My Thoughts On IT…

This month, my fellow IT Pro Technical Evangelists and I are authoring a new series of articles on 20 Key Scenarios with Windows Azure Infrastructure Services.  Check out the list of articles here:
http://mythoughtsonit.com/2013/05/20-key-scenarios-with-windows-azure-infrastructure-services/. 

Web-based Distributed Authoring and Versioning, or WebDAV, is a set of protocols based on HTTP that allows end-users to map a network drive over http and edit content and files stored on the web server. When WebDAV was first offered on Microsoft server I had evaluated it and decided it did not perform well enough for me. The WebDAV extension to IIS was completely rewritten back in the Server 2008 timeframe and is worth taking a look at again.

In this article I will guide you step by step through the process of setting up WebDAV on Server 2012 in a Windows Azure IaaS environment. This will give you a solid performing file share on the internet over port 80 and the http protocol.

First you need an Azure Account. You can setup a free trail of Azure. Details can be found here:
http://mythoughtsonit.com/2013/04/step-by-step-guide-to-setting-up-a-windows-azure-free-trial/

Second Provision a Server 2012 machine. Watch a video of what to do here:

Third open port 80 to this new server:

1. In the Azure Portal select your 2012 server and choose the “ENDPOINTS” tab on the top.
   
2. Click “ADD ENDPOINT” at the bottom of the screen
   
3. Enter the ENDPOINT information for port 80 to port 80
4. Done.

Next we need to install the IIS Webserver and WebDAV.

Installing WebDAV on IIS 8.0

1. Start Server Manager and go to “Add Roles and Features”
2. Under Server Roles – add the Web Server (IIS) Role
   
   
   
3. Click through the wizard until you come to the Role Services section. Then find and select “WebDAV Publishing” and “Windows Authentication”
   

   
   

4. Click Next and then Install
   
   
5. When the Install is finished you are ready to move on to the next section.
   

Configuring IIS 8 for WebDAV

1. After the installation finishes you need to configure the box for access. Start the IIS Manager tool. Choose the “Default Web Site” on the left side. Then click on “Authentication”

   
   

2. Open the Windows Authentication option and enable it.

   
   

3. Open the “WebDAV Authoring Rules”

   
   

4. Create a WebDAV rule. I choose to allow all users access to all content. A better security practice is to limit what users can use the service. It’s your data so you decide.

   
   

5. Make sure WebDAV is enabled and that your access rule is set:
   
   
6. That is it… Now your ready to access your WebDAV file share!

Test and insure you can hit the web server by using your browser:

• Because you opened port 80 and installed IIS 8 you should see the default web page when you browse to your servers internet DNS name. Example: http://YourDomainName.cloudapp.net/

  

How to map a drive to your WebDAV server:

There are two ways I use to connect to the WebDAV server

How to map a drive to your WebDAV server from the Win 8 GUI:

1. From Windows Explorer, right click on “Computer” and select “Map a network drive”

   
   

2. Map your network drive by entering the address to your server
   Example: http://YourDomainName.cloudapp.net/
   I selected “Connect using different credentials” because my workstation was not joined to the server in anyway and I needed to use an account in the servers local SAM database.

   
   

3. Hit “Finish” and enter your credentials.
   
   
4. Now you will have a connected drive that you can access from Windows Explorer or any tool via the drive mapping.
   

How to map a drive to your WebDAV server from a CMD box:

1.  Hit Windows Start and type: CMD <enter>

2.  Enter the command: net use [drive letter] [URL]
     Example: net use E: http://YourDomainName.cloudapp.net/

This just in…

The demand has been so great for more information about using Windows Azure Infrastructure Services as an extension of your datacenter and IT Operations, that we’ve decided to schedule a few more FREE events to close out the end of our fiscal year here in Central Region Microsoft US DPE.  The four of us (Kevin Remde, Keith Mayer, Matt Hester and I) are holding events at four locations at the end of this month (and one in mid-June):

• Southfield, MI (Detroit), May 21, 2013, and
• Irving, TX (Dallas), May 30, 2013
• Edina, MN (Minneapolis), May 31, 2013, and
• Downers Grove, IL (Chicago), June 13, 2013

Each of these days will be made up of two half-day events on two different topics, giving you three different registration options.

“Huh?”

You can register for the morning session.  You can register for the afternoon session.  OR you can register for the full-day.

“Cool.  What are the topics?”

I’m glad you asked…

Morning Topic: Using Windows Azure as a server and datacenter backup solution – Windows Azure Backup.  We’ll talk briefly about, and then walk through a hands-on example (you will follow along and do this on your own computers) of enabling, configuring, and leveraging Windows Azure Backup.

Afternoon Topic: Building a Microsoft SharePoint 2013 lab entirely in Windows Azure.  Again, at the end of this you will have a Microsoft SharePoint 2013 lab configured in your own cloud based lab in Windows Azure.

As I said, you can register for either one, or register for the full day.  PLEASE just register one time, so that we can get an accurate estimate of attendance.

Okay, here are the registration links:

May 21 – Southfield, MI

• Register for the Morning Session on Windows Azure Backup
• Register for the Afternoon Session on configuring a SharePoint 2013 Lab in Windows Azure
• Register for the full day (instead of one of the above scenarios you get both )

May 30 – Irving, TX

• Register for the Morning Session on Windows Azure Backup
• Register for the Afternoon Session on configuring a SharePoint 2013 Lab in Windows Azure
• Register for the full day (instead of one of the above scenarios you get both )

May 31 – Edina, MN

• Register for the Morning Session on Windows Azure Backup
• Register for the Afternoon Session on configuring a SharePoint 2013 Lab in Windows Azure
• Register for the full day (instead of one of the above scenarios you get both )

Downers Grove, IL

• Register for the Morning Session on Windows Azure Backup
• Register for the Afternoon Session on configuring a SharePoint 2013 Lab in Windows Azure
• Register for the full day (instead of one of the above scenarios you get both ) (and you get me)

Space is limited, so register early.  And make sure you heed the requirements prior to coming.  You’ll need at least some Internet and Remote-Desktop capable hardware, and a Windows Azure subscription.  (Get a free 90-Day Trial here)

See you there!

From time to time as the Azure team updates the offerings in the Azure portal I have seen various strange issues. The one I ran into today was that many domain names where already taken when I went to create a new VM. brianlewisabc1234500000.cloudapp.net was taken as well as the shorter versions of this name were all taken. I tried several other domain names, which I kept adding zeros to the end or ‘abcd’ to the end, but were still all failing validation like they were taken. I kept getting the response that “The DNS name that you specified is already in use.” This was occurring far to often to be real. I am just not that unlucky that the 50 different strange names I tried were not unique. It was worse than when I try to get an email name on hotmail.

Here is the dialog I was receiving:

Here is the solution to this and other Azure Portal issues:

1. Logout of the Azure Portal website
2. Clear your browser’s cache
      
3. Login to the Azure portal and all should work!

I believe the issue here is that there are new components to the Azure portal but your browser still has old components cached and that causes the problems. My new best practice is to clear the browser cache before logging into the Azure portal. Hope this may save you some trouble shooting!

-Brian

This month, my fellow IT Pro Technical Evangelists and I are authoring a new series of articles on 20 Key Scenarios with Windows Azure Infrastructure Services.  Check out the list of articles here:
http://mythoughtsonit.com/2013/05/20-key-scenarios-with-windows-azure-infrastructure-services/. 

For today’s post I will cover the steps to put a Domain Controller in Windows Azure for Disaster Recovery. This DC can actually serves two purposes, first it is a full copy that give us an offsite copy of AD, second it can be used for servers in Azure so they don’t have to travers the WAN.

Let’s clear up some confusion first, the Active Directory tab in the Azure portal is for Windows Azure Active Directory. Windows Azure AD is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. It is similar to Active Directory Lightweight Directory Services and does not offer Disaster Recovery for your AD environment. It can sync users with your corporate AD and provide a single sign on solution with ADFS. It is useful for your developers when building custom applications. You can read more on Azure AD here: http://www.windowsazure.com/en-us/home/features/identity/

What we need to is create a full blown Active Directory Domain Controller up in Azure. To accomplish this we will create a Virtual Machine.

To extend our Corp at to Azure we will treat it just as if we were building a server in a remote datacenter with one change to watch for. The fundamental requirements for deploying Windows Server Active Directory on Windows Azure Virtual Machines is the same as deploying AD from on-premises with one change. We need to install the AD database on a different disk other than the C: drive. We will create an Azure data-disk and attach it as drive E:. This is where we will store both the AD database and the SYSVOL.

Why store AD on a different drive?
Windows Azure provides two distinct disk types for virtual machines. Azure offers an “Operating System-disks” and “Data-disks.” Data-disks use write-through caching, guaranteeing durability of writes — this is fundamental to the integrity of any Windows Server Active Directory forest that has more than a single domain controller because the loss of a single write can affect the entire distributed system rather than just a single machine.

Overview of the Steps to Create an Active Directory DC in Azure

1. Link the Networks with a site to site VPN. (See how to do that with Server 2012 here)
2. Configure your AD Sites with a new site
3. Create a Windows Server VM (Config DNS to read from a DC)
4. Join the Server to the Domain
5. Promote the Server to a Domain Controller
6. Pour yourself a Fresca

For this post I originally wanted to do a step by step guide instead of this overview. I began, how most Microsofties begin, I  “Bing’ed” what was currently available on this topic. What I found was that a fantastic step by step article already existed. My co-worker, fellow Microsoft IT Pro Evangelist Keith Mayer, already has created a great step by step guide below:

Detailed Step by Step guide to extending AD to Azure – by Keith Mayer
http://blogs.technet.com/b/keithmayer/archive/2013/01/20/step-by-step-extending-on-premise-active-directory-to-the-cloud-with-windows-azure-31-days-of-servers-in-the-cloud-part-20-of-31.aspx

If you are interested in more details on guidelines and options for deploying Active directory in Azure be sure to check out the Microsoft documentation:

Guidelines for Deploying Windows Server Active Directory on Windows Azure Virtual Machines
http://msdn.microsoft.com/en-us/library/windowsazure/jj156090.aspx 

-Brian

In Windows Azure the Virtual Network has provided you with the capability to extend your network into Windows Azure and treat deployments in Windows as a natural extension to your on-premises network. This is the same as when you connect to a remote office with a site to site VPN. Now there is more, I just found out that a few weeks ago the Azure team added in a Point to Site VPN connectivity option. This new feature that allows you to setup VPN connections between individual computers and a Windows Azure virtual network.

While there are several use case scenarios, I like this feature because of the security it adds to managing my Azure Management. Previously to this feature I would manage my Azure servers by connecting to them over an RDP connection on the internet. I had to hope that someone didn’t guess or crack my RDP password. That didn’t give me the warm and secure feeling that I want because as I have written before Passwords Suck. With the new feature I have my Azure network that I VPN into and then I RDP to my server. I removed the ability to RDP in directly from the internet. The VPN connection uses a certificate and not a weak password which further protects against a man in the middle attack. This VPN tunnel uses the Secure Sockets Tunneling Protocol and can automatically traverse firewalls and proxies, while giving you complete security.

Here’s a visual representation of the new point-to-site scenarios now enabled:

How to Enable the Point-to-Site Functionality

To enable this functionality there are several steps that you need to do. It isn’t as easy as just clicking a check box. You need to:

• Setup your Azure Network
• Enable Site to Point connectivity in Azure Portal
• Add a gateway subnet
• Create your routing gateway
• Create a root self signed certificate
• Create a client certificate
• export both certificates
• Upload the root cert to Azure via the portal
• install the client certificate on the workstations that will VPN in
• From the Azure portal create the client VPN package
• Install the client VPN package on client VPN machines

Now your ready to VPN into your Azure network!

For detailed instructions on how to do all of the above please read our Tutorial on how to “Configure a Point-to-Site VPN in the Management Portal”

Welcome to May 2013!!! This month my team will be writing a blog post series about 20 Key Scenarios you can do with Windows Azure Infrastructure Services (IaaS). This is the Microsoft Azure offering where you can spin up Virtual Machines on our servers in our datacenters.  It is extremely flexible and shows you the agility of the cloud.

Give it a try for free – Step by step guide to setting up a windows azure free trial

I have always been impressed with the WAN compression technology that Riverbed offers. Wan compression can save you lots of bandwidth and speed up your network at the same time. This can save you money or make your slow WAN connections usable.

I just read a really interesting whitepaper that charted the effectiveness of using two Riverbed Steelhead appliances with Hyper-v Replica to reduce the amount of traffic as you replicate server changes from a primary server to your replica server.

If you have seen me demo Hyper-v then you have most likely seen me demonstrate Hyper-v Replica. I often refer to it as poor man’s geo clustering, because it is similar to the geo replication you can do with two SANs, but it costs about $230,000 less. It is included in Windows Server at no additional charge.

The primary scenario for of Hyper-V replica is for disaster recovery. With Hyper-V Replica all of the changes from a primary virtual machine are replicated to another host server. This replication occurs every 5 minutes so there is a possibility of up to 5 minutes of data loss. Not as good as a real-time replication engine that waits for commits from the remote system but way better than going to last nights tape backup. If something happens at the primary site you just startup the replica VM.

In Hyper-v Replica we can compress that data that is copied between the two host servers but if you add in a Riverbed appliance it delivers amazing reduction in traffic. Over and above the built-in compression technology provided by Hyper-V Replica, the Riverbed devices were able to reduced traffic by up to 98% with 70% being typical for sustained and varied workloads. Wow! That is awesome!

Check out the Whitepaper, the link is:
http://www.microsoft.com/en-us/download/details.aspx?id=36786

I hope you find it as interesting as I did.
-Brian

I found some global tablet shipment numbers today on http://microsoft-news.com. I always enjoy looking at the raw numbers for myself to see what trends I can find. Numbers can always be spun for example I could point out that Apple iOS grew it’s shipments by 7.7 million devices or I could point out that Apple iOS dropped 14.9% Market share.

In just 6 months of Windows 8 tablets releasing, Microsoft has obtained 7.5% of the market with 3 million Windows tablets shipping in Q1 2013. Is that spin? You decide.

*Shipments are in Millions of units

I came across an interesting article on computer security today. There are 3 things I found notable about it.

1. The Chinese government had an “a-team” of hackers try to access information at Microsoft to see what information the US government court ordering Microsoft to deliver on their undercover operatives. Presumably because this would attract less attention than hacking the FBI.
2. Security continues to grow as an area of concern in computers. There is no end of unexpected system exploits in sight. There is no room for complacency in cybersecurity.
3. Computer security is the new arms race where governments are involved.

In my view, the acceptance of cracking into systems as a legitimate and legal occupation along with the deep pockets of government funding will ultimately have a huge impact on the internet. I haven’t drawn a conclusion on what it will cause but I am sure it will be significant.

Read the article from CIO magazine here:
http://www.cio.com/article/732122/_Aurora_Cyber_Attackers_Were_Really_Running_Counter_Intelligence