A fellow MVP Andy Syrewicze and Eric Siron wrote a Hyper-V Security book. the book is a guide on how to defend your virtual environment from attack.
The book covers securing the Hyper- Hosts, the Virtual Machines, the Network and the Storage as well as how VMM in play changes the security approach.
You can buy it at http://www.amazon.com/Hyper-V-Security-Eric-Siron-ebook/dp/B00RP13BOY/ref=asap_bc?ie=UTF8
A fellow MVP Steve Buchanan and Savision just launched a new whitepaper regarding Service Management and the Private cloud. The whitepaper sets out to define private cloud, the layers of private cloud, and those layers within which service management operates. It also explores having ultimate visibility into your organization’s business services. Business services discussed in this paper consist of configuration items (CIs), monitoring, and application maps; they are underpinned with incident, change management, and modern day self-service. In addition, the whitepaper explores the integration between Operations Manager and Service Manager, and the role Savision Live Maps plays in this area.
You can download it here: http://www2.savision.com/l/12082/2015-01-16/q32vf
I am presenting two amazing sessions showing what’s new in Hyper-V vNext and how to migrate your workloads to Azure, from VMware, AWS and Hyper-v. Don’t miss out this unique opportunity! It is time again for the annual MVP event across Asia Pacific. Register now for this Free Event. [Limited seats]
My heartfelt thanks Microsoft. Once again and for the past 7 years, I am tremendously honoured to receive the distinguished Microsoft MVP award, particularly given the select group of experts who are recognized.
A big thank you to Ben Armstrong, Sarah Cooley and the Hyper-V team.
“The Microsoft MVP Award recognizes inspiring, trusted, and independent experts from around the world who voluntarily share their passion and knowledge of Microsoft products with others.
… MVPs represent nearly 100 countries, speak over 40 different languages, and are awarded in almost 90 Microsoft technologies. Together, they answer more than 10 million questions each year.
Of the more than 100 million social and technical community members worldwide, only small portion are recognized as MVPs. As part of their award experience, MVPs are invited to share their feedback through direct interactions with Microsoft product group teams.”
I’m really looking forward to 2015 as it is promising to be a very exciting year with the release of Windows Server and System Center vNext looking to be one of the best versions ever launched.
Note sent by Microsoft:
Thank you for your exceptional contributions to technical communities! It gives us great pleasure to present you with the Microsoft Most Valuable Professional Award for the technical expertise you generously provide to others. By sharing your knowledge, experience, and objective feedback, you inspire and help people to solve problems and discover new capabilities every day. We are honored to welcome you as a Microsoft MVP.
Corporate Vice President
Once again, THANK YOU! It is great to be awarded for something you love to do and it is a great motivation to continue contributing to the community.
Recently Microsoft released the preview version of their next release of Windows Server, Hyper-V and System Center as did Savision with Live Maps for System Center.
Note: This blog post was first published here : http://www.savision.com/resources/blog/installing-system-center-opsmgr-vnext-and-savision-live-maps-part-i-mvp-alessandro
To start, make sure of the following:
- You installed the SQL Server 2014 as the database server for the System Center vNext preview edition. To note, I run into SQL connectivity issues when I tried to use an SQL 2012 version, with a message stating that I did not have a compatible version of SQL installed. Whereas the documentation says that SQL 2012 is supported for vNext preview it is not the case.
- If the SQL Server is installed on a dedicated machine (recommended), that the host firewall is configured to allow inbound connections on port 1433 (SQL) , 80(http) and 443 (https)
- You installed Reporting Services (SSRS), Analysis Services and Full Text Search as it is required by Operations Manager.
- You created an account to install System Center and it is member of local administrators. For this post, I created an account named “sc-admin”.
- Logon on the machine you plan to install System Center with the “sc-admin”
The “sc-admin” account has permissions to create a database in the installed SQL server. You can achieve this by either adding the account to the SQL server administrators when install SQL Server, of by adding the account using SQL Server Management Studio, by expanding Security->Logins and then creating a new login, adding the “sc-admin” account and selecting “sysadmin” as permission under Server Roles (preferable). You can also, if security is a concern, create a OperationsManager database and give the account DB Owner (dbo) permission.
If the credentials you are using to install do not have permission to create the database you will receive the following message:
The SQL Server Agent is started and set to automatic:
Or else the following error will appear when the Reporting Services configuration times come in the Operations Manager installation wizard.
Quick Note: You will notice that although you are installing System Center Operations Manager vNext, the initial screen will show 2012R2 :)
To initiate the installation, click on Install and the Preview logo will appear
I also recommend selecting the Download the latest updates to the setup program checkbox.
Select the System Center features you want to install. For this post, I am selecting: Management Server, Operations Console and Reporting Server. Click Next to continue.
In the Select Installation location, provide the path for Operations Manager installation and click on Next.
Your system will now be checked for hardware and software against System Center requirements. If some requirements are missing it will appear on the screen for your resolution.
The below example, Report Viewer is missing. To fix the issue, click on the to expand
Note that in the above example there are two warnings: the first one about the system not having the recommended 4GB of memory and the second one about a pending restart. As I am installing this for a demo purpose, I can safely ignore the 1st warning, but I will have to click on Cancel and restart the machine in order to proceed the installation.
Click on the link to download and install Report Viewer
- If no error is reported, click on Next to continue.
In the Specify the installation option, select Create the first Management server in a new management group and provide the name. For this post I am using the name “lab” for the management group name.
Click on Next to continue and accept the License terms and click on Next to proceed.
In the configure operational database, type the SQL server name and port (if different for the default 1433)
Click on Next to progress and to the next step where you will need to provide the Data Warehouse database configuration
- Click on Next to continue and in the next step confirm the SQL Server instance that is running the SQL Reporting Services and then click on Next to proceed.
In the Configure Operations Manager accounts, provide the accounts details and click on Next to proceed.
In the Help improve Operations manager, select the desired options and click on Next to proceed.
In the Update screen select the desired option (On is recommended) and click on Next to proceed.
On the Installation Summary, click on Install and wait for the installation to complete.
Now we have System Center Operations Manager successfully installed.
Identity and Access
Controlling who can access which resources is key for Cloud projects. Recently I was talking with a customer that has external users (partners) and internal users and the ability to centralize and manage the access for those users is essential.
Azure provides ways for customers to federate user identities to Azure Active Directory as well as enabling Multi-Factor Authentication and the new Role Based Access Control (RBAC) features can be used to restrict access and permissions for specific cloud resources.
To help detect suspicious access, Azure Active Directory offers reports that alert you to anomalous activity, such as a user logging in from an unknown device. In addition, operational logging and alerting capabilities can notify customers if someone stops a website or if a virtual machine is deleted. It is possible also to use an on premise System Center Operations Manager to monitor the availability and performance of resources that are running on Windows Azure.
The reports provides up to 30 days of data representing key changes in the directory, providing the action, timestamp, the user/application that performed the action, and the user/application on which the action was performed.
With new VNET-to-VNET connectivity, multiple virtual networks can be directly and securely linked to one another. In addition, ExpressRoute is now generally available, enabling customers to establish a private connection to Azure datacenters, keeping their traffic off the Internet. Building on those enhancements, Microsoft also introduced Network Security Groups for easier subnet isolation in multi-tier topologies.
Azure uses industry-leading capabilities, including recent enhancements to TLS/SSL cipher suites and Perfect Forward Secrecy, to encrypt content flowing over the internet between the customer and the Azure service
Microsoft is committed to advancing cloud security with a goal to not only meet, but exceed the level of protection most enterprises have in place on-premises or in their own datacenters. For the latest information on security features and best practices, visit the Microsoft Azure Trust Center.
Azure RemoteApp delivers Windows Server session-based applications from Azure.
Azure RemoteApp, enable users to access corporate applications from anywhere and on a variety of devices, scale up or down to meet the dynamic business needs without large capital expense or management complexity, and centralize and protect corporate applications with the security features and reliability of Azure.
Azure RemoteApp will be generally available on December 11, 2014. Azure RemoteApp instances created during the current public preview period will continue to function as they do today. These instances will automatically transition to a 30-day free trial on December 11, 2014. The limit of two app collections and 10 users per instance will continue to be enforced during the free trial period. To remove these limitations, you can exit the free trial at any point and be charged the rates detailed on the Azure RemoteApp Pricing Details webpage.
For more information, please visit the Azure RemoteApp webpage. For a comprehensive look at pricing, please visit the Azure RemoteApp Pricing Details webpage.