Tag Archives: Azure

Enterprise Mobility Suite Overview

Earlier this month I did a one hour webcast for the Microsoft’s Enterprise Mobility Suite which you can now view using the link below.  The suite is a collection of three products offered at a very affordable price: Microsoft Intune, Microsoft Azure Active Directory Premium, and Microsoft Azure Rights Management service.  The Enterprise Mobility Suite enables organizations to manage devices, protect data, and empower users through self service identity features.

Click here to view the presentation

Azure Backup for Windows Client Operating Systems

Microsoft Azure Backup provides a simple and reliable cloud based folder and file backup solution.  The initial releases of Azure Backup supported Windows Server operating systems but with the newest update the Windows client operating systems are now supported.  Users of  Windows 7, Windows 8 and Windows 8.1 PCs can now use the simple Azure Backup agent to protect their important files.  

Microsoft Azure Backup provides the first 5GB of backup for free and each additional GB is only $0.20 per month (retail pricing).    Microsoft Azure Backup includes all of the features you would expect from a file backup solution, including:

  • 99.9% availability guaranteed
  • Efficient incremental backups
  • Secure, encrypted data at rest
  • Data encryption in-transit
  • Geo-replicated backup store

To get started with Microsoft Azure Backup you need an Azure Subscription.  To get a free trial or to learn more, visit http://azure.microsoft.com

Additional details on the recent changes to Microsoft Azure Backup can be found here.

Free Azure Conference

On October 21st, 2014, Microsoft will be hosting AzureConf, another free event for the Azure community. This event will feature a keynote presentation by Scott Guthrie, along with numerous sessions executed by Azure community members. Streamed live for an online audience on Channel 9, the event will allow you to see how developers just like you are using Azure to develop robust, scalable applications on Azure. Community members from all over the world will join known speakers such as Michael Collier, Mike Martin, Rick Garibay, and Chris Auld in the Channel 9 studios to present their own inventions and experiences. Whether you’re just learning Microsoft Azure or you’ve already achieved success on the platform, you won’t want to miss this special event.

The live event is over.  To view recordings of the event, visit: https://www.azureconf.net/

Government Solutions on Azure

Microsoft Azure provides platform as a service, infrastructure as a service, and packaged service solutions.  Below are a few examples of government solutions that can be built or utilized on Microsoft Azure.

Server Backups
A key function of any IT department is ensuring that all important systems are backed up in case of a system failure, accidental file deletion, file corruption, or a virus outbreak.  The concept of backups is very simple, however, putting a good solution in place can be challenging.  Many organizations will backup their systems to tape and then ship those tapes offsite for storage.  Unfortunately tape backup solutions are expensive and sometimes unreliable.  Recovering from tape is a very slow and time consuming process.  Worse yet, you never known for certain if you can recover files from the tape until an emergency arises.

Microsoft Azure provides an online backup solution that easily integrates into Windows Server or Microsoft Data Protection Manager.  With Microsoft Azure Backup you can be confident that your data can be quickly and easily accessed when you need it.  Microsoft Azure Backup ensures that your data is stored with 3 copies across fault zones inside of a Microsoft datacenter.  An organization can also choose geographically redundant storage where and additional 3 copies of the data is stored in a Microsoft datacenter hundreds of miles away.

Built directly into Microsoft SQL Server 2012 and higher is the ability to backup SQL databases directly to Microsoft Azure.   In the case of a major datacenter failure, the SQL databases can be mounted to a SQL database server running as a virtual machine in Azure.

The benefit of moving to Microsoft Azure for backup services is that your files and data are always available online for immediate recovery.  No longer will an organization need to wait for off-site tapes to be shipped back before recovery.  Unlike tapes, you can recover an individual file or database  without having to restore a complete backup set.  Also Microsoft Azure Backup encrypts your data prior to sending it to the Microsoft datacenter for storage.  With up to 6 copies of your data in geographically redundant datacenters you can be confident that your data will be available when you need it.

To learn more about Microsoft Azure Backup visit: http://azure.microsoft.com/en-us/services/backup/

To learn more about SQL Server backup to Azure visit: http://msdn.microsoft.com/en-us/library/jj919148.aspx

Disaster Recovery
Always a hot topic with organizations is disaster recovery.  They key is to identify what types of situations are considered a disaster for your organization.  A disaster could be a natural disaster, a datacenter disaster, a virus outbreak, or simply a deleted file. Each of these disasters would have a different plan of action based upon the needs of the organization.

As discussed in the previous section, Microsoft Azure Backup can help protect important files.  Taking this concept one step further we need to not only protect files, but also complete systems.  Microsoft Azure Site Recovery (ASR) enables organizations to protect important applications by coordinating replication and recovery of private clouds.  ASR enables you to define orchestrated recovery plans so you can be confident your systems will properly failover to your DR site.   Currently in preview, ASR also allows you to replicate your systems directly to Azure and then failover to the Microsoft datacenter when a disaster strikes.   ASR also enables quick and simple site recovery testing to ensure your DR plans will function as expected during a real disaster scenario.

During a natural disaster a government organization may need to communicate with the public quickly and reliably.   These situations can causes a significant increase in traffic to a governments website which could easily overwhelm the servers and Internet connection.  Worse yet, if the organizations datacenter is impacted by the natural disaster any communication web sites could be knocked offline.  

Microsoft Azure Websites can enable a government organization to host a disaster preparedness and communication website very economically.  During a natural disaster the website can easily scale up to meet any demand. 

To learn more about Microsoft Azure Site Recovery visit: http://azure.microsoft.com/en-us/services/site-recovery/

To learn more about Microsoft Azure Websites visit: http://azure.microsoft.com/en-us/services/websites/ 

Cloud Identity
The proliferation of software as a service applications (SaaS) within an organization can introduce challenges for the IT department.  In some cases the IT department may not even be aware of some of the SaaS applications that have been purchases and are being used by other departments with the organization.  This is sometimes called shadow IT.

To help IT better identify and manage SaaS applications, Microsoft Azure provides a solution called Cloud App Discovery.  This solution enables the IT department to discover all of the cloud apps that are being used within their organization and how frequently they are being used.   Once the IT department understands the collected information they can begin to create plans to support the services and to protect organizational data.

Organizations that are using SaaS applications face a challenge of managing identity.   This might include creating accounts in the SaaS application or managing password resets.  With Microsoft Azure Active Directory an organization has a comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups and help secure access to applications.   Enabling single sign-on to a SaaS application can simplify user access to thousands of cloud applications supported by Microsoft Azure.

Included with Microsoft Azure Active Directory Premium is Azure Multi-Factor Authentication.  This solution prevents unauthorized access to both on-premises and cloud applications by providing an additional layer of authentication via a mobile app or phone.

To learn more about Cloud App Discovery visit: http://appdiscovery.azure.com/

To learn more about Azure Active Directory visit: http://azure.microsoft.com/en-us/services/active-directory/ 

Information Protection
Information protection becomes more important as organizations start to utilize SaaS applications.  As cloud services usage increases there is an ever greater chance that sensitive data could be accidentally or maliciously disclosed to unintended recipients.  Using access control lists on SaaS solutions is not enough to protect sensitive content.  

Microsoft Azure Rights Management (RMS) solution included with the Microsoft Enterprise Mobility Suite enables organizations to protect sensitive emails and files from being inappropriately shared.  If a file that is protected with RMS is leaked, an organization can be confident that the information cannot be accessed by unauthorized people.

To learn more about Microsoft Azure Rights Management and the Enterprise Mobility Suite visit: http://www.microsoft.com/en-us/server-cloud/products/enterprise-mobility-suite/ 

File Servers and Archive Storage
One constant in the world of IT is that storage requirements always increase.  A study by IDC shows that year over year organizations are seeing data growth in the range of 50%-60%.


As seen in the graph above, only a small subset of the overall stored data is considered the working set.  This is the set of files that are used on a frequent basis.  Everything else above the green line to the blue line is data that is being kept for compliance or archiving purposes only.

Not only are organizations storing more and more data locally, they are being challenged with backup and disaster recovery solutions.  The cost of tape backups and offsite storage continues to increase while budgets are being tightened. This is why organizations are looking at cloud based storage solutions to address their growing data problem. A study by Forrester shows that local SAN storage costs 4x that of cloud storage. 

Microsoft Azure provides multiple storage options to meet an organizations needs such as:

  • Azure Backup for Windows Server or SQL Server
  • Blob storage for custom applications
  • StorSimple – A hardware appliance for storage, archiving and disaster recovery

Earlier in this post I discussed how Azure Backup can be utilized for disaster recovery scenarios.  Blob storage is a platform as a service feature accessed via REST APIs that developers can use for storing files for their custom applications.   The solution I find most interesting for file storage and archiving is StorSimple.

StorSimple is a hardware device that combines the data management functions of primary storage, backup, archive and disaster recovery with seamless Microsoft Azure integration.  The StorSimple appliance uses Microsoft Azure as an automated storage tier, offloading capacity management burdens and ongoing capital costs, while providing enterprise-grade local performance for the working data set.  Using local and cloud snapshots, application-consistent backups complete in a fraction of the time needed by traditional backup systems while reducing the amount of data transferred and stored in the cloud.   Cloud and location independent disaster recovery allows organizations to recover their data from virtually any location with an internet connection, and test their DR plans without impacting production systems and applications.  Thin restore from data in the cloud enables users to resume operations after a disaster much faster than possible with physical tape, or cloud-base tape methods used with other cloud providers.

To learn more about StorSimple visit: http://www.microsoft.com/en-us/server-cloud/products/storsimple/explore.aspx

Get the free eBook Rethinking Enterprise Storage: A Hybrid Cloud Model from here: http://blog.mikehacker.net/free-e-books/

SharePoint 2013 in Windows Azure

Today a co-worker forwarded an interesting video to me that I thought I would share.  This video shows how a SharePoint 2013 infrastructure can be deployed in Windows Azure and can quickly scale to support additional workload.   You can checkout the performance of the SharePoint 2013 site running on Azure by visiting http://con-web.cloudapp.net/

Could your organization benefit by hosting SharePoint in Azure?

SharePoint 2013 using Azure ACS – Part 1

A while back I wrote an article about using Windows Azure Access Control Services with SharePoint 2010.  That configuration enabled a scenario where users could log into SharePoint with a Windows domain, Microsoft , Google , Yahoo! or Facebook account.  Since writing that article a lot has changed; the Windows Azure Portal has been updated, a new version of SharePoint has been released, and other related changes have occurred.

One major change is that Microsoft is no longer charging for the use of Windows Azure Access Control Services (ACS).  This means you can use one of the external authentication providers with your on-premises SharePoint installation for free!  Utilizing Azure ACS with SharePoint 2013 can greatly reduce the support costs for managing accounts in an extranet environment.  This will also allow users to utilize an account they already have instead of having to create or manage additional login credentials.

In this post I will outline how to configure Azure ACS with SharePoint 2013.  This configuration will be very similar to the SharePoint 2010 configuration I previously documented.  I assume that you already have a working and stable SharePoint 2013 server farm configured.

For this demo I have ensured that the Request Management service is not started. In this demo I only have a single SharePoint server in my farm, therefore I do not need request management.

I am also assuming that you have signed-up for access to Azure services at http://www.windowsazure.com.  A Windows Azure account is required even though Azure ACS is available free of charge.

To get started, we need to login to the Windows Azure portal and configure a new Azure ACS namespace used for SharePoint 2013 authentication.

  1. Go to http://www.windowsazure.com and click on the portal link located in the upper right to log into the management portal.
  2. Management of Windows Azure ACS has not yet been added to the new Windows Azure portal.  We need to switch back to the previous version of the portal by clicking on our email address (or username) located in the upper right of the web site and then choosing the previous portal menu option.
  3. At the bottom of the left menu click on the Service Bus, Access Control & Caching option.
  4. On the upper left column choose Access Control under the Services heading.
  5. In the top menu click on the New option in the Service Namespace group.
  6. In the dialog window that opens, fill in the Namespace field with any string value of your choosing.  Click on the Check Availability button to ensure it is available.  You will also need to choose the Country/Region for your ACS service and the subscription associated with your account.  Although Azure ACS is free you still need to have a Windows Azure subscription.  Click on Create Namespace.  Note:  MSDN users get Windows Azure subscription as one of their benefits.
  7. Windows Azure will begin to provision and activate your Windows Azure ACS service.  In the main window of the portal you should see your namespace listed along with a status of Activating.  Once the service status changes to Active you can proceed to step 8.  It may take several minutes for the service to activate.
  8. Select your namespace service from the list and then click on the Access Control Service option in the Manage Access Control grouping in the top menu bar.  This will take you to the Access Control Service management console.   If the Access Control Service option is not enabled you have either not selected your namespace in the main list or your service is still activating.
  9. In the Access Control Service console click on the Identity providers option in the left menu.  This is where we will select what identity providers we will make available to SharePoint.  In this demo I will be add Microsoft Account (Windows Live ID), Google and Yahoo!.  I will not be adding Facebook authentication in this example because it requires additional configuration on the Facebook website.
  10. On the identity provider page you will see that Windows Live ID has already been added.  Click on the Add link to add additional providers.
  11. Under the Add a preconfigured identity provider section choose Google from the list and then click the next button.
  12. On the Login Page Settings accept the default values and click on the Save button.
  13. Repeat steps 11 and 12 but instead choose the Yahoo! provider.
  14. Now that the identity providers have been selected the next step is to configure a relying party application.  This is the first configuration we make that relates to our SharePoint environment.  On the left menu click on the Relying party applications option.
  15. On the Relying party applications page click on the Add link.
  16. Fill in the Add Relying Party Application form using the following guidance and then click on the Save button.
      • Name –  This is the top level domain for the SharePoint web application you are going to create.   Example: Fabrikam.com
      • Mode –  Choose Enter settings manually
      • Realm – This is a unique URI used to link this provider to a SharePoint provider definition.  Chose your own value based upon the format of this example:  urn:fabrikamspdemo:spub
      • Return URL – This will be the URL of the SharePoint web application you are creating with /_trust/default.aspx appended.  We will use SSL on our SharePoint site, the URL is specified with HTTPS as the protocol.  Example: https://www.fabrikam.com/_trust/default.aspx
      • Error URL – leave this blank
      • Token Format – Select SAML 1.1
      • Token Encryption Policy – Select None
      • Token Lifetime –  Set this value to 1200.  (Please review this MSDN article on how the SAML token lifetime and the SharePoint  TokenLifeTime settings can impact how frequently a users is prompted to log back in when using Windows Azure ACS)
      • Identity Providers – Choose all of the providers we configured above.
      • Rule Groups – Check create new rule group
      • Token Signing – Leave this as the default.
  17. A rule group defines how claims are passed from the identity provider to SharePoint.  You need to update the default rule group created in step 16 with the proper rules.  Click on the Rule groups option in the left menu.
  18. Click on the Default Rule Group for your relying party application.
  19. Click on the Generate link located above the rules section.  This will allow you to automatically generate the necessary rules for each of the identity providers.
  20. Select all of the providers and choose Generate.
  21. Click on the Save button under the Rule Group Details section.
  22. To allow secure transmission of the SAML token we need a x.509 certificate.  For this example we will generate our own self-signed certificate.  For a production environment you may want to procure a certificate from a trusted certificate provider.  You will need the MakeCert utility to create the certificate.  You can download that utility from here.A. Extract the MakeCert utility into a temporary folder.  (example c:temp).B. Open a command prompt as an administrator and change to the location where you extracted the MakeCert utility.C. Run the following command, replacing <service_namespace_name> with your unique service namespace.  Your namespace can be seen in the top gray bar of the Access Control Service Portal.

    makecert.exe –r –pe –n “CN=<service_namespace_name>.accesscontrol.windows.net” –sky exchange –ss my

    Note:  the above command may have line wrapped due to space limitations.  The command should be entered in completely on a single line.

  23. The certificate created in step 22 needs to be exported so it can be uploaded into Windows Azure.  The following steps will export the necessary certificate:
    • A. In the command prompt opened in step 22, type MMC and press enter.  This will launch the Microsoft Management Console.
    • B. In the MMC Console click File and then click Add/Remove Snap-in.  Double click on Certificates.
    • C. Select My user account and then click finish.
    • D. Close the Add Standalone Snap-in dialog by clicking on OK.
    • E.  In the console double click Certificates – Current User.
    • F.  Expand Personal and then expand Certificates.
    • G.  Right click the certificate you created in step 22.  Choose All Tasks and then click Export to open the certificate export wizard.
    • H.  Click Next on the first page of the Certificate Export Wizard.
    • I.  Select Yes, export the private key and then click Next.
    • J.  Select Personal Information Exchange format and then click Next.
    • K.  Enter in a password to secure the key.  Confirm the password and then click Next.
    • L.  Select a location and filename for your certificate.   Remember the location of your certificate that you exported.  Click Next and then click Finish to export the certificate.
  24. Return to the Access Control Services portal and click on the Certificate and keys option on the left menu.  The next step will import the recently exported certificate into the Windows Azure ACS service.
  25. In the Token Signing section click on the Add link.
  26. On the Add Token Signing Certificate or Key page fill out the form using the following guidance and then click on Save.Used forSelect Relying Party Application and then choose your applicationType – Select X.509 CertificateCertificate – Select the certificate file you exported in step 23.  Enter in your password for the exported certificate.

    Primary –  Check the Make Primary option.

This completes the steps necessary to configure Windows Azure ACS for use with SharePoint 2013.  In part 2 (coming soon) I will configure SharePoint 2013 to use Windows Azure ACS for authentication.

County of San Diego Chooses Azure for Emergency Management System

The County of San Diego provides health and justice services to all 3 million residents and municipal services to the county’s unincorporated areas. And it’s the second largest county in California, encompassing more than 4200 square miles.

In 2007, San Diego County was struck by a disastrous wildfire – and half a million people had to be evacuated. The crisis became a national news item, and CNN publicized the county’s emergency website as part of their coverage.

Flooded with a sudden spike in traffic, the website’s servers went down. But this problem affected a group far more important than the viewers of CNN: for days, the people of San Diego County were left without access to much needed information.

Resolving never to face this problem again, San Diego County looked for a solution. After exploring various options, they chose Windows Azure as the platform to host and manage their emergency management system. This cloud-based system has shown immediate payoffs.

Read about how the County of San Diego benefited from Windows Azure by reading the full case study here.

Microsoft Government Solutions

Did you know that Microsoft and our partners offer pre-packaged solutions for State and Local Governments?   When most people think of Microsoft they immediately think about our individual product lines.  They don’t realize we also provide some great solutions and solution accelerators that can help reduce costs and time in developing and deploying these specialized solutions.   To help bring more awareness to these great solutions I have added a new section on my blog called “Gov Solutions”.   This section highlights some of the great State and Local Government solutions built on the Microsoft platform (Windows Server, SharePoint, Dynamics, Azure, etc…).   Some of these solutions are only available from our partners and others are available to download for FREE.

One specific solution I would like to highlight is the Microsoft Disaster Response Portal built on the Windows Azure platform.  The Microsoft Corporate Disaster Response Team developed this solution and it was deployed to support relief efforts after the Category 5 tornado struck Joplin, Missouri in May.  There is no cost to setup this portal and you are only billed based on the Windows Azure usage model.  This is a great solution for State and Local Governments to have at the ready so they can provide mass communications and collaboration between governments, inter-government agencies, non-profit organizations and citizens in case of an unfortunate disaster in their area. 

Other solutions I have highlighted in the Gov Solutions section include:

  • spotlightonspend
  • Microsoft Grants Manager solution accelerator
  • Microsoft 311 Citizen Services solution accelerator
  • Microsoft TownHall
  • Microsoft Fusion Core Solution
  • Microsoft Investigation 360
  • Offender360
  • SAVIN360

So head on over to the Gov Solutions section and check out all of the great solutions for State and Local Government.