Happy New Year Everyone!!! I know Azure Stack is just around the corner, but I still get lots of questions around configuring WAP and portals. So to follow-up my Windows Azure Pack (WAP) series, I am going to talk about reconfiguring server names and ports as well as assigning trusted certificates to my WAP Portals.
Tag Archives: Azure Stack
Microsoft SQL Server High Availability Options on Nutanix
To give credit, this content was taken from my buddy Mike McGhem’s blog and I added some more color to it, but his content is right on.
Understanding Identity with ADFS – Part 1
Identity is always something of a taboo subject and is still not clearly understood out there and the IT security landscape keeps evolving.
One of the recent changes past few years is a move away from (Access Control Lists) ACLs on files in the NTFS file system to an access control system that is based on claims.
Claims based authentication is an industry standard security protocol to authenticate users. This is the underlying WS-* standards that describe the usage of Security Assertion Mark-up Language (SAML) tokens. Claims based auth requires these tokens, and by extension an entity that can issue the token.
This is the Secure Token Service (STS). The STS server can be based on Active Directory Federation Services (ADFS) or other platforms that provide this service. This is where ADFS comes in and the highlight of this series.
Microsoft World Wide Partner Conference 2015…Picture Highlights
Gallery
This gallery contains 29 photos.
Microsoft World Wide Partner Conference 2015 WPC is the largest event for Microsoft partners When it comes to meeting the right people in the right place, bigger is better. The Microsoft Worldwide Partner Conference (WPC) brings together over 15,000 attendees … Continue reading
Symon Perriman….his thoughts on Hyper-V, Security and future of Virtualization on the Nutanix .NEXT community podcast
Hey everyone…I wanted to share a very cool update (and maybe a little of hero-worship 😀 ). Well, anyways, my job at Nutanix had another highlight recently. As many of your know, I love reading, breathing, consuming Microsoft technology. During my consumption of education, there number of people I follow, but there are few that stand out…and one that I spent a lot of time listening to via podcasts; Symon Perriman
Symon Perriman
He takes complex technology subjects and explains it extremely well on many levels so everyone understands..He believes in the community….all things as technologists, we can all strive to achieve.
I recently had the lucky chance to interview him for the Nutanix .Next Community Podcast. It was great honor to interview him with my colleaguebuddy @NutanixTommy as we both had different points of views.
Symon joined 5nine Software earlier this year as Vice President, Business Development & Marketing and is how I came to meet Simon as part of my job in Technical Alliances at Nutanix.
For those of you who are not familiar with 5nine Software, 5nine has a great alternative management product for Hyper-V with benefits of simplified vCenter type management without the footprint of System Center. They also are the only vendor with agentless security product via the Hyper-V extensible virtual switch. Think vShield for Hyper-V…Very cool… 😎
For those that are not familiar with Symon…a brief history…
With more than 12 years of experience in the high-tech industry, Symon is an internationally recognized expert in virtualization, high-availability, disaster recovery, data center management, and cloud technologies.
As Microsoft’s Senior Technical Evangelist and worldwide technical lead covering virtualization, infrastructure, management and cloud. He has trained millions of IT Professionals, hosted the “Edge Show” weekly webcast, holds several patents and dozens of industry certifications, and in 2013 he co-authored “Introduction to System Center 2012 R2 for IT Professionals” (Microsoft Press). He graduated from Duke University with degrees in Computer Science, Economics and Film & Digital Studies.
Enjoy the show……
Until next time, Rob…
Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Windows Azure Pack Install – Part 5
To continue Windows Azure Pack series here is my next topic: Installing and Configuring Windows Azure Pack
If you missed other parts of the series, check links below:
Part 1 – Understanding Windows Azure Pack
Part 2 – Understanding Windows Azure Pack – Deployment Scenarios
Part 3 – Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Environment Prep
Part 4 – Deploying Service Provider Framework on Nutanix
Again to reiterate from my previous blog posts and set some context, Windows Azure Pack (WAP) includes the following capabilities: Continue reading
Nano Server…Revealed
Nano Server
At Microsoft Ignite, I had a chance to meet and talk with Jeff Snover…a great honor…and his latest project “Windows Nano Server” is very cool. Windows Nano Server is designed to be as lightweight and compact as possible. ‘Nano Server is a deeply refactoring version of Windows Server with a small footprint and remotely managed installation, optimised for the cloud and a DevOps workflow,‘ as quoted by Jeffrey Snover, Andrew Mason and Alan Back in a joint blog post. ‘It is designed for fewer patch and update events, faster restarts, better resource utilization and tighter security.‘
The result: as compared to the equivalent Windows Server build, Nano Server offers a 93 percent reduction in storage requirements, 92 percent fewer critical security bulletins, and 80 percent fewer reboots during operation. This is great for Security and Network Admins….I spent a lot of nights during my times as a network admin around patching and worry about what might blow up and this is a welcome change, especially for a Hyper-V environment 😉 Go Microsoft…
Naturally, those benefits come at a cost. ‘To achieve these benefits, we removed the GUI stack, 32 bit support (WOW64), MSI and a number of default Server Core components,‘ the team explained. ‘There is no local logon or Remote Desktop support. All management is performed remotely via WMI and PowerShell. We are also adding Windows Server Roles and Features using Features on Demand and DISM.‘ Despite this, Nano Server remains API-compatible with other Windows Server variants – meaning it should, in theory, be relatively straightforward to port applications across to the platform.
Also, It ships with the baseline version of .NET called CoreCLR, which Microsoft in recent months made open source. The OS does not contain the binaries or metadata that typically increase the footprint and developers are expected to package applications along with dependencies in a single unit of deployment.
Core PowerShell, a minimalistic version of PowerShell refactored to run on CoreCLR, provides Remote management capabilities and Nano Server can be installed on physical hardware or virtualized infrastructure.
When Windows Server starts supporting Docker, Nano Server stands to become the become the preferred OS to run containers.
Windows Nano Server won’t be for everyone. Microsoft has indicated that it is targeting two prime markets for the new OS: cloud applications, which includes the ability to run multiple languages and runtimes in containers, virtual machines or physical servers; and of course its own Cloud Platform infrastructure, with support for Hyper-V compute clusters and Scale-out File Server storage clusters. It’s in virtualization where the biggest benefits will be found: with each virtual machine requiring only seven percent the storage space of previous Windows Server instances and consuming considerably fewer resources while running, the overhead of running a virtualized infrastructure is considerably lessened.
Flexibility is key to delivering a modern data center, and by using the combination of Nano Server and its new container technology Microsoft is making a big shift away from its previous monolithic server model to one that’s more aligned with the way we deliver cloud-scale services. That does mean that Nano Server won’t be for everyone. Customers are going to have to have made the shift to a DevOps model, and to using cloud-scale data center infrastructure practices of which I am a big believer in and frankly why I work for Nutanix.
Microsoft has not yet offered a release date or licensing information for Windows Nano Server. Beta bits are available via MSDN on the Windows Server Technical Preview 2 media. Instructions can be found here to get started, if you want to check it out.
In conclusion, with Nano Server, Microsoft stands a chance to blow them all out the water with keeping Windows relevant in the era of linux, containers and microservices.
Until next time, Rob…
Azure Stack…What is it?
The Ignite 2015 conference in Chicago is where Microsoft made the official announcement of Azure Stack, its private cloud infrastructure for data centers that want to be Azure in their own right. Or in other words, on-premises will be in full parity with Azure Cloud.
Quotes from Brad Anderson from Keynote on Azure Stack
“If you think about Azure, there’s all the infrastructure that you’re aware of, in network, storage and compute. There’s a set of services like IaaS and PaaS that we deliver. And then there’s all your applications, and that, really, is what Azure is,” explained Brad Anderson, Microsoft’s corporate vice president for cloud and enterprise, during a keynote session Monday morning. “Two years ago, we announced we were going to bring portions of this to your data center, and we called it the Azure Pack.”
Portions of this Azure Pack had made their way onto partner vendors’ hardware in the past — in the form of Microsoft Private Cloud Fast Track Program and Dell’s Cloud Platform System. My company, Nutanix was one of the first Private Cloud Fast Track Partners with certified reference architecture. So we’ve seen private cloud platforms with third-party vendor brands, built around server software made by Microsoft but not called Windows.
What Azure Stack becomes, over and above Azure Pack, is not just a microcosm of Azure, but an extension of Azure itself. As several Microsoft officials confirmed at Ignite, Azure Stack extends the file and object system of Azure into the private space. (And Azure Stack won’t be the only Microsoft technology that does this….Hint, Hint…Hmm…under NDA at moment)
“You want to be able to take those cloud applications, and host them in your environment,” said Anderson. “You’ve told us you want Azure — all of Azure — in your data centers. Azure Stack … is literally us giving you all of Azure to run in your data centers.
I saw early demonstrations of Azure Stack at Ignite, and what I saw was user access policy management system that essentially duplicated the one currently used on the public Azure cloud as shown below.
“The Microsoft Azure Stack gives application owners the ability to ‘write once, deploy anywhere,’ whether it be to your private cloud, a service provider’s cloud, or the public Azure cloud,” reads a post to Microsoft’s server and cloud blog Monday. “Developers will have the broadest access to application development platforms across Windows and Linux to build, deploy and operate cloud applications using consistent tools, processes and artifacts. One Azure ecosystem across public, private and hosted clouds will allow you to participate in a unified, robust partner network for Azure clouds.”
Microsoft’s idea is to make private cloud space and public space addressable and manageable using the same tool set, and by extension, to effectively make data centers into planks, if you will, for Azure. It’s one big reason why the words “Windows Server” are being spoken less and less often by people whom you would think were in charge of it.
Azure Stack Deeper Dive
Now let’s start at the top. When we look at the image below we see the browser experience. In the current version of Azure Pack we have 2 portals, 1 for the tenant and 1 for the admin. In Azure Stack we have 1 browser experience. That experience is also the same across Azure Stack and Azure. So admins as well as the tenants go through the same portal site and leveraging the same portal API’s and extensions.
In the deployment of the portal site there is still an option to scale out to multiple website nodes like we do with a distributed deployment of Windows Azure Pack today. When we go down that rabbit hole, we see the Azure Resource Manager and the Core Management Resource Providers. The Core Management Resource Providers integrate in Azure Resource Manager and all components interact with that. Below in this post, I will focus on the Azure Resource Manager and the Core Resource Providers. Further down we see the Service Resource Providers. The Service Resource Providers will control and manage the resources it is assigned to. Like the Compute Service Resource Provider will manage the compute resources (nodes), the Storage Resource Provider will manage the storage resources (nodes) and so on…
And that’s really in a nutshell the top to bottom service layout of the Azure Stack.
Let’s look at the portal. The portal is completely redesigned and which allow you to fully personalize. It is highly scalable and have integration across services. When you install new resource providers today in WAP you need to edit the core code for the Azure Pack portal. Then you need to restart the web service process to see the result of that change. With the new design the portal process runs continuously in a separate process and when you extend the portal by adding extensions a workflow will distribute the extensions to all nodes running the portal site. As mentioned before the admin and tenant site are integrated in the same portal.
The portal UI is very nice, but it would be useless if we cannot login to the portal, right? Let me talk about the identity part of the new Azure Stack. In the old portal we had the options to use the SQL .Net membership or we could integrate ADFS to use AD or other federated identity providers (IDP’s). In the new portal they use claims-based authentication and there is native support for the following:
- Azure Active Directory
- Windows AD
- Active Directory Federation Services (ADFS)
From the Azure Resource Manager to the Core Management Resource Providers it will use Windows Authentication or Basic Authentication. The Core Management Resource Providers will use Windows Authentication or an authentication method defined by the Resource Provider.
Now on to the Azure Resource Manager. The Azure Resource Manager is the new Service Management API. It’s as Microsoft calls it “a product” that allows the management of the compute, storage, network. When you, as a tenant, create a resource group it allows you to put all the resources (VM’s, Networks, websites etc…) in a resource group that can be managed as a whole (Create /Add / Update /Delete – aka Life Cycle Management).
With role based access control (RBAC) you, as a tenant, can also provide access to other users that have access based on the permission you assign to the resource group. Also usage is collected for a particular resource group so you can see how much the resources in a resource group will cost.
The Azure Resource Manager will also allow you to put deployments in regions. Regions represents the datacenters of your service provider or your own datacenters. Furthermore the Azure Resource Manager is providing audit logging on your subscriptions and resources. To create resources using the Azure Resource Manager you need to create or use an existing template. A template is a json file what can be edited to define the resources in your deployment.
The Azure Resource Manager will talk to the Core Management services. Let’s look at the components involved in that.
- The Authorization Service: By using RBAC, it allows us to granular assign permissions to resource groups. Subscriptions are assigned to tenants that have a plan defined.
- The Subscription Management Service is responsible for managing the Service Plans, Offers and subscriptions. You can even use Azure Resource Manager templates to define new subscriptions based on a template you have defined.
- The Gallery Service is a core common service that will work across any of the connected services. Admins as well as tenants are allowed to put their own gallery items in it.
- The Events Service is a collector to collect all events across all the services
- The Monitoring Service collects metrics from all services.
- And last but not least we have the Usage Service which will collect the usage per service for each tenant / resource group.
So this what I know so far from MS, but will update this post as I know more. MS is not giving defiant answer, but rumors are beta late fall and Tech Preview in spring. I can’t wait to get the early bird bits to play around with it and when I do I will follow-up on this post to give you more technical information of Azure Stack!
Until next time, Rob…