of ReFS.

Graphics

A lot of people use Hyper-V (directly or in Azure) for RDS/Citrix.

RemoteFX Improvements

The AVC444 thing is a lossless codec – lossless 3D rendering, apparently … that’s gobbledegook to me.

DDA Features and GPU Capabilities

We can also use DDA to connect VMs directly to CPUs … this is what the Azure N-Series VMs are doing with high-end NVIDIA GFX cards.

DirectX, OpenGL, OpenCL, CUDA
Guest OS: Server 2012 R2, Server 2016, Windows 10, Linux

The h/w requirements are very specific and detailed. For example, I have a laptop that I can do RemoteFX with, but I cannot use for DDA (SRIOV not supported on my machine).

Headless Virtual Machine

A VM can be booted without display devices. Reduces the memory footprint, and simulates a headless server.

Operational Efficiency

Once again, Microsoft is improving the administration experience.

PowerShell Direct

You can now to remote PowerShell into a VM via the VMbus on the host – this means you do not need any network access or domain join. You can do either:

Enter-PSSession for an interactive session
Invoke-Command for a once-off instruction

Supports:

Host: Windows 10/WS2016
Guest: Windows 10/WS2016

You do need credentials for the guest OS, and you need to do it via the host, so it is secure.

This is one of Ben’s favourite WS2016 features – I know he uses it a lot to build demo rigs and during demos. I love it too for the same reasons.

PowerShell Direct – JEA and Sessions

The following are extensions of PowerShell Direct and PowerShell remoting:

Just Enough Administration (JEA): An admin has no rights with their normal account to a remote server. They use a JEA config when connecting to the server that grants them just enough rights to do their work. Their elevated rights are limited to that machine via a temporary user that is deleted when their session ends. Really limits what malware/attacker can target.
Justin-Time Administration (JITA): An admin can request rights for a short amount of time from MIM. They must enter a justification, and company can enforce management approval in the process.

vNIC Identification

Name the vNICs and make that name visible in the guest OS. Really useful for VMs with more than 1 vNIC because Hyper-V does not have consistent device naming.

Hyper-V Manager Improvements

Yes, it’s the same MMC-based Hyper-V Manager that we got in W2008, but with more bells and whistles.

Support for alternative credentials
Connect to a host IP address
Connect via WinRM
Support for high-DPI monitors
Manage WS2012, WS2012 R2 and WS2016 from one HVM – HVM in Win10 Anniversary Update (The big Redstone 1 update in Summer 2016) has this functionality.

VM Servicing

MS found that the vast majority of customers never updated the Integration services/components (ICs) in the guest OS of VMs. It was a horrible manual process – or one that was painful to automate. So customers ran with older/buggy versions of ICs, and VMs often lacked features that the host supported!

ICs are updated in the guest OS via Windows Update on WS2016. Problem sorted, assuming proper testing and correct packaging!

MSFT plans to release IC updates via Windows Update to WS2012 R2 in a month, preparing those VMs for migration to WS2016. Nice!

Core Platform

Ben was running out of time here!

Delivering the Best Hyper-V Host Ever

This was the Nano Server push. Honestly – I’m not sold. Too difficult to troubleshoot and a nightmare to deploy without SCVMM.

I do use Nano in the lab. Later, Ben does a demo. I’d not seen VM status in the Nano console before, which Ben shows – the only time I’ve used the console is to verify network settings that I set remotely using PoSH There is also an ability to delete a virtual switch on the console.

Nested Virtualization

Yay! Ben admits that nested virtualization was done for Hyper-V Containers on Azure, but we people requiring labs or training environments can now run multiple working hosts & clusters on a single machine!

VM Configuration File

Short story: it’s binary instead of XML, improving performance on dense hosts. Two files:

.VMCX: Configuration
.VMRS: Run state

Power Management

Client Hyper-V was impacted badly by Windows 8 era power management features like Connected Standby. That included Surface devices. That’s sorted now.

Development Stuff

This looks like a seed for the future (and I like the idea of what it might lead to, and I won’t say what that might be!). There is now a single WMI (Root\HyperVCluster\v2) view of the entire Hyper-V cluster – you see a cluster as one big Hyper-V server. It really doesn’t do much now.

And there’s also something new called Hyper-V sockets for Microsoft partners to develop on. An extension of the Windows Socket API for “fast, efficient communication between the host and the guest”.

Scale Limits

The numbers are “Top Gear stats” but, according to a session earlier in the week, these are driven by Azure (Hyper-V’s biggest customer). Ben says that the numbers are nuts and we normals won’t ever have this hardware, but Azure came to Hyper-V and asked for bigger numbers for “massive scale”. Apparently some customers want massive super computer scale “for a few months” and Azure wants to give them an OPEX offering so those customers don’t need to buy that h/w.

Note Ben highlights a typo in max RAM per VM: it should say 12 TB max for a VM … what’s 4 TB between friends?!?!

Ben wraps up with a few demos.

Ignite 2016 – Extend the Microsoft RDS platform in Azure through Citrix solutions

This post is my set of notes from the session that shows us how Citrix are extending Azure functionality, including the 1st public demo of Citrix Express, which will replace Azure RemoteApp in 2017.

The speakers are:

Scott Manchester (main presenter), Principal Group Program Manager, Microsoft
Jitendra Deshpande, Citrix
Kireeti Valicherla, Citrix

RDS

A MSFT-only solution with multiple goals:

Two on-prem solutions:

Session-based computing
VDI

In the cloud:

Session-based computing: RDS in VMs or the deprecated Azure RemoteApp
VDI “on Windows 10” … Manchester alludes to some licensing change to allow Enterprise edition of the desktop to be used in cloud-based VDI, which is not possible in any way with a desktop OS right now (plenty do it, breaking licensing rules, and some “do it” using a Server OS with GUI).

RDS Improvements in WS2016

Increased performance
Enhanced scale in the broker
Optimized for the cloud – make it easier to deploy it – some is Azure, some RDS, some licensing.

Azure N-Series

There are a set of VMs that are ideal for graphics intensive RDS/Citrix workloads. They use physical NVIDIA GPUs that are presented to the VM directly using Hyper-V DDA (as in WS2016 Hyper-V).

I skip some of the other stuff that is covered in other sessions.

Citrix

Kiritee from Citrix XenApp/XenDesktop takes the stage. He’s focused on XenApp Express, a new from-Azure service that will be out in 2017.

XenApp 7.11 has Day 1 support for WS2016:

Host WS2016 workloads
Host XenApp and XenDesktop infrastructure
Workload provisioning on ARM
Deliver new universal apps to any device
Accelerate app migration with AppDNA

XenApp/XenDesktop For N-Series VMs

HDX can be used with N-Series Azure VMs. This includes graphics professionals and designers on “single user Windows 10 CBB VMs” with multi-monitor NVENC H.264 hardware encoding.

Options for Azure Migration

Jitendra of Citrix takes over. He works on XenApp cloud and XenApp Express.

You can extend workloads to Azure, host workloads in Azure, or run on a Citrix-managed service in Azure. In the latter, the management is in Citrix, and your workload runs in Azure. Citrix seamlessly update the management pieces and you just use them without doing upgrades.

These are the Citrix/Azure offerings today and in the future:

Back to Kireeti.

Next Generation Service for Remoting Apps

XenApp Express, out of the Azure Marketplace, will be the successor to Azure RemoteApp.

Citrix Cloud will provide the management – it’s actually hosted on Azure. You bring your own Windows Server Images into XenApp Express, much like we do with Azure RemoteApp – it an image with the apps pre-installed.

Bad news: The customer must have RDS CALs with Software Assurance (Volume Licensing, and yes, SA is required for cloud usage) or RDS SALs (SPLA). The cost of Azure Remote included the monthly cost of RDS licensing.

The VMs that are deployed are run in your Azure subscription and consume credit/billing there.

Management is done via another portal in Citrix Cloud. Yes, you’ll need to use Azure Portal and the Citrix Cloud portal.

Here is the release timeline. A technical preview will be some time in Q4 of this year.

Next up, a demo, by Jitendra (I think – we cannot see the presenters in the video). The demo is with a dev build, which will likely change before the tech preview is launched.

You “buy” Citrix XenApp Express in the Azure Marketplace – this limits transactions to certain kinds of subscriptions, e.g. EA but not CSP.
You start by creating an App Collection – similar to Azure RemoteApp. You can make it domain-joined or not-domain joined. A domain should be available from your Azure VNet.
Add your Azure subscription details – subscription, resource group (region), VNET, subnet.
Enter your domain join details – very similar to Azure RemoteApp – domain, OU, computer account domain-join account name/password.
You can use a Citrix image or upload your own image. Here you also select a VM series/size, configure power settings, etc, to control performance/scale/pricing.
You can set your expected max number of simultaneous users.
The end of the wizard shows an estimated cost calculator for your Azure subscription.
You click Start Deployment
Citrix reaches into your subscription and creates the VMs.
Afterwards, you’ll need to publish apps in your app collection.
Then you assign users from your domain – no mention if this is from a DC or from Azure AD.
The user uses Citrix Receiver or the HTML 5 client to sign into the app collection and use the published apps.

The Best Way To Deliver Windows 10 Desktop From The Cloud

Cloud-based VDI using a desktop OS – not allowed up to now under Windows desktop OS (DESKTOP OS) licensing.

There are “new licensing changes” to move Windows 10 workloads to Azure. Citrix XenDesktop will be based on this.

XenDesktop for Windows 10 on Azure is managed from Citrix Cloud (as above). You manage and provision the service from here, managing what is hosted in Azure.
Windows 10 Enterprise CBB licensing is brought by the customer. The customer’s Azure subscription hosts the VDI VMs and your credit is consumed or you pay the Azure bill. They say it must be EA/SA, but that’s unclear. Is that EA with SA only? Can an Open customer with SA do this? Can a customer getting the Windows 10 E3 license via CSP do this? We do not know.

Timeline – GA in Q4 of this year:

Next up, a demo.

They are logged into Citrix Cloud, which is first purchased via the Azure Marketplace – limited to a small set of Azure subscriptions, e.g. EA but not CSP at the moment.
A hosting connection to an Azure subscription is set up already.
They create a “machine catalog” – a bunch of machines.
The wizard allows you to only do a desktop OS (this is a Windows 10 service). The wizard allows pooled/dedicated VMs, and you can configure how user changes are saved (local disk, virtual disk, discarded). You then select the VHD master image, which you supply to Citrix. You can use Standard (HDD) or Premium (SSD) storage in Azure for storing the VM. And then you select the quantity of VMs to create and the series/size (from Azure) to use – this will include the N-Series VMs when they are available. There’s more – like VM networking & domain join that you can do (they don’t show this).
He signs into a Windows 10 Azure VM from a Mac, brokered by Citrix Cloud.

That’s all folks!

Technorati Tags: Event Notes,Azure,Citrix,RDS,Remote Desktop Services,VDI,Windows 10,Windows Server 2016

Microsoft News – 30 September 2015

Microsoft announced a lot of stuff at AzureCon last night so there’s lots of “launch” posts to describe the features. I also found a glut of 2012 R2 Hyper-V related KB articles & hotfixes from the last month or so.

Hyper-V

The uptime value of the Hyper-V Management console changes to the resume time of the last pause on Windows Server 2012 and Windows Server 2012 R2: The uptime value of the Hyper-V Management console changes to the resume time of the last pause instead of the time when backup completed
A virtual machine that is running on Windows Server 2012 R2 may not start: Not enough memory in the system to start the virtual machine ‘<Virtual Machine Name>’.
Non-queued commands are sent to disk controller on a Windows Server 2012 R2-based Hyper-V host server: A solution to a non-described issue – how weird!
Cluster service stops during the VSS backup in a Windows Server 2012 R2-based Hyper-V cluster: When multiple VSS backups are in progress, the cluster service may crash because of inconsistent state in the CSV VSS provider. Then, all virtual machines go offline because of the CSV failure.
Hyper-V storage migration failure and “ERROR_BAD_COMMAND” error in Windows Server 2012 R2 or Windows Server 2012: You get “Migration did not succeed. Not enough disk space at ‘\’. ” when doing Storage Live Migration to a CSV or Hyper-V Replica stops with ERROR_BAD_COMMAND.

Windows Server

Applications can’t perform I/Os in Windows Server 2012 R2: When a disk fails or isn’t responsive and a large number of I/O port transitions are pending, I/Os may be stalled because the storage adapter is paused and will be resumed after a time-out period as specified by the miniport.
Changed cluster properties revert to default values on cluster nodes that run Windows Server 2012 R2 or Windows Server 2008 SP2: ameSubnetDelay, SameSubnetThreshold, CrossSubnetDelay, or CrossSubnetThreshold properties revert to original values.
Cluster services go offline when there’s a connectivity issue in Windows Server 2012 R2 or Windows Server 2012: The cluster nodes in both datacenters lose quorum and fail when a connectivity issue occurs between datacenters.

Azure

Using Azure Automation to take action on Azure Alerts: Reduce human effort by automation solutions to recurring problems.
Announcing expanded Microsoft Azure support for financial services customers: Adding European Network and Information Security Agency (ENISA) Information Assurance Framework (IAF) and the Shared Assessments Program (formerly known as BITS Shared Assessments).
Microsoft ExpressRoute – Office 365, Azure Government Cloud, more partners, simplified billing: Place equipment (e.g. SANs) in Microsoft “Meet-Me” locations with low latency connections (1-2 ms) to Azure.
Azure Container Service – Now and the Future: Azure Container Service builds on our work with Docker and Mesosphere to create and manage scalable clusters of host machines onto which containerized applications can be deployed, orchestrated, and managed.
Making the cloud more secure: Azure Security Center—a new Azure service that gives you visibility and control of the security of your Azure resources without impeding agility, and helps you stay ahead of cyber threats even as they evolve.
Azure File Storage, now generally available: Shared storage for APPLICATION data. This is not for user files.
How to use Azure File storage with Windows: Here are the Linux instructions.
Azure Storage Improvements: A roundup, including Premium Storage improvements and region support of Import/Export.
Monitor your Azure RemoteApp environment with OpInsight – Part 3: Monitoring the usage of your Azure RemoteApp collection.

Office 365

Announcing general availability of ExpressRoute for Office 365: This direct connection offers customers more predictable network performance, an SLA for guaranteed availability and additional data privacy.
Office 365 release options: Why am I not getting the Office 365 Click-To-Run update from Office 365? Are you in the Standard Release or First Release update rings?

EMS

Microsoft Intune Company Portal for Android: A new version.

Technorati Tags: Hyper-V,Windows Server 2012 R2,Windows Server 2012,Backup,Failover Clustering,DR,Azure,Cloud,Cloud Computing,Hybrid Cloud,PowerShell,Scripting,Networking,Containers,Storage,Remote Desktop Services,Office,Office 365,EMS,Intune

Microsoft News – 28 September 2015

Wow, the year is flying by fast. There’s a bunch of stuff to read here. Microsoft has stepped up the amount of information being released on WS2016 Hyper-V (and related) features. EMS is growing in terms of features and functionality. And Azure IaaS continues to release lots of new features.

Hyper-V

The Mysterious Case of Infrequent Network Connectivity Issues on 2 Hyper-V VMs Out of 40 Guests: Some PowerShell troubleshooting.
Storage Migration “Operation not allow for VM because Hyper-V State is yet to be initialized from Virtual Machine Configuration” (0x80070015): A fix or workaround to solve this problem.
Missing Hyper-V VMs on Windows 10 – Build 10547: A bug in this insider build hides non v5.0 VMs.
Hyper-converged with Windows Server 2016: Run your storage (Storage Spaces Direct, not SOFS) and Hyper-V cluster on the same hardware.
Configuring site awareness for your multi-active disaggregated datacenters: Solving one of the biggest issues with using Failover Clustering as a DR solution.
Introduction to Linux and FreeBSD on Hyper-V: The Linux Integration Services (LIS). Note that LIS 4.0 can be installed on some distros that have previous versions of LIS built in.
Running Hyper-V on Nano in Windows Server 2016 TP3: For you large scale customers that can afford to lose a host.
Running Nano from Windows Server 2016 TP3 on Hyper-V: Teeny tiny VMs for running born-in-the-cloud services.
Do you know how fast your disks are? I’ve seen expensive customer deployments with over-specced hosts and sh1te SANs where one ordinary VM could effectively shut down the cluster because the SAN couldn’t keep up.
Virtual Machine Storage Resiliency in Windows Server 2016: A very nice resiliency feature from the Hyper-V storage folks.

Windows Client

Windows 10 servicing and deployment guidance now available: Learn about Windows as a Service.
Introduction to Windows 10 servicing: How enterprises can keep devices current with the latest feature upgrades, make better use of Windows Update, and what the new servicing options mean for support lifecycles.
Windows 10 – Reducing the disk footprint: how to deploy Windows 10 with the new smaller installation footprint – great for machines with smaller storage (tablets and ultrabooks)

Azure

Azure Backup – Announcing general availability of backup for Azure IaaS VMs: This vital service for VMs has gone GA with a number of improvements.
Azure Backup of IaaS VMs Generally Available: A post I wrote for Petri.com.
Remote Desktop Services DR Solution using ASR – Guidance: A best practices guide from Microsoft.
SharePoint DR Solution using ASR – Guidance: A best practices guide from Microsoft.
Microsoft Exchange DR Solution using ASR – Guidance: A best practices guide from Microsoft.
A VM that Azure Site Recovery helps protect goes into a resynchronization state: Each VHD must be 1023 GB or less.
Source Control Integration in Azure Automation: Manage your automations scripts.
Monitor your Azure RemoteApp environment with OpInsight – Part 1: A nice hack.
Monitor your Azure RemoteApp environment with OpInsight – Part 2: Continuing the hack.
Microsoft showcases the Azure Cloud Switch (ACS): Linux? Linux! Linux?! Yes; Linux.
September update – Azure Preview Portal improvements: Ibiza continues to evolve in the very long preview. This is starting to feel like the GMail beta. There are some good improvements here, but the lateral scale of the UI needs to be chopped by 80%, or we should get an 80″ Surface Hub for free with every Azure subscription.
Use Azure as Virtual DR Site for VMware and Physical Servers: A post I wrote for Petri.com.
August updates to Azure RemoteApp: Some updates.
How does Azure RemoteApp save user data and settings? I really do not like this solution – I prefer to use a virtual file server with domain membership on the VNet because I have some measure of control.
ADFS Publishing via Azure Traffic Manager : Ah yeah, geo-redundant ADFS.

System Center

Near Real-time Performance Data Collection in OMS: Could this be the start of the replacement of SCOM with a cloud service?
Deploy Software Defined Networks using Virtual Machine Manager : A document based on TP3 of System Center 2016.
2nd Edition of Microsoft System Center: Building a Virtualized Network Solution now available and free to download: Featuring Irish MVP, Damian Flynn.
How to Deploy Host Guardian Service using Service Templates in VMM Tech Preview 3: The new WS2016 Hyper-V security feature.

Office 365

The New Office is Here: In case you missed it, Office 2016 launched this week. O365 customers will get is based on which servicing branch they are in. You might not see it for months if you are in the Current Branch for Business (Pro Plus plans default to this).
What’s new in Office 2016: Why should you upgrade, and what should you look for if you have upgrade rights?
Admins—get ready for Office 2016, rollout begins September 22: I’d tweeted several months ago that I’d heard September was the month, so I am not surprised at all.
Announcing the Office 365 Service Trust Portal: STP is a service feature in Office 365 designed to provide deeper information on how Microsoft manages security, compliance and privacy.
Office 365 Import Service—migration to SharePoint Online and OneDrive for Business just became easier: An out-of-band transfer using hard disks, similar to the Azure import service.
Introducing Office 365 Planner: A “simple and highly visual way to organize teamwork”.
Step-By-Step – Setting up AD FS and Enabling Single Sign-On to Office 365: Set up single sign-on.
How to use your Office 365 subscription with Azure RemoteApp: There’s a new “with O365” template that you can use now. Use your ProPlus installation rights in Azure’s RDS.

EMS

Coming soon – New features for managing Windows 10 and iOS devices: New features between September 25 and October 5.
Day Zero Support for iOS 9 with Intune: Manage your iPhones and iPads.
Azure Active Directory B2B collaboration: Inter-company federation via Azure AD.
Azure AD Premium Dashboard is in preview: Microsoft has turned on the Azure Active Directory Premium Dashboard – available in North America only at this point.
Azure AD B2C and B2B are now in Public Preview:
Learn all about the Azure AD B2B Collaboration Preview: Learn more about the Biz-2-Biz preview.

Security

Tracking a Bluetooth Skimmer Gang in Mexico: A whole new way of skimming your card at the ATM, thanks to the ATM engineers.
Tracking Bluetooth Skimmers in Mexico, Part II: More on this story.
Who’s Behind Bluetooth Skimming in Mexico? A very professional criminal operation.

Miscellaneous

Microsoft heads back to court on September 9th: A post I wrote about the Irish datacenter and US warrant appeal.

Technorati Tags: Microsoft,Hyper-V,Virtualisation,Failover Clustering,Storage,Storage Spaces,Linux,Windows 10,Azure,Cloud,Cloud Computing,Hybrid Cloud,Backup,Remote Desktop Services,DR,Active Directory,System Center,VMM,Security,Office,Office 365,Licensing,EMS,Intune

Microsoft News – 7 September 2015

Here’s the recent news from the last few weeks in the Microsoft IT Pro world:

Hyper-V

Configuring Default Checkpoint type in Windows 10: How to automatically get the legacy style checkpoint behaviour – might be useful in test/dev/demo labs.
Hyper-V Dynamic Memory Versus Virtual NUMA: The two incompatible memory optimization techniques. A post I wrote for Petri.com.
Workgroup and Multi-domain clusters in Windows Server 2016: Note: Workgroup clusters do not support Live Migration (hence useless to most).
Site-aware Failover Clusters in Windows Server 2016: Making stretch clusters more suitable. An interesting option is “preferred site” of a (entire) cluster.
Linux Integration Services 4.0 Update: An update to the Linux integration components for Hyper-V.

Windows Server

How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012: You might disable SMBv1 in totally modern deployments, but I prefer to stay on the well walked path.
Announcing Windows Server 2016 Containers Preview: Post by Scott Guthrie.
Microsoft and Mesosphere partner to bring Mesos container orchestration across Windows and Linux worlds: Container orchestration comes to Windows.
Microsoft and Intel showcase Storage Spaces Direct with NVM Express at IDF ’15: 4.2 million IOPS with S2D.
Data Deduplication in Windows Server Technical Preview 3: BIG improvements for scalability and backup.
Comparing Work Folders and Offline Files: I bet you’ve never heard of Work Folders – what I call “company owned DropBox”.
Work Folders encryption on Windows: Security with replicated files.
Windows Server 2016 Installation Option Changes: Our feedback was listened to.

Windows

Adjusting the Network Protocol Bindings in Windows 10: I guess the same applies to Windows Server 2016.
Windows 10 Pre-Upgrade Validation using SETUP.EXE: Using /Compat ScanOnly.
MDOP 2015 and more tools are now available: Windows 10 support.

System Center

DPM 2012 R2 UR7 re-released: Wow, a System Center update rollup had issues. Whoda thunk it?!?!?!

Azure

Mandatory update for Azure Backup to avoid an authentication error for ongoing backups: You must have a MARS agent that released August 19 2015 or later.
AzCopy – Introducing Append Blob, File Storage Asynchronous Copying, File Storage Share SAS, Table Storage data exporting to CSV and more: AzCopy 3.2.0 and AzCopy 4.2.0-preview are now released.
Azure Backup update – New features in IaaS VM backup support: Support for up to 16 data disks, retention up to 99 years, improved performance, and reporting.
Azure Premium Storage expanding in more regions: Adding Central US, East US, East Asia, and North Europe.
Announcing the GS-Series: Adding Premium Storage Support to the Largest VMs in the Public Cloud: Big and fast.
Boot Diagnostics for Virtual Machines: Needed because there’s not KVM access.
A Look at Microsoft’s New Hybrid Cloud Features: A post I wrote for Petri.com.
How to Link an Azure RemoteApp collection to your existing Azure Virtual Network Without Domain Join: If you have applications that don’t require domains. Beware that this will cause messy session hosts without GPO to control user access/storage from a central point.

Office 365

What’s new – July 2015: Apps galore.
What’s new – August 2015: The education SKUs are getting a “shake up”.
Microsoft is reducing its number of portals, merging Intune with Office 365: Good idea … but I am sceptical of the success/future of this.

Intune

Windows 10, Azure AD and Microsoft Intune: Automatic MDM enrollment powered by the cloud: See the new Active Directory in action.
Microsoft Advanced Threat Analytics in now GA: This EMS bundle member is now available for detecting nefarious usage of company identity.

Events

Meet AzureCon: A virtual event on Azure on September 29th, starting at 9am Pacific time, 5pm UK/Irish time.

Technorati Tags: Hyper-V,Virtualisation,Failover Clustering,Linux,Windows Server 2016,Windows Server 2012 R2,Storage,Networking,Windows 10,Deployment,DPM,System Center,Azure,Cloud,Cloud Computing,Hybrid Cloud,Backup,Remote Desktop Services,Office 365,Intune,Active Directory,Events

Microsoft News – 29 June 2015

As you might expect, there’s lots of Azure news. Surprisingly, there is still not much substantial content on Windows 10.

Hyper-V

What is the Windows Server Network Controller? A post I wrote for Petri.com.
Virtual Machine Compute Resiliency in Windows Server 2016: Dealing with transient cluster failures and keeping VMs online.
NEW RDS deployment model – Personal Session Desktops: A VDI scenario without using a client OS. In Windows Server 2016 additional improvements have been added to the Desktop Experience feature to make the Server OS look even more as a (Windows 10) Client OS. You will “… essentially be able to do “VDI” in Azure where every user will have a fully persistent desktop with options to allow user installed applications or maybe even local admin privileges”.
Script – Image Factory for Hyper-V: A handy solution from Ben Armstrong.
Handy Tool for Converting KVM / VMware Images to Hyper-V: A solution for V2V conversions from KVM to Hyper-V for when you’ve realised that your boss was an idiot.

Windows Server

DNS Server Startup Time Improvements in Windows Server 2012 R2: Tuning for those people running HUGE DNS databases (40,000 to 50 million records!).
PowerShell Script to build your Nano Server Image: Deploying Nano Server
How to use WDS to PxE Boot a Nano Server VHD: Do a network boot with Nano Server – How UNIX-y!
Microsoft Support for Secure Shell (SSH): Light on details: ” the PowerShell team will support and contribute to the OpenSSH community”.

Windows Client

Most IT Pros Expect To Deploy Windows 10 Within 2 Years: “40 percent of IT pro participants were planning to deploy Windows 10 within the first year of release … [another] 33 percent were planning Windows 10 deployments within two years”.
Windows 10 – What’s next for Microsoft’s Insider testers: Microsoft gets it “right” on the 3rd attempt. Maybe.
Azure AD, Microsoft Intune and Windows 10 – Using the cloud to modernize enterprise mobility: Azure AD is the glue (a common theme).

Azure

Azure RemoteApp – User Connection Error: For “With VPN” or hybrid deployments, sort out your UPNs to ensure that the AAD and the LAD user accounts match up. First a user signs into AAD via the RemoteApp client, and then they sign into AAD using Remote Desktop.
Azure RemoteApp – App-V Support Part 1: Deliver apps to RemoteApp using virtualization. App-V Standalone.
Azure RemoteApp – App-V Support Part 2: Full App-V infrastructure.
Step through creating a Resource Manager-based Azure Virtual Machine with PowerShell: A LOT of code is required, but once you have it, it’s quicker to create VMs using PoSH than via the GUI.
Container Apps now available in the Azure Marketplace: It’s Docker time!
Troubleshoot Secure Shell (SSH) Connections to a Linux-based Azure Virtual Machine: Steps to fix this complex scenario.
Sync Azure RemoteApp Collection Membership with Azure Automation: A clever solution to populate an App Collection with the members of an AD group.
How to Create and Validate a Microsoft Azure Active Directory Domain: A post I wrote for Petri.com.
How To Upload Files to Microsoft Azure: A post I wrote for Petri.com.
Wormhole Area Networking and Microsoft Azure: Pending patent – a post I wrote for Petri.com.
Easier Azure VM Deployment with the Custom Script Extension: A post I wrote for Petri.com.
Using the Microsoft Azure Storage Explorer Tools: A post I wrote for Petri.com.
Sharing Files in the Cloud using Azure Files: How to use the Storage Accounts Files service between VMs.
Improving Microsoft Azure File Server Performance with BranchCache: A post I wrote for Petri.com.
Enable Distributed BranchCache on a Microsoft Azure File Server: A post I wrote for Petri.com.
Does Azure Backup Work? A post I wrote for Petri.com.
Microsoft Launches New Microsoft Azure VM Pricing Tool: A post I wrote for Petri.com.
Key Vault is now generally available: This HSM in the cloud offering is now GA. Example usage: central SSL cert storage and VM full disk encryption (coming soon).
Azure Active Directory Premium reporting now detects leaked credentials: Detect when your users have lost control of their usernames and passwords.
DevOps Basics – Infrastructure as Code: Deploying VMs using ARM templates via the Ibiza portal.
DevOps Basics – Infrastructure as Code – The PowerShell Method: An alternative to the previous.
Azure AD Conditional Access preview update – More apps and blocking access for users not at work: Note conditional access to Azure RemoteApp.
May updates to Azure RemoteApp: What changed?

Office 365

Announcing auto-expanding, highly scalable archives for Office 365 email: To accommodate customers who require very, very large archiving storage, Microsoft announced new auto-expanding, highly scalable archiving.
Exchange Online Advanced Threat Protection is now available: A new subscription service for unknown malware, real-time protection against malicious URLs, and reporting.
7 new Exchange Online Protection enhancements: Improving the basic service.
What’s new – May 2015: A summary of O365 improvements.
Introducing Compliance Search in Office 365: A faster and more lightweight way of searching within your organization’s data in Office 365.
Rights Management Service departmental templates comes to Office 2013: A feature that allows organizations to define different policies that will be deployed to different departments (or roles) for their use in documents and emails, now natively supported in Office 2013.
New Intune capabilities for Outlook on iOS and Android: Customers using Outlook for iOS and Android can now use built-in MDM for Office 365 or Microsoft Intune to secure email data on mobile devices within their organization.

EMS

New features coming to Intune over the next week: Starting June 22 and ending July 2.
Microsoft adds Advanced Threat Analytics to its Enterprise Mobility Suite: More security coming to EMS (cloud) and ECS (on-prem).

Misc

Samsung Accused of Blocking Security Updates in its PCs: Are OEMs stupid, ignorant, or do they just not care? IMO, this one is a grey area.

Technorati Tags: Microsoft,Hyper-V,Windows Server 2016,Windows Server 2012 R2,DNS,Virtualisation,PowerShell,Deployment,Remote Desktop Services,Scripting,Linux,Failover Clustering,Windows 10,Azure,Cloud,Cloud Computing,Hybrid Cloud,Networking,Security,Backup,Active Directory,Office 365,Intune

Microsoft News – 8 April 2015

There’s a lot of stuff happening now. The Windows Server vNext Preview expires on April 15th and Microsoft is promising a fix … the next preview isn’t out until May (maybe with Ignite on?). There’s rumours of Windows vNext vNext. And there’s talk of open sourcing Windows – which I would hate. Here’s the rest of what’s going on:

Hyper-V

Removing a Missing Network Adapter: A result of moving a VHD without the configuration file.
Hyper-V and “Event ID: 157 – Disk x has been surprise removed”: Install your updates!!!

Windows Server

Windows Server vNext Technical Preview Due in May: Mark your diaries.
Troubleshooting Cluster Shared Volume Recovery Failure – System Event 5142: When CSV recovery does not succeed, an Event 5142 is logged to the System event log.

Windows Client

Microsoft’s ‘Redstone’ – An update to Windows 10 due in 2016: After Threshold comes Redstone. And after that, Windows “Googly”? Yes, they’ve switched from Halo to Minecraft.

Azure

Service Healing – Auto-recovery of Virtual Machines: How Azure monitors VMs. An interesting read.
Azure Marketplace is now available to more Enterprise Customers: Some confusing terminology in here.
Viewing VM Reboot Logs: When and why did your Azure VM reboot?
Connecting Multiple Networks in Microsoft Azure: A post I wrote for Petri.com
Azure Site Recovery – Protect from VMware sites or physical servers to Azure: Some techie info on VMware support in ASR.
Linux Integration Services v4.0 Preview for Microsoft Azure: A preview for CentOS 6.0-6.6, 7.0-7.1 x64 running on Azure.
March update to Azure RemoteApp: New features and capabilities were added to Azure RemoteApp.

Technorati Tags: Microsoft,Windows Server 2016,Windows Server 2012 R2,Hyper-V,Virtualisation,Storage,Networking,Failover Clustering,Windows 10,Azure,Hybrid Cloud,Cloud,Cloud Computing,DR,VMware,Linux,Remote Desktop Services

Guest on RunAs Radio Talking Azure RemoteApp

Richard Campbell, the host of the RunAs Radio podcast, saw a tweet from me talking about Azure AD, and thought he should ask me back on to have a chat. I had been working on developing training materials on RemoteApp. The use-case that caught my interest was the ability to use RemoteApp to remove the effect of latency. We talk for half an hour about this.

The “design” I talk about in the podcast (recorded a few weeks ago) works, and I’ve presented using it. I’ve written some posts on Petri.com about my experiences:

In the design, virtual DCs, file server, and application servers run as VMs in an Azure network. RemoteApp publishes applications on another network. A VNET to VNET VPN connects the server and RA networks, enabling the RA session hosts to join the domain. Users log into RemoteApp, and then it’s all normal RDS at that point:

GPO applies
Log in script runs
Published applications have fast access to application servers
Users save data in the company’s Azure VMs

It’s a nice solution!

Technorati Tags: Azure,Remote Desktop Services,Active Directory,Networking

Microsoft News – 13 March 2015

Quite bit of stuff to read since my last aggregation post on the 3rd.

Windows Server

Enable and Use Remote Commands in Windows PowerShell: For when you get the error “Unable to connect to the server using Windows PowerShell Remoting”.

Hyper-V

KB3031598: Hyper-V host crashes and has errors when you perform a VM live migration in Windows 8.1 and Windows Server 2012 R2. Wait before deploying, as with all hotfixes, unless this issue is breaking stuff for you (test and decide).
Update Emulex VMQ Issue – They finally did it: It’s only taken 1.5 years for Emulex/HP to sort this disaster out. Choose better hardware 🙂
Best practices for migrating a datacenter from VMware to Microsoft Hyper-V: From the System Center Virtual Machine manager team.
Checking and Correcting Virtual Hard Disk Fragmentation: By Ben Armstrong
How Hyper-V Backup Got Better in 2012 R2 (but now requires a SCSI controller): By Ben Armstrong
Hyper-V and "Event ID: 58 – The disk signature of disk 2 is equal to the disk signature of disk 0": By Ben Armstrong

Windows Client

Sluggish Tablet Market Will See Some Windows 10 Gains This Year: By 2019, IDC expects Android to lead with 62.9 percent of the tablet market. iOS will show weaker growth (23.0 percent), while Windows will gain "significant share" (14.1 percent) yet still remain in third place, according to IDC.
Microsoft to accelerate its release pace for Windows 10 preview: Microsoft appears to be on the verge of releasing an updated Windows 10 preview build. And this time, the company says, it’s serious about picking up the pace.
MDT 2013 Update 1 Preview – What’s Changed: In case you missed it at, the new preview of MDT 2013 Update 1 is now available for download from the Connect website. This new release works with the new ADK preview for Windows 10, which is available on the download center.

Azure

New A10/A11 Azure Compute Sizes: Two new high-spec standard A series VMs
Reduce RTO by using Azure Traffic Manager with Azure Site Recovery: Using Microsoft’s load balancer to failover name resolution of external services from primary site to Azure. Clever stuff!
Simplifying Virtual Machine Troubleshooting using Azure Log Collector: The Azure Log Collector extension can collect and upload logs from Cloud Service instances or Virtual Machines without requiring to log into the remote Virtual Machine.
Introducing Email notifications for Azure Site Recovery: Email notifications are a new feature for Azure Site Recovery that allows you to easily monitor the replication health of your protected virtual machines.
Azure Active Directory Solutions Architecture White Paper: This white paper describes the Microsoft Azure Active Directory Identity and Access Management solutions offered to customers of Azure, Office 365, Intune, Microsoft CRM and all Microsoft Online services.
Azure AD Conditional Access preview updated: Now supports On-Premises and Custom LOB apps: Conditional Access is powerful policy based evaluation engine that lets you create access rules for any Azure AD connected application. More sensitive apps can be assigned stricter policies, such as requiring Multi-Factor Authentication (MFA) from a registered device while less sensitive apps can have more open policies.
Final Word on IOPS in Azure: Striping multiple data disks.
Planned Maintenance – Azure Style: How Microsoft does maintenance.
ADFS Publishing via Azure Traffic Manager: He doesn’t say but I think the endpoint of Damian’s post is to make a geo-resilient ADFS farm.
New Active Directory Assessment Intelligence Pack in Azure Operational Insights: Designed to assess the risk and health of AD environments on premises, in the cloud or hybrid, it will scan weekly, and present information as a monthly rollup. The report provides a prioritized list of recommendations tailored to your environments.
Replicating Hyper-V Virtual Machines to Microsoft Azure: A post I wrote for Petri.com
5 Reasons Why I Like Microsoft Azure RemoteApp: An edited post of an article I wrote for Petri.com
How to preserve the drive letter for protected virtual machines that are failed over or migrated to Azure: Azure use will the next available drive letter for the temp drive.

Office 365

What’s new: February 2015: Lots of new stuff.

Intune

March updates coming this week to Microsoft Intune: Should be live now.
Conditional Access for SharePoint Online with Microsoft Intune: With this feature, you can restrict access to SharePoint Online to only those users who have enrolled their devices in management with Microsoft Intune and are compliant with IT policy.

Miscellaneous

Revenue and usage numbers for Microsoft’s most important new business: Following up the revelations of the not-so-secret methods of sales to hit targets.

Technorati Tags: Microsoft,Hyper-V,Windows Server 2012 R2,Networking,Hardware,System Center,VMM,Windows 10,MDT,Deployment,Azure,Cloud,Cloud Computing,Hybrid Cloud,DR,Storage,Active Directory,Remote Desktop Services,Office 365,Intune

Microsoft News – 6 January 2015

A few little nuggets to get you back in the swing of things. And yes, I have completely ignored the US-only version 1.2 Azure Pricing Tool that suffers from “The Curse of Zune”.

Hyper-V

Setting up Port Mirroring to Capture Mirrored Traffic on a Hyper-V Virtual Machine:A handy but rarely discussed feature
Large Scale VDI deployment using Hyper-V with Storage Tiers and Data Deduplication: Need some help planning a large scale, highly efficient Personal Desktop deployment that leverages Storage Tiers and Data Deduplication?

Windows Server

WorkPlace Join vs. Domain Join: The new way (personal and mobile client devices) and the old way of authenticating machines against Active Directory.
Case Studies on Storage Spaces, Scale-Out File Servers with SMB3 or both: Need some proof?

System Center

Deduplication of DPM Storage – Reduce DPM Storage Consumption: DPM does not do deduplication of its own storage; instead a virtual DPM places data storage (VHDX files) on deduplicated SMB 3.0 (only) volumes. This is the only supported scenario.
Azure Pack Wiki Available Via OneNote: Courtesy of Hyper-V.nu

Windows Client

Microsoft is building a new browser as part of its Windows 10 push: Say by bye to IE

Azure

Use Microsoft Azure Backup with Recovery Services: An article I wrote for Petri.com on how to backup PCs to Azure

Technorati Tags: Microsoft,Virtualisation,Hyper-V,Networking,VDI,Remote Desktop Services,Storage,Active Directory,Windows Server 2012 R2,Failover Clustering,System Center,DPM,Cloud,Cloud Computing,Private Cloud,Windows 10,Internet Explorer,Azure,Backup,Hybrid Cloud