Storage Spaces Direct: Enabling S2D work with unsupported device types (BusType = NVMe, RAID, Fibre Channel). Part 1: Registry hack
Posted by Taras Shved on
February 10, 2017
Microsoft Storage Spaces Direct is a new storage feature introduced in Windows Server 2016 Datacenter that significantly extends the software-defined storage stack in Windows Server product family and allows users to build highly-available storage systems using directly attached drives.
Storage Spaces Direct or S2D helps to simplify the deployment and management of software-defined storage systems as well as to open the use of more classes of disk devices like SATA and NVMe drives. Previously it was not possible to use these types of storage with clustered Storage Spaces with shared disks.
Storage Spaces Direct can use drives that are locally attached to nodes in a cluster or disks that are attached to nodes using enclosure. It aggregates all the disks into a single Storage Pool and enables the creation of virtual disks on top.
Fighting Azure AD Connects custom installer
Posted by Gary Williams on
February 8, 2017
I’ve recently been spending more and more time looking into various cloud technologies such as AWS and Azure. One of the projects I’ve been working on required the on-premises active directory to be extended to Azure to allow for a future introduction of various Office365 elements.
The process for doing this is fairly easy as it’s just a matter of installing the Azure Active Directory Connect tool onto a server, creating the domain in the Azure portal and then waiting for Azure AD connect to Sync.
Windows Server 2016 Nano Server – Installation and Management
Posted by Mikhail Rodionov on
February 7, 2017
Time to continue our conversation about that “scaled down even further” Server 2016 installation option. In my previous article, I covered general concepts around Nano Server, now I want to switch gears and talk about more practical aspects: installation and management. At the end of the day, you would agree that the best way to learn new technology it is trying to use it – this way you will be exposed to its strengths and weaknesses directly, and can get the real understanding of whether it works for you or not. Though at this point even Microsoft admits that despite all its greatness, at the moment, Nano Server has quite limited utility as it supports only a small subset of roles and features out of those which you can find in full GUI version of Windows Server.
Specialize Windows Server Hyper-V guest OS automatically
Posted by Romain Serre on
February 6, 2017
Last year I have written a topic on Starwind to create VMs from PowerShell. That enables to automate the creation process without using a GUI, either from Virtual Machine Manager or Hyper-V Manager. But a VM deployment is not finished when the VM is created but when the application is deployed. Before deploying the application, the OS must also be installed and specialized. This topic shows you the method I use to deploy and specialize a VM without a single click.
Specialize OS from unattended file
If you read this documentation (Implicit Answer File Search Order section), you can see that we can specialize the OS from unattended file. This unattended.xml file will be placed in C:\Windows\Panther\Unattend. To prepare the unattended file, I use ADK (Assessment Deployment Kit). When you install the ADK, select Deployment Tools. Then you can open Windows System Image Manager.
Upgrade your CA to SKP & SHA256. Part II: Move from a CSP to KSP provider
Posted by Didier Van Hoye on
February 3, 2017
Move from a CSP to KSP provider
Once you have moved to a least Windows Server 2008 R2 you can take this step. Any version below doesn’t allow for this and should be considered the end of life. Many haven’t made the move from a CSP to KSP provider yet, even when they are already running Windows Server 2012 or 2012 R2 for a few reasons. There were some issues with older clients like Windows Server 2003 and Windows XP. These were fixed with a hotfix but in all seriousness, if you’re still on those OS versions you need to move a.s.a.p. and if not there’s nothing we can do to help you. A modern and secure PKI will be the last of your worries I’m afraid. For a Microsoft reference, see Migrating a Certification Authority Key from a Cryptographic Service Provider (CSP) to a Key Storage Provider (KSP).
[Azure] Container Service, how to start correctly?
Posted by Florent Appointaire on
February 2, 2017
Azure Container Service is a new technology, on Microsoft Azure, and that help you to deploy quickly and in production, with the ARM technology, a Docker cluster, orchestrated by Marathon and DC/OS, Docker Swarm, or Kubernetes to give your applications highly available, but also to deploy many nodes quickly and without any problems. The Microsoft’s documentation is available here: https://docs.microsoft.com/en-us/azure/container-service/container-service-intro
Upgrade your CA to SKP & SHA256. Part I: Setting the Stage
Posted by Didier Van Hoye on
January 31, 2017
Many Certificate Authority servers that were installed on Windows Server 2003 never got upgraded until Microsoft ceased the support of Windows 2003. Some of those are still out there running today. A massive amount of them got set up in an era when Wi-Fi in the SME market became very popular and CA servers were deployed to easily secure access to it. To be fair, a lot of administrators didn’t wait for Windows Server 2003 support to expire and made sure their CA was more or less up to date by upgrading them in place. That alone is something to commend. However, the operating system version only introduces the capability of using modern more secure providers and algorithms. It doesn’t upgrade the ones used by the PKI automatically for you. So many of these upgrade PKI servers are still using an old cryptographic provider, the “Microsoft Strong Cryptographic Provider” (SCP) and an old hash algorithm (SHA1) that’s been deprecated (see SHA1 Deprecation: What You Need to Know) or even banned.
Installing Exchange Server 2016 on Windows Server 2016
Posted by Nicolas Prigent on
January 30, 2017
On October 1st, Microsoft Exchange Team released the new Exchange Server 2016. Microsoft has been testing and improving on millions of mailboxes in their Office365 environment before releasing the product on-premises. I will describe in this article a step-by-step guide for the installation of Microsoft Exchange Server 2016. The installation considers:
- a single server deployment of Exchange Server 2016 with the Mailbox role on a new Windows Server 2016
- Windows Server 2016 forest functional level
- Exchange Server 2016 with the latest Cumulative Update 4
Because Windows PowerShell is a powerful tool that every sysadmin would know, I will use PowerShell to perform the installation. But If you prefer the graphical interface, you can use it!
Encryption of VMware vSphere 6.5 virtual machines and vMotion migrations. And their performance
Posted by Alex Samoylenko on
January 26, 2017
As many admins of virtual infrastructures know, for the first time ever, VMware vSphere 6.5 received the long awaited encryption feature of both virtual disks content and vMotion hot migrations.
The VMs encryption works based on AES-NI algorithm, and the key management is carried out based on KMIP 1.1 standard. When I/O operation comes to the disk of the virtual machine, it is immediately encrypted on-the-fly, which provides complete security against data security attack.
Design a ROBO (Part 1): Introduction and high-level design
Posted by Andrea Mauro on
January 25, 2017
What is a ROBO scenario?
A Remote Office / Branch Office (ROBO) is an office located in a different site or a remote geographical area from another office (usually the headquarter or the main office). Several organizations have one (or more) main office, as well as remote offices in another city, country or continent.
Many organizations today have in each remote office some local IT infrastructure, usually for data locality, but also for service local services.