Category: Infrastructure

CertificationInfrastructure

70-744 Securing Windows Server 2016 Certification Exam

Server and Virtual Machine (VM) security is an increasingly important topic in IT. With the adoption of both Public and Private Cloud environments the landscape of server security has been changing as systems become increasingly connected; especially across networks and even the Internet. The Securing Windows Server 2016 (70-744) certification exam will test and measure your expertise in securing and hardening server and VMs running Windows Server 2016; whether their on-premises, or in Public or Private Cloud environments.

Certification Target Audience

The focus on the Securing Windows Server 2016 (70-744) certification exam is centered around Windows Server 2016 Security; such as hardening server environments, securing Virtual Machine infrastructure using Shielded and encryption-supported VMs and Guarded Fabric. The exam is designed to target candidates who are IT Pros and infrastructure professionals that are tasked with configuring and securing Windows Server 2016 environments On-Premises and in Virtual Machine (VM) environments including both the Public and Private Cloud.

Skills Measured

Here is a high level list of the skills and objectives measured on this exam. The percentages next to each of the high level objectives represents the percentage of exam questions that will be targeted towards that specific objective area.

  • Implement disk and file encryption (25-30%)
    • Configure disk and file encryption
    • Implement server patching and updating solutions
    • Implement malware protection
    • Protect credentials
    • Create security baselines
  • Secure a virtualization infrastructure (5-10%)
    • Implement a Guarded Fabric solutions
    • Implement Shielded and encryption-supported VMs
  • Secure a network infrastructure (10-15%)
    • Configure Windows Firewall
    • Implement a software-defined Distributed Firewall
    • Secure network traffic
  • Manage privileged identities (25-30%)
    • Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach
    • Implement Just-in-Time (JIT) Administration
    • Implement Just-Enough-Administration (JEA)
    • Implement Privileged Access Workstations (PAWs) and User Rights Assignments
    • Implement Local Administrator Password Solution (LAPS)
  • Implement threat detection solutions (15-20%)
    • Configure advanced audit policies
    • Install and configure Microsoft Advanced Threat Analytics (ATA)
    • Determine threat detection solutions using Operations Management Suite (OMS)
  • Implement workload-specific security (5-10%)
    • Secure application development and server workload infrastructure
    • Implement a secure file services infrastructure and Dynamic Access Control (DAC)

When studying for this exam, you’ll definitely want to look at the official exam page from Microsoft for the full list of exam objectives. You’ll need to be sure to study every one of them that will be measured on the exam.

Training Materials

The Securing Windows Server 2016 (70-744) exam covers a lot of smaller objective areas in comparison to many other certification exams. There are a lot of topic areas to study around Security Windows Server 2016! Fortunately there is an Exam Reference book available from Microsoft Press targeted towards studying for this specific exam.

Here’s a short description of the Exam Reference book:

Exam Ref 70-744 Securing Windows Server 2016

Prepare for Microsoft Exam 70-744–and help demonstrate your real-world mastery of securing Windows Server 2016 environments. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level. 

Focus on the expertise measured by these objectives: 

  • Implement server hardening solutions
  • Secure a virtualization infrastructure
  • Secure a network infrastructure
  • Manage privileged identities
  • Implement threat detection solutions
  • Implement workload-specific security 

This Microsoft Exam Ref: 

  • Organizes its coverage by exam objectives
  • Features strategic, what-if scenarios to challenge you
  • Assumes you have experience as a Windows Server administrator and an understanding of basic networking and Hyper-V virtualization fundamentals, Active Directory Domain Services principles, and Windows Server security principles

Happy Studying!

CertificationInfrastructure

70-247 Configuring and Deploying a Private Cloud Certification Exam

Many of the newer certification exams from Microsoft target Azure and Public Cloud technologies. The Configuring and Deploying a Private Cloud (70-247) certification exam is a little different since it will test expertise in monitoring and operating Private Cloud environments using Windows Server and Microsoft System Center 2012.

Retired Exam: This exam is being retired December 31, 2017.

Certification Target Audience

The focus on the Configuring and Deploying a Private Cloud (70-247) certification exam is centered around Microsoft System Center. The exam is designed to target candidates who have experience setting up security, high-availability, fault tolerance, and networking of enterprise environments using Windows Server, and System Center 2012. Candidates should also have basic SQL Server and PowerShell knowledge, and application configuration experience.

Skills Measured

Here is a high level list of the skills and objectives measured on the Configuring and Deploying a Private Cloud (70-247) The percentages next to each of the objectives represent the percentage of the exam questions that will be focus on that specific objective.

  • Design and deploy System Center (15-20%)
    • Design a scalable System Center architecture
    • Install the System Center infrastructure
    • Upgrade System Center components
  • Configure System Center infrastructure (20-25%)
    • Configure System Center components
    • Configure portals and dashboards
  • Configure the fabric (25-30%)
    • Configure the storage fabric
    • Configure the network fabric
    • Configure and manage the deployment and update servers
    • Configure clouds and virtualization hosts
  • Configure System Center integration (15-20%)
    • Configure private cloud integration
    • Configure integration of private and public clouds
  • Configure and deploy virtual machines and services (15-20%)
    • Configure profiles
    • Create and configure server App-V packages
    • Configure and deploy a service
    • Update a service

When studying for this exam, you’ll certainly want to look at the official exam page from Microsoft for the full list of exam objectives covered. You’ll need to study each and every one of the objectives measured on the exam before attempting to take it.

Training Materials

There are a few training resources (paid and free) for preparing for the Configuring and Deploying a Private Cloud (70-247) certification exam. Below is a list of a few of these resources:

Free Videos

Practice Test / Exam

Book

Exam Ref 70-247: Configuring and Deploying a Private Cloud

Prepare for Microsoft Exam 70-247—and help demonstrate your real-world mastery configuring and deploying a private cloud using Microsoft System Center 2012 R2. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level.

CertificationInfrastructure

70-246 Monitoring and Operating a Private Cloud Certification Exam

Many of the newer certification exams from Microsoft target Azure and Public Cloud technologies. The Monitoring and Operating a Private Cloud (70-246) certification exam is a little different since it will test expertise in monitoring and operating Private Cloud environments using Windows Server and Microsoft System Center 2012.

Retired Exam: This exam is being retired December 31, 2017.

Certification Target Audience

The focus on the Monitoring and Operating a Private Cloud (70-246) certification exam is centered around Microsoft System Center. The exam is designed to target candidates who have experience setting up security, high-availability, fault tolerance, and networking of enterprise environments using Windows Server, and System Center 2012.

Skills Measured

Here is a high level list of the skills and objectives measured on the Monitoring and Operating a Private Cloud (70-246) exam. The percentages next to each of the objectives represent the percentage of the exam questions that will be focus on that specific objective.

  • Configure data center process automation (15-20%)
    • Implement workflows
    • Implement service offerings
  • Deploy resource monitoring (20-25%)
    • Deploy end-to-end monitoring
    • Configure end-to-end monitoring
    • Create monitoring reports and dashboards
  • Monitor resources (20-25%)
    • Monitor network devices
    • Monitor servers
    • Monitor the virtualization layer
    • Monitor application health
  • Configure and maintain service management (15-20%)
    • Implement service level agreements
    • Manage problems and incidents
    • Manage cloud resources
  • Manage configuration and protection (20-25%)
    • Manage compliance and configuration
    • Manage updates
    • Implement backup and recovery

When studying for this exam, you’ll certainly want to look at the official exam page from Microsoft for the full list of exam objectives covered. You’ll need to study each and every one of the objectives measured on the exam before attempting to take it.

Training Materials

There are a few training resources (paid and free) for preparing for the Monitoring and Operating a Private Cloud (70-246) certification exam. Below is a list of a few of these resources:

Free Videos

Practice Test / Exam

Book

Exam Ref 70-246: Monitoring and Operating a Private Cloud

Prepare for Microsoft Exam 70-246–and help demonstrate your real-world mastery of monitoring and operating a private cloud based on Microsoft System Center 2012 R2. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level.

Infrastructure

Setup SSL / TLS on Azure CDN Custom Domain

azure-content-delivery-network-cdn_colorSince the beginning the Azure CDN has allowed for custom domains to be mapped so you can use your own domain name instead of the Azure CDN default domain name endpoint; such as that at “*.azureedge.net”. However, until recently you couldn’t enable SSL encryption support for that custom domain mapped to the Azure CDN endpoint. In a recent update to the Azure CDN service Microsoft has finally enabled the ability to enable SSL / TLS on an Azure CDN Custom Domain name. Read More

ArchitectureDevelopmentInfrastructure

Happy 7th Birthday Microsoft Azure!

February 1, 2017 marks the 7th anniversary of when Microsoft turned on billing for the new Microsoft Azure service. Happy birthday Azure! Initially the service had a fraction of the features and services it has today. There’s been a tremendous growth on the platform over the years as a result of incredible investment by Microsoft.

Here’s a little timeline information about Microsoft Azure that you may or may not know:

  • October 2008  – At the Microsoft Professional Developers Conference (PDC), Microsoft Chief Software Architect Ray Ozzie announces a new cloud computing platform from Microsoft called Windows Azure. The initial announcement includes the Azure services of: Cloud Services, and Blob Storage.
  • March 2009 – Azure SQL Database service was announced.
  • November 2009 – An updated Windows Azure CTP is released enabling Full Trust, PHP, Java, including a CDN CTP and more
  • January 2010 – Windows Azure become Generally Available, currently free of cost
  • February 1, 2010 – Microsoft turns on billing and includes full SLA support making Windows Azure commercially available.
  • June 2010 – Windows Azure is updated with .NET Framework 4, OS Versioning, CDN, and SQL Azure update
  • October 2010 – At PDC conference Microsoft released platform enhancements, Windows Azure Connect, and an improved Dev / IT Pro experience
  • December 2011 – New services added: Traffic Manager, SQL Azure reporting, HPC scheduler
  • June 2012 – New services added: Azure Websites, Virtual Machines for both Windows and Linux, Python SDK, Locally redundant storage, and a new portal.
  • April 2014 – Microsoft renames Windows Azure to Microsoft Azure
  • 2014 to Present – MANY, MANY features and services are released!

Something not mentioned in the above timeline is the HUGE growth of Microsoft building out the data centers and backbone infrastructure that makes up the Microsoft Azure platform. From the initial launch of Microsoft Azure back in 2010, until now, Microsoft has grown the platform out to 32 regions today. They even have announced an additional 6 regions that are currently being planned or built.

Since 2010, Microsoft Azure has grown to be available in 32 regions around the world.

The overal size of Microsoft Azure has grown to be the biggest cloud platform on the planet. Microsoft may have been late to the game as Amazon got started 4 years earlier, but Microsoft has grown the platform to include more data centers and regions around the globe than both Amazon and Google combined!

azureofficialregionmap

You can view an interactive map of the Azure Regions here: http://map.buildazure.com

The Microsoft Azure platform has more data centers and global regions than both Amazon and Google combined!

The cloud brings with it some tremendous capabilities and capacity that most enterprises or even individuals could have only dreamed of having access to only a few short years ago. Microsoft is right there at the front of the stage rapidly releasing innovation after innovation in the Microsoft Azure cloud platform. Microsoft has been and still is betting the future of their enterprise business on the cloud, and Microsoft Azure is the way they are doing it.

Happy birthday Azure!

Happy birthday Azure! I can’t wait to see how you grow and advance cloud computing over the next 7 years and beyond!

ArchitectureInfrastructure

Microsoft Cloud Platform Roadmap

The Microsoft Cloud Platform roadmap provides a snapshot of what Microsoft is working on in their Cloud Platform business. You can use the roadmap to find out what they’ve recently made generally available, released into public preview, are still developing and testing, or are no longer developing.

azurecloudplatformroadmapsite

The Microsoft Cloud Platform Roadmap really gives you a nice view into the current state of many features and services within Microsoft’s overall Cloud Platform. However, it doesn’t give specific release dates as you might expect a roadmap to do, but it is organized well and easy to navigate. If you’re ever curious about the state of things or what upcoming, then the Microsoft Cloud Platform Roadmap is a nice place to go.

The Microsoft Cloud Platform Roadmap is broken out into the main categories (tabs at the top) of:

  • Recently Available
  • Public Preview
  • In Development
  • Cancelled
  • Archive

Within each category is the ability to filter the list of updates by a few subcategories, as well as the ability to select a filter to narrow down the list by a specific product. The list of subcategories (tabs on the left) are:

  • Cloud infrastructure
  • Enterprise mobility
  • Data management and analytics
  • Application development
  • Internet of Things

You can view the Cloud Platform Roadmap here: https://www.microsoft.com/en-us/cloud-platform/roadmap-in-development

ArchitectureInfrastructure

Azure Region Pairs Explained

Microsoft Azure is generally available in over 30 regions around the world. Each region is home to a vast array of servers hosted within 1 or more datacenters.. This is something that’s very apparent in Azure; especially since you need to choose a specific Azure region to host services in. However, something that’s not quite as apparent is the concept of Azure Region Pairs. Specific Azure regions are paired together. This article explains what Azure Region Pairs are, and the benefits that come within them.

What are Azure Region Pairs?

Microsoft operates Azure Regions all over the world. Each Azure Region is strategically placed within a specific geography, and almost all the Azure Regions are located within the same general geography as at least 1 other Region; it’s pair. The only exception to this is the Brazil South region currently, which is the only Azure Region in Brazil.

azureregionpairgeography

Read More

InfrastructureVideo

How big is the Microsoft Azure Cloud?

The Microsoft Azure Cloud is huge. Or should I say H-y-uuuuu-ge! It’s the largest cloud provider in the world with 38 Regions currently (30 online) spread across the globe, and Microsoft keeps adding more regions every few months. Microsoft has been betting the future of their Enterprise business on Azure since the initial General Availability in 2010, and they’ve increased their efforts over the last couple of years as the “Cloud Wars” have been speeding up.

Microsoft has been a little vague over the years. They publish how many Azure Regions there are, and what cities they’re located in. I’ve put together a map that plots the city location of each of the Azure Regions to help visualize things on the Region side of the equation. However, they don’t disclose the street addresses of the data centers, and until recently they haven’t exactly stated how many data centers make up the 38 Azure Regions. That is until recently, where Microsoft released a short video showcasing a few details and images of their data centers around the globe.

Here are some facts about Microsoft’s Cloud Infrastructure that powers Microsoft Azure, Office 365, Xbox Live, and many other services:

  • The Microsoft Cloud is made up of more than 100 datacenters worldwide.
  • The Microsoft Cloud serves over 140 countries.
  • The Microsoft Cloud is comprised of MILLIONS of servers, and growing!
  • The Microsoft Cloud is built with the latest hardware innovations to maximize efficiency.
  • The Microsoft Cloud is connected by enough fiber to stretch to the Moon and back 3 times!
  • Microsoft processes Millions of network requests per second backed by high availability infrastructure.
  • Everything is monitored 24x7x365
  • The Microsoft global infrastructure is 100% carbon neutral.
  • Microsoft has built one of the most connected networks in the world so you don’t have to.
  • Microsoft Azure is used by 85% of Fortune 500 companies.

Here’s the video for your viewing pleasure. The birds eye views of the data centers are really interesting to see, along with a few peeks inside some of them.

On the note of being 100% carbon neutral, Microsoft states that about 44 percent of their datacenter energy comes from Wind, Solar, and Hydropower. Microsoft is also aiming to increase that figure to 50 by 2018. If you’re interested in a little more detail on Microsoft power usage, and the deal to power the new Cheyenne, Wyoming datacenter on Wind power, I encourage you to read the “Microsoft Azure: Cloud datacenter goes fully wind powered in landmark energy deal” article over on ZDNet.

ArchitectureInfrastructurepricing

Static Website Hosting in Azure Storage

Traditional shared hosting providers generally cost anywhere between $8 – $10 USD per month. The reason is you need to reserve some CPU and Memory resources on a VM to host your website. These are very useful for hosting dynamic web sites or applications with small amounts of traffic. However, if you have a static website then you don’t need CPU and Memory on a VM, all you need is storage and bandwidth. Since hosting a static website or static front-end to an API powered web application only requires storage and bandwidth, it makes Azure Storage a perfect service to host such a website. In this article I’ll explain what’s necessary to host static website in Azure Blob Storage, then I’ll show how you can estimate the hosting cost of the site as well. (Hint: It’s really cheap!) Read More

Infrastructure

Single Instance VMs Now With 99.9% SLA

Since the initial release of the Virtual Machine (VM) hosting service within Microsoft Azure there’s been a limitation on achieving the minimum requirements for the 99.9% SLA guarantee. This limitation has been that you needed to provision at least 2 VMs to get the SLA guarantee. That is until now. Now, there is an option to provision a single instance VM and have the 99.9% SLA guarantee too!

Microsoft is constantly working to improve and add new features / services to the Microsoft Azure platform. Among the latest of these changes is to support a 99.9% SLA with SINGLE instance VMs. While this isn’t a replacement for multi-instance VM configurations, this offers enhanced reliability for workloads where a single VM instance works.

Single Instance VM SLA Requirement

There are a few requirements that need to be met in order to achieve the 99.9% SLA guarantee for a single instance VM. The storage used for the VM Operating System and Data disks must be using Premium Storage. Premium Storage offers a much higher level of availability and performance with 5,000 IOPS per disk, versus 500 IOPS per disk with Standard Storage. The way Premium storage offers this is by utilizing SSD storage drives within the data center that are located on the same server hardware where the VM is running. Premium storage also offers a much higher throughput rate per disk of 2 Gbps.

Single Instance VMs must use Premium Storage to obtain 99.9% SLA guarantee.

Benefits of Multi-Instance VM Configuration

While it may sound appealing to configure your workloads to use a single instance VM, after all you can now get the 99.9% SLA guarantee, it’s still more adventagous to configure your workloads to use a multi-instance VM configuration instead. Among these is a higher SLA guarantee for multi-instance VMs of 99.95%.

Multi-Instance VM workloads achieve a higher 99.95% SLA guarantee.

For the vast majority of workloads it’s best to use a configuration consisting of multiple VM instances for added availability, reliability, and scalability. The best way to achieve all three of these is to use the Microsoft Azure service that is VM Scale Sets.

For more information on the SLA guarantee for Virtual Machines within Microsoft Azure, you can read the official SLA for Virtual Machines details page.