Deploying Microsoft LAPS
Posted by Gary Williams on December 7, 2017
5/5 (3)

As a summary, LAPS is the Local Administration Password solution from Microsoft. This software changes the local administrator password on a selection of machines on a schedule and stores that password in plain text in Active Directory.

The first time I came across LAPS was when I hear about project Honolulu and I’ll admit that I hadn’t heard about it before which is something of a shame because LAPS is one of those very handy little add-ins that Microsoft should be offering as part of the core AD experience.

For those who haven’t come across LAPS before, LAPS is a handy tool for scenarios where you need to change or set the local admin password to something random because you need to give out that password.

LASP settings

Learn More

Please rate this

High-performing and highly available Scale-Out File Server with SMB3
Posted by Ivan Talaichuk on December 6, 2017
5/5 (2)

There’s, probably, no IT administrator who hasn’t heard of SMB3 (Server Message Block). is an application-layer network protocol, developed by Microsoft mostly to provide shared access to the files, and allowing communication between nodes. SMB has been designed as a tool for the creation of a DOS-based network file system, but Microsoft took the initiative and renamed SMB into CIFS later on (Common Internet File System) and continued further developing it. The second version – SMB 2.0, has been introduced in Windows Vista with a wide range of new features, thus it became clear that Microsoft was working hard to improve this protocol.

Now, to SMB3. It’s an improved version of the previous Server Message Block protocol that Microsoft introduced as one of the key features in Windows Server 2012 operating system. SMB3 comes with a significant number of new capabilities like SMB Transparent Failover, SMB Encryption, VSS for SMB file shares, SMB Direct (SMB over RDMA) and SMB Multichannel. SMB Multichannel allows file servers to use multiple network connections simultaneously, therefore increasing performance and adding one more level of Fault Tolerance within the networking layer.

Failover Cluster Manager with SOFS roles

Learn More

Please rate this

Using a VEEAM off-host backup proxy server for backing up Windows Server 2016 Hyper-V Hosts
Posted by Didier Van Hoye on December 5, 2017
5/5 (1)

Introduction

Many years ago, I wrote a white paper on how to configure a VEEAM Off-host backup proxy server for backing up a Windows Server 2012 R2 Hyper-V cluster that uses a hardware VSS provider with VEEAM Backup & Replication 7.0.  It has aged well and you can still use it as a guide to set it all up. But in this article, I revisit the use of a hardware VSS provider dedicated specifically to some changes in Windows Server 2016 and its use by Veeam Backup & Replication v9.5 or later. The information here is valid for any good hardware VSS provider like the one StarWind Virtual SAN provides (see Do I need StarWind Hardware VSS provider?)

VSS list of events

Learn More

Please rate this

Network File System: access your files remotely as easily as if they were local
Posted by Alex Khorolets on November 30, 2017
5/5 (1)

Why do I need to use complicated ways to access my files that are located on company’s server or in my homelab, for example? I want to ask the same question in order to make remote files available for my local applications without any extra actions. The answer, as well as the solution to the problems listed above, lies in the next four words – Network File System protocol.

I’d like to start with the general description of the NFS technology and some background about its purpose, and how it was created. The story goes back to middle 80’s when, alongside with the Van Halen’s new “1984” album, the company named Sun Microsystems created a Network File System protocol. It allowed users to access some files from the servers over a network, just like if these files were located on users’ machines.

Since that time, there were several versions of the NFS protocol released. Originally, the protocol was operating over UDP till NFSv3 update, in which TCP was added as a transport service. That allowed transferring blocks of a larger size which was limited by UDP before. The latest versions of the NFS protocol, including v4, v4.1, and v4.2, were developed by another company named Internet Engineering Task Force (IETF). They include performance increase, multiple security updates, and scalability.

NFS file server configuration

Learn More

Please rate this

[Azure] Azure Site Recovery with ARM – Part 2
Posted by Florent Appointaire on November 29, 2017
No ratings yet.

azure site recovery logo

Here is the second article of 2 for the Azure Site Recovery implementation with ARM:

  1. Preparation of the environment (Part 1)
  2. Start the replication and Failover/Failback

Replicate your first VMs

Now that the Azure infrastructure is ready, we will go to step 2 to replicate VMs/Applications. Choose from where you want to replicate VMs (On-Prem for me) and to which the Hyper-V site that you created in the first article.

Learn More

Please rate this

[Azure] Azure Site Recovery with ARM – Part 1
Posted by Florent Appointaire on November 28, 2017
No ratings yet.

Azure Site Recovery logo

Today we will see how to implement a DRP solution, with Azure Site Recovery. I’ll deploy this solution, based on the ARM. ASR can be used to migrate your VMs to Azure, from VMWare to Azure, etc.

In my DRP plan, the service that I defined as critical for my business is a website. I’ll replicate this VM on Azure, with ASR. You can do the same work with a multi-tier application.

In my architecture, I have a VPN S2S to Azure. Attached to this network who is connected to the VPN, I have a second domain controller, who is acting as DNS.

Learn More

Please rate this

Deploying SQL Server 2016 Basic Availability Groups Without Active Directory. Part 2: Configuring SQL Server
Posted by Edwin M Sarmiento on November 23, 2017
No ratings yet.

In the previous blog post, I’ve walked you thru the process of creating the Windows Server 2016 Failover Cluster  (WSFC) that is not joined to an Active Directory Domain. It is very important that you get the underlying WSFC properly configured and stabilized before you even attempt to create the SQL Server 2016 Always On Basic Availability Group. The availability and reliability of your SQL Server 2016 Always On Basic Availability Group depends so much on the WSFC.

If you have previously configured Always On Availability Groups, you will notice that most of the steps provided are similar to configuring it with Active Directory. But because there is no centralized directory service for managing accounts, you will need to rely on certificates for authenticating communication between replicas. You need to use T-SQL to accomplish those tasks.

Microsoft SQL Server logo

 

Learn More

Please rate this

Managing User Mailboxes in Microsoft Exchange Server 2016 with PowerShell
Posted by Karim Buzdar on November 22, 2017
No ratings yet.

Managing user mailboxes in Microsoft Exchange Server 2016 is a day-to-day task of system engineers. This article focuses on managing user mailboxes in Microsoft Exchange Server 2016 including very common features like creating, removing and disabling the mailboxes with the help of PowerShell.

Importing an Exchange Management Shell

Your first step is to import an Exchange Management Shell before you can start executing Exchange Server’s related PowerShell commands.

create a user mailbox via PowerShell

Learn More

Please rate this

Take a look at Storage QoS Policies in Windows Server 2016
Posted by Didier Van Hoye on November 21, 2017
5/5 (1)

Introduction

In Windows Server 2016 Microsoft introduced storage Quality of Service (QoS) policies.  Previously in Windows Server 2012 R2, we could set minimum and maximum IOPS individually virtual hard disk but this was limited even if you could automate it with PowerShell. The maximum was enforced but the minimum not. That only logged a warning if it could be delivered and it took automation that went beyond what was practical for many administrators when it needed to be done at scale. While it was helpful and I used it in certain scenarios it needed to mature to deliver real value and offer storage QoS in environments where cost-effective, highly available storage was used that often doesn’t include native QoS capabilities for use with Hyper-V.

status of the flow via PoweShell

Learn More

Please rate this

Enhancing Security in the Hybrid Cloud: Step-by-Step to Connect Advanced Threat Analytics to Azure Security Center
Posted by Augusto Alvarez on November 15, 2017
5/5 (3)

We have been talking on this blog before about the importance Microsoft and the rest of cloud providers are giving to security features and products in the last couple of years. The well-known security incidents present in the industry just in 2017 generated to companies billions in a loss, hence a large number of releases from Microsoft to face these incidents and, above all, provide calm to their customers around the cloud.

Microsoft Advanced Threat Analytics (ATA) combines several of the latest security enhancements. In this article, we will review how to connect the ATA platform to Azure, guaranteeing a reliable monitoring.

Microsoft Advanced Threat Analytics sequence

Learn More

Please rate this