Category: Infrastructure

HardwareInfrastructure

Windows Server running on ARM CPUs, Azure is Next!

So far the servers within Microsoft Azure data centers have been running Intel processors (CPUs). For a long time I’ve wondered if the power efficiency of ARM CPUs could make them more cost effective than Intel x64 CPUs that are more powerful. It’s possible through the use of parallel computing that distributing load across many more ARM CPU cores that consumer lower power could be more cost effective than distributing the same load across fewer more powerful Intel CPUs. Since I first came up with the idea, I’ve assumed that ARM would be more cost effective, however, I haven’t seen anything to back it up. With recent news about Microsoft exploring Windows Server running on ARM, and ARM based cloud server, it looks like they’re dedicating some serious money to this very research effort.

ARM has already revolutionized mobile devices and Internet of Things (IoT). Could the next step for ARM CPUs be to revolutionize the Cloud and server market? Read More

DevelopmentInfrastructure

Visual Studio 2017 Development using a VM in Azure

screen-shot-2017-03-04-at-10-43-14-amIn the past the only option for writing code and building software using Visual Studio was to install it on your local machine. With technologies like Windows Hyper-V and VMWare things became less invasive by allowing you to develop software inside of a Virtual Machine (VM). With the cloud, things have become even easier. You can now easily, spin up a Virtual Machine in Microsoft Azure, use it for what ever you need, then shut it down or delete it when it’s no longer needed. This can be an extremely valuable tool for any software developer; especially when you might need multiple development environment configurations on a regular basis. This article helps you navigate the benefits as well as the process of utilizing Microsoft Azure to host multiple development machines running Visual Studio 2017 in the cloud.

Developing in the Cloud

It can sound a little mysterious to develop for the cloud, in the cloud. But using a VM as a development machine is pretty much just that. By using Virtual Machines as your development machines and environments it allows you to scale your local PC much further than it’s local hardware could ever scale. You can add more CPU power, more memory, more storage space. VM’s are a simple extension to the local constraints of your local PC. Plus, your local PC can be running any OS (Windows 10, macOS, Linux, or even iOS!)

The trick to using a Virtual Machine (VM) running Visual Studio for development, is to have a Remote Desktop Client application installed. Microsoft Remote Desktop (RDP) is a set of functionality and protocol that let’s you “remote in” to any Windows machine (either physical or virtual) and use it just like you were sitting at the machine directly. This let’s you use pretty much any computer remotely, and grants tons of power to any developer especially within the Microsoft Azure Cloud.

The steps to developing in the clouds are essentially as follows:

  1. Have a Microsoft Remote Desktop client application installed on your local computer; no matter the operating system.
  2. Setup 1 or more Virtual Machines (VMs) in the Cloud.
  3. Use the Microsoft Remote Desktop client to connect to and use those VMs just like they are your local computer.

Of course there are a few more things to know about using a VM to host Visual Studio and build software for the cloud, in the cloud. The rest of this article will walk through everything you need to know to setup Visual Studio VMs in Microsoft Azure, and get building software not just for the cloud, but also in the cloud today!

Benefits of Development VMs

Most developers focus mostly on the Platform as a Service (PaaS) services in Microsoft Azure, such as: Web Apps, Blob Storage, SQL Database and Service Bus. However, many Developers may not be very familiar with the Virtual Machine (VM) capabilities of Azure that includes the ability to easily spin up a Windows VM with Visual Studio already installed.

There are a few VM images available in the Azure Marketplace that have Visual Studio pre-installed. These are great way to get started with creating a temporary, or even longer term use, Development VM much quicker than installing the Operating System and Tooling yourself. (hint: It takes awhile to install Visual Studio)

Before we get into the different Visual Studio VMs available in the Azure Marketplace, let’s first cover some of the biggest benefits of spinning up a pre-built, pre-configured Windows VM with Visual Studio pre-installed.

  1. Zero Install Required – You can spin up a new Visual Studio development VM in a matter of minutes, and the best part is that you don’t have to install Windows or Visual Studio yourself.
  2. Protected from Hardware Failure – Using an Azure VM for development, or any other work use, provides isolation against hardware failures locally that involve your laptop, desktop, or external storage.
  3. Easily “Add” CPU / Memory Resources – Not only does an Azure VM allow you to essentially extend the capabilities of your laptop or desktop into the Cloud, but you can also resize the VM anytime to add or remove CPU Cores and Memory as needed.
  4. Device Agnostic – Azure VM’s can be connected to with Remote Desktop from any Computer, such as Windows, Linux, macOS, or even tablets! This allows you to easily interchange which physical “computer” you use for your development.

As you can imagine there are many benefits and advantages to using a VM for development, and putting that VM in the Cloud, in Microsoft Azure, further enhances those benefits to new levels. The previous mentioned benefits are only a few of the most obvious benefits. I’m sure once you start embracing Azure VMs for development that you’ll realize additional benefits as well.

Available Visual Studio 2017 VMs

For the IT Pro folks it’s known that the Microsoft Azure Marketplace offers many different Windows Server and Linux VMs that can be easily provisioned in minutes. However, many IT Pros and Developer alike may not be aware that the Microsoft Azure Marketplace also contains pre-build images for both Windows Server and Windows 10 with Visual Studio pre-installed.

Here’s the list of the different Visual Studio 2017 Virtual Machine images available in the Azure Marketplace:

  • Visual Studio Community 2017 on Windows Server 2016
  • Visual Studio Community 2017 on Windows 10 Enterprise N
  • Visual Studio Enterprise 2017 on Windows Server 2016
  • Visual Studio Enterprise 2017 on Windows 10 Enterprise N

vs17-azuremarketplace-images-rc

As you can see there are Visual Studio VM images for both the Free Community edition, as well as the Enterprise edition, as well as Windows Server 2016 and Windows 10 Enterprise. However, the specific VM images you will see available within your Azure Subscription will depend on what type of Azure Subscription you have. If you have an MSDN Azure Subscription you will see the list as shown above. If you have a different type of Azure Subscription you will not see the Windows 10 based Visual Studio VMs as Windows 10 desktop operating system is not available through the Azure Marketplace without an MSDN Subscription.

Can you Bring Your Own VM (BYOVM)?

An interesting question that comes up, especially with the fact that Windows 10 VMs aren’t generally available to all Azure Subscriptions, is: Can you bring you own custom VM to Azure?

The short answer: YES!!

The long answer: You can build a VM locally using either Hyper-V or VMWare. Then you can upload that VMs .vhd operating system disk image into Azure Blob Storage. For VMWare, you’ll need to first convert it to a .vhd. Also, the newer Hyper-V .vhdx format isn’t supported in Microsoft Azure at this time, so those need to be converted to .vhd as well. After uploading the VM image, you can then setup an Azure VM to use your custom uploaded .vhd disk to boot from, and then you’ll have a custom built VM running in Azure.

With this method you can setup and install anything you need / want, so long as you provide all the necessary licensing required to run the software and it’ll host just fine in Microsoft Azure. It’s worth noting that this method takes far longer to get setup and you generally want to use a pre-built, pre-defined VM image from the Azure Marketplace if you can.

Provision a Visual Studio VM

The most obvious requirement to provisioning a Visual Studio Virtual Machine in Azure is that you’ll need to have an Azure Subscription. Also, as previously described, the available Visual Studio VM images in the Azure Marketplace will vary depending on the type of Azure Subscription that you have.

To help guide you through the process of provisioning a new Visual Studio VM in Azure, you can follow these simple steps:

  1. Navigate to the Azure Portal (http://portal.azure.com) and login
  2. Click on the green +New button in the left hand navigation of the Azure Portal, then type Visual Studio 2017 into the Search the marketplace textbook, and press Enter.
    vs17-azureportal-new
  3. On the Everything search results, click on the desired Visual Studio VM image you would like to provision.
    vs17-azureportal-search-rc
  4. On the VM information blade, click the Create button to get started provisioning. Be sure to leave the Deployment Model dropdown to the default of Resource Manager.
    vs17-azureportal-winservercommunity-rcNote: in these screenshots I chose to use the Visual studio Community 2017 on Windows Server 2016 marketplace image.
  5. On the Create virtual machine – Basics blade, fill out the necessary fields to define the basic settings for the VM, then click OK.
    • Name: the name of your VM
    • User name and Password: the Admin login credentials for the VM
    • Resource group: the Azure Resource Group to place the VM and all it’s resources into. This is just a way for you to more easily organize resources within the Azure cloud.
    • Location: this specifies the Azure Region to host your VM in. Generally you want to set this to the nearest region to where you are located geographically to help reduce internet latency when connecting to the VM.
      vs17-azureportal-basics-rc
  6. On the Create virtual machine – Choose a size blade, choose the VM Instance Size to use for the VM, then click Select. This is what defines the CPU Core count and amount of Memory that will be available to the server. I would recommend you normally use the DS2_V2 size which will give you 2 CPU Cores and 7 GB Memory. A smaller size will generally be too small and have poor performance. Alternatively, you can click on the View all link to list our ALL the available VM sizes so you can choose a different one if desired.
    vs17-azureportal-new-choosesize
  7. On the Create virtual machine – Settings blade you can configure more advanced networking configurations for the VM is necessary. If you’re unsure what to do, then just leave the default values as they are, and click OK.
    vs17-azureportal-new-settings
  8. On the the Create virtual machine – Summary blade, once the Validation passed message is displayed click OK to begin provisioning your new, awesome Visual Studio VM!!
    vs17-azureportal-new-summary
  9. It’ll take a few minutes to complete the provisioning of the VM. Go take a break, or post on Twitter how awesome Visual Studio + Azure is, then come back and get ready to “develop for the cloud, in the cloud”.

Congratulations! After following the previous steps, you will now have a Windows VM with Visual Studio pre-installed all ready for you to use to “develop for the cloud, in the cloud.”

Connect with Remote Desktop

Once you have a Visual Studio VM provisioned in Microsoft Azure, the next step is to connect to it with Microsoft Remote Desktop so you can start using it and writing code. Microsoft Remote Desktop provides an easy way to remotely connect to a Windows computer (physical or VM) and use it just as if you were sitting down at the machine. It includes full display, keyboard and mouse support along with MANY other useful features.

To connect to an Azure VM with Remote Desktop, you first need to get the IP Address of the VM to connect to, then you’ll be able to connect using a Remote Desktop Client and the Admin username and password that was configured for the VM at creation.

The Azure Portal actually goes a step further and provides you an easy to use .rdp file for download. This enables you to click a button in the Azure Portal, then download and open the .rdp file that contains the necessary connection information for VM. When opening this file in the Remote Desktop Client, the only thing you need to fill in is the Admin username and password to connect.

To help you locate the IP Address of the VM, as well as download the .rdp file, you can follow the below steps:

  1. Navigate to and login to the Azure Portal (http://portal.azure.com)
  2. Once logged into the Azure Portal, you’ll need to locate the Virtual Machine you want to connect to. To do this, you can navigate to your VM by first finding the Resource Group its in by clicking on Resource groups in the left hand navigation, then click on the specific Resource Group.
    vs17-azureportal-vm-resourcegroups
  3. On the Resource group blade, click on the Virtual Machine resource type in the list of resources within the Resource Group.
    vs17-azureportal-resourcegroup-vm
  4. On the Virtual machine blade for your VM, you will find the Public IP address of the VM within the Essentials pane. Also, clicking on the Connect button will download a .rdp file that can be opened within the Microsoft Remote Desktop client.
    vs17-azureportal-vm-connectip
  5. Once downloaded, you can open the .rdp file in the Microsoft Remote Desktop, then connect to your new Visual Studio VM running in Azure!
    • On Windows you can use the Microsoft Remote Desktop Connection client.
      msremotedesktopconnectionapp
    • On macOS the best option is to use the Microsoft Remote Desktop application that can be installed through the macOS App Store.
      macos-microsoftremotedesktop-appstore
  6. Once connected to the VM with Remote Desktop, if you provisioned the Visual Studio image from the Azure Marketplace that’s running Windows Server 2016, you’ll need to change the IE Enhanced Security Configuration setting. To do this, you’ll need to wait for the Server Manager window to pop up, then click on Local Server.
    winserver-servermanager-localserver
  7. Locate and click on the On text for IE Enhanced Security Configuration.
    winserver-servermanager-ieenhancedsecurityconfig-on
  8. In the Internet Explorer Enhanced Security Configuration window, select Off under Administrators, then click OK.
    winserver-servermanager-ieenhancedsecurityconfig-dialog
  9. Now you can open up Visual Studio 2017 in the VM and get coding!
    vs17-rc-vm-rdp-macos

Cost Saving Tips

If you’re not familiar with Azure billing and the difference resources involved when creating and hosting a Virtual Machine in Azure, then you may be a little worried about how much it’ll cost. So, I felt if was only natural to include some cost explanations and cost saving tips in this article. After you’ve provisioned a great Visual Studio development VM in Azure, it’s also important to keep the costs contained and as minimum as possible!

Below are some explanations on how Azure VM billing works along with a couple tips on how to save money and reduce hosting costs.

Azure VM Billing Explained

When provisioning an Azure Virtual Machine (VM) there are a number of resources provisioned that include things like the Public IP Address, Network interface, Networks security group, storage, and Virtual machine (the compute instance itself).

Here’s a screen capture of all the resources created for the previously provisioned Visual Studio VM. These resources are all created within the same Resource Group, in this case the Resource Group that was created for the VM as described in the previous steps.

vs17-vm-resourcegroup-resources

Here’s the same list of resources along with a short description of what they are used for:

  • Storage account – storage the VM’s disk image, other words the .vhd file
  • Virtual network – a software defined network (SDN) where the VM will reside
  • Virtual machine – the compute instance for the running VM; this is where the CPU/Memory are defined and reserved
  • Network interface – the software defined Network Interface Card (NIC) that connects the VM to the Virtual Network
  • Public IP address – the piece of the software defined networking stack that defines the Public IP address connectivity for the VM to have access to the Internet and to be connected to with Remote Desktop
  • Network security group – a configurable set of rules that essentially defines the Inbound and Outbound Firewall rules to secure the Virtual Network and VM

As you can see, the Azure VM is really more than just a virtual machine under the covers. Conceptually it’s just a single machine, but really it’s made up of a bunch of different Infrastructure as a Service (IaaS) parts that combine to make up the desired VM configuration. Each of these parts have their own pricing, and some don’t have any cost associated with them.

To start talking about Azure VM cost, let’s first start with the major pieces that will affect the majority of the cost of your VM. These are the Storage account and Virtual machine.

The Virtual machine resource in Azure is what defines the Compute resources (CPU Cores and Memory). This is was maps directly to the underlying hardware within the Microsoft Azure data center that actually runs the VM. This is what costs the most out of all the necessary resources for an Azure Virtual Machine. The cost of the Virtual machine resource will depend on the specific Instance Size (defining CPU Cores, Memory, and other features) you choose to run your VM, but will only be incurred when the VM is provisioned and running (we’ll cover what this means in further detail down further).

The Storage account resource in Azure is where the VM’s .vhd disk image file is stored. The VM may be running in the Virtual Machine resource, but the .vhd disk image is persisted in the Storage account resource.

Thirdly, not really a specific resource, but an important aspect that affects cost is the Bandwidth Egress. This is the transfer of outbound data from Azure out to other servers / endpoints across the Internet. The Ingress, or inbound bandwidth into Azure, is Free. Even though the Egress cost is rather low, it will affect the VM cost some, so it’s important to be aware of.

Lastly, the other resources that make up the VM will incur very little or no cost at all. The Public IP address may incur a very small cost, which depends on your configuration. The remaining resources (Network interface, Network security group, and Virtual network) alone don’t incur any cost and make up underlying Infrastructure that the VM requires to run on top of.

To assess and gain visibility into the cost of an Azure VM and actually all the resources within a Resource Group, you can access a Resource costs summary at the Resource Group level. To access this summary, you can follow these steps:

  1. Within the Azure Portal, navigate to the Resource Group blade for the desired Resource Group.
  2. In the list of links on the Resource Group blade, click on Resource costs.
    vs17-resourcegroup-resourcecosts-link
  3. On the Resource costs pane you will find a summary of the cost (or spend) of your resources in the Resource Group for the current billing period of your Azure Subscription.
    vs17-resourcegroup-resourcecosts-summary

As you can see from the screenshot, the majority of the cost of the shown VM is from the Virtual machine resource and some cost from the Storage account, with very little from the Public IP address, and nothing from the remaining resources.

vs17-subscription-chargesAnother place to view much further cost analysis and information on resources within your Azure Subscription is to view the Subscription Center within the Azure Portal. You can access this by clicking on the More services > link in the left-side Azure Portal navigation, then navigating to your Subscription.

 

How to Properly Shutdown a VM

There are 2 ways to shutdown an Azure VM, and they are certainly not equal! One way you will still get charged for the compute resources, and the other will free you from paying for the compute resources and help you reduce overall cost.

The first method to shutdown an Azure VM, that sounds logical in the context of connecting with Remote Desktop, is to Shutdown the Operating System. In this scenario you would be connected with Remote Desktop, and when done with your work you go to the Power options within Windows and select Shutdown. This will essentially “turn off” the VM and stop it from running. However, even though the VM won’t be running you WILL still be paying for the Virtual machine hardware allocation. Doing this will cause the Azure Portal to report the status of the VM to be “Stopped”.

vs17-azureportal-vm-stoppeddeallocated

The second method, and the one to remember, is to go into the Azure Portal (or use Azure PowerShell or Azure CLI) and Stop the VM. Instead of just shutting down the Operating System, Azure will also deallocate the hardware (CPU and Memory) allocation; thus releasing it to be used for another workload in Microsoft Azure. Doing this will cause the Azure Portal to report the status of the VM to be “Stopped (Deallocated)”.

While in the “Stopped (Deallocated” status, you will not be paying for the VM resources.

It’s a good idea that when ever you don’t actually need the VM to be running that you Stop it using the Azure Portal, PowerShell, or Azure CLI so that the resources are released. While in the “Stopped (Deallocated” status, you will not be paying for the VM resources. This will really help you save money!

To “properly” Stop a VM in the Azure Portal to release the resources and save money, you can follow these steps:

  1. Within the Azure Portal, navigate to the Virtual Machine blade for the desired VM.
  2. On the Overview pane, click the Stop button.
    vs17-azureportal-vm-stop-button

There is one caveat to be aware of when shutting down an Azure VM so it gets placed into the Stopped (Deallocated) status. Since this causes Azure to release the server resources associated with the Virtual Machine, it not only releases the CPU and Memory resources but also the Dynamic IP Address allocation. Due to this, when you Start the VM back up again, the IP Address will likely change. If you require the IP Address to never change for your VM, then you’ll need to configure a Static IP Address for the VM.

To start up a Stopped VM, you can follow these steps:

  1. Within the Azure Portal, navigate to the Virtual Machine blade for the desired VM.
  2. On the Overview pane, click the Start button.
    vs17-virtualmachine-start-button

Another point that’s important to remember when stopping Azure VM’s and placing them into the “Stopped (Deallocated)” state is that you do still pay for the Azure Storage account usage. Remember, the Storage account is where the VM’s .vhd disk image file is stored. Stopping the VM retains all the VM’s settings / configurations, as well as the .vhd image stored in Azure Storage. As a result, you will still incur some cost for the storage, but at least you will save on the VM resources. After all, the Storage will only cost a small amount of money compared to the much higher cost of the Virtual Machine resource allocation if it were left running constantly.

Schedule Auto Shutdown

Manually shutting down a VM to put it in the Stopped (Deallocated) status is a great way to save cost on Azure VM’s. Although, you do need to remember to Stop the VM. This introduces a certain level of human error in the process of saving you hosting costs on your Azure VMs. As a result, Microsoft has added a scheduled auto-shutdown feature into the platform to assist you in this effort.

With the Auto-shutdown feature, you are able to configure a specific Time (with Time Zone) when Azure is to automatically shutdown the VM. When configured, the VM will automatically be stopped if it is still running at that time of day.

To configure Auto-shutdown of an Azure VM, you can follow these steps:

  1. Within the Azure Portal, navigate to the Virtual Machine blade for the desired Virtual Machine.
  2. In the list of links on the Virtual Machine blade, click on Auto-shutdown.
    azureportal-vm-autoshutdown-link
  3. On the Auto-shutdown pane, configure the specific TimeTime Zone, and desired notification Webhook URL settings, then click Save.
    azureportal-vm-autoshutdown-pane

If you forget to Stop your VM at the end of the day, or whenever the Auto-shutdown time is configured it will get Shutdown automatically. When using a Visual Studio development VM, this can become a good thing on Friday afternoons (or any other day when you might be in a hurry) when you’re most likely to forget to shutdown the VM.

ArchitectureCertificationDevelopmentInfrastructureTraining

My recent Azure Training Courses on Opsgility.com

As you may, or may not, be aware, my day job is working as a Senior Cloud Solution Architect at Opsgility. My job duties are generally the normal duties of a Senior Solution Architect, but I focus entirely on Microsoft Azure. It’s also my job to build out training content (courses, slides, demos, hands-on labs, etc) and as an instructor to deliver that content (on-demand video recordings and instructor led classes online and in-person). The primary goal of Opsgility is to enable businesses and teams in the Cloud.

On-Demand Azure Training

I know I haven’t posted much here on my day job with Opsgility, but I thought I’d share a list of some of the on-demand courses available from Opsgility that I’ve created, recorded, and published to the Opsgility video streaming service recently.

Here’s a list of my recently published Azure training and Microsoft Certification prep courses at Opsgility:

When signing up for an Opsgility.com subscription, you’ll get a free trial initially to try out the service, before billing begins. I recommend you check out the service! I don’t only recommend because I work at Opsgility, but because we have the most up-to-date Azure training, and certification content in the industry. As a testament to our content, many large corporations, including Microsoft, hire us to train their Developers, IT Pros, and Database Engineers in Microsoft Azure.

Instructor-Led Azure Training

Opsgility offers MANY different Instructor led classes online as well as in-person. We train Microsoft as many other large corporations in Microsoft Azure all over the world! Personally, I’ve taught classes in many cities across the United States, as well as classes in Canada and Germany.

Here’s a short list of just a few of the Instructor Led classes that I’ve either built, taught, or both:

  • Azure Fundamentals – This course introduces key concepts for cloud computing and how Microsoft Azure aligns with those scenarios. Students are introduced to several key Azure services and solutions that align with the following technical disciplines including Infrastructure as a Service, Hybrid Cloud, Application Development, and Big Data and Analytics.
  • Designing and Implementing IoT Solutions – This course provides a comprehensive introduction to designing and implement Internet of Things (IoT) solutions on Microsoft Azure. The course covers both directions of message flow from device-to-cloud and cloud-to device, building analytics solutions atop the real-time telemetry, managing devices and securing the solution.
  • Architecting Azure Solutions – Exam 70-534 – This course is designed to help students gain valuable and in-depth architecture skills on Microsoft Azure along with gaining the essential skills to pass Microsoft Exam 70-534. This course will put the students through several interactive architecture sessions where as one or more teams they will design the appropriate solution to address an architecture scenario based on several services in Microsoft Azure.
  • Developing Cloud Solutions with Azure .NET – Exam 70-532 – This course is designed to introduce students to developing cloud based applications using Microsoft Azure and the Azure .NET SDK. This course covers key compute technologies such as virtual machines, cloud services, and App Services, as well as teaches how to build a developer environment and compose new applications using platform-as-a-service (PaaS) components.
  • Developing Cloud Solutions with Azure using Java – Exam 70-532 – This course is designed to introduce students to developing cloud based applications using Microsoft Azure and the Azure Java SDK. This course covers key compute technologies such as virtual machines, service fabric, and App Services, as well as teaches how to build a developer environment and compose new applications using platform-as-a-service (PaaS) components.

I know many of you reading this may already have a Pluralsight subscription, but you should know Opsgility training content on Azure is more up-to-date and is updated more frequently! That’s one of the big differences with Opsgility having expertise on staff, rather than solely relying on contractors like Pluralsight.

Disclaimer: The opinions express in this blog post and throughout my blog are my own. They do not reflect that of my employer, Opsgility. I also don’t mean any offense towards Pluralsight or Pluralsight Authors. Pluralsight has many great courses to learn all sorts of things, it’s just in my strong opinion that the way Opsgility does Azure Training courses is superior. Thanks!

CertificationInfrastructure

70-744 Securing Windows Server 2016 Certification Exam

Server and Virtual Machine (VM) security is an increasingly important topic in IT. With the adoption of both Public and Private Cloud environments the landscape of server security has been changing as systems become increasingly connected; especially across networks and even the Internet. The Securing Windows Server 2016 (70-744) certification exam will test and measure your expertise in securing and hardening server and VMs running Windows Server 2016; whether their on-premises, or in Public or Private Cloud environments.

Certification Target Audience

The focus on the Securing Windows Server 2016 (70-744) certification exam is centered around Windows Server 2016 Security; such as hardening server environments, securing Virtual Machine infrastructure using Shielded and encryption-supported VMs and Guarded Fabric. The exam is designed to target candidates who are IT Pros and infrastructure professionals that are tasked with configuring and securing Windows Server 2016 environments On-Premises and in Virtual Machine (VM) environments including both the Public and Private Cloud.

Skills Measured

Here is a high level list of the skills and objectives measured on this exam. The percentages next to each of the high level objectives represents the percentage of exam questions that will be targeted towards that specific objective area.

  • Implement disk and file encryption (25-30%)
    • Configure disk and file encryption
    • Implement server patching and updating solutions
    • Implement malware protection
    • Protect credentials
    • Create security baselines
  • Secure a virtualization infrastructure (5-10%)
    • Implement a Guarded Fabric solutions
    • Implement Shielded and encryption-supported VMs
  • Secure a network infrastructure (10-15%)
    • Configure Windows Firewall
    • Implement a software-defined Distributed Firewall
    • Secure network traffic
  • Manage privileged identities (25-30%)
    • Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach
    • Implement Just-in-Time (JIT) Administration
    • Implement Just-Enough-Administration (JEA)
    • Implement Privileged Access Workstations (PAWs) and User Rights Assignments
    • Implement Local Administrator Password Solution (LAPS)
  • Implement threat detection solutions (15-20%)
    • Configure advanced audit policies
    • Install and configure Microsoft Advanced Threat Analytics (ATA)
    • Determine threat detection solutions using Operations Management Suite (OMS)
  • Implement workload-specific security (5-10%)
    • Secure application development and server workload infrastructure
    • Implement a secure file services infrastructure and Dynamic Access Control (DAC)

When studying for this exam, you’ll definitely want to look at the official exam page from Microsoft for the full list of exam objectives. You’ll need to be sure to study every one of them that will be measured on the exam.

Training Materials

The Securing Windows Server 2016 (70-744) exam covers a lot of smaller objective areas in comparison to many other certification exams. There are a lot of topic areas to study around Security Windows Server 2016! Fortunately there is an Exam Reference book available from Microsoft Press targeted towards studying for this specific exam.

Here’s a short description of the Exam Reference book:

Exam Ref 70-744 Securing Windows Server 2016

Prepare for Microsoft Exam 70-744–and help demonstrate your real-world mastery of securing Windows Server 2016 environments. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level. 

Focus on the expertise measured by these objectives: 

  • Implement server hardening solutions
  • Secure a virtualization infrastructure
  • Secure a network infrastructure
  • Manage privileged identities
  • Implement threat detection solutions
  • Implement workload-specific security 

This Microsoft Exam Ref: 

  • Organizes its coverage by exam objectives
  • Features strategic, what-if scenarios to challenge you
  • Assumes you have experience as a Windows Server administrator and an understanding of basic networking and Hyper-V virtualization fundamentals, Active Directory Domain Services principles, and Windows Server security principles

Happy Studying!

CertificationInfrastructure

70-247 Configuring and Deploying a Private Cloud Certification Exam

Many of the newer certification exams from Microsoft target Azure and Public Cloud technologies. The Configuring and Deploying a Private Cloud (70-247) certification exam is a little different since it will test expertise in monitoring and operating Private Cloud environments using Windows Server and Microsoft System Center 2012.

Certification Target Audience

The focus on the Configuring and Deploying a Private Cloud (70-247) certification exam is centered around Microsoft System Center. The exam is designed to target candidates who have experience setting up security, high-availability, fault tolerance, and networking of enterprise environments using Windows Server, and System Center 2012. Candidates should also have basic SQL Server and PowerShell knowledge, and application configuration experience.

Skills Measured

Here is a high level list of the skills and objectives measured on the Configuring and Deploying a Private Cloud (70-247) The percentages next to each of the objectives represent the percentage of the exam questions that will be focus on that specific objective.

  • Design and deploy System Center (15-20%)
    • Design a scalable System Center architecture
    • Install the System Center infrastructure
    • Upgrade System Center components
  • Configure System Center infrastructure (20-25%)
    • Configure System Center components
    • Configure portals and dashboards
  • Configure the fabric (25-30%)
    • Configure the storage fabric
    • Configure the network fabric
    • Configure and manage the deployment and update servers
    • Configure clouds and virtualization hosts
  • Configure System Center integration (15-20%)
    • Configure private cloud integration
    • Configure integration of private and public clouds
  • Configure and deploy virtual machines and services (15-20%)
    • Configure profiles
    • Create and configure server App-V packages
    • Configure and deploy a service
    • Update a service

When studying for this exam, you’ll certainly want to look at the official exam page from Microsoft for the full list of exam objectives covered. You’ll need to study each and every one of the objectives measured on the exam before attempting to take it.

Training Materials

There are a few training resources (paid and free) for preparing for the Configuring and Deploying a Private Cloud (70-247) certification exam. Below is a list of a few of these resources:

Free Videos

Practice Test / Exam

Book

Exam Ref 70-247: Configuring and Deploying a Private Cloud

Prepare for Microsoft Exam 70-247—and help demonstrate your real-world mastery configuring and deploying a private cloud using Microsoft System Center 2012 R2. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level.

CertificationInfrastructure

70-246 Monitoring and Operating a Private Cloud Certification Exam

Many of the newer certification exams from Microsoft target Azure and Public Cloud technologies. The Monitoring and Operating a Private Cloud (70-246) certification exam is a little different since it will test expertise in monitoring and operating Private Cloud environments using Windows Server and Microsoft System Center 2012.

Certification Target Audience

The focus on the Monitoring and Operating a Private Cloud (70-246) certification exam is centered around Microsoft System Center. The exam is designed to target candidates who have experience setting up security, high-availability, fault tolerance, and networking of enterprise environments using Windows Server, and System Center 2012.

Skills Measured

Here is a high level list of the skills and objectives measured on the Monitoring and Operating a Private Cloud (70-246) exam. The percentages next to each of the objectives represent the percentage of the exam questions that will be focus on that specific objective.

  • Configure data center process automation (15-20%)
    • Implement workflows
    • Implement service offerings
  • Deploy resource monitoring (20-25%)
    • Deploy end-to-end monitoring
    • Configure end-to-end monitoring
    • Create monitoring reports and dashboards
  • Monitor resources (20-25%)
    • Monitor network devices
    • Monitor servers
    • Monitor the virtualization layer
    • Monitor application health
  • Configure and maintain service management (15-20%)
    • Implement service level agreements
    • Manage problems and incidents
    • Manage cloud resources
  • Manage configuration and protection (20-25%)
    • Manage compliance and configuration
    • Manage updates
    • Implement backup and recovery

When studying for this exam, you’ll certainly want to look at the official exam page from Microsoft for the full list of exam objectives covered. You’ll need to study each and every one of the objectives measured on the exam before attempting to take it.

Training Materials

There are a few training resources (paid and free) for preparing for the Monitoring and Operating a Private Cloud (70-246) certification exam. Below is a list of a few of these resources:

Free Videos

Practice Test / Exam

Book

Exam Ref 70-246: Monitoring and Operating a Private Cloud

Prepare for Microsoft Exam 70-246–and help demonstrate your real-world mastery of monitoring and operating a private cloud based on Microsoft System Center 2012 R2. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level.

Infrastructure

Setup SSL / TLS on Azure CDN Custom Domain

azure-content-delivery-network-cdn_colorSince the beginning the Azure CDN has allowed for custom domains to be mapped so you can use your own domain name instead of the Azure CDN default domain name endpoint; such as that at “*.azureedge.net”. However, until recently you couldn’t enable SSL encryption support for that custom domain mapped to the Azure CDN endpoint. In a recent update to the Azure CDN service Microsoft has finally enabled the ability to enable SSL / TLS on an Azure CDN Custom Domain name. Read More

ArchitectureDevelopmentInfrastructure

Happy 7th Birthday Microsoft Azure!

February 1, 2017 marks the 7th anniversary of when Microsoft turned on billing for the new Microsoft Azure service. Happy birthday Azure! Initially the service had a fraction of the features and services it has today. There’s been a tremendous growth on the platform over the years as a result of incredible investment by Microsoft.

Here’s a little timeline information about Microsoft Azure that you may or may not know:

  • October 2008  – At the Microsoft Professional Developers Conference (PDC), Microsoft Chief Software Architect Ray Ozzie announces a new cloud computing platform from Microsoft called Windows Azure. The initial announcement includes the Azure services of: Cloud Services, and Blob Storage.
  • March 2009 – Azure SQL Database service was announced.
  • November 2009 – An updated Windows Azure CTP is released enabling Full Trust, PHP, Java, including a CDN CTP and more
  • January 2010 – Windows Azure become Generally Available, currently free of cost
  • February 1, 2010 – Microsoft turns on billing and includes full SLA support making Windows Azure commercially available.
  • June 2010 – Windows Azure is updated with .NET Framework 4, OS Versioning, CDN, and SQL Azure update
  • October 2010 – At PDC conference Microsoft released platform enhancements, Windows Azure Connect, and an improved Dev / IT Pro experience
  • December 2011 – New services added: Traffic Manager, SQL Azure reporting, HPC scheduler
  • June 2012 – New services added: Azure Websites, Virtual Machines for both Windows and Linux, Python SDK, Locally redundant storage, and a new portal.
  • April 2014 – Microsoft renames Windows Azure to Microsoft Azure
  • 2014 to Present – MANY, MANY features and services are released!

Something not mentioned in the above timeline is the HUGE growth of Microsoft building out the data centers and backbone infrastructure that makes up the Microsoft Azure platform. From the initial launch of Microsoft Azure back in 2010, until now, Microsoft has grown the platform out to 32 regions today. They even have announced an additional 6 regions that are currently being planned or built.

Since 2010, Microsoft Azure has grown to be available in 32 regions around the world.

The overal size of Microsoft Azure has grown to be the biggest cloud platform on the planet. Microsoft may have been late to the game as Amazon got started 4 years earlier, but Microsoft has grown the platform to include more data centers and regions around the globe than both Amazon and Google combined!

azureofficialregionmap

You can view an interactive map of the Azure Regions here: http://map.buildazure.com

The Microsoft Azure platform has more data centers and global regions than both Amazon and Google combined!

The cloud brings with it some tremendous capabilities and capacity that most enterprises or even individuals could have only dreamed of having access to only a few short years ago. Microsoft is right there at the front of the stage rapidly releasing innovation after innovation in the Microsoft Azure cloud platform. Microsoft has been and still is betting the future of their enterprise business on the cloud, and Microsoft Azure is the way they are doing it.

Happy birthday Azure!

Happy birthday Azure! I can’t wait to see how you grow and advance cloud computing over the next 7 years and beyond!

ArchitectureInfrastructure

Microsoft Cloud Platform Roadmap

The Microsoft Cloud Platform roadmap provides a snapshot of what Microsoft is working on in their Cloud Platform business. You can use the roadmap to find out what they’ve recently made generally available, released into public preview, are still developing and testing, or are no longer developing.

azurecloudplatformroadmapsite

The Microsoft Cloud Platform Roadmap really gives you a nice view into the current state of many features and services within Microsoft’s overall Cloud Platform. However, it doesn’t give specific release dates as you might expect a roadmap to do, but it is organized well and easy to navigate. If you’re ever curious about the state of things or what upcoming, then the Microsoft Cloud Platform Roadmap is a nice place to go.

The Microsoft Cloud Platform Roadmap is broken out into the main categories (tabs at the top) of:

  • Recently Available
  • Public Preview
  • In Development
  • Cancelled
  • Archive

Within each category is the ability to filter the list of updates by a few subcategories, as well as the ability to select a filter to narrow down the list by a specific product. The list of subcategories (tabs on the left) are:

  • Cloud infrastructure
  • Enterprise mobility
  • Data management and analytics
  • Application development
  • Internet of Things

You can view the Cloud Platform Roadmap here: https://www.microsoft.com/en-us/cloud-platform/roadmap-in-development

ArchitectureInfrastructure

Azure Region Pairs Explained

Microsoft Azure is generally available in over 30 regions around the world. Each region is home to a vast array of servers hosted within 1 or more datacenters.. This is something that’s very apparent in Azure; especially since you need to choose a specific Azure region to host services in. However, something that’s not quite as apparent is the concept of Azure Region Pairs. Specific Azure regions are paired together. This article explains what Azure Region Pairs are, and the benefits that come within them.

What are Azure Region Pairs?

Microsoft operates Azure Regions all over the world. Each Azure Region is strategically placed within a specific geography, and almost all the Azure Regions are located within the same general geography as at least 1 other Region; it’s pair. The only exception to this is the Brazil South region currently, which is the only Azure Region in Brazil.

azureregionpairgeography

Read More