Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
VOL. 20
NO. 2
Editorial Staf
Editor Jefrey Schwartz
Group Managing Editor Wendy Hernandez
Contributing Editors
Mary Jo Foley
Don Jones
Greg Shields
Art Staf
Creative Director,
Media and Events Scott Shultz
Art Director Joshua Gould
Senior Graphic Designer Alan Tao
Production Staf
Director, Print Production David Seymour
Print Production Coordinator Anna Lyn Bayaua
Online/Digital Media
Online News Editor Kurt Mackie
Executive Editor, New Media Michael Domingo
Senior Director,
Online Media & Events Becky Nagel
Associate Web Editor Chris Paoli
Site Administrator Shane Lee
Designer Rodrigo Muoz
Advertising and Sales
VP, Group Publisher Dan LaBianca
Associate Publisher, East Jonas Devita
Associate Publisher, West Bruce Halldorson
Microsoft Account Manager Danna Vedder
Director, Print &
Online Production David Seymour
Certication & Training Al Tiano
Advertising Sales Associate Tanya Egenolf
President Henry Allain
Senior Director of Marketing
and Audience Engagement Michele Imgrund
Director of Online Marketing Tracy Cook
Audience Development
Manager Irene Fincher
President & Neal Vitale
Chief Executive Of cer
Senior Vice President & Richard Vitale
Chief Financial Of cer
Executive Vice President Michael J. Valenti
Vice President, Finance & Christopher M. Coates
Administration
Vice President, Erik A. Lindgren
Information Technology &
Application Development
Vice President, David F. Myers
Event Operations
Chairman of the Board Jefrey S. Klein
Reaching the Staf
Staf may be reached via e-mail, telephone, fax, or mail.
A list of editors and contact information is also available
online at Redmondmag.com.
E-mail: To e-mail any member of the staf, please use the
following form: FirstinitialLastname@1105media.com
Framingham Of ce (weekdays, 9:00 a.m. 5:00 p.m. ET)
Telephone 508-875-6644; Fax 508-875-6633
600 Worcester Road, Suite 204, Framingham, MA 01702
Irvine Of ce (weekdays, 9:00 a.m. 5:00 p.m. PT)
Telephone 949-265-1520; Fax 949-265-1528
4 Venture, Suite 150, Irvine, CA 92618
Corporate Of ce (weekdays, 8:30 a.m. 5:30 p.m. PT)
Telephone 818-814-5200; Fax 818-734-1522
9201 Oakdale Avenue, Suite 101, Chatsworth, CA 91311
The opinions expressed within the articles and other contents
herein do not necessarily express those of the publisher.
MAXIMUM FLEXIBILITY FOR YOUR WEB PROJECTS
Maximum Availability (Geo-redundancy)
300 Gbit/s network connection
2 GB RAM guaranteed
NEW: Maximum performance with
1&1 CDN powered by CloudFlare
Credits
SUCCESSFUL MARKETING
Premium software, including
Adobe
Dreamweaver
CS5.5,
and NetObjects Fusion
2013
1&1 Mobile Website Builder
NEW: PHP 5.5, Perl, Python, Ruby
POWERFUL TOOLS
POWERFUL APPS
Over 140 popular apps (Drupal
, WordPress,
Joomla!
, Typo3, Magento
uninterruptible power
supplies eliminate costly downtime by providing reliable, network-
grade power over a wide range of utility conditions. They keep
employees connected to business-critical applications whether
they are in house, at a co-location facility, or in the cloud. The
Smart-UPS family offers tower, rack, and convertible form factors
to deliver flexibility for any environment. And Schneider Electric
installation services make deployment a breeze! Trusted by millions
worldwide, Smart-UPS backup units are the intelligent choice!
Avoid costly power problems by keeping your IT equipment and
data safe and available with network-grade power conditioning.
Reduce operating and maintenance costs with a patented green
operating mode for high efficiency and intelligent battery management
that prolongs life and alerts you well in advance of replacement.
Save time with easy and convenient remote accessibility, safe
operating system shutdown, and innovative energy management.
Achieve smarter productivity by tailoring a variety of settings,
including switched outlet control, to your application needs via the
intuitive LCD interface or software.
Gain the peace of mind that comes with full equipment compatibility
and 25 years of reliability from the industry leader.
per hour
> $5,220.80
RETAIL
per hour
> $9,774.80
MEDIA
per hour
> $4,789.60
HOSPITALITY
per hour
> $1,544.80
INSURANCE
per hour
> $14,836.80
*Reference: Schneider Electric White Paper #52 (assuming 40 employees)
Business-wise, Future-driven.
2014 Schneider Electric. All Rights Reserved. Schneider Electric, APC, Smart-UPS, and Business-wise, Future-driven are trademarks owned by
Schneider Electric Industries SAS or its affiliated companies. All other trademarks are the property of their respective owners.
www.sohne|der-e|eotr|o.oom 998-1209030_GMA-S_Gear
Reduce human-error downtime, too!
Get guidance in our FREE white paper and enter to win a
Samsung Galaxy Gear.
Visit www.apc.com/promo Key Code g138u Call 888-289-2722 x6585
Untitled-3 1 1/7/14 3:21 PM
18 | February 2014 | Redmond | Redmondmag.com |
C OV E R S T O R Y | Windows 8 Adoption
Westpac Banking
Deployment: One of the largest banks in Australia and New
Zealand has begun a three-year effort to roll out 36,000 Windows
8.1 systems and released a banking app in the Windows Store.
Westpac, one of the largest banks in Australia and New
Zealand, is a longtime Microsoft Windows shop. It decided
to offer its customer apps for both iPad and Windows 8 users
last year, which let them view and
interact with their accounts, including
making payments. But the bank has
much bigger ambitions for Windows
8. It plans to incrementally roll out
Windows 8-based systems to all of
its 36,000 employees over the next
three years.
Westpac has built its network, server
and development infrastructure largely
on the Windows platform for nearly two decades. Committing
to Windows 8 will ensure that it can continue to build on
that infrastructure, Westpac CIO Richard Holmes says. I
think theres been pent up demand for tablet capability,
Holmes says. The power of Widows is to leverage the invest-
ment weve got from the device stack, and see how we can
integrate it into Lync to dial an expert in, when you need to.
Michael Jesworth, Westpacs general manager of fnancial
planning, says the banks ongoing effort to add more capabil-
ities to interact with customers using digital tools lends itself
to building more applications based on the Windows 8 modern
tile-based interface. This will give the bank a strategic
advantage, Jesworth says. You can deliver a direct customer
experience and engage with customers.
OnPoint CFO & Controller Services
Deployment: Professional services frm giving fnancial profes-
sionals Windows 8-based tablets using Offce 365 and SharePoint.
Smaller companies often need a chief fnancial offcer or
controller, but cant justify hiring someone on a full-time
basis. OnPoint CFO & Controller Services has fnancial
pros that perform this function on an outsourced basis.
Over the years, that has comprised of an OnPoint fnan-
cial executive spending part of their time at a clients
location managing the books. In addition to providing con-
troller and CFO functions, the company is expanding the
services it offers to include bookkeeping and data entry,
accounting, budgeting, financial reporting, design, and
cash management.
The underlying infrastructure that has enabled OnPoint
CFO to expand its offering and client base is SharePoint
and Offce 365, says Brian Clark, a CPA and the companys
president. Offce 365 lets the company provide secure access
to financial records, he says. With a mobile workforce,
OnPoint last year started equipping its employees with
Windows 8-based laptops.
OnPoint employees have embraced the tile-based touch
interface when using Offce 365, Clark says. The goal this
year is to develop apps designed for the new modern Windows
interface. Were just taking accounting into the 21st
century, he says. Its what my clients are demanding
for us to give them the information they want when they
need it.
Carolina Reality Group
Deployment: Real estate frm with 25 agents is recommending
the agents procure Windows 8-based tablets. So far, eight have
purchased Surface tablets.
Dan Prudhoome wanted the 25 brokers who work for his
Hilton Head Island, S.C., real estate frm to spend less time
in the offce and more time in the feld selling houses. But
it was hard for them to escape going into the offce to get
documents, pull contracts and gather marketing collateral of
homes on the market.
After considering the iPad using Google Apps, Prudhomme
decided to standardize on Windows 8-based tablets and
Offce 365. Because real estate agents are typically inde-
pendent contractors, as is the case with Carolina Realty,
the firm by law cant fur-
nish them with equipment,
Prudhomme says. Therefore,
its up to the individual agent
to invest in the technology.
So far about one-third, or
eight, of his agents have
procured Windows 8-based
Surface tablets. Now I can
pull a contract up on my
Surface, pull out a pen and
have a client sign it, he says. Most of the remaining agents
have older Windows PCs and they will upgrade when it suits
their business needs, he says. People dont upgrade for the
sake of upgrading, it comes with the need for a new device. R
Jeffrey Schwartz is editor of Redmond magazine.
Now I can pull a contract up on
my Surface, pull out a pen and
have a client sign it.
Dan Prudhomme, Owner, Carolina Realty Group
Its what my clients are demanding,
for us to give them the information
they want when they need it.
Brian Clark,
President, OnPoint CFO & Controller Services
Redmond Vendor Profle R RVP
C
entrify providesUnifed Identity Servicesacross
the data center, cloud and mobile that results in
one single login for users and one unifed
identity infrastructure for IT. Centrifys solutions
reduce costs and increase agility and security by leveraging
an organizations existing identity infrastructure to enable
centralized authentication, access control, privilege
management, policy enforcement and compliance.
Because Centrify provides test support and turnkey
integration with thousands of SaaS apps, complete
mobile app management and on premise plug-ins for
SAP NetWeaver, Java and web applications as well as
databases, you can get SSO across cloud, mobile and
on-premise applications from one single vendor.
Additionally, with Centrify User Service, you need not
sacrifce control of your corporate identity. Already
considered the innovative leader in leveraging Active
Directory, Centrify integrates the Centrify Cloud Service
with Active Directory without poking extra holes in your
frewall or adding devices in your DMZ. And unlike other
solutions, Centrify does not make the fundamental
security mistake of duplicating AD into the cloud,
maintaining your organizations identity inside Active
Directory and under your control.
Unified Identity Where You Want It
Why not try it for free today?
www.centrify.com/saas-free-trial
R
Untitled-1 1 1/13/14 10:45 AM
20 | February 2014 | Redmond | Redmondmag.com |
U
ntil recently, when it came to complex datacenter virtu-
alization tasks, most enterprises have turned to VMware
Inc. tools. Lately, though, many have questioned
whether Hyper-V is a viable alternative to VMware. This is
especially true because Hyper-V is included in Windows Server.
Hyper-V has become appreciably more competitive with
VMware, whose licensing costs are generally more expensive.
Now that Hyper-V has matured and matches or exceeds
most of the capabilities of VMware, many are taking a
second look at it. This naturally raises the question of how
to transition between the two
environments. In most cases,
you may want to consider using
Hyper-V in new deployments,
instead of discarding existing
VMware-based systems.
The recent release of System
Center 2012 R2 Virtual Machine
Manager (VMM) lets you manage
VMware and Hyper-V through
a single pane of glass. You can
also use VMM to migrate virtual
machines (VMs) from VMware
to Hyper-V.
The Setup
For this evaluation, I deployed a
VMware vSphere 5.5 server. That
server is hosting two VMs called
VMware-VM1 and VMware-
VM2. Both VMs are running
Windows Server 2012 R2 as a
guest OS and have the VMware
tools installed.
Manage VMware
Virtual Machines and
Hyper-V Together
You can administer both virtualization platforms through a single
pane of glass using Microsoft System Center 2012 R2.
By Brien M. Posey
Figure 1. Choose the Add Hyper-V Hosts and Clusters command.
F E AT U R E | VM Migration
| Redmondmag.com | Redmond | February 2014 | 21
A second server is running VMware vCenter Server. VMM
cant manage VMware VMs unless its connected to vCenter.
A third server is running Windows Server 2012 R2 and System
Center 2012 R2 Virtual Machine Manager. That server is
doubling as a Hyper-V host.
Microsoft recommended best practices state you should
run Hyper-V on a dedicated machine. As such, you should
never run System Center and Hyper-V on the same physical
box unless System Center is running within a VM. However,
because this is a lab deployment and I have limited hardware,
I installed Hyper-V and System Center on the same server
out of necessity.
The Hyper-V server Im using contains two VMs, each
running Windows Server 2012 R2. The VMs are named
HyperV-VM1 and HyperV-VM2. I chose this particular
naming convention so it would be easy to distinguish
between the VMs that started out running on VMware and
those that ran on Hyper-V from the beginning.
Adding a Hyper-V Host
There are two things I want to accomplish. The frst is to
manage Hyper-V and VMware through a single pane of glass.
The second is to migrate the VMware VMs off vSphere and
onto Hyper-V. Because the frst goal is to manage both envi-
ronments through a single pane of glass, you need to make
VMM aware of the Hyper-V environment.
Open the VMM Administrator Console and select the
VMs and Services workspace. Next, right-click the All Hosts
container and select the Add Hyper-V Hosts and Clusters
command from the shortcut menu (see Figure 1, p. 20).
At this point, VMM will launch the Add Resource Wizard.
Youll need to answer the wizards prompts in a manner
thats appropriate for your own organization. Generally,
adding a Hyper-V host is simply a matter of specifying the
hosts name, location and a user
account with administrative host
access. You would typically do
this using a Run As account.
Once youve added the Hyper-V
host to VMM, you might need
to right-click on the host and
choose the Refresh Virtual
Machines command from the
shortcut menu before the Hyper-V
VMs show up in the VMM
Administrator Console.
Create a Run As Account
VMM will need a Run As
account to facilitate communi-
cations with the hosts it will
manage. To create a Run As
account, go to the Settings
workspace and click on the
Create Run As Account option
found on the toolbar (see Figure
2). When prompted, enter a
name and credentials for the Run As account. The Run As
account you specify must be an existing Active Directory or
local user account.
Its extremely important to enable Active Directory authen-
tication for vCenter and to add the Run As account to the
vCenter environment with administrative permissions. Other-
wise, you wont be able to add the vCenter Server to VMM.
To add Microsoft Active Directory delegation to vCenter,
open the vSphere Web Client and log in as Administrator@
vsphere.local. Next, click on the administration tab. Then
click on Single Sign On | Confguration.
When you reach the Confguration screen, click on the
green plus sign to add an identity source. Upon doing so, the
Web client will display the Add Identity Source dialog box.
Choose the Active Directory (Integrated Windows Authen-
tication) option and specify the Windows domain name
in the provided feld. If vCenter is running on a Windows
Server that has been domain joined, then the domain name
will be picked up automatically. Click OK to add the domain
to the Identity Sources list.
Now, go back to the VMM Administrator Console Home
screen and click on the vCenter tab. Then click on vCenter
Figure 2. Click on the Create Run As Account icon.
System Center 2012 R2
Virtual Machine Manager
lets you manage VMware and
Hyper-V through a single pane
of glass.
22 | February 2014 | Redmond | Redmondmag.com |
F E AT U R E | VM Migration
Servers. Select your vCenter server and click on the Manage
tab. Then select the Permissions category. Click on the
green plus sign to access the Add Permission dialog box.
Click on the Add button, then select your Run As account.
If the Run As account isnt listed, then make sure youve
selected the correct domain (Windows domains arent dis-
played by default). Now, select your Run As account and
click Add followed by OK.
You should now see the Run As account listed on the Add
Permissions dialog box. Use the Assign Role drop down list
to grant the Run As account Administrator permissions.
Click OK to complete the process.
Adding a vCenter Server to VMM
If you want to add a vCenter Server to VMM, open the VMM
Administrator Console Fabric workspace. Next, right-click
on the Servers container and
select the Add VMware vCenter
Server option from the shortcut
menu (see Figure 3).
At this point, VMM will display
the Add VMware vCenter Server
dialog box. Enter the name or IP
address of your vCenter Server.
Then click Browse and select
your Run As account. Click OK
to continue.
After clicking OK, you might
see an Import Certificate dia-
log box. If this dialog box is
displayed, click the Import but-
ton. After doing so, the vCenter
Server will be added to VMM
(see Figure 4).
Adding vSphere Servers
Once youve connected VMM
to your vCenter Server, you can
begin specifying individual hosts
or host clusters for management.
To do so, make sure to select the
Fabric workspace. Then click on
the Add Resources icon, which
youll fnd on the toolbar. Choose
the VMware ESX Hosts and
Host Clusters option from the drop down list. Unless youve
properly linked VMM to vCenter, youll receive an error
message when you attempt to connect to a VMware host.
At this point, you should see the Add Resource Wizard.
On the wizards initial screen, click the Browse button and
then select a Run As account. This must be the same Run
As account you used when you connected VMM to vCenter.
After selecting a Run As account, click Next. You should
now see a listing of all of the vSphere servers about which
vCenter knows (see Figure 5, p. 23). Select the VMware
servers you want to manage and click Next.
The next screen will prompt you to specify the host group
to which you want to add the VMware servers. Make your
selection and click Next. Youll see a summary screen. Take
a moment and make sure the information displayed on the
summary screen appears correct. Click Finish to complete
the process. When you do, the host list should contain your
VMware servers.
Although your VMware host servers are listed in the
VMM Administrator Console, the VMware VMs wont be
listed initially. To view the VMware VMs, select the VMs
and Services workspace, right-click on the VMware host
and choose the Refresh Virtual Machines option from the
shortcut menu.
The All Hosts container (see Figure 6, p. 23) now shows
VMware and Hyper-V VMs. As this point, the frst objective
of being able to manage both environments through a single
pane of glass has been achieved.
Figure 3. Right-click on the Servers container and select the Add VMware vCenter Server
option.
Figure 4. The vCenter Server is added to VMM.
Once youve connected
VMM to your vCenter Server,
you can begin specifying
individual hosts or host
clusters for management.
| Redmondmag.com | Redmond | February 2014 | 23
F E AT U R E | VM Migration
Migrate VMware VMs to Hyper-V
If you want to move existing VMs from VMware to Hyper-V,
thats now possible with VMM. Its important to know that
System Center doesnt support converting VMware VMs
stored on an IDE bus.
To convert your VMs, select the VMM Administrator
Console VMs and Services workspace. Next, click on the
Create Virtual Machine icon in the toolbar. Then choose
the Convert Virtual Machine option from the drop down
list. This will cause VMM to launch the Convert Virtual
Machine Wizard.
The wizards initial screen asks you which VM youd like to
convert. Click the Browse button to reveal the Select Virtual
Machine Source dialog box. Make sure the dialog boxs Virtu-
alization Platform column is set to VMware ESX Server. Then
select the VM you want to convert and click OK.
Click Next and youll be taken to the Specify
Virtual Machine Identity page. Youll have the option
of renaming the VM or adding a description. After
doing so, click Next. The next screen youll see is the
Virtual Machine Configuration screen. This lets
you confgure the number of virtual processors and
the amount of memory you want to assign to the
VM. Then click Next. Then youll see the Select
Host screen. Select the Hyper-V host on which you
want to place the VM and click Next.
You should now see the Select Path screen. Here
you can specify the path your VM storage will use.
After doing so, click Next. The following screen lets
you specify the network to which you want to connect
the VM after migration is complete. The VM must
be connected to a Hyper-V virtual switch in order
to establish network connectivity. Make your selec-
tion and click Next.
The next screen youll see is the Add Properties
screen. Go ahead and make any adjustments you
want to the various settings and click Next. Youll
then see a summary of the options youve chosen.
Take a moment to make sure the summary information is
correct. After doing so, click the Create button to begin the
conversion process.
Certain Limitations
As you can see, you can use System Center Virtual Machine
Manager to manage VMware VMs and even to convert them
to Hyper-V. However, there are limits to the management
capabilities. If your ultimate goal
is to use System Center 2012 R2
Orchestrator to automate your
VMware environment, you should
download the System Center
2012 R2 Integration Pack for
VMware vSphere (bit.ly/Kt3irV).
This will help you overcome
the various limitations and let
you fully manage your VMware
environment. R
Brien M. Posey is a seven-time
Microsoft MVP with more than
two decades of IT experience. Hes
written thousands of articles and
several dozen books on a wide
variety of IT topics. Visit his Web
site at brienposey.com.
Figure 5. The VMware servers will be listed.
Figure 6. VMware and Hyper-V VMs now appear in the VMM Administrator Console.
If you want to move existing
VMs from VMware to Hyper-V,
thats now possible with VMM.
24 | February 2014 | Redmond | Redmondmag.com |
F E AT U R E | Windows Azure Active Directory
W
indows Azure Active Directory (WAAD) has only
seen a modest level of adoption so far. Although it
was a useful addition to the Microsoft cloud service
when it was released nearly a year ago, there seems to be a gen-
eral perception that it isnt yet a mature product. Perhaps the
best evidence supporting the need for further development is
the lack of support for security groups in WAAD.
Microsoft is addressing this key issue with plans to offer
group management support. The company recently released a
preview available to Windows Azure subscribers. Subscribers
dont have to do anything to enable the group feature preview,
because its available by default. In this article, Ill evaluate
the preview, and explain how to create and manage groups.
Because its a preview, keep in mind that Microsoft could
change or remove features in the fnal release.
Group Benets
WAAD Groups really arent that different from normal
Active Directory group objects. Both are logical collections of
user objects and you can use both for access control purposes.
Although the WAAD Groups interface will let you create,
edit and delete groups, thats not the only purpose of the
interface. Keep in mind WAAD was designed as a mechanism
for facilitating directory synchronization. These directory
synchronization capabilities are enabled for groups as well.
When you create a group in your local Active Directory or
Offce 365, those groups will appear in the Windows Azure
Management Portalassuming the environments are synchro-
nized. You can only use the Windows Azure Management
Portal to edit groups created through Windows Azure.
Although the Windows Azure Management Portal can display
(and even use) groups created locally or through Offce 365,
you cant edit those groups through Windows Azure.
This doesnt mean you cant put groups created in Windows
Azure to work elsewhere. Among other things, you can use a
group created through Windows Azure to control access to
an Offce 365 SharePoint site.
Create a New Group
Creating a group in Windows Azure is simple. Start by signing
into Windows Azure and locating the directory to which you
want to add the group (see Figure 1, p. 25).
Manage Groups
with Windows Azure
Active Directory
Upgrade
Microsoft moves to make the cloud version of its
Active Directory service more appealing by letting
you create and edit groups. By Brien M. Posey
| Redmondmag.com | Redmond | February 2014 | 25
When you click on the directory, youll be taken to a screen
that gives you various directory confguration options. There
are a number of tabs that appear along the top of this screen.
To create a group, click on the GROUPS tab (see Figure 2).
You can create a new group by clicking ADD A GROUP.
When you do, youll be prompted to enter a name and a
description for the group youre creating. Take the time
to choose a descriptive group name and to enter a detailed
description. The very nature of Windows Azure often leads
to deployments scaling much more quickly than
you may anticipate. Taking the time to enter
descriptive information now can help you to
avoid growing pains later. After you enter this
information, the group, its description and the
corresponding directory will be displayed in
the Windows Azure interface (see Figure 3).
Edit Group Properties
Now that youve created a new group, take a look at the groups
properties. As you can see in Figure 3, one of the properties is
displayed. Youll notice the groups corresponding directory is
listed in the SOURCED FROM column.
To view some of the groups other properties, click on the
group and then the CONFIGURE tab (see Figure 4). You
can use the confguration screen to modify the group name
or its description. You can see the Object ID is
listed among the groups properties.
The Object ID can be useful if youre writing
a Windows PowerShell script or if you happen
to be developing an application and you want to
use the group as a mechanism for controlling
access to that application. If you look just to the
right of the Object ID, youll notice a Windows
Phone 8-style Copy icon. Click this icon to
copy the Object ID to the local clipboard so you
can reference the Object ID in your script or
application without having to type it again.
The Delete icon is in the task bar at the bottom of the
screen. If you create a group and then later decide you dont
need it, clicking this icon is the easiest way to get rid of the
group. Of course, youre also free to create, edit and delete
groups through Windows PowerShell.
Add Members to the Group
Once youve created a group, youll need to add some mem-
bers to the group. To add members to the
group, click on the group and then click
the MEMBERS tab. Next, click on the Add
Members link to display the Add members
screen (see Figure 5, p. 26). You can then
click on users to add them to the group.
As you select users, they appear on the
SELECTED list on the right side of the win-
dow. The selected users will become group
members as soon as you click the Done icon.
Remove a User
What do you do if you need to remove a user
from a group? Although the current interface
doesnt make user removal obvious, the tech-
nique is actually quite simple. If you click on
a user within the SELECTED list, that user
will be removed from the list.
As it stands now, the Windows Azure Man-
agement Portal doesnt let you create nested
groups. There are a number of rumors
Figure 1. Locate the directory in which you want to create a group.
Figure 2. Active Directory groups are exposed through the
GROUPS tab.
Figure 3. The newly created group appears in the Windows Azure
Management Portal.
Figure 4. The groups properties are listed under the CONFIGURE tab.
26 | February 2014 | Redmond | Redmondmag.com |
F E AT U R E | Windows Azure Active Directory
circulating that Microsoft plans to offer the ability to create
nested groups later, but it remains to be seen if or how such a
capability will be implemented.
Group to Control Access
So far, youve created a new security group and added some mem-
bers, but the group really doesnt do anything yet. The group
is nothing more than a logical collection of users at this point.
You can use Windows Azure groups as an application access
control mechanism. While this probably sounds like a really
simple function, it actually needs a bit of explaining. A few
months ago, Microsoft announced its vision for the cloud that
consisted of three tiers. These tiers include private clouds that
use on-premises hardware, public clouds based on Windows
Azure and services clouds that offer Software as a Service
(SaaS). One example of a service cloud is Offce 365.
The Microsoft cloud roadmap includes establishing a
high degree of interoperability between the three types
of clouds. The idea is to make it easy for customers to
mix and match cloud components on an as-needed basis.
This cloud roadmap plays directly into the way you can
use WAAD groups to control application access.
In an effort to establish cloud interoperability, Microsoft
made certain SaaS applications are made available
through Windows Azure in such a way that lets the
application use the Windows Azure directory. In fact,
the Windows Azure Management Portal makes hun-
dreds of applications available for use with Windows
Azure (see Figure 6).
Managing groups is critical for using third-party
applications and SaaS apps such as the Salesforce.com CRM
suite (see Figure 7). After deploying Salesforce.com and inte-
grating with WAAD, the dashboard will display the Your
App Has Been Added message. This also displays a USERS
and CONFIGURE tab. However, theres no GROUPS tab.
So how can you use groups to control application access?
It doesnt display references to groups is because Microsoft
is treating group-based application control as a premium
feature that wont be available with a basic Windows Azure
subscription. Microsoft recently said it would soon offer a
premium version of WAAD, called Windows Azure AD
Premium. One of the key features of this premium subscrip-
tion is the ability to use WAAD groups to control access to
integrated SaaS applications. With a premium level Windows
Azure subscription, the USERS tab in Figure 7 would be
listed as USERS and GROUPS.
Some of the other features that will be available with Windows
Azure AD Premium include self-service password resets,
company branding of the Windows Azure interface and some
additional security reports. You can read more about Windows
Azure Active Directory Premium at bit.ly/J2VBbx.
The ability to create and manage groups
will be a welcome addition to WAAD. Its
surprising Microsoft didnt include that from
the beginning, but better late than never. R
Brien M. Posey is a seven-time Microsoft MVP
with more than two decades of IT experience. Hes
written thousands of articles and several dozen
books on a wide variety of IT topics. Visit his Web
site at brienposey.com. Figure 7 The Salesforce.com app has been installed through Windows Azure.
Figure 6 Windows Azure makes hundreds of applications
available.
Figure 5 You can click on individual users to add them to the group.
As it stands right now, the
Windows Azure Management
Portal doesnt let you
create nested groups.
Admin Assistant delivers IT business rule enforcement for streamlining
administration of Active Directory and other applications found in todays
hybrid IT environments.
Start your free trial today at Cayosoft.com
Active Directory icrosoft fce indos Server
Knockout
Active Directory & Hybrid Systems
Administration ith
Cayosoft Admin Assistant
TM
Untitled-1 1 1/13/14 9:58 AM
28 | February 2014 | Redmond | Redmondmag.com |
by Don Jones
DecisionMaker
Consider asking your organization
to modify both of those things a bit.
What Im proposing should actually
go down quite well with HR. Im
suggesting you simply add, or change,
a single item on those existing annual-
review and pre-hire checklists. My
change is specifc, measurable, attainable,
realistic and timely, making them
S.M.A.R.T, something HR folks
love. This suggestion is also massively
benefcial to IT. It doesnt solve every
problem that IT deals with in a modern
organization, but they deal with a
couple of the bigger problems.
Here it is: Ask employees to look for
repetitive, time-consuming, manually
performed tasks that can be automated.
Set a goal of eliminating x manual
man-hours of work each period. For
new hires, look for rsums that detail
how many man-hours of manual labor
the candidate helped automate at
previous jobs (and advertise that as
a criterion, because folks are used to
lining up the four-letter certifcation
acronyms, and need to be told youre
looking at this). We ask that employees
identify and automate IT operational
tasks, with a target of saving at least 50
man-hours of manual effort per year.
I have additional suggestions derived
from this one, but this ones the alpha-fx,
because it pushes a number of important
behaviors. The organization is going
to have to invest some time in its
employees, educating them about
specifc automation technologies. In a
Microsoft world, that might be things
like Windows PowerShell, System
Center Orchestrator and so on.
Failing to educate means your
employees wont meet their goals, and
theyll be able to identify lack of
education as the root cause. But for
perhaps the frst time, the organization
will be able to measure the return on
that education investment. This metric
also helps drive important business
specifcations for internally developed
software. Knowing that automation is
a measured goal means developers can
be notifed early on in the software
design process, and can include
automation-friendly interfaces in their
software. This one simple metric can,
if properly managed (of course), put
the entire organization on notice that
automation is highly desired.
Next, set an internal management
goal to have some specifc number of
individuals do nothing but create units
of automation. Theyll be 33 percent
developer, 33 percent analyst and 33
percent administrator. IT operations
then become more project-based and
less of a frefghting exercise, keeping
IT more responsive and agile.
IT tool acquisitions are also impacted
by this change of thinking. When
automation is a goal for every IT
staffer, you cant afford to buy tools
that dont support automation. Ok, so
your solution can let us apply AD
permissions more rapidly than using
the native tools. Does it let us build that
into our own scripts, so that we dont
even have to use your GUI if we dont
want to? When the entire organiza-
tion focuses on how it can automate
something to take it out of ITs hands
as much as possible, while still running
the actual process, youll make decisions
that natively reduce workload while
still getting the job done.
With automation as an organizational
goal, you could technically downsize
your IT team. In reality, most IT teams
are massively overwhelmed already, so
youll actually be downsizing the work-
load to meet your teams capabilities.
Yes, its a big change in thinking and
in management. Yes, itll take some
time to socialize through the upper
levels of management, and to
implement in the front lines. But its a
worthy philosophy. It isnt something
you can just start doing immediately,
but its something you can start
bringing into every IT conversation
going forward, to get everyone
thinking about the upsides of not
doing everything manually. R
Don Jones is a principal technologist for
strategic consulting frm Concentrated
Technology. You can contact him via
ConectratedTech.com.
Changing Metrics When Hiring IT Pros
M
ost organizations these days have some kind of
annual or semiannual review process, in which
employees are asked silly questions such as, Where
do you see yourself in fve years? and measured against various
goals and commitments to see if theyre performing well.
Similarly, most organizations hiring new IT staff tend to
have some minimum requirements, often requiring rsums
to pass these hurdles in order to clear the HR department
and get in front of an actual hiring manager.
Untitled-1 1 10/8/13 10:54 AM
30 | February 2014 | Redmond | Redmondmag.com |
Life After TechNet: Stop Awaiting
Its Return and Move On
by Greg Shields
WindowsInsider
got an earful of comments a few
months ago while pondering aloud in
his IT Decision Maker blog post, The
TechNet Subscription Thing: Youre All
Nuts. Or I Am (Redmondmag.com/
Jones082313).
Central to the complaints is a Catch-22
felt in the void of the demise of TechNet:
the MSDN alternative is too expensive
and 180-day trial software is too limiting.
IT pros needing to evaluate software
are seemingly stuck between a time
bomb and an unaffordable credit-card
bill. Or, are we?
While Ill agree that the TechNet-to-
MSDN upcharge is a fare change sinful
as usury, I disagree entirely that Redmonds
180-day alternative is unworkable. Yes,
the pulled-in-a-thousand-directions
nature of our profession forces some
software evaluations to legitimately
require more than half a year to com-
plete. But these days, deploying OSes,
installing applications and integrating
components together can be automated
without much up-front work.
In fact, you could argue that deploy-
ment automation has become a minimum
requirement for todays IT pro. Many
of the tools are free, and the knowledge
to use them is freely available. The
passing of TechNet only reinforces
this idea. There just arent that many
excuses left for deploying OSes and
applications the manual way.
Which all leads to the question I keep
asking myself: If you can automate an
installationand easily repeat it over
and over againneed you really care
anymore about licensing time limits?
Microsoft System Center offers a most
perfect example. Last month I referred
to the suite as big, complicated, over-
whelming and radically interconnected.
My frst few installs of System Center
in its entirety cost me two or three days
apiece. That much time burned for a
mere evaluation is wholly unacceptable in
a world of 180-day timeouts.
Stop Waiting, Rebuild!
Rather than waste time petitioning for
the return of TechNet, I choose instead
to focus on making the deployment of
its software a frictionless activity. Here,
tools can help, like the Microsoft
PowerShell Deployment Toolkit (PDT),
which can be downloaded from
bit.ly/1bLIqCl. The PDT advertises
itself as a set of scripts and knowledge
for automated deployment of System
Center 2012 SP1/R2, including SQL,
all prerequisites, and all automatable
post-setup integration.
Tools such as the PDT do an end-run
around Redmonds 180-day limit by
reducing its implementation time cost to
near-zero. If I need more time, Ill just
click and rebuild the silly thing.
System Center isnt the only solution
seeing the benefts of Windows
Power Shell deployment automation.
Also exciting is the Windows PowerShell
exposure you can build into Virtual
Machine Manager (VMM) Service
Templates. These templates keep getting
more useful all the time. Consider a few
examples only recently made available:
Microsoft contributor Shawn Gibbs
Service Template Example Kit
(bit.ly/1bLITV6) makes a good
starting point and demonstrates the
deployment prowess of Windows
PowerShell by automatically
deploying a single- or multi-tier
Web services platform inside VMM.
Additional service templates for
Active Directory Domain Controllers
in a separate offering, also from
Gibbs (bit.ly/1egltdk).
Michael Greene can deploy
Exchange Server 2013 CU2 (bit.ly/
198KgT6) with a pair of templates,
one each for a single server or
multiple server environment.
Jim Britt put together scripts and a
service template to deploy a three-
tier SharePoint 2013 environment
(bit.ly/1hrlroj).
Sean Lillis constructed an impressive
PowerShell App Deployment Toolkit
(bit.ly/1hrlvEr) that can automate
the deployment of apps with a few
Windows PowerShell commands.
Time-Bombless
Indeed, Microsoft hath taken away. Ill
miss TechNet just as much as the next
person. But Microsoft and the
community seem to have giveth as
well. These and other tools wont solve
every evaluation limitation, but theyre
not necessarily meant to. Theyre
designed to help us understand the
usefulness of Windows PowerShell as a
deployment automation tool.
Perhaps we shouldnt care about
TechNets passing. Our lab environments
might not be as permanent, but we can
be a lot smarter for it. R
Greg Shields is a partner and principal tech-
nologist with Concentrated Technology, an IT
analysis and strategic consulting frm. You
can contact him at ConcentratedTech.com.
T
he discontinuation of the Microsoft paid TechNet
subscription program still ruffes feathers among IT
pros. Fellow Redmond magazine columnist Don Jones
March 10 14, 2014
Las Vegas, NV
Planet Hollywood Resort & Casino
CONNECT WITH LIVE! 360
twitter.com/live360events
facebook.com/live360events
Join the "Live! 360" Group
COMPREHENSIVE
TRAINING FOR THE
DEVELOPER WORLD
The Developer World is always changing; new technologies emerge,
current ones evolve and demands on your time grow. Live! 360 DEV
offers comprehensive training through 5 co-located events on the most
relevant and leading edge technologies in your world today. Youll learn
from pre-eminent experts in the industry, network with like-minded
peers, and return home with the knowledge and solutions to solve your
biggest development challenges.
live360events.com/lasvegas
Scan the QR code to
register or for more
event details.
REGISTER BY FEBUARY 12
AND SAVE $300
Use promo code DEVFEB1
PRODUCED BY SUPPORTED BY
magazine
PLATINUM SPONSOR
Untitled-5 1 1/8/14 3:54 PM
32 | February 2014 | Redmond | Redmondmag.com |
by Mary Jo Foley
FoleyOnMicrosoft
Could Android Be
Coming to Windows?
But going into 2014, Im no longer
chuckling. Theres one truism about
Microsoft these days: You need to
rethink almost everything you thought
you knew about the company. Whether
its a realization at the top that old ways
dont work anymore or a desperate
times call for desperate measures
mentality (or both), Microsoft has
chucked the old playbook.
A prime example comes from Microsofts
new unifed OS team. When Bloomberg
reported in October 2013 that Microsoft
was approaching phone makers such
as HTC about potential interest in
running both Android and the Windows
Phone OS on handsets, I put that
rumor in the yeah, right bucket.
Last month, another report surfaced
this time courtesy of The Information
claiming Microsoft has considered/is
considering a scenario whereby customers
and carriers could choose either
Android or the Windows Phone OS
for their handsets. Dual-boot scenarios
via which users could switch between
the OSes and running Android apps
on Windows Phone handsets are ideas
Microsoft allegedly has foated by
handset makers to gauge interest.
Some earlier leaks now make these
rumors more believable. Mockups of
Windows Phone hardware have surfaced
that no longer feature the capacitive-
touch buttons that are a hallmark of
current Windows Phone handsets.
And a leaked render of a Nokia phone,
code-named Normandy, is believed
to be running some kind of Android
Open Source Project (AOSP) variant.
And then theres whats happening on
the Windows side of the house, with
Intel, AMD, and Asus all talking up
the potential of devices that can dual-
boot Android and Windows (see the
Redmond Report story, Tablet Boots
Windows 8.1 and Android, p. 6).
Some Microsoft watchers are claiming
that Microsoft and its OEMs, worried
by the simultaneous growth of
Android and decline of PC sales, are
just throwing anything at the consumer
wall and seeing what sticks.
But some of my contacts on the
Windows Phone front are saying
theres more than just experimentation
happening. Phone makers dont want to
have to invest in building unique hard-
ware that has only 4 percent worldwide
market share. Theyd rather be able
to provision the same handset with
Android or Windows Phone, depending
on what a market segment wants.
At the same time, Microsoft would
love to nix the perennial there just
arent enough apps objection to
Windows Phone (and Windows 8.x, for
that matter). If Microsoft could fnd a
way to support Android apps natively
in Windows, I believe the company
would jump at the chance.
This isnt as far-fetched as it may
sound. And it could provide Redmond
with a way to lessen the possibility of
Google boxing the company out by
making it harder for Google apps and
services to run on or with Windows and
Windows Phone. It could also increase
the likelihood that specifc Android-only
apps or games are available on Windows
Phone handsets in a timely manner.
BlueStacks already allows Android
apps to run on PCs, tablets and Macs
via its App Player and Cloud Connect
technologies. A lot of Android is
open source, meaning anyone, even
Microsoft, could use that code to
build its own Android runtime that
could enable Android apps to run
on Windows Phone and Windows.
The Google Play app store isnt open
source, so Microsoft would have to
build its own app store for Android
apps, or use an existing one, such as
SweetLabs Pokki. (Hey, maybe this is
where Microsofts $300 million invest-
ment in Barnes & Noble comes in,
with the Nook Store becoming the app
store for Android on Windows? Just
a totally wild and crazy guess on my
part, but its certainly plausible.)
Obviously, there are numerous tech-
nical and strategic hurdles ahead for
Microsoft if offcials opt for the join
emrather than beat emroute with
Android. Google likely can and will
continue to implement new Android
programming interfaces in non-open
source ways, further fragmenting the
Android development community. And
theres the little matter of Microsofts
role as Android patent toll-collector to
fgure into the equation.
Sometimes, the new reality is stranger
than fction R
Mary Jo Foley is editor of the ZDNet All
About Microsoft blog and has been covering
Microsoft for more than two decades. Shes
the author of Microsoft 2.0 (John Wiley
& Sons, May 2008), which examines whats
next for Microsoft in the post-Gates era.
I
f anyone had told me a year ago that Microsoft might
be dabbling with ways to put Android on Windows,
Id have laughed.
GetMoreOnline
Read more about Windows Phone,
Windows 8.1 and Android.
Redmondmag.com/Foley0214
The ultimate backup appliance.
The NetBackup 5230 appliance.
Backup, deduplication, and storage all in one box.
http://www.symantec.com/backup-appliance
Copyright 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, and NetBackup are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.
Untitled-4 1 12/2/13 11:27 AM
Read the TBR white paper
See how IBMs approach to virtual desktop infrastructure delivers simplicity.
Visit ibm.com/systems/simplifycloud
Scan with your smartphone to learn more about IBM System x M4 Express servers.
Contact the IBM Concierge to help you connect to the right IBM Business Partner.
1 866-872-3902 (mention 102PF19A)
1
As of May 7, 2013. See http://www.tpc.org/1791
2
Global Financing offerings are provided through IBM Credit LLC in the United States and other IBM subsidiaries and divisions worldwide to qualied commercial and government customers. Monthly lease
payments provided are for planning purposes only and may vary based on your credit and other factors. Lease offer provided is based on an FMV lease of 36 monthly payments. Other restrictions may apply.
Rates and offerings are subject to change, extension or withdrawal without notice and may not be available in all countries. Listed prices include Express Servers only. Operating system software and optional
virtualization and cloud solutions available at an additional cost.
IBM hardware products are manufactured from new parts or new and serviceable used parts. Regardless, our warranty terms apply. For a copy of applicable product warranties, visit
http://www.ibm.com/servers/support/machine_warranties. IBM makes no representation or warranty regarding third-party products or services. IBM, the IBM logo, ibm.com, Storwize, System x,
Express, System Storage and Easy Tier are registered trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might
be trademarks of IBM or other companies. For a current list of IBM trademarks, see www.ibm.com/legal/copytrade.shtml. Intel, the Intel logo, Xeon and Xeon Inside are trademarks or registered
trademarks of Intel Corporation in the U.S. and/or other countries. All prices and savings estimates are subject to change without notice, may vary according to conguration, are based upon IBMs
estimated retail selling prices as of 8/29/2013 and may not include storage, hard drive, operating system or other features. Reseller prices and savings to end users may vary. Products are subject to
availability. This document was developed for offerings in the United States. IBM may not offer the products, features or services discussed in this document in other countries. Contact your IBM
representative or IBM Business Partner for the most current pricing in your geographic area. 2014 IBM Corporation.
Virtualization and cloud computing made simple.
IBM System x servers and solutions.
When moving to a virtualized or private cloud environment, taking the rst step is usually
challenging. Not anymore. IBM
System x
M4 Express
Xeon
processors, IBM System x servers deliver ideal performance, scalability and memory capacity to
handle virtualized workloads. IBMs recent delivery of the rst-ever x86-virtualized TPC-C benchmark
result with IBMs lowest-ever cost per transaction
1
goes to show that these solutions are efcient
and cost-effective. So now you not only get all the advantages of a cloud or virtualized environment
but also the benets of simplicity and reduced costs. And you can always count on the expertise of
IBM Business Partners to help you congure the systems to suit your business needs.
IBM System x3550 M4 Express
$1,849
OR $55/MONTH FOR 36 MONTHS
2
Performance, exibility and cost perfectly balanced in a compact form factor
Smart platform with new Intel processors for range of business applications including cloud and virtualization
Outstanding reliability, availability and serviceability; easy to deploy and manage
PN: 7914-EGU
Optimized for performance and low cost with new Intel processors
Ideal platform for range of business applications including cloud, virtualization and web collaboration
Outstanding reliability, availability and serviceability; easy to deploy and manage
$2,299
OR $69/MONTH FOR 36 MONTHS
2
IBM System x3650 M4 Express
PN: 7915-EGU
2U form factor capable of holding 24 x 2.5" drives (up to 120 drives with expansion units)
Virtualization of internal storage and thin provisioning for improved storage utilization
Optimized costs for mixed workloads by using IBM System Storage
Easy Tier
$8,799
OR $215/MONTH FOR 36 MONTHS
2
IBM Storwize
V3700
PN: 2072-S2C
Untitled-1 1 1/13/14 10:47 AM