Microsoft released System Center 2016 TP4

Microsoft today announced the release of Windows Server 2016 and System Center 2016 Technical Preview 4.


This new build includes new features that enables hybrid datacenter solutions.

Running at cloud scale also produces technology innovation for management. System Center 2016 brings cloud learnings to the datacenter, enabling seamless management of complex environments. Moving into the hybrid world, System Center 2016 combines with Microsoft Operations Management Suite to provide an integrated, 360-degree view across any cloud, any operating system, from infrastructure to applications. Management anywhere means IT has the ability to take robust data about system performance, security, and emerging issues and turn that into action as rapidly as possible. With management tools designed to handle complexity, IT can allow for more agility in the environment as a whole. Core enhancements in System Center 2016 Technical Preview 4 include:

  • Advanced software-defined datacenter support for Windows Server 2016 including new technologies such as patching of hosts while provisioning, simplified logical network creation, scale-out file server with Storage Spaces Direct and SAN storage automation, and improved storage monitoring.
  • Protecting customer IP through shielded VM’s and Guardian Host deployment and management
  • Easy to use monitoring improvements in Operations Manager through data-driven management of alerts and enhanced visualization

Download Windows Server 2016 Technical Preview 4:

Download System Center 2016 Technical Preview 4:


Microsoft Windows Server 2016 TP4 released

Microsoft today announced the release of Windows Server 2016 and System Center 2016 Technical Preview 4.


This new build includes new features that enables hybrid datacenter solutions.

The three main features: Hyper-V Containers, Software-defined datacenter capabilities and increase agility and Enhanced management capabilities:

Hyper-V: Now includes an early preview of nested virtualization, along with Direct Device Assignment, and improved PowerShell support for VM upgrades. Nested virtualization can be used in dev and test scenarios and is a key enabling technology for Hyper-V Containers.

  • Networking:  high availability for the network controller, better East-West load balancing, enhanced container networking, and support for live migration. New: Virtual Machine Multi-Queue to enable 10G+ performance.
  • Storage:  Storage Spaces Direct to support all-flash configurations with NVMe SSD and SATA SSD devices, and Erasure Coding for increased storage efficiency. Also in this release, support for Storage Health Service provides easier health monitoring and more streamlined operations, with a single monitoring point per cluster. Storage QoS now supports adjusting the normalization size of the algorithm from the current default 8 KB settings. Additional enhancements are designed for increased control, such as maximum bandwidth settings for a VHD/X.
  • Security: Enhancements to shielded VMs and the Host Guardian Service are directed toward ensuring readiness for production environments. Just Enough Administration, which limits administrator rights for additional security, has been expanded to domain controllers and server maintenance roles.


Make innovation easier with Windows Server 2016 and System Center 2016 Technical Preview 4.

Core enhancements in System Center 2016 Technical Preview 4 include:

  • Advanced software-defined datacenter support for Windows Server 2016 including new technologies such as patching of hosts while provisioning, simplified logical network creation, scale-out file server with Storage Spaces Direct and SAN storage automation, and improved storage monitoring.
  • Protecting customer IP through shielded VM’s and Guardian Host deployment and management
  • Easy to use monitoring improvements in Operations Manager through data-driven management of alerts and enhanced visualization

Download Windows Server 2016 Technical Preview 4:

Download System Center 2016 Technical Preview 4:


Savision just released their newest version of Live Maps Unity

November 13, 2015 1 comment

Savision just released their newest version of Live Maps Unity. Live Maps Unity 7.5 comes with new features. In this last release, Savision is adding more functionality on ways to proactively monitor business services. Besides the advanced SLAs monitoring, another great feature added to Live Maps Unity 7.5 is the new Web Portal. Savision will be hosting two webinars to introduce the new features and show you how they work so you can get the most out of your System Center environment.

Savision’s co-Founder and VP of Product Management, Dennis Rietvink will be hosting the webinars.

Register for the webinars and find out more about the new features:

– Advanced Service Level Agreement Monitoring

With this new feature, you can have more control over your SLAs as you will receive proactive notifications when they are in danger of being breached.

Application Component Availability. Image source: Savision

– Brand New Web Portal

Get end-to-end service visibility and track interconnected infrastructure and applications from any mobile device, anywhere you are. Live Maps Unity is now Silverlight free.

Register now for any of the webinars:

  • EU Webinar – Wednesday, November 25th, 3:30 pm CET / 9:30 am EST
  • US Webinar – Tuesday, December 1st, 8:00 pm CET / 2:00 pm EST

Savision will also be raffling a pair of HiFi Philips headphones amongst the attendees of the webinars.  To register for the webinars, click here.

Identity Management and People Ready business

Nowadays we often see an increasing business requirements to promote the integration between their applications. I’ve seen that happening a lot in the construction, education and health industries where integration and collaboration are essential to enhance an increase in productivity, but it is happening across all industries.

 identity article

Identity, productivity and management are converging and with customers moving to cloud, hybrid identity is the new control plane for the enterprise allowing users to access applications with a single identity.

 Identity is the peace that is common across productivity tools and apps, be it on-premise or cloud apps.

Identity and Access Management is also the key to work more effectively with remote employees, external partners and across business units. However, all too often this leads to an increase of business risks and challenges due to:

  • isolated technology initiatives being deployed to solve point in time issues
  • inadequate planning and identity strategy, as well as,
  • ineffective controls in managing the internal and external identities to ensure privacy and legal and regulatory requirements.

An Identity and Access Management solution should:

  • Be business-driven,
  • Provide real business value with concrete benefits by reducing cost and improving productivity
  • Improve awareness to the business, resulting in reduced dependence on support with facilities like automated workflows, self-service portals and delegated administration.
  • Be able to reduce the business risk, eliminating multiple identity stores and multiple administration points, providing a single administration point and the ability to present multiple data views from a single identity store, reducing replication and synchronization while providing Single Sign-On, Security and compliance fulfillment

Identity and Productivity

To be successful in their work employees need an efficient and intuitive way to access the business applications and better collaborate, while the business needs to ensure that collaboration is taking place within the bounds of internal and external regulations, business policy, process and security.

Identity in an End-to-End Scenario

Inside the corporate network users can access all the applications they need. But how can they have access when they’re not at work?

A successful Identity Management solution should allow for end-to-end scenarios that complement business technology investments.  It should allow the business to grant or block users access to sensitive applications to/from outside their physical boundaries. It should also enable users and partners to access corporate business applications which could be hosted outside or inside the corporate network in a selective and secure way.

With public cloud adoption sky rocking, the organizations need to ensure that cloud integration scenarios are in place as users expect to work from anywhere, on devices of their choice and they require access to business critical applications which could be hosted on premises or in the cloud.

Also, integrated with a client management solution, it should allow the business to block access to corporate resources when users leave the organization and/or when users’ devices are lost or stolen and the management of application access and application grant/removal access through.

Identity and Security

Identity Management solutions should address risks to critical assets by enhancing and expanding the available protections for enterprise identity. It needs to ensure it is resilient to attacks and aligns with the business security requirements. It also must identify the key components of identity management and provide effective procedures to manage security across the environment. It does not matter if it is an on-premises, a hybrid or a public cloud deployment.

The Identity Management architecture should aid as a model, be real-world, effective, consistent and manageable. It should address security, audit, confidentiality, compliance, monitoring and integrity with a centralized Identity Management repository.


Identity Strategy

The Identity strategy should be used to redesign processes and workflows, identify opportunities for automation and correct control weaknesses.

An Identity strategy can enable you to overcome challenges like

  • Improving Operational Efficiency (Data/application availability, permissions, password resets)
  • Reducing Security Risks (A good percentage of users recycle old passwords while others still writing them down)
  • Meeting Regulation Requirements (Implementing business process/policies to meet regulations)
  • Enabling Business Objectives (Improving relations with partners/customers and driving business decisions closer to LBDM’s)

Business strategy pinpoints:

–        Understanding the objectives of the Identity Management solution

–        Understanding the success criteria alongside which initiatives will be measured

–        Overall business benefits anticipated, such as enhanced process, improved service delivery and productivity and cost reduction

–        Inherent risks of the strategy, which are often related to reengineering the business processes that requires organizational changes (culturally and politically)

–        Cross-organizational cooperation to implement the strategy

–        Multi-Factor Authentication due to security requirements

–        Application Integration

–        Analytics

–        Reporting

What are Microsoft’s three major investment areas for the Identity Manager vNext release? 

  • Hybrid scenarios that leverage cloud-based services delivered in Microsoft Azure, including Multi-Factor Authentication, Azure Active Directory application integration, analytics and reporting
  • Support for the latest platforms and mobile devices with modern user interfaces
  • Improved security with additional controls, analytics and auditing of administrative and privileged user identities and their access to Active Directory, Windows Server and applications

Microsoft Identity Management benefits

  • Common identity. Simplify identity lifecycle management with automated workflows, business rules and easy integration with heterogeneous platforms across the datacenter and cloud. Automate identity and group provisioning based on business policy and implement workflow-driven provisioning through a single interface. Extend MIM to support new scenarios through the Visual Studio and .NET development environments.
  • Enable users. Allow users to self-remediate identity issues, including group membership, smart card and password reset functions. An easy-to-use interface delivers increased productivity and satisfaction
  • Protect data. Discover and map permissions across multiple systems to individual, assignable roles. Use role mining tools to discover permission sets for users across the enterprise to be later modeled and applied centrally. Increase visibility into compliance and the security state of systems across the organization with in-depth auditing and reporting
  • Unify access. The Identity solution should reduce the number of usernames and passwords needed to login. Ensure admin accounts are only going where they need to go and doing what they need to do. Groups can automatically update their membership to ensure only the right people have access to your resources


Don’t wait. Get started now. Let me know how can I help you. I am looking forward to a broad and deep discussion with your business. If this is something I can help your organization then please reach me out at, @cloudtidings or leave a comment here

Is Security a cloud benefit or a shared responsibility?

November 9, 2015 3 comments

Cloud adoption is skyrocketing and there is no doubt about it, with more and more customers realising its benefits: costs, flexibility, availability, etc.

But how about security? Is security a cloud benefit?  Well, sort of. By migrating your systems to a public cloud you certainly be assured that the providers are substantially invest on security measures, policies and certifications to guarantee the underlying infrastructure is a safe place for you to store your data and run your applications. But it stops there.

The conversation you should be having with your cloud provider is not if they are secure. They are! They have all the industry standards and certifications to guarantee that. What you should be asking is if they have real-time data, metric and resources to enable and help you to protect your company data.

The security boundaries are limited to the infrastructure of the public cloud. It is your business responsibility to make sure that your application runs safely and your data is protected and some business don’t get it.


Last week when attending a session at the MVP Summit with Brad Anderson about Identity and cloud, I realised how fragile is the conversation that is happening between organisations and the cloud providers – customers are adopting cloud with security in their mind set (In a recent study of IT decision makers by BT, more than three quarters of the respondents (76%) said that security is their main concern when it comes to cloud-based services and). But many of those customers are putting the responsibility to protect their data, solely on the public cloud provider and that is mistake that needs to be addressed.

Let’s take the example of a customer that migrated their email and documents to the cloud: among others benefits, data availability (anywhere, anytime, any device) is in my opinion one of the great cloud realisations. But the data availability also brings a security risk to organisations if they don’t invest on securing and protecting their data from non-authorised access.

Employees who access privileged company data from public Wi-Fi for example are susceptible to all sorts hackers and they have a high risk of having their device compromised. Have you thought about that? Does your company have VPN or other security measures for external access to the company data?

Also, a password only to protect someone from logon on your computer is not sufficient to protect any data you have on it. Is your company making use of solutions to encrypt the local disk? Does your company have policies in place to prevents that company data is not stored locally on your computer?

And how about your mobile? Ransomware is on the rise, with hackers taken over an entire system, holding it hostage until a fee is paid. Take the Whatsapp example – in August 2015, hackers discovered a bug that enabled them to infect devices for those utilising the web version of the app. On another example, you may recall that Lenovo faced trouble earlier this year, when it found that some of its mobiles and notebooks were sold with pre-installed spyware (According to G DATA researchers it happened somewhere along the supply chain by an outside party). The same problem happened with Huawei, Xiaomi and others.

By not having security measures on your mobile, you could let a thief to access your personal and company data if it gets stolen or lost –

  • Do you have a pin to protect your mobile?
  • Is your PIN strong enough or something like 1234 or 0000 or your birthday?
  • If you search yourself on the internet can any of the information led to your password or PIN?
  • Is your company using a device management solution?

A couple of months ago, when running a workshop to architect a solution for a customer to migrate their email to the cloud, I heard incredible the request of their IT manager: “whereas cloud concerns, the solution we want should encompass that some groups of employees should only have access to company email if they are physically connected to our network and data access should be protected from unauthorized people and devices.”.

First you will think that in the cloud times, requests to not allow the data from being accessed outside the company network would not make sense and it is a weird request, as one of the benefits of having the email in the cloud is actually being able to access it elsewhere from any device, right? But the reason is simple: they realised that migrating their email to the cloud, did not mean that their security measures and policies to protect their most precious asset: their customer’s data should not be in place. Their request was true and valid and it got me by surprise as a very few customers really understands that security in the cloud is a shared responsibility.

Security is one on the key concerns when a business decides to migrate to a public cloud and although most of them understand that the level of risk mostly relates to the behaviour and culture of their employees, some still don’t have strict policies in place and lack data access controls, which poses a high risk on their main asset: their data.

I have large experience in Security, Cloud and Datacenter Management. Reach me out and we can organize a workshop for your business at

More info on the main public cloud providers security compliance:

Hybrid Cloud Computing with Microsoft and Red Hat

November 5, 2015 1 comment

Microsoft and Red Hat announced a partnership that will help customers embrace hybrid cloud computing by providing greater choice and flexibility deploying Red Hat solutions on Microsoft Azure.

redhat-msRed Hat Enterprise Linux will be the preferred option for enterprise Linux workloads on Microsoft Azure.

Microsoft Azure will become a Red Hat Certified Cloud and Service Provider, enabling customers to run their Red Hat Enterprise Linux applications and workloads on Microsoft Azure. Red Hat Cloud Access subscribers will be able to bring their own virtual machine images to run in Microsoft Azure.

Customers will be offered cross-platform, cross-company support spanning the Microsoft and Red Hat offerings in an integrated way, unlike any previous partnership in the public cloud. By co-locating support teams on the same premises, the experience will be simple and seamless, at cloud speed.

Red Hat CloudForms will interoperate with Microsoft Azure and Microsoft System Center Virtual Machine Manager, offering Red Hat CloudForms customers the ability to manage Red Hat Enterprise Linux on both Hyper-V and Microsoft Azure. Support for managing Azure workloads from Red Hat CloudForms is expected to be added in the next few months, extending the existing System Center capabilities for managing Red Hat Enterprise Linux

In addition, Expanding on the preview of .NET on Linux announced by Microsoft in April, developers will have access to .NET technologies across Red Hat offerings, including Red Hat OpenShift and Red Hat Enterprise Linux, jointly backed by Microsoft and Red Hat. Red Hat Enterprise Linux will be the primary development and reference operating system for .NET Core on Linux.


Cloud domain controller as a services with @Azure AD Domain Services @microsoftenterprise

That’s right Cloud AD as a services. A fully managed domain by Microsoft : Azure AD Domain Services to manage Azure IaaS workloads.


Azure AD Domain Services It’s a cloud based service which gives you a fully Windows Server Active Directory compatible set of API’s and protocols, delivered as a managed Azure service.

You don’t need to provision a Virtual Machine running Domain Controller on Azure as a IaaS anymore and have those domain controllers synchronize to their on-premises Active Directory servers using a VPN/Expressroute connection.

You can now turn on support for all the critical directory capabilities your application and server VM’s need, including Kerberos, NTLM, GROUP POLICY and LDAP.

For scenarios like Disaster Recovery and hybrid cloud deployments, it is just perfect. It means a full value of Windows Server AD in the cloud domain, without having to deploy, manage, monitor and patch domain controllers.

There are many scenarios that can be explored with this new feature.

You can enable Azure AD Domain Services for any existing Azure AD tenant – the same tenant you use with Office 365 or other SaaS applications. Azure AD Domain Services are available now.

For pricing, please check :

To start:

  1. You already deployed Azure AD Connect (to sync identity information from the on-premises Active Directory to your Azure AD tenant. This includes user accounts, their credential hashes for authentication (password sync) and group memberships)
  2. Create the ‘AAD DC Administrators’ group and then add all users who need to be administrators on the managed domain to it. These administrators will be able to join machines to the domain and to configure group policy for the domain.
  3. Configure the Network. Select or create the Azure virtual network you’d like to make domain services available in. Ensure the following:
    • The virtual network belongs to a region supported by Azure AD Domain Services. See the region page for details.
    • Ensure the virtual network is a regional virtual network and doesn’t use the legacy affinity groups mechanism.
    • Ensure your workloads deployed in Azure Infrastructure services are connected to this virtual network


  4. Enable Azure AD Domain Services for your Azure AD tenant, by going to the Configure tab of your Directory, selecting Yes on ‘Enable Domain Services for This Domain’, specifying the domain name and selecting the Azure Virtual Network. Click on Save to confirm.
  5. Update DNS settings for the Azure virtual network to point to the new IP address of the Azure AD Domain Services you just enabled.
  6. Enable synchronization of legacy credential hashes to Azure AD Domain Services. This is a required step. By default, Azure AD does not store the credential hashes required for NTLM/Kerberos authentication. You need to populate these credential hashes in Azure AD so users can use them to authenticate against the domain.
     Done. In simple tasks yu setup your AD as a Services in Azure.
 A few notes:

A few salient aspects of the managed domain that is provisioned by Azure AD Domain Services are as follows:

  • This is a stand-alone managed domain. It is NOT an extension of your on-premises domain.
  • You won’t  need to manage, patch or monitor this this managed domain.
  • There is no need to manage AD replication to this domain. User accounts, group memberships and credentials from your on-premises directory are already synchronized to Azure AD via Azure AD Connect.
  • Since the domain is managed by Azure AD Domain Services, there is no Domain Administrator or Enterprise Administrator privileges on this domain.

Get every new post delivered to your Inbox.

Join 1,199 other followers