Improve your Cluster Shared Volume security with Microsoft BitLocker
Posted by Ivan Ischenko on January 4, 2018
5/5 (1)

Introduction

Nowadays, every company is doing its best to protect its data, which is pretty much its most valuable asset. As you know, data is vulnerable to unauthorized access and that’s when Microsoft BitLocker saves the day. BitLocker is the encryption technology from Microsoft, which makes possible to encrypt the Logical Volume on the transparent blade-based level (not physical disk). In this article, we will see how to encrypt Cluster Shared Volume (CSV) using Microsoft BitLocker to protect your data against unauthorized access.

Starting from Windows Server 2012, Microsoft has added the BitLocker support for Cluster Shared Volumes to create an additional layer of protection for sensitive, highly available data. It allows adding an extra barrier to security by allowing only certain user accounts access to unlock the BitLocker volume. BitLocker uses the Advanced Encryption Standard (AES) encryption algorithm with either 128-bit or 256-bit keys. As to authentication options…well, there are few to choose from. You can authenticate by specifying a PIN or by storing a key on a flash drive, which you would then need to insert in order to boot the system.

Bitlocker Drive Encryption status

(more…)

Please rate this

Step by Step: Backing Up Windows System State into Azure
Posted by Augusto Alvarez on December 28, 2017
4.67/5 (3)

Using the Azure Backup features for your on-premises platform is a great way to start introducing your organization into cloud services. So, if you haven’t explored the service yet, this is a good option since it should not be disruptive with your current backup process or any critical service you are providing. In this article, we’ll review a simple step-by-step process to set a System State backup of one of your on-premises machines to Microsoft Azure.

Microsoft Azure Backup image

(more…)

Please rate this

High-performing and highly available Scale-Out File Server with SMB3
Posted by Ivan Talaichuk on December 6, 2017
5/5 (2)

There’s, probably, no IT administrator who hasn’t heard of SMB3 (Server Message Block). is an application-layer network protocol, developed by Microsoft mostly to provide shared access to the files, and allowing communication between nodes. SMB has been designed as a tool for the creation of a DOS-based network file system, but Microsoft took the initiative and renamed SMB into CIFS later on (Common Internet File System) and continued further developing it. The second version – SMB 2.0, has been introduced in Windows Vista with a wide range of new features, thus it became clear that Microsoft was working hard to improve this protocol.

Now, to SMB3. It’s an improved version of the previous Server Message Block protocol that Microsoft introduced as one of the key features in Windows Server 2012 operating system. SMB3 comes with a significant number of new capabilities like SMB Transparent Failover, SMB Encryption, VSS for SMB file shares, SMB Direct (SMB over RDMA) and SMB Multichannel. SMB Multichannel allows file servers to use multiple network connections simultaneously, therefore increasing performance and adding one more level of Fault Tolerance within the networking layer.

Failover Cluster Manager with SOFS roles

(more…)

Please rate this

Introducing Microsoft ‘Project Honolulu’
Posted by Nicolas Prigent on November 7, 2017
5/5 (1)

Project Honolulu image

Microsoft continues to invest and expand its PowerShell Scripting Environment but sometimes it is necessary to use a graphical interface in order to manage systems. This is the reason why Microsoft also develops a new management tool called “Project Honolulu”. Honolulu is the modern evolution of traditional MMC, first introduced in 2000. Now, it’s time to update our management tools!

So, Microsoft has introduced the Technical Preview of Project Honolulu at MSIgnite, a new way for managing your Windows Servers from a new browser-based graphical management tool with HTML5. Microsoft said “Our vision is to deliver a secure platform. […] For us, modernizing the platform means giving users greater flexibility in how and where they deploy and access the tools. […] Some Windows Server capabilities, which were previously manageable only via PowerShell, now also have an easy-to-use graphical experience”.

In this article, I will describe how to download and install Honolulu.

(more…)

Please rate this

Windows Server Core configuration. Part 2: Hyper-V role installation
Posted by Alex Khorolets on July 25, 2017
5/5 (1)

In the previous article, we have covered the basics of Microsoft Windows Server Core installation. After configuring the operating system and specifying the networks and storage for the future configuration, there are few more things left.

Our next step is to install and configure the Hyper-V role.

Installation of the Hyper-V role by itself is extremely simple. You need to open the PowerShell window by typing in “Powershell” command in the command prompt. In order to install the Hyper-V role through the PowerShell, enter the following:

Installing the Hyper-V role

(more…)

Please rate this

Hyper-V Networking 101. Part 1: NICs and Switches
Posted by Thorsten Windrath on March 22, 2017
4.57/5 (14)

Network cables

Source: pixabay.com

Introduction

There are lots of posts regarding Hyper-V networking. But there doesn’t seem to be a single compiled and up to date guide covering fundamentals and some advanced topics alike. This article aims to fill that gap, without a wall of text but a few easy to understand diagrams, tables, and PowerShell snippets. We will take a look at Hyper-V’s basic networking concept, NIC teaming (Network Interface Card) and different approaches to let VMs (Virtual Machines) talk to specific VLANs or even VLAN trunks.

The first article in the Hyper-V Networking 101 series will cover everything you need to know about virtual switches and NICs. The last post is planned as a real-world example: A way to implement a secure Wi-Fi (and/or wired) guest network on top of a virtual firewall.

(more…)

Please rate this

Specialize Windows Server Hyper-V guest OS automatically
Posted by Romain Serre on February 6, 2017
No ratings yet.

Last year I have written a topic on Starwind to create VMs from PowerShell. That enables to automate the creation process without using a GUI, either from Virtual Machine Manager or Hyper-V Manager. But a VM deployment is not finished when the VM is created but when the application is deployed. Before deploying the application, the OS must also be installed and specialized. This topic shows you the method I use to deploy and specialize a VM without a single click.

Specialize OS from unattended file

If you read this documentation (Implicit Answer File Search Order section), you can see that we can specialize the OS from unattended file. This unattended.xml file will be placed in C:\Windows\Panther\Unattend. To prepare the unattended file, I use ADK (Assessment Deployment Kit). When you install the ADK, select Deployment Tools. Then you can open Windows System Image Manager.

Windows System Image Manager

(more…)

Please rate this

Get started with Windows Containers
Posted by Romain Serre on January 10, 2017
5/5 (2)

Windows Server 2016 has been released in October 2016 and comes with a new feature called Containers. Containers already exist in Linux world and enable to make OS virtualization. Basically, a container is an isolated place where an application can run without affecting the rest of the system and without the system affecting the application (MSDN definition).

Windows Containers and Hyper-V Containers

(more…)

Please rate this

VMware’s EVO:RAIL fail as a lesson for Microsoft’s Azure Stack
Posted by Oksana Zybinskaya on July 21, 2016
5/5 (1)

As we know, VMware‘s first attempt in the field of hyperconvergence, the EVO:RAIL, was a good quality software product set, which nevertheless failed because of the licensing policy. Specifically, it demanded that buyers acquire new vSphere licences, with no exception for existing vSphere users who liked the idea of adopting hyperconverged infrastructure.

Azure

(more…)

Please rate this

BadTunnel Bug, which Hijacks Network Traffic and Affects All Windows Versions, has been patched by Microsoft
Posted by Oksana Zybinskaya on June 21, 2016
No ratings yet.

The works of Yang Yu, founder of Tencent’s Xuanwu Lab, have helped Microsoft to patch a significant security issue in its implementation of the NetBIOS protocol that affected all Windows existing versions.

It was found out that the attacker can exploit this vulnerability to pass as a WPAD or ISATAP server and redirect all the victim’s network traffic through a point controlled by the attacker. Network traffic here means not just Web HTTP and HTTPS, but also OS updates, software upgrades, Certificate Revocation List updates via Microsoft’s Crypto API, and other OS maintenance operations.microsoft

(more…)

Please rate this