The Imperfect Lab: Azure Files as a Repository

Oh, the chicken before the egg… or the horse before the cart!  I have this laundry list of things I want to do in the lab, but realized that I would likely need to store some files for my Azure VMs to access.  I will admit that the enhancements with RDP, particularly being about to copy and paste files from a local Explorer window to a remote one are super handy, but I wanted to avoid relying on connecting to the GUI as much as possible.  Plus I wanted to create a centralized location for these files, so I wouldn't need to ensure that file services was always accessible from a particular VM.

Enter Azure Files.

Azure Files allows you to create a SMB share in Azure Storage that is then accessible from machines in the same region. For the Imperfect Lab, my first goal with this is create a location where I can put some files for use later when connect to my Imperfect Lab domain controllers.  You can find a basic, step-by-step for getting Azure Files going  in the Azure documentation, but this is what I did for my lab.

Also for those of you want a neater way to copy my lines of code, you can find the code from this post here. (It's not embedded because the Blogger platform is a PITA, but I digress.)

Created a new storage account:
New-AzureStorageAccount -StorageAccountName <storageaccountname> -Location ‘West US’

Captured the Access Key as a variable:

$storageAccessKey = (Get-AzureStorageKey –StorageAccountName <storageaccountname>).Primary

You can also get the full key from the Azure Portal. Just click "Manage Access Keys" from the black tool bar at the bottom of the page for the storage account.

Created a security context with the access key:

$storageContext = New-AzureStorageContext <storageaccountname> $storageAccessKey

Created a new share:

$share = New-AzureStorageShare <sharename> -Context $storageContext

Created a directory in the share. I called mine "powershell" in this example:

New-AzureStorageDirectory -Share $share -Path powershell

I wanted to upload a file to my new directory, so I used:

Set-AzureStorageFileContent -Share $share -Source "localfilepath" -Path powershell

To check that it made it, I used: Get-AzureStorageFile -Share $share -Path powershell

Okay, now that I have my Azure Files going, I need to be able to access it from my VM in Azure.  You can do this simply by RDPing to your client, passing it your storage credentials and then mounting the share.  You'll need that key from the portal to do this since your VM likely won't be connect to your Azure subscription to capture it as a variable like I did in the previous code.

If you don't want to RDP to the machine, you can do this from the command line of your remote machine by opening a PS-Session, just note that the credentials won't be persistent that way and your mapping won't be retained after a reboot.

cmdkey /add:<storageaccount>.file.core.windows.net /user:<sharename> /pass:<accesskey>

Net use z: \\<storageaccount>.file.core.windows.net\<sharename>

Alternatively, if you don't have persistent credentials, you can just pass them along right with the net use command:

net use z: \\imperfectfiles.file.core.windows.net\imperfectshare /p:no /u:imperfectfiles $storageAccessKey

Once I have that drive mapped, I can use PS-Session commands remotely, yet access files that are stored locally on the VM, like CSV files or to write logs.  And if you want to delete files, use REMOVE instead of SET, or GET if you want to download them.  For example:

Remove-AzureStorageFile –Share $share –Path [foldername]/[filename]

 As an added note, Azure Files differ from Blob storage because they are accessible via SMB and allows you to build a traditional folder hierarchy if you need one.  However only VMs in the same region can access it.  Regular blob storage has the ability to be accessed globally and by the "public" without an access key.  Azure Files are accessible via both REST and SMB, where Blob storage is only accessible via REST. 

Some Fun Holiday Reading: Fall on the Interwebs

Here are some interesting links you might have missed that came across my Twitter feed the last few months.  I figured you might want some light reading for the holidays.  

1. @edbott - Why Windows 10 isn’t version 6 anymore and why it will probably work. Nice explainer from @drpizza http://ars.to/1tb8eRQ 
2. @WIRED - A definitive ranking of the most important characters in the "Hunger Games" franchise http://wrd.cm/1r6ewl7 http://t.co/XBtueePekX 
3. @99u - What your passwords say about you: http://nyti.ms/1yYKcgD 
4. @stevenbjohnson - Terrific backstory from @StevenLevy on the origins of “information wants to be free” (entirely news to me): https://medium.com/backchannel/the-definitive-story-of-information-wants-to-be-free-a8d95427641c?curator=MediaREDEF 
5. @ruthm - Windows 10, OneDrive sync and the art of difficult conversations | ZDNet http://ow.ly/EyAs3 
6. @RangerStation - How a Deaf Couple Had Their Baby Officially Registered with a Sign Name http://shar.es/1XsySc via @sharethis 
7. @BBCNewsMagazine - This intricate pop-up medical textbook is nearly 500 years old http://bbc.in/1vliHk1 http://t.co/8aPvNzRDQX 
8. @beckynagel - The world's biggest chocolate-maker says we're running out of chocolate http://wapo.st/1zqKCgz 
9. @afreshspace - Digital tools for remote workers...some of my faves on here! http://buff.ly/1EK3s5f 
10. @MichaelBender - Amazing video on creative experience on #SurfacePro3 with #adobe. https://www.youtube.com/watch?v=PlLR9ANGsOo 
11. @HeikeRitter - Freaking awesome! Mobile Azure Manager for Windows Phone is NOW available! Manage your #Azure stuff "on the go" http://ow.ly/DKxBq 
12. @windowsserver - Want to understand Active Directory Federation Services at a deeper level? Then this blog post is for you! #MSPFE http://cic.ms/bSmQnH 
13. @bbnetman - Number 1 Reason to Upgrade to PowerShell 4.0: Desired State Configuration - Hey, Scripting Guy! Blog http://blogs.technet.com/b/heyscriptingguy/archive/2014/10/24/number-1-reason-to-upgrade-to-powershell-4-0-desired-state-configuration.aspx?linkId=10187347 
14.  @2600 - A fairly decent BBC piece on the hacker world http://www.bbc.com/news/technology-28214646

Yeah! Windows Phone!

This morning, I woke up to an early Christmas present.... Verizon was finally updating my Lumia 922 with Windows Phone 8.1.  I've only been waiting for this for what seems like forever.

There were actually two updates that needed to be done, but I think the first one was related to the fact that I had recently factory reset my phone to fix a few other odd problems it had been having. Not totally sure, but who cares, right?  It's on 8.1!!

Go Verizon!!!  (Sort of, but not really...)

The Imperfect Lab: Creating Client Machines

Playing with domain controllers is all well and good, but I also needed some client machines in my lab.  My goal for the exercise was to be able to create a couple new VMs in the proper subnet and have them automatically join to my domain.

I debated making having each VM in its own cloud service or sharing one cloud services for all my client VMs.  I went with the latter just to keep things neater.  I don't think there is a right or wrong pick on that one - my client VMs will simply all share the same external *.cloudapp.net DNS name.

For networking, the recommended guidance is to not mix machines with static/reserved DHCP addresses (like my DCs) with machines that are going to use the standard DHCP.  Thus my client machines will go into the alternate subnet I have in my ImperfectNet.

• ImperfectNet
• FirstSubnet (192.168.1.0/24)
• HalfSubnet (192.168.2.0/25) <- right in here!
• Gateway (192.168.3.200/29)

Since I would be creating a new cloud service name, there are few requirements to keep in mind.  Cloud service names need to meet DNS standards, so they have to start with a letter, end with a letter or number, can only include letters, numbers and hyphens and must be between 3-15 characters.

Because they must also be unique to the "cloudapp.net" domain, you might want to check that your name is available before incorporating it into your script.

Test-Azurename -service "CloudServiceName"

The results of this command will be either "True" or "False".  You might think this means:

• True = name already used
• False = name not used, thus available

 But this thinking will lead you astray.  A "TRUE" response can mean that the name is already in use, but it can also mean that it did not meet the DNS standards.  The line below will return "TRUE" because its longer than 15 characters and includes an underscore.

Test-Azurename -service "imperfectlab_clientmachine1"

Anyway, once you've got a good cloud service name sorted out, you'll want to deploy a VM or two into it.  For my lab, I went with two VMs one running Windows 8 and one with the Windows 10 TP.  (If you are playing along at home don't have an MSDN subscription that gives you the option to use the Clients OS choices from the gallery, feel free to use another copy of server.)

I set up all my necessary variables, including two different ones for the OS images.  You may want to have different usernames and passwords for the domain vs. the local admin on the clients, but for my ease of not forgetting things in the lab, I've been making all mine the same for now.

$image = "03f55de797f546a1b29d1b8d66be687a__Windows-8.1-Enterprise-x64-en.us-201410.01"

$image10 = "03f55de797f546a1b29d1b8d66be687a__Windows-10-Technical-Preivew-Enterprise-x64-en.us-201411.01"

$pwd = "password"

$un = "username"

$subnet = "halfsubnet"

$instancesize = "Small"

$domainjoin = "imperfectlab.com" #this is the domain FQDN

$domain = "imperfectlab" #this is the domain name

$VnetName = "imperfectnet"

Because the variable are preset, I can reuse the same line of code almost exactly, with only a couple of tweaks.

$newVM1 = New-AzureVMConfig -Name "Imperfect-Win8" -InstanceSize $instanceSize -ImageName $image |

    Add-AzureProvisioningConfig -WindowsDomain -JoinDomain $domainjoin -Domain $domain -DomainPassword $pwd -Password $pwd -AdminUsername $un -DomainUserName $un | 

    Set-AzureSubnet -SubnetNames $subnet 

$newVM2 = New-AzureVMConfig -Name "Imperfect-Win10" -InstanceSize $instanceSize -ImageName $image10 |

    Add-AzureProvisioningConfig -WindowsDomain -JoinDomain $domainjoin -Domain $domain -DomainPassword $pwd -Password $pwd -AdminUsername $un -DomainUserName $un | 

    Set-AzureSubnet -SubnetNames $subnet

New-AzureVM -ServiceName "ImperfectClients" -VMs $newVM1 -Location "West US" -VNetName $vnetName

New-AzureVM -ServiceName "ImperfectClients" -VMs $newVM2

For the 2nd VM, I didn't need to include the "Location" and "VNetName" switches because the cloud service would have already existed due to the creation of the first VM. 

The beauty of this was once I had worked out what I wanted, I kicked off the script and walked out to get coffee.  When I came back, everything was up, running and domain joined.  Look Ma! No portal needed!

The Imperfect Lab: A Few VM Manageability Tweaks

Today in the Imperfect Lab I'm going to work on some clean up to improve the manageability of my new domain controllers. Since I have two of them, I want to take advantage of the Azure's service level agreement.  The only way to ensure that Azure keeps at least one DC running at all times is to create an availability set, which will distribute the VMs within a set across different update and fault domains.

Some notes about Availability Sets - VMs must be in the same cloud service and you can have a maximum of 50 in each set. You will find that your machines are spread across 2 fault domains and upwards of 5 update domains.  Also, avoid creating a set with just one machine it, because once you create a set you won't get notifications about maintenance regarding those update/fault areas. 

Since my machines have already been created I use the following PowerShell to update them with a set named "ADDC".

Get-AzureVM -ServiceName "imperfectcore" -Name "dc-cloud1" |

    Set-AzureAvailabilitySet -AvailabilitySetName "ADDC" |

    Update-AzureVM

Get-AzureVM -ServiceName "imperfectcore" -Name "dc-cloud3" |

    Set-AzureAvailabilitySet -AvailabilitySetName "ADDC" |

    Update-AzureVM

If you want a quick gander at all the availability sets that exist in your subscription, run this:

(Get-AzureService).servicename | foreach {Get-AzureVM -ServiceName $_ } | select name,AvailabilitySetName

Since the GUI does hold a fond place in my heart, I do want the dashboard of Server Manager on one of the VMs to show the status of all the servers in the domain.  You'll notice that if you log into the desktop of one of these newly created servers the "Remote Management" will be disabled.  This needs to be enabled to allow management from other services, so run "winrm quickconfig -q" against each server to turn that on.  You will have to start a PS-Session for each server for that.

Finally, since I expect to reduce the amount of times I'm logging into a machine directly, I'm going to take switch one of the DCs to Server Core and the other to the MinShell format.  These commands do take a while to complete and require a restart to complete the configuration, so don't panic if you can't connect to what looks like "running" VMs in Azure for a few minutes after reboot.

For Server Core (from a Machine running the Full GUI):

Remove-WindowsFeature -name User-Interfaces-Infra

Restart-Computer -Force

For MinShell (from a Machine running the Full GUI):

Remove-WindowsFeature -name Server-GUI-Shell

Restart-Computer -Force

With the MinShell installation I will still have access to the nice Server Manager dashboard when I want it and will be able to remotely manage the 2nd domain controller from it.  The list below will show the differences between each of the versions. (Click to make it bigger!)

The Imperfect Lab: More DCs and Static IPs

When I was last working in my Imperfect Lab, I added another server to the existing cloud service and decided to make it a domain controller.  When you set up domain controllers (cloud or on-premises) a few things become really important - IP Addresses and DNS.

By default, Azure will provide DNS services from the fabric if you don't specify your own DNS.  You would think there is some PowerShell to do that directly, but surprisingly there isn't.  You can set the DNS for each network using the Management Portal or by exporting the network configuration file and updating it.  I just used the portal and made sure that my ImperfectNet listed the IP address for both servers that would act as domain controllers.

If you don't set a domain controller as the DNS server, all the VMs that come up inside your virtual network will look to an Azure fabric DNS server and won't be able to authenticate to your domain.  Since this is a crucial to AD function, I also wanted to make sure that the VMs that were acting as domain controllers had static internal IP addresses. 

Now, these addresses aren't really "static" on the OS. They are more like DHCP reservations handed out from the fabric manager.  But the end result is the same - VMs that have the correct IP address, regardless of the order they are started.

To do this with PowerShell, you first need to have the VMs in the Stopped (Deallocated) state. This way the addresses are free to assign.  If the VM is already running, the address is allocated already, thus can't be assigned.  You can double check that an address is free with:

Test-AzureStaticVNetIP –VNetName ImperfectNet –IPAddress 192.168.1.5

To set the static address, I used:

Get-AzureVM -ServiceName ImperfectCore -Name DC-Cloud1 | Set-AzureStaticVNetIP -IPAddress "192.168.1.4" | Update-AzureVM

Take note of the use of quotes around the IP address in that last line. It matters. I don't know why.  Just trust that I wasted a lot of time on your behalf for that knowledge.

Then to finally kick off the addition of my second domain controller in this domain, I used:

Install-ADDSDomainController -Credential (Get-Credential) -DatabasePath 'C:\Windows\NTDS' -DomainName 'imperfectlab.com' -InstallDns:$true -LogPath 'C:\Windows\NTDS' -NoGlobalCatalog:$false -SiteName 'ImperfectNet' -SysvolPath 'C:\Windows\SYSVOL' -NoRebootOnCompletion:$true -Force:$true -Verbose

One note about the paths used for the logs and SYSVOL… I've left them on C:\ for convenience, but for production, you will want to set up your DCs in Azure with an additional disk where you direct those files to go.  Read more about the reason behind that best practice here.

Also, if this Domain Controller happens to connect back to an on-premises domain. Be sure to make the proper changes to you AD Sites and Services to ensure proper site topology.

Update (12/26/14): For easy access to code snippets, you can find them here.

The Imperfect Lab: There's No Such Thing as a Free Gateway

Sometimes I forget that the internet isn't really free.  I have the convenience of having a MDSN subscription from work, so I enjoy the access to a set amount of Azure credits each month to spend.  However, some things are more "spendy" than others and gateways fall into that category for me, particularly for a testing scenario that doesn't have a "real" business need behind it.

MSDN users of Azure do get some discounted rates. All instances for Windows and Windows Server Virtual Machines, Cloud Services, Websites, and HDInsight are discounted up to 40% off our Pay-as-you-go rates. The MSDN rate on these services is equal to the rate for a Linux virtual machine of the same size and type. (For more details about MSDN benefits visit http://azure.microsoft.com/en-us/pricing/member-offers/msdn-benefits-details/)

But all the other things are billed at regular rate, for gateways that rate is about $.05 per hour, a tad over one dollar a day.  When connecting a VNET to a VNET you are paying for two gateways, so my costs just to keep that running for my Imperfect Lab will eat up about a third of my monthly credits.  Take note, even gateways you aren't actively using are charged. So if you have a point-to-site gateway setup for clients to connect with but no clients are connecting, that's being charged too, just to keep it available. 

So with the holidays coming and my growing list of things I'd like to do in the lab, I'm going to rip down the VNET-to-VNET connectivity for the time being.  I'm going to build out my little infrastructure in one VNET to start and then extend it to the second VNET once I really have a set plan in place.

Onward to my domain controller creation and tying that into Azure Active Directory. Stay tuned.

The Imperfect Lab: Deploying More VMs

As I mentioned, I had created my first VM in my Imperfect Lab with the Azure Portal.  But I wanted to be able to do this using PowerShell from my workstation To recap my "physical" set up so far:

• VNETs
• ImperfectNet
• AnotherNet
• Storage Accounts in Different Regions
• imperfectstore (West US)
• anotherstore (East US)
• Cloud Services
• imperfectcore
• anothercore

(I don't think I've mentioned it before, but if you are just starting out and need to get your ISE connected to you Azure account, just run Add-AzureAccount. You'll get prompted for your credentials.)

To start, I'm just going to create an additional server in the same network as my current domain controller.  Then I'll have a server I can promote to DC later, or use for another service. 

If you have multiple subscriptions and/or multiple storage accounts set up, like I do, you need to make sure Azure knows where you want to put things. My subscription happens to be the Visual Studio one.

Set-AzureSubscription -SubscriptionName "Visual Studio Ultimate with MSDN" -CurrentStorageAccount "imperfectstore"

Then you'll want to configure the basic variables for your VM. In this case, this is the adminstrator name and password, as well as the name of the Windows Server 2012 R2 image available at the time of this exercise. You'll want to make sure to get the current name of whatever OS you want to install.

$un = "adminname"

$pwd = "secretpassword"

$image = "a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201411.01-en.us-127GB.vhd"

Pick up that VM image the full list with: Get-AzureVMImage | Select ImageName

Then,  configure a few more variables using the New-AzureVMConfig.  In this case, I'm settting the server name and instance size, pulling in the username and password variable I set with the lines above and specifying the pre-existing subnet I want to use.

$newVM = New-AzureVMConfig -Name "Server2" -InstanceSize "Small" -Image $image |

     Add-AzureProvisioningConfig -Windows -AdminUserName $un -Password $pwd |

     Set-AzureSubnet -SubnetNames "FirstSubnet"

Finally, kick off the VM creation with one of the following options: 

• Into an Existing Cloud Service: New-AzureVM -VMs $newVM -ServiceName "imperfectcore" 
• Into an New Cloud Service:  New-AzureVM -VMs $newVM -ServiceName "newcloudservice" -Location "West US" -VNetName "imperfectnet" 

Give this all a few minutes to cook and your new VM will be deployed. I haven't joined it to the domain yet... baby steps here, baby steps!  I like to make sure one thing works at time, so it's easier to troubleshoot when I have issues.  That's what a lab is for, right?  

Update (12/26/14): For easy access to these code snippets, you can find them here.

The Imperfect Lab: Standing Up Active Directory in Azure with PowerShell Remoting

Today in my Imperfect Lab, I needed to start adding some servers so I could build out a domain. So I popped over to the management portal and quickly spun up "DC-Cloud1" in the "FirstSubnet" of my ImperfectNet.

• ImperfectNet
• FirstSubnet (192.168.1.0/24) <- right in here!
• HalfSubnet (192.168.2.0/25)
• Gateway (192.168.3.200/29)

I logged in and was just about to click "Add Roles/Features" when I paused. What fun is that? I've installed AD a million times that way and it would be way more interesting to do it from PowerShell ISE from my laptop. So I closed out my RDP session and got to work.

First you have to install the remote access certificate on your local machine. To do that you want to download this script - Configures Secure Remote PowerShell Access to Windows Azure Virtual Machines.  Put is somewhere easy to access, open it in PowerShell ISE and then feed the script your personal variables to install the certificate on your machine.  Once that's done, you'll be able to use the lines below to open a PowerShell session directly to your VM. (For more info Michael Washam's script, check out his post, Introduction to Remote PowerShell with Windows Azure.)

$uri = Get-AzureWinRMUri -ServiceName $cloudServiceName -Name $Name 
$cred = Get-Credential  
Enter-PSSession -ConnectionUri $uri -Credential $cred  

Now that I had a secure, remote session it was time to install Active Directory.

Add-WindowsFeature -name ad-domain-services -IncludeManagementTools
Install-ADDSForest -DomainName "yourdomain.com" -ForestMode 5 -DomainMode 5

Those "mode" numbers are adjustable for controlling the forest and domain functional levels. 5 is for 2012. For Server 2003 functional level use 2, for Server 2008 use 3.

Finally, just in case I wanted easy access to RDP to the machine, I installed the newest Remote Desktop Connection Manager 2.7. This way I don't have to download and keep track of RDP files from the Azure Portal every time. (Shout out to Tommy Patterson for letting me know about that version update last week!)

The Imperfect Lab: Connecting a VNET to another VNET

As I mentioned yesterday, I'm struggling with setting up the "perfect" lab environment for myself. So instead of trying to make it perfect, I'm just going to start by simply getting started and letting in evolve.  Because starting is most of the battle, right?  Most environments grow and change and become a bit messy, so I am just going to embrace a little chaos!

My starting goal is to create two networks in Azure (in two different regions) and connect them.  To start I'll need two VNETs in Azure. I also created two corresponding storage accounts in each region, so that when I'm building my servers, everything is as neat an organized as I can make it.

In each of the networks, I carved out a few subnets, because I don't know exactly what I'm doing with them yet. Keep in mind you will need to make at a small Gateway subnet in each. Also, as soon as you put a VM in a subnet, you can no longer edit it.

• ImperfectNet - 192.168.1.0/22 (West region)
• AnotherNet - 192.168.4.0/23 (East region)

Because I want to connect them together with site-to-site networking, I have to create corresponding "local" networks in Azure to sort of trick each network into thinking its connecting to a physical network.  So under the "Local Networks" tab, I created "ImperfectLocal" and "AnotherLocal" with the same IP address ranges as the virtual networks. Be sure to put in a fake VPN Gateway Address as a placeholder here, you'll update it later after Azure gives you a real gateway address.

In each network, I threw the ticky-box under Site-to-Site Connectivity, selected the correct "local" network and then created the Gateway subnet.  After everything was finished configuring, when you return to the dashboard page of each network, you will see the remote network showing.  Azure will tell you that "the gateway was not created".

Click "create gateway" at the bottom. For VNET to VNET connectivity, you have to go with Dynamic Routing.  Do this for each network and wait for it to complete.  (Creating gateways actually takes a while, this might be a good time to get lunch.)

Once your gateways are created, write down the IP addresses carefully and then edit those "local networks" with the fake VPN gateways to the correct ones Azure just assigned you.

Finally, you have connect the networks together with shared key.  There isn't any way to do this in the portal, so pop over to PowerShell and use the following code to hook them together.  You have to run the command twice with the corresponding network names and the SAME shared key. Please make your key longer then the sample I put in here.

Set-AzureVNetGatewayKey -VNetName YourVNETName -LocalNetworkSiteName TheOppositeLocalNet -SharedKey abc123xyz

Set-AzureVNetGatewayKey -TheOtherVNetName YourVNETName -LocalNetworkSiteName TheOtherLocalNet -SharedKey abc123xyz

So now I've got two connected networks in Azure, albeit empty of servers.  Next up... starting to build out my "imperfect" domain.

One more thing... if you want the offical "Azure" instructions for this, complete with images, go to http://msdn.microsoft.com/en-us/library/azure/dn690122.aspx.  

The Quest for the Perfect Lab

There are a few old sysadmin jokes out there... one that often comes to mind for me these days is the one-liner about how the perfect network is one that no one is on.  But now that I have the luxury of being able to build just about any lab network I want (either in Azure or using Hyper-V) I find myself nearly paralyzed by wanting to build the "perfect" network/lab for my needs.

I start, I stop, I get sidetracked by a different project, I come back to my plan, only to realize I've forgotten where I left off (or forgotten where I wrote down that fancy admin password for that VM) and end up tearing it out and starting over again.  The end result is I'm getting no where fast.

I've got several MCSE exams in my future that I need to build some things for hands on for.  I have a little internal metric of how I need to improve my PowerShell a bit more.  I have work training items that sort of fit into all this and I keep striving for the perfect lab, the perfect naming system, the perfect password that I won't forget... well, I guess my "perfectionist" is showing.

It's a slow week here in the office with the Thanksgiving holiday approaching, so now is the perfect time to sit down with a pen and a paper and really figure out what I'm going to build and what I want to use it for.

Because there is something worse than a network that no one uses.  It's that network I keep deleting.

You Bought It... AND You Can Bring It!

Consumers want what they want. And when those consumers arrive at their place of work, they still want to use what they like. It seems like it wasn't that long ago where the best technology you had access to was at the office, but these days that's not always the case.

If you are looking to address "Bringing Your Own Device" in your organization, need to update corporate policies to support more current device lifecycles and get your hands around managing your applications and data on whatever device tries to connect to your data center, Kevin Remde has got you covered.

Check out his multipart series on just that topic.  It started out last December with Part 1 -What It Means for My Company, continued with Part 2 - How to Make it Happen and recently summed up things with Part 3.

In PART 3 - BYOD Design Considerations, Kevin Remde welcomes back Yuri Diogenes to the show as they continue their discussion around the benefits, challenges and considerations businesses must make around Bring Your Device (BYOD) and how IT organizations can support it.  

• [2:46] Why don't you give us a summary on the concept of BYOD?
• [6:20] I understand that recently you and your team have published some really useful resources to the Microsoft TechNet online documentation.  What have you created for us?
• [9:26]  How should one use the BYOD Design Consideration Guide?
• [13:51]  Can you give us an example of how an IT organization can use this guide in a real-world BYOD scenario?

Check out the FREE “BYOD Design Considerations Guide” and start giving people what they need, where they want it.  Working hard doesn't always happen in the office.

** 11/21/14 Update ** Want to learn more about BYOD tools and Mobile Device Management?  Don't miss this upcoming MVA - Taming Android and iOS with Enterprise Mobility Suite with Kevin Remde and Simon May on 12/8/14. 

In Case You Missed It: New Azure Features Announced

Yeah, I nearly missed it. With Halloween and the SF Giants winning the World Series for the 3rd time, I almost let this slip by... but some really great new features were announced this week in Azure.

A few of my favorites are:

• Network Security Groups - Now you will be able to control access to subnets and individual VMs over the internal IP addresses using security groups, not just via ACLs on the external endpoints.  Right now you can only do it using PowerShell, so look for more details and those commands here. 
• Virtual Machines with Multiple NICs - The possibilities really opened up here with this new addition.  However, there are some caveats to keep in mind - You need to set this feature up when creating new VMs and those VMs must live in a VNET. Also the size of the VM matters.  Those little A1 and A2 VMs don't get to play.  For A3s, you can have 2 NICs, for A4s you can have 2.  And if you can't have extra NICs in the machines with Infinband (A8 and A9).  This is also only available via PowerShell, so look here for the commands.
• New Validated VPN devices - devices from Barracuda and Palo Alto Networks specifically.

Also, one of my new favorite resource pages for Azure right now is this one: Virtual Machine and Cloud Service Sizes for Azure. Lots of information and links that lead you to all sorts of handy tips.

Resources from the MVA Modernizing Your Datacenter Jumpstart

If you happened to join Matt Hester and I during our MVA Jumpstart, thanks for hanging out with us! We hoped we brought you some good ideas and resources for modernizing your datacenter.  

I think that one of the best things you can do when you are looking at refreshing technology for you business is to take the time to think about how you can leverage improved software, hardware and cloud technologies to make your server room (regardless of size) work better for your customers and become easier to maintain, protect and recover.

If you want to work more some of the things we covered, particularly DSC, please check out the Microsoft Virtual Labs.  I highly recommend the Windows Server 2012 R2 – Windows PowerShell Desired State Configuration lab.

If you want to learn more about deploying Scale Out File Servers visit http://technet.microsoft.com/en-us/library/hh831359.aspx

For more details about the Windows Server Migration Tools that Matt covered check out http://technet.microsoft.com/en-us/library/jj134202.asp

And for Azure, learn more about Security and Compliance, install that nifty Cost Estimator Tool or learn more about the Migration Accelerator for Azure.

Matt and I were happy being able to spend the day telling you about things we really enjoy. If you want us to do more of that kind of thing, please drop us note or reach out to us on Twitter. If you missed it, the recordings will be available on demand in a few weeks at Microsoft Virtual Academy.

In the Seattle Area? Check out the Upcoming SITPUG Meeting!

I don't often get a chance to hang out in Washington, but one of the long standing MVPs in the area runs this quarterly meeting for Seattle IT Pros. 

Date/Time: November 7th, 6-8pm

Location: Microsoft Civica Office, 205 108th Avenue NE, Suite 200 (4^th floor)

Bellevue, WA 98004

The guest speaker will be Teju Shyamsundar of Microsoft.  Teju is a System Center Configuration Manager (SCCM) Premier Field Engineer. The topic of the presentation is “What’s New in System Center 2012 R2 Configuration Manager.”

Looking for an easier way to manage all devices in your organization? In her presentation, Teju will go through some of the new features available to manage devices with Configuration Manager 2012 R2. She will focus on integrating Windows Intune with Configuration Manager to manage mobile devices, including Windows Phone 8, iOS and Android.

As a Premier Field Engineer, Teju has extensive experience with SCCM. She holds a Bachelor of Science degree in Computer & Information Technology from Purdue University. Her complete bio is available here.

Future meetings for 2015 are scheduled on February 4th, May 6th and August 5th! 

Upcoming Events - In-Person and Online!

If you haven't heard about the upcoming Microsoft Virtual Academy event I am doing with Matt Hester on October 28th, this TechNet Radio teaser might entice you - click for part 1 and be sure to register for this FREE, live online training event. While Matt and I are presenting live, the chat room will be monitored by some of my other evangelist friends from across the US. 

And for those of you who know developer types who want to learn more about Azure, give them a chance to roll up their sleeves and learn about the latest Microsoft Azure development tools and technologies. Join Microsoft technical experts at a local Microsoft Cloud DevCamp and leave with code running in the cloud!   

Learn how to use the new Microsoft Azure features and services like Microsoft Azure Virtual Machines, Websites, and Visual Studio 2013 to build and move a variety of apps to the cloud, including websites, mobile applications, and enterprise-class applications. 

Developers of all languages are welcome. With Microsoft Azure, you can use practically any language, framework, or tool to build or move existing applications to the cloud. Plus, I will be talking about IaaS at the San Francisco event next week!

Finally, don't forget to check out AzureConf on the 21st. This event will feature a keynote presentation by Scott Guthrie, along with numerous sessions executed by Azure community members. It will all be streamed live on Channel 9.

Microsoft Virtual Academy - Modernizing Your Data Center JumpStart is Coming!

Worried about Windows Server 2003 end of support?

Fear no more. You can get ahead of the game with a look at modernization and data center transformation options in Windows Server 2012 R2 and Microsoft Azure. Want to decide what works best in your environment? Check out “Modernizing Your Data Center,” on October 28, and learn from the experts exactly what you need to update your data center to match your workloads.

Join me and Matt Hester for a look at administration tools, storage improvements, Hyper-V, and best practices for virtualizing domain controllers, plus how to simplify day-to-day server management with PowerShell and Desired State Configuration. Explore Microsoft Azure and how to make hybrid cloud a reality. And review the four major steps for planning a migration project. 

Take this opportunity to get your modernization questions answered!

Course Outline

·       Windows Server 2012 R2 and Automation

·       Azure Infrastructure as a Service

·       Migration Processes, Roles, and Tools

Register now!

Modernizing Your Data Center Jump Start

Date:  October 28, 2014
Time: 9am‒2pm PDT
Where: Live, online virtual classroom
Cost: Free!

Oh, Pearson Vue, How I Missed You... Sort Of.

If you are a Microsoft MCP, MCSA, MCITP, MCSE or have historically taken Microsoft exams for a few years now, you'll likely already been through the switch from Pearson Vue to Prometric and now here it is, coming full circle again, back to Pearson Vue.

Years ago, I LOVED my local Pearson Vue test center. It was in building on the same block as my place of employment and I had taken so many exams around that time that they greeted me by name when I walked into the office.  When things switched to Prometric, well, it was like I lost a friend.  But there was a local Prometric test center not far from work as well and my testing life went on.

So here we are again, switching back to Pearson Vue.  Check out the blog BornToLearn blog to find out more about some of the new features you can take advantage of, including being able to schedule exams directly from the Microsoft Learning portal using your Microsoft Account.  If you haven't checked out the updated portal for tracking your certification and reviewing you transcript, you should.  It's much easier to navigate than in the past.

Plus they are beta testing being able to take exams from home or at work!  Alas, there doesn't seem to be any testing centers within walking distance of my office (or in my city at all) so I might consider trying that out.

You can schedule with Prometric OR Pearson Vue until the end of the year. Starting in 2015, Pearson Vue will be the sole testing provider for all your MCP needs.

Good luck on your next test!

It's Week 6! Week 6 of Modernizing Your Infrastructure with Hybrid Cloud

In part 6 of the “Modernizing Your Infrastructure with Hybrid Cloud”  series, Blain Barton and Tommy Patterson discuss how to get started migrating server workloads to Windows Server 2012 R2 and Microsoft Azure. Tune in for this great session on server migration from on-premises, to the cloud or a combination of both and learn which option is best for your organization as well as what tools are available to make this process as efficient as possible.

• [4:13]  What does end of support for Windows Server 2003 mean?
• [5:23] Migration vs. Upgrade. Which option is best?
• [15:02] What migration tools are available?
• [16:01]  Migrating foundation services (Active Directory, DHCP, DNS, File Services & DFS, Web Servers, SQL, Exchange, and SharePoint

Speaking of moving workloads to the cloud, the Azure blog just announced a new series of VM sizes, with more memory and SSD storage.  They are approximately 60% fast too! 

Later this week, be on the lookout for more blog posts in this last week of the series - I will send out tweets!

Don't forget! MVP-led "Transform the Datacenter" Events all next week!

Just a quick reminder about some upcoming "Transform the Datacenter" events next week, led by a variety of Microsoft MVPs!  All of the events are free to attend. 

FL	Tampa	Monday, September 22	Adnan Cartwright, Telmo Sampaio, Max Trinidad (coordination w/Kevin Weilbacher)	Register to Attend
IL	Chicago	Monday, September 22	Trevor Sullivan, Annur Sumar, Brian Desmond	Register to Attend
WA	Bellevue	Tuesday, September 23	Brian Desmond (Coordination with Zubair Alexander)	Register to Attend
AZ	Tempe	Wednesday, September 24	Jason Helmick, Rory Monaghan, David Lundell, Tom Ziegmann	Register to Attend
CO	Denver	Thursday, September 25	Greg Shields	Register to Attend
TX	Houston	Friday, September 26	Anil Desai	Register to Attend
MI	Detroit	Saturday, September 27, 2014	Andy Syrewicze	Register to Attend
OH	Cincinnati	Saturday, September 20, 2014	Kevin Royalty	Register to Attend

Week 5 of Modernizing Your Infrastructure with Hybrid Cloud

This is the 2nd to last week of the  "Modernizing Your Infrastructure with Hybrid Cloud"  series and in part 5, Yung Chou and Keith Mayer demonstrate ways in which you can manage and automate your hybrid cloud environment. Tune in for this demo heavy session as they showcase System Center, Microsoft Azure and the Windows Azure Pack as well as PowerShell for Azure, PowerShell DSC for configuration management and Azure Automation for automated runbooks.

•  [1:15] When architecting a Hybrid Cloud infrastructure, what are some of the important considerations relating to management and automation?
• [4:09] You mentioned PowerShell for automation ... how can PowerShell be leveraged for automation in a Hybrid Cloud?
• [7:54]  Is PowerShell my ONLY choice? Are there other automation and configuration management solutions available for a Hybrid Cloud?
• [11:12] DEMO: Let's see some of this in action
• Brief tour of System Center and Azure / Azure Pack management portal interfaces
• Getting started with PowerShell for Azure, Azure Pack automation
• Intro to PowerShell DSC for configuration management
• Intro to Azure Automation for automated runbooks

Also upcoming for the blog posts related to this week:

• Tue: Getting Started with On-Demand Private Clouds with Azure Pack by Keith Mayer
• Wed: Automating the Hybrid Cloud with PowerShell and Azure Automation by Keith Mayer
• Thu: PowerShell Desired State Configuration (DSC) by Kevin Remde
• Fri: Monitoring the Hybrid Cloud by Dan Stolts

Tools to Help Convert from VMware

Are you interested in the benefits of Microsoft virtualization with Windows Server 2012 R2 and System Center 2012 R2, and how they compare to VMware virtualization with vCenter 5.5? Watch Microsoft's Matt McSpirit, as he provides an overview of several solutions that can convert VMware virtual machines to Hyper-V (or Microsoft Azure) virtual machines. 

Review different migration options in more depth, with experts in each technology, including Microsoft and partners 5nine Software, NetApp, Vision Solutions, and Xtreme Consulting Group. Don't miss this opportunity to get the details on Hyper-V migration.

Modules

1. Introduction to VMware to Hyper-V Migration & Partner Solution Overview
2. Microsoft Virtual Machine Converter (MVMC) 2.0 for VMware to Hyper-V & Azure Migration
3. Xtreme VM Migrator for VMware to Hyper-V Migration
4. NetApp MAT4SHIFT for VMware to Hyper-V Migration
5. 5nine Software V2V Easy Converter 4.0 for VMware to Hyper-V Migration
6. Vision Solutions DoubleTake Move for VMware to Hyper-V & Azure Migration

Take the course for free on the Microsoft Virtual Academy: http://www.microsoftvirtualacademy.com/training-courses/vmware-to-hyper-v-migration 

Also, don't forget to check out the Azure Migration Accelerator (in Preview):  http://azure.microsoft.com/en-us/features/migration-accelerator/?linkId=9516861

If you need some additional suggestions for things to watch on MVA, don't miss out these as well:

• Moving to Hybrid Cloud with Microsoft Azure
• Virtualizing Your Data Center with Hyper-V and System Center
• The Microsoft Hybrid Cloud: Best Practices Guidance

Week 4 of the Hybrid Cloud! More TechNet Radio and Upcoming Blog Topics

The “Modernizing Your Infrastructure with Hybrid Cloud” series continues with Part 4 featuring Blain Barton and Keith Mayer as they tackle the topic of virtualization in a Hybrid Cloud environment.  Tune in as they discuss how virtualization is no longer constrained to the physical capacity of an on-premise environment and then showcase some tools and techniques that are available in Microsoft Azure that can help assist your move to Hybrid cloud virtualization.

• [1:26] What do you see as some of the differences or new opportunities that IT Pros need to consider when planning virtualization for a Hybrid Cloud environment?
• [3:31] How do traditional IT Pro virtualization skills translate into Hybrid Cloud?
• [5:05]  When planning Hybrid Cloud virtualization, how should IT Pros approach it?
• [8:01]  You mentioned Azure Pack – what is that?
• [10:51]  If I already have an existing Hyper-V environment with custom VM templates defined, can I leverage them with Azure Pack?
• [11:03] DEMO: Let’s see some of this in action

Then check back later in the week as the series blog posts cover the following topics:

• Migrating Physical Servers to Virtual Machines
• Migrating VMware VMs to Hyper-V and Azure
• Implementing VM Templates and Service Templates
• Using Custom VM Images and Resource Group Templates in Microsoft Azure