Author Archives: Francesco Molfese

About Francesco Molfese

Francesco is a consultant, trainer, technical writer and Microsoft MVP focusing on public cloud, hybrid cloud, virtualization and datacenter management. Francesco has over 10 years of experience in architecting, implementing and managing IT solutions and he is currently employed as a Senior Consultant at Progel Spa an IT consulting company and Microsoft Certified Partner. Francesco is the Community Lead of the Italian User Group of System Center and Operations Management Suite (ugisystemcenter.org) and he is a frequent speaker at leading IT Pro conferences in Italy.

Azure File Sync: solution overview

The Azure File Sync service (AFS) allows you to centralize the network folders of your infrastructure in Azure Files, allowing you to maintain the typical characteristics of a file server on-premises, in terms of performance, compatibility and flexibility and at the same time to benefit from the potential offered by cloud. This article describes the main features of the Azure File Sync service and the procedures to be followed to deploy it.

Figure 1 – Overview of Azure File Sync

Azure File Sync is able to transform Windows Server in a "cache" for quick access to content on a given Azure file share. Local access to data can occur with any protocol available in Windows Server, such as SMB, NFS, and FTPS. You have the possibility to have multiple "cache" servers in different geographic locations.

These are the main features of Azure File Sync:

  • Multi-site sync: you have the option to sync between different sites, allowing write access to the same data between different Windows Servers and Azure Files.
  • Cloud tiering: are maintained locally only recently accessed data.
  • Integration with Azure backup: becomes invalid the need to back up data on premises. You can get content protection through Azure Backup.
  • Disaster recovery: you have the option to immediately restore metadata files and retrieve only the data you need, for faster service reactivation in Disaster Recovery scenarios.
  • Direct access to the cloud: is allowed to directly access content on the File Share from other Azure resources (IaaS and PaaS).

 

Requirements

In order to deploy Azure File Sync, you need the following requirements:

A Azure Storage Account, with a file share configured on Azure Files, in the same region where you want to deploy the AFS service. To create a storage account, you can follow the article Create a storage account, while the file share creation process is shown in this document.

A Windows Server system running Windows Server 2012 R2 or later, who must have:

  • PowerShell 5.1, which is included by default since Windows Server 2016.
  • PowerShell Modules AzureRM.
  • Azure File Sync agent. The setup of the agent can be downloaded at this link. If you intend to use AFS clustered environment, you should install the agent on all nodes in the cluster. In this regard Windows Server Failover Clustering is supported by Azure Sync Files of deployment type “File Server for general use”. The Failover Cluster environment is not supported on “Scale-Out File Server for application data” (SOFS) or on Clustered Shared Volumes (CSVS).
  • You should keep the option "Internet Explorer Enhanced Security Configuration" disabled for Administrators and for Users.

 

Concepts and service configuration

After confirming the presence of these requirements the Azure File Sync activation requires to proceed with the creation of the service Storage Sync:

Figure 2 – Creating Storage Sync service

This is the top-level resource for Azure File Sync, which acts as a container for the synchronization relationships between different storage accounts and multiple Sync Group. The Sync Group defines the synchronization topology for a set of files. The endpoints that are located within the same Sync Group are kept in sync with each other.

Figure 3 – Creating Sync Group

At this point you can proceed with server registration by starting the agent Azure File Sync.

Figure 4 – Initiation of the process of Sign-in

Figure 5 – Selection of server registration parameters

Figure 6 – Confirmation of registration of the agent

After the registration the server will also appear in the "Registered servers" section of the Azure portal:

Figure 7 – Registered servers into Storage Sync service

At the end of the server registration is appropriate to insert a Server Endpoints within the Sync Group, which integrates a volume or a specific folder, with a Registered Server, creating a location for the synchronization.

Figure 8 – Adding a Server Endpoint

Adding a Server Endpoint you can enable Cloud tiering that preserves, locally on the Windows Server cache, most frequently accessed files, while all the remaining files are saved in Azure on the basis of specific policies that can be configured. More information about Cloud Tiering capabilities can be found in the Microsoft's official documentation. In this regard, it is appropriate to specify that there's no support between Azure File Sync with enabled cloud tiering, and data deduplication. If you want to enable Windows Server Data Deduplication, cloud tiering capabilities must be maintained disabled.

After adding one or more Server Endpoint you can check the status of the Sync Group:

Figure 9 – Status of Sync Group

 

To achieve successful Azure File Sync deployment you should also carefully check compatibility with antivirus and backup solutions that are used.

Azure File Sync and DFS Replication (DFS-R) are two data replication solutions and can also operate in side-by-side as long as these conditions are met:

  1. Azure File Sync cloud tiering must be disabled on volumes with DFS-R replicated folders.
  2. The Server endpoints should not be configured on DFS-R read-only folders.

Azure File Sync can be a great substitute for DFS-R and for the migration you can follow the instructions in this document. There are still some specific scenarios that might require the simultaneous use of both replication solutions:

  • Not all on-premises servers that require a copy of the files can be connected to the Internet.
  • When the branch servers consolidate data in a single hub server, on which is then used Azure File Sync.
  • During the migration phase of deployment of DFS-R to Azure File Sync.

Conclusions

Azure File Sync is a solution that extends the classic file servers deployed on-premises with new features for content synchronization, using the potential of Microsoft public cloud in terms of scalability and flexibility.

Azure IaaS and Azure Stack: announcements and updates (November 2018 – Weeks: 44 and 45)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure File Sync is now supported in North Central US and South Central US regions

To get the latest list of supported regions, see https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning#region-availability

 

M-Series VMs are now available in East Asia regions

Azure M-Series virtual machines (VMs) are now available in the Canada Central, Canada East and East Asia regions. M-Series VMs offer configurations with memory from 192 GB to 3.8TiB (4TB) RAM and are certified for SAP HANA.

 

Approve and audit support access requests to VMs using Customer Lockbox for Azure

Customer Lockbox for Microsoft Azure helps customers control and audit a Microsoft support engineer’s access to compute workloads on Azure that may contain customer data. Microsoft support doesn’t have standing access to service operations. In some rare scenarios, to resolve a support issue, just-in-time access with limited and time bound authorization can be provided to Microsoft support engineers. Customer Lockbox helps ensure that Microsoft support engineers don’t access customers’ content in the Azure portal without the customer’s explicit approval. It also helps improve the existing support ticket workflow by expediting the customer’s approval process. This capability enables customers to have more granular control, better visibility and enhanced audit over the support process.

OMS and System Center: What's New in October 2018

In October were announced, by Microsoft, a considerable number of news about Operations Management Suite (OMS) and System Center. Our community, through these articles that are released on a monthly basis, aims to provide a general overview of the main new features of the month, in order to stay up to date on these arguments and have the necessary references for further information.

Operations Management Suite (OMS)

Log Analytics

The documentation of the language used in Azure Log Analytics and Application Insights (Kusto) was incorporated within the standard Log Analytics documentation which can be found at this link. As announced at Ignite, Log Analytics and Application Insights are now an integral part of Azure Monitor and even the documentation was therefore adequate.

In Azure Log Analytics was introduced the possibility to receive logs from Azure Active Directory (Azure AD). This is a long overdue feature that allows you to take advantage of the potential of Log Analytics for the data contained in the logs of Azure AD. For details please visit the technical documentation.

Figure 1 – Configure sending Azure AD Log in Log Analytics

Agent

This month the new version ofOMS agent for Linux systems fixes some bugs related to the custom logs that cause occasional duplicates and improves reliability.

 

Azure Backup

Azure Backup introduces support in every region for disks Standard SSD managed.

The Azure Backup service has been extended to Central Australia region, where can now be used with the reliability and performance described in this document Azure Backup SLA.

In Azure Backup it has been improved experience during restore of Azure virtual machines , allowing you to complete the restore operation without performing any task manually. In addition, the naming convention used to restore disks has been improved to make it easy to identify the various associated disks to virtual machines.

 

Azure Site Recovery

Azure Site Recovery introduces support for virtual machines with the option of Azure Disk Encryption (ADE). This allows you to replicate this type of Windows virtual machines that are enabled forencryption through AAD app. For more details please visit the Microsoft documentation.

For Azure Site Recovery was released theUpdate Rollup 30 introducing new versions for the following components:

  • Microsoft Azure Site Recovery Unified Setup/Mobility agent (version 9.19.5007.1): used for replication scenarios from VMware to Azure.
  • Microsoft Azure Site Recovery Provider (version 5.1.3650.0): used for replication scenarios from Hyper-V to Azure or to a secondary site.
  • Microsoft Azure Recovery Services agent (version 2.0.9139.0): used for replication scenarios from Hyper-V to Azure.

The installation of this update rollup is recommended in deployments where there are the following components and versions:

  • Unified Setup/Mobility agent version 9.15.4860.1 or later.
  • Site Recovery Provider for System Center VMM: version 3.3. x. x or later.
  • Site Recovery Provider in replication scenarios without VMM: version 5.1.3200.0 or later.
  • Site Recovery Hyper-V Provider: 4.6. version x.x or higher.

For more information on the issues resolved, on improvements from this Update Rollup and to get the procedure for its installation is possible to consult the specific KB 4468181.

 

System Center

System Center 2016 LTSC (Long-Term Servicing Channel) sees the release ofUpdate Rollup 6, that solves different problems for SCVMM, SCDPM, SCOM e SCORC. To see the problems resolved for each product you can access the following pages:

System Center Configuration Manager

Released the version 1810 and the version 1810.2 for the branch Technical Preview of System Center Configuration Manager.

Among the main new features of this release there is the new Management Insights dashboard allowing you to have an instant view of the rules, bringing back those that may require corrective action.

Figure 2 – Management Insights dashboard

In this release are covered more news about:

  • Required app compliance policy for co-managed devices
  • Improvements to maintenance driver
  • Native task sequence support for Windows Autopilot for existing devices
  • Use Configuration Manager compliance policies to help assess co-managed devices
  • New boundary group options
  • Improvement to Co-management reporting
  • Boundary group relationship support of task sequences
  • Extended CMPivot
  • New client notification action to wake up device
  • Improvements to OData Endpoint Data
  • Documentation node

Please note that the releases in the Technical Preview Branch help you evaluate the new features of SCCM and it is recommended to apply these updates only in test environments.

Released a update rollup for System Center Configuration Manager current branch version 1806, that solves different problems.

 

System Center Operations Manager

Following, are reported the news about Management Packs of SCOM:

  • Management Pack for SQL Server 2017+ Reporting Services (version 0.10.0).
  • Management Pack for SQL Server 2017+ Analysis Services (version 0.10.0).
  • Management Pack for Windows Server Active Directory Domain Services (version 0.2.2).
  • Management Pack for Microsoft Azure (version 1.6.0.0).
  • Management Pack for Office 365 (version 7.2.0.0).

 

Evaluation of OMS and System Center

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

To try out the various components of System Center you must access theEvaluation Center and after the registration you can start the trial period.

Azure IaaS and Azure Stack: announcements and updates (October 2018 – Weeks: 42 and 43)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure AD DS now supports Azure managed disks

Azure Active Directory Domain Services (AD DS) now supports Azure managed disks. Azure managed disks provide a greater degree of availability and resilience to failures. This enables the domain controllers of your managed domain to be more resilient to storage-related outages. All newly created managed domains now use Azure managed disks by default. Existing managed domains will slowly be migrated to use Azure managed disks over the course of calendar year 2018.

 

Azure DevTest Labs: Configure enforcing auto shutdown schedule for the lab

You can now configure enforcing a shutdown schedule for all the virtual machines in your lab so that you can save costs from wasteful running machines. To learn more about this feature, go to the team blog.

 

Azure Availability Zones expand with new services and to new regions

Availability Zones expand into additional regions, North Europe and West US 2. In addition to the continued expansion of Availability Zones across Azure regions, Microsoft announces an expanded list of zone-redundant services including Azure SQL Database, Service Bus, Event Hubs, Application Gateway, VPN Gateway, and ExpressRoute.

 

Azure Stack

Azure Stack 1809 update

This update package includes improvements, fixes, and known issues for Azure Stack.
The following improvements for Azure Stack are included:

  • Azure Stack syslog client (General Availability). This client allows the forwarding of audits, alerts, and security logs related to the Azure Stack infrastructure to a syslog server or security information and event management (SIEM) software external to Azure Stack. The syslog client now supports specifying the port on which the syslog server is listening.
    With this release, the syslog client is generally available, and it can be used in production environments.
  • You can now move the registration resource on Azure between resource groups without having to re-register. Cloud Solution Providers (CSPs) can also move the registration resource between subscriptions, as long as both the new and old subscriptions are mapped to the same CSP partner ID. This does not impact the existing customer tenant mappings.

Microsoft Azure: guide for the choice of the Region

Microsoft Azure is located in different places around the world and is the first to have datacenters in more geographical areas than any other cloud providers. This aspect provides a wide scalability, necessary to deliver applications in proximity of the geographical location of users, while preserving the residence of data and providing compliance and resiliency options. You can choose, between different Azure regions, where activate your services, undoubtedly has many advantages, but it is worth considering different aspects when you are faced with this choice. In this article we will be carried over the main elements that should be taken into account in the choice of the region of Azure.

A region in Azure consists of multiple datacenters residing in a specific geographical area and that are connected to each other through a low-latency network. To see the complete list of the Azure regions you can access the page Azure locations. Within a region are present physically distinct location denominated Availability Zones. Each Availability Zone is composed of multiple datacenters equipped independently of the others regarding the power, cooling systems and networks. Each region is paired with another region within the same geographical area, in order to preserve the data resiliency and increase compliance levels.

Figure 1 – Pair regions and Availability Zones within the same data residency boundary

Figures 2 – Azure regional pairs

The choice of the Azure region must be done carefully taking into consideration some key aspects, each of which can have a decisive influence.

 

Performance

Definitely one of the predominant factors in choosing the region is given by the performance, that they are bound by the network latencies in reaching the Azure datacenters. Typically, you choose the region closest geographically, but you can't always identify easily. In support of this choice you can use some useful third-party tools that provide objective values:

  • Azure Speed Test 2.0: by accessing this site, you can measure the latency from your web browser to the various Blob Storage Service residing in various Azure regions.

Figures 3 – Result shown from Azure Speed Test

  • Azure Latency Test: shows the network latency from your location to different Azure regions, with the ability to easily apply filters.

Figures 4 – Result shown from Azure Latency Test

 

Availability of services

Not all Azure services are available in all regions, it follows that it is appropriate to check carefully whether the Azure service that you intend to use is offered in the selected region. To see the Azure services available in each region you can access this page, that allows you to quickly apply filters to check the availability of services offered for region.

 

Compliance laws and residence of the data

Many organizations are cautious in the approach to cloud computing because they need their data geographically reside in a certain territory. Maintain the confidentiality of data is essential for all, but for customers who have specific needs in terms of compliance and data-residency, Microsoft offers all the information you need:

  • Date residency: by accessing this web site you can get all the information about where the data resides, distinguishing between the services for which you choose the region they belong and those who do not provide this selection during deployment.
  • Compliance: in this portal are listed useful support information for customers who have to comply with specific regulations regarding the use, transmission and archive of data.

 

Costs

The costs of the various Azure services may vary depending on region. If the others factors are not decisive in choosing, It may be useful to consider to deploy services in the region where they are most economically advantageous. In order to verify the costs of different services you can access the Azure pricing page.

Conclusions

The choice of the Azure region most appropriate for their business needs, must necessarily be made taking into consideration the factors listed. Since this is a strategic choice and not easily editable, the advice is to carefully examine the items listed above, in order to design the best architecture in Microsoft Azure environment.

Azure Virtual WAN: introduction to the solution

Azure Virtual WAN is a new network service that allows you to optimize and automate the branch-to-branch connectivity through Azure. Thanks to this service you can connect and configure network devices in branch to allow communication with Azure (branch-to-Azure). This article examines the components involved in Azure Virtual WAN and shows the procedure to be followed for its configuration.

 

Figure 1 – Azure Virtual WAN overview

The Azure Virtual WAN configuration includes the creation of the following resources.

 

Virtual WAN

The Virtual WAN resource represents a virtual layer of Azure network and collect different components. It is a layering that contains links to all the virtual hubs that you want to have inside the Virtual WAN. Virtual WAN resources are isolated and cannot contain common hubs.

Figure 2 – Start the process of creating Azure Virtual WAN

Figure 3 – Creating Azure Virtual WAN

When creating the Virtual WAN resource you are prompted to specify a location. In reality it is a global resource that does not reside in a particular region, but you are prompted to specify it just to be able to manage and locate more easily.

By enabling the option Network traffic allowed between branches associated with the same hub allows traffic between the various sites (VPN or ExpressRoute) associated with the same hub (branch-to-branch).

Figure 4 – Branch-to-branch connectivity option

 

Site

The site represents the on-prem environment. You will need to create as many sites as are the physical location. For example, if you have a branch office in Milan, one in New York and one in London, you will need to create three separate sites, which contain their endpoints of network devices used to establish communication. If you are using Virtual WAN partner network equipment, provides solutions to natively export this information into the Azure environment.

Figure 5 – Creating a site

In the advanced settings you can enable BGP, which if activated becomes valid for all connections created for the specific site . Among the optional fields you can specify device information, that may be of help to the Azure Team in case of any future enhancements or Azure support.

 

Virtual Hub

A Virtual Hub is a Microsoft-managed virtual network. The hub is the core component of the network in a given region and there can be only one hub for Azure region. The hub contains different service endpoints to allow to establish connectivity with the on-prem environment. Creating a Virtual Hub involves the generation of a new VNet and optionally a new VPN Gateway. The Hub Gateway is not a classic virtual network gateway that is used for ExpressRoute connectivity and VPN and it is used to create a Site-to-site connection between the on-prem environment and the hub.

Figure 6 – Creating a Hub

Figure 7 -Association of the site with a Hub

The Hubs should be associated with sites residing in the same region where there are the VNet.

 

Hub virtual network connection

The resource Hub virtual network connection is used to connect the hub with the virtual network. Currently you can create connections (peering) with virtual networks that reside in the same region of the hub.

Figure 8 – Connection of the VNet to a hub

Configuring the VPN device on-prem

To configure the VPN on-prem device, you can proceed manually, or if you are using Virtual WAN partner solutions, the configuration of the VPN devices can occur automatically. In the latter case the device controller gets the configuration file from Azure and applies the configuration to devices, avoiding the need to proceed with manual configurations. It all feels very comfortable and effective, saving time. Among the various virtual WAN partners we find: Citrix, Riverbed, 128 Technology, Barracuda, Check Point, NetFoundry and Paloalto. This list is intended to expand soon with more partners.

By selecting Download VPN configuration creates a storage account in the resource group 'microsoft-network-[location]’ from which you can download the configuration for the VPN device on-prem. That storage account can be removed after retrieving the configuration file.

Figure 9 - Download the VPN configuration

Figure 10 – Download the configuration file on the storage account

After configuration of the on-prem device, the site will be connected, as shown in the following figure:

Figure 11 - State of the connected site

It also provides the ability to establish ExpressRoute connections with Virtual WAN, by associating the circuit ExpressRoue to the hub. It also provides for the possibility of having Point-to-Site connections (P2S) towards the virtual Hub. These features are now in preview.

The Health section contains useful information to check the connectivity for each Hub.

Figure 12 – Check Hub health

 

Conclusions

Virtual WAN is the new Azure service that enables centralized, simple and fast connection of several branch, with each other and with the Microsoft public cloud. This service allows you to get a great experience of connectivity, taking advantage of the Microsoft global network, which can boast of reaching different region around the world, more than any other public cloud providers.

Azure IaaS and Azure Stack: announcements and updates (October 2018 – Weeks: 40 and 41)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Advanced Threat Protection for Azure Storage (public preview)

Advanced Threat Protection for Azure Storage, available in public preview, detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit storage accounts. This feature helps customers detect and respond to potential threats on their storage account as they occur.

 

Ephemeral OS Disk (limited preview)

Limited preview of Ephemeral OS Disk, a new type of OS disk created directly on the host node, providing local disk performance and faster boot/reset time. Ephemeral OS Disk is supported for all virtual machines (VM) and virtual machine scale sets (VMSS). Ephemeral OS Disk is ideal for stateless workloads that require consistent read/write latency to OS disk, as well as frequent reimage operations to reset the VM(s) to the original state. This includes workloads such as website applications, game server hosting services, VM pools, computation, jobs and more. Ephemeral OS Disk also works well for workloads that are leveraging low-priority VM scale sets.

Azure confidential computing (public preview)

Azure confidential computing protects your data while it’s in use. It is the final piece to enable data protection through its lifecycle whether at rest, in transit, or in use. It is the cornerstone of Microsoft ‘Confidential Cloud’ vision, which aims to make data and code opaque to the cloud provider. DC-series of virtual machines in US East and Europe West are in public preview. While these virtual machines may ‘look and feel’ like standard VM sizes from the control plane, they are backed by hardware-based Trusted Execution Environments (TEEs), specifically the latest generation of Intel Xeon Processors with Intel SGX technology. You can now build, deploy, and run applications that protect data confidentiality and integrity in the cloud. The DC-series of VMs are the first set of Generation 2 virtual machines. As such, Microsoft has specially configured operating images that are required with these virtual machines (Generation 2 support for Ubuntu Server 16.04 and Windows Server 2016 Datacenter). These images are automatically used when deploying through the portal. Custom images are not yet supported. DC-series VMs will not show up in the size selector for arbitrary marketplace images, as not all images have been updated yet.

Windows Server 2019: introduction to the news for the cluster environment

October is the month of the official release of the final version of Windows Server 2019. The new server operating system from Microsoft introduces, in different areas, important new features that let you get Hyper-converged infrastructure (HCI) more reliable and flexible. To achieve this in Windows Server 2019 the cluster solution introduces a number of changes that are documented in this article.

Cluster Sets

Cluster Sets is a new technology for scale-out cluster environment introduced in Windows Server 2019. With this feature, you can group multiple Failover Clusters into a single entity to achieve greater fluidity of virtual machines among different clusters. All this is especially useful for load balancing and for maintenance, such as the replacement of entire cluster, without impacting the execution of virtual machines. In terms of management you can govern all using a single namespace. Cluster Sets do not distort the normal operating principles of traditional cluster environment (Preffered Owner, Node Isolation, Load Balancing, etc.), but remain completely unchanged, adding benefits such as Azure-like Fault Domains and Availability Sets between different clusters.

Figure 1 – Cluster Sets overview

File share witness

In clustered environment you have the ability to configure as witness the "File Share Witness" option (FSW), for which the following innovations were introduced.

It blocked the use of share of type Distributed File System (DFS). Theuse of DFS share as a File Share Witness (FSW) has never been a supported configuration as it introduces potential instability in cluster. In Windows Server 2019 was introduced a logic capable of detecting whether a share uses DFS and if so Failover Cluster Manager blocks the creation of the witness, displaying an error message saying that it is an unsupported configuration.

Figure 2 – Error message trying to configure witness on DFS share

In order to use a configuration with FSW, before the introduction of Windows Server 2019, one of the requirements to be met was that the Windows Server system that hosted the share had to be joined to a domain, and part of the same Active Directory forest. This requirement was due to the fact that the Failover Cluster used the Kerberos Authentication with the Cluster Name Object (CNO) to authenticate and connect to the share. In Windows Server 2019 you can create a File Share Witness (FSW) without using the CNO, it simply uses a local account to connect to FSW. To use File Share Witness is no longer required Kerberos authentication, the Cluster Name Object and your Active Directory environment. It follows that extend the possible usage scenarios for FSW, and it is possible to contemplate the use of, for example, NAS appliance, Windows systems not joined to the domain, etc.

 

Move the cluster in a different domain

Changing the domain membership of a Failover Cluster has always been an operation that required the destruction and recreation of the environment, with an important impact in terms of time and in operations. In Windows Server 2019 there is a specific procedure to change the membership of a new Active Directory domain of the cluster nodes, with the introduction of two new PowerShell commands:

  • New-ClusterNameAccount: creates from Active Directory a Cluster Name Account
  • Remove-ClusterNameAccount: removes from Active Directory a Cluster Name Account

The procedure requires that the nodes are first configured in Workgroup and then put in join to the new Active Directory domain. During the migration activity is required a stop of hosted workloads from the cluster.

Figure 3 - Domain Migration steps of a cluster

 

Removing the dependency with NTLM authentication

Windows Server Failover Clusters no longer uses NTLM authentication in any way, but only uses Kerberos authentication and certificate-based authentication. All this in Windows Server 2019 is natively, without the need to do special configuration, allowing to reap the resulting benefits in terms of security.

 

Conclusions

In Windows Server 2019 important investments have been made to achieve an agile OS, suitable for hybrid scenarios, more secure and allows you to deploy Hyper-converged infrastructure with outstanding features in terms of scalability and performance. Innovations like that shown in clustered environment help to ensure a better development of companies, offering fundamentals elements to support the process of innovation and modernization of the datacenter.

Azure IaaS and Azure Stack: announcements and updates (September 2018 – Weeks: 38 and 39)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Virtual machine serial console

The Azure virtual machine serial console is now generally available in all public regions. New features include magic SysRq keys, non-maskable interrupts, and subscription-wide enable/disable. More details are available in the documentation for Windows and Linux.

 

Immutable storage for Azure Storage Blobs

Financial services organizations regulated by SEC, CFTC, FINRA, IIROC, FCA, etc., are required to retain business-related communications in a Write-Once-Read-Many (WORM) or immutable state to ensure that they’re non-erasable and non-modifiable for a specific retention interval. The immutable storage requirement is not limited to financial organizations. It also applies to industries such as healthcare, insurance, media, public safety, and legal services.

To address this requirement, immutable storage for Azure Blob storage is now generally available in all Azure public regions. Through configurable policies, users can keep Azure Blob storage data in an immutable state where blobs can be created and read, but not modified or deleted.

For more details on the feature, see the Microsoft Azure blog.

 

Azure Premium Blob Storage (preview)

Azure Blob Storage introduces a new performance tier—Premium Blog Storage, complimenting the existing hot, cool, and archive tiers. Data in Premium Blob Storage is stored on solid-state drives, which are known for lower latency and higher transactional rates compared to traditional hard drives. Premium Blob Storage is ideal for workloads that require very fast access times. This includes most scenarios with a human in the loop, such as interactive video editing, static web content, and online transactions. It also works well for workloads that perform many transactions that are relatively small, such as capturing telemetry data, message passing, and data transformation.

 

Azure Availability Zones in West US 2 and North Europe

Azure Availability Zones, a high-availability solution for mission-critical applications, is now generally available in West US 2 and North Europe.

Availability Zones are physically separate locations within an Azure region. Each Availability Zone consists of one or more datacenters equipped with independent power, cooling, and networking. With the introduction of Availability Zones, we now offer a service-level agreement (SLA) of 99.99% for uptime of virtual machines.

Availability Zones are generally available in select regions.

 

Public IP prefix (preview)

A Public IP prefix is a reserved range of static IP addresses that can be assigned to your subscription. You can use a prefix to simplify IP address management in Azure. Knowledge of the range ahead of time eliminates the need to change firewall rules as you assign IP addresses to new resources. This predictability significantly reduces management overhead when scaling in Azure.

For more information about Public IP prefixes in Azure and how to use them, see Public IP Prefix.

 

Virtual network peering across Azure Active Directory tenants

Virtual network peering enables direct VM-to-VM connectivity across virtual machines deployed in different virtual networks using the Microsoft backbone. Virtual network peering is now available for virtual networks that belong to subscriptions in different Azure Active Directory tenants.

 

Azure Load Balancer: Outbound Rules for Standard Load Balance GA

This new ability allows you to declare which public IP or public IP prefix should be used for outbound connectivity from your virtual network, and how outbound network address translations should be scaled and tuned.

 

Azure Load Balancer TCP resets on idle (preview)

Azure Load Balancer supports sending of bidirectional TCP resets on idle timeout for load balancing rules, inbound NAT rules, and outbound rules. For more information, including pricing details, please visit the Azure Load Balancer TCP reset page.

 

ExpressRoute Direct 100Gbps connectivity

ExpressRoute Direct provides 100G connectivity for customers with extreme bandwidth needs. This is 10x faster than other clouds. With ExpressRoute Direct you can send 100 Gbps of network traffic to Azure services such as Azure Storage and Azure Virtual Networks. All your traffic can be on a single 100G ExpressRoute Circuit or you subdivide 100G among your business units in any combination of 40G, 10G, 5G, 2G, and 1G ExpressRoute circuits.

 

ExpressRoute Global Reach

ExpressRoute Global Reach allows you to connect two ExpressRoute circuits together. Your sites that are already connected to ExpressRoute can now privately exchange data via their ExpressRoute circuits. ExpressRoute Global Reach can be enabled on both ExpressRoute Standard and ExpressRoute Premium circuits. ExpressRoute Global Reach is available in the following locations: Hong Kong, Ireland, Japan, Netherlands, United Kingdom, and United States with Korea and Singapore coming soon. More locations will be available later this year.

 

Zone-Redundant VPN and ExpressRoute Virtual Network Gateways

To improve the resiliency, scalability and availability of gateways, Zone Redundant VPN and ExpressRoute Gateways bring support for Azure Availability Zones. With these new Zone-Redundant/Zonal Gateways, you will be able to deploy Azure VPN and Azure ExpressRoute gateways in Azure Availability Zones, thus making them physically and logically separate within a region to protect your on-premises network connectivity to Azure from zone-level failures.

 

Azure Firewall: General availability and new capabilities

Azure Firewall, now GA, offers fully stateful network and application level traffic filtering for VNet resources, with built-in high availability and cloud scalability delivered as a service. For more information, please refer to Azure Firewall documentation.

 

Shared Image Gallery (public preview)

Shared Image Gallery provides an Azure-based solution to make the custom management of virtual machine (VM) images easier in Azure. Shared Image Gallery provides a simple way to share your applications with others in your organization, within or across regions, enabling you to expedite regional expansion or DevOps processes, simplify your cross-region HA/DR setup and more. Shared Image Gallery also enables you to quickly deploy thousands of VMs concurrently from a custom image.

 

Automatic OS image upgrade in virtual machine scale sets is now generally available.

After you enable this feature for your scale sets, when a new OS image is published with the latest features, security patches, and performance improvements, your scale sets and Azure Service Fabric clusters can receive these updates automatically. The new image will roll out to the VMs in your scale sets in batches based on preconfigured health probes to check for application issues. You can monitor the status of upgrades programmatically or through an out-of-the-box experience in the Azure portal. To learn more about this capability and to start enabling it for your VMs in VM scale sets, see this documentation.

 

Azure Virtual Machine Image Builder available in private preview

Azure Virtual Machine (VM) Image Builder, now available in private preview, allows you to migrate your image building pipeline to Azure. Submit a template describing your VM source image and customizations, indicate where to distribute a bootable image, and then start building your VM images.

 

Ultra SSD, a new Azure Managed Disks offering (preview)

Ultra SSD, a new Azure Managed Disks offering for your most demanding data-intensive workloads, is now available in preview. Ultra SSDs can deliver unprecedented and extremely scalable performance with sub-millisecond latency:

  • Choose a disk size from 4 GiB up to 64 TiB.
  • Achieve the optimal performance you need per disk even at low storage capacities.
  • Scale performance up to 160,000* IOPS and 2 GB/s per disk with zero downtime.

 

Azure Stack

Service Fabric now available on Azure Stack

Azure Service Fabric is now available on Azure Stack. Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers.

 

Red Hat OpenShift and Microsoft Azure Stack together for hybrid enterprise solutions

OpenShift and Azure Stack present exciting new options for customers who use Microsoft and Red Hat technologies and offer the greatest possible flexibility and consistency where these solutions are run and managed – whether its in the public cloud or on-premises with Azure Stack. OpenShift and Azure Stack enable a consistent application experience across Azure, Azure Stack, bare-metal, Windows and RHEL bringing together Microsoft’s and Red Hat’s developer frameworks and partner ecosystems.

OMS and System Center: What's New in September 2018

In September were announced, by Microsoft, various news about Operations Management Suite (OMS) and System Center. Our community releases monthly summary that provides a general overview of the main new features of the month, in order to keep you informed on these arguments and have the necessary references to conduct further study.

 

Operations Management Suite (OMS)

Azure Automation

In Azure Automation was introduced the ability to import (package format .whl, .tar or .gz), create and run runbook in Python 2. For these runbooks it is also provided the use of Automation resources such as schedules, variables, connections and credentials. Their execution can be done either by Azure that through Hybrid Runbook Worker. To investigate this new feature you can see this article.

Figure 1 - Import of a package in Python 2

In Azure Update Manager these new features have been released:

Figure 2 – Pre/post installation tasks

  • Dynamic groups (preview): allows you to create dynamic groups of Azure VMs as targets for update deployments. These groups are defined by using query (based on Subscriptions, Resource groups, Locations and Tags) and the membership is calculated at startup of the update deployment.

Figure 3 – Dynamic groups

  • Update inclusion: allows you to specify the list of updates included, to control exactly which updates are applied during deployment.

Figure 4 – Update inclusion

 

Azure Backup

In Azure Backup support has been extended to allow protection of virtual machines that have linked up to 32 disks. The previous limit was 16 disks.

 

System Center

System Center Configuration Manager

Released the version 1809 for the branch Technical Preview of System Center Configuration Manager.

In this release are covered several improvements regarding:

  • The functionality CMPivot. It is a new utility available in the Configuration Manager console to provide real-time information on connected devices in your environment. On this information you can apply filters and groupings, then perform certain actions.
  • Product lifecycle dashboards.
  • Data warehouse.
  • Maintenance windows for software updates.

Please note that the releases in the Technical Preview Branch help you evaluate the new features of SCCM and it is recommended to apply these updates only in test environments.

 

Released the version 1808 for the Current Branch (CB) of System Center Configuration Manager. The main novelty of this update reveals the possibility of a gradual release of the software updates automatically (Phased Deployment). The button that allows you to configure this is present in the console nodes All Software Updates, All Windows 10 Updates, and Office 365 Updates.

Figure 5 – Phased Deployment creation button

 

In this interesting article are reported the announcements made during Microsoft Ignite 2018 about System Center Configuration Manager and Microsoft Intune.

 

System Center Operations Manager

Microsoft has announced that the cloud service Global Service Monitor (GSM) present in SCOM and used to monitor the availability of external web applications from different geographical locations, will be retired in November 2018. The recommendation is to use Azure Application Insights, that offers next generation advanced capabilities for web applications monitors. For further information you can consult theMicrosoft's official announcement.

 

System Center Updates Publisher

It is reported the release of a update rollup for System Center Updates Publisher (SCUP) that resolves some important issues.

 

Evaluation of OMS and System Center

Please remember that in order to test and evaluate for free Operations Management Suite (OMS) you can access this page and select the mode that is most appropriate for your needs.

To try out the various components of System Center you must access theEvaluation Center and after the registration you can start the trial period.