Posts

Showing posts from 2012

Business Intelligence, the Microsoft style

Image
Of course, Microsoft has been in the Business Intelligence (BI) game for some time now, but until now the solution sets lacked focus, clarity, consistency, and homogeneity. Well, in my opinion that is. But wait no longer, the company is bringing its a game to BI with clear and concise messaging and a much more focused and simplified tool set:
Excel – one authoring tool for your BI. And a great “Personal BI” solution.SharePoint – the best solution for sharing, collaborating, and adding mobility (tablets, smartphones) to your BI. And a great “Group BI” solution.SQL Server – rock solid high-performance, high-availability data platform for supporting very large data sets, and providing reporting, analysis, and integration services. And a great “Corporate BI” solution.
As far as BI solutions go, it hardly gets any simpler than that. And in full recognition that it's a big world out there (or is it a Big Data world?) there's plenty of support for non-Microsoft platforms - Oracle, SAP,…

Office 365 Resources

Few months ago I have put together a post "Office 365 Information and Resources" with helpful links to various resources that provide a good overview of Office 365. Here are a few things that should help you explore Office 365 further:
Office 365 Service Descriptions - a great starting point to learn about Office 365 requirements, capabilities, and limitations.Office 365 Service Updates - a wiki with information on updates to the Office 365 services (updated regularly)Office 365 Deployment Guide for Enterprises - TechNet resources to help you plan and execute Office 365 basic or advanced deployment.Office 365 SSO Content Map - want to know more about implementing Single-Sign-On with Office 365? Visit this wiki section, read and learn.Office 365 Deployment Readiness Tool - download and use this tool to verify your Office 365 readiness as part of your migration planning efforts.Internet Connection Test - another great tool for cloud services migration planning. Running "Pe…

CAL Suite Bridges for Office 365

This quick post is on a highly confusing (IMHO) subject of Microsoft licensing. Have you ever heard of CAL Suite Bridges for Office 365?  Do you know what they are? If you need a quick overview, I would suggest taking a look at the following article.

UAG 2010 SP2

Check out issues fixed and features included in UAG 2010 Service Pack 2. Detailed information and download link are available here. To find out what version of UAG you are currently running and to verify prerequisites refer to the following article.

SharePoint 2013 Materials

User attributes in Office 365

Much like some of the group settings can only be applied via PowerShell (see my previous post), so are some of the user attributes. For example, the value of Assistant attribute can not be set via management portal, but using Powershell will do the trick. Here's sample statement:


set-user -identity [User's email address] -AssistantName "[Assistant's Name]"


To view object properties before and after, use the following:


get-user -identity [User's email address]| format-list

Mail-enabled security groups in Office 365

Image
Another update (11/19/2013): further evolution of Office 365 services makes creation of distribution and security groups even easier, plus there's now an option of creating a dynamic distribution group (click here for more information):

Update (08/06/2012): a clear sign of Office 365 evolving along the same lines as other agile cloud services - small incremental features and minor new functionality are being delivered almost continuously and, unlike important major service updates, without much fanfare. For example, there's no need to resort to using PowerShell to setup mail-enabled security groups anymore, it can now be done at creation using management portal: 



Those managing Office 365 (O365) tenant via the Microsoft Online Services Portal (MOS Portal) interface would notice that there are two distinct group entities:
Security Groups:can be created via MOS Portal (main portal page>Management>Security Groups) and used for assigning permissions within SharePoint Onlinedo n…

UAG, SQL, FBA

I have already written about UAG authentication providers available out-of-the-box (here) and mentioned "WinHTTP" and "Other" options as the way to extend this default functionality. Here's a good example based on a popular configuration for exposing Sharepoint based content to external parties (extranet): UAG + SQL Authentication + Sharepoint FBA. This would basically be a 2 part process, and I found a couple of great blog posts that cover it really well:
Configure UAG for SQL authentication (http://bit.ly/L1Gizs):Define custom authentication provider in UAG (for the SQL/aspnetdb) Add a custom [repository].inc Build a custom authentication function (within [repository].inc)Enable UAG SSO (http://bit.ly/MYrgZQ):Extend the Sharepoint site to external Users using ASP.Net MembershipPublish the extranet Sharepoint site via the UAGConfigure the UAG to work with Sharepoint FBAMany thanks to Andreas Heckerfor putting together these thorough instructions!

Problems Accessing UAG Server

Image
Sometimes administrators may find themselves in a situation when they don't seem to be able to access UAG server (via RDP and/or Ping). In most cases the issue is due to either – 1) routing; 2) security restrictions:
UAG [typically] has two interfaces – internal and external, but only one, external, should be configured with the default gateway. This means that for internal interface to be reachable from subnets other than the one it’s on one would need to add persistent static routes using “route add –p [destination network] mask [mask] [gateway]” command. Verify the results using “route print” command.UAG is a harden network device protected by TMG and as such only allows administrative access from authorized hosts. To see or modify the list of allowed hosts go to TMG Management Console, navigate to Firewall Policy, select Toolbox \ Computer Sets \ Remote Management Computers, double-click to view or edit (modify to suit your needs):

Microsoft Private Cloud Solutions

Image
It's all about the cloud nowadays, and the competition is tough. First, there's Amazon, arguably the largest cloud computing platform out there, but being a market leader is both a blessing and a curse - others are constantly trying to dethrone you. And the list of those others is a notable one: Google and Microsoft are working tirelessly to improve their already impressive cloud platforms as are other industry heavyweights - IBMHP, CA; and let's not forget telecom giant - AT&T, Sprint, and Verizon; and many others - Rackspace, GoGrid, Joyent, Savvis, SoftLayer, CloudShare, Skytap, ...


So, how does Microsoft fair against the competition? I think it fairs quite well, thanks to its strong foothold in the Enterprise and the breadth and depth of its cloud solutions. Whether it is a traditional on-premise deployment, highly virtualized datacenter, private cloud, or public cloud offering - Microsoft has a compelling solution, great integration story, deep corporate pockets,…

Cloud Standards

Want to keep up on all the current cloud standards (as well as those that are work in progress), but have trouble keeping track of the rapidly changing field? Look no further than - Cloud Standards Wiki. Great resource!

UAG Authentication Capabilities

Image
Sometimes the subject of authentication in UAG seems to confuse people, and to lead them to the wrong conclusions. To set the record straight on a couple of issues:
Misconception #1: UAG includes robust authentication capabilities - this is a true statement, but sometimes is gets interpreted in a way that implies a presence of some sort of secure identity store within UAG. This is not the case. UAG leverages different authentication repositories and options and can temporarily hold certain identity information to support things such as single sign-on (SSO), but is not a repository in itself. Here's a list of repositories and options supported out of the box (OOB):

Options such as "WINHTTP" and "Other" allow for new methods to be implemented to extend the OOB functionality (see a great example here). 
Misconception #2:UAG supports multi-factor authentication, including bio-metrics, hardware and software tokens, one time passwords (OTP), etc. - once again, this is a…

UAG Certificate Validation

Sometime it may be desirable to disable certificate validation for the SSL protected back-end services published via UAG. You can do this by editing the following registry keys:
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSLright-click ValidateRwsCert, select Modify, and change the Value data to 0right-click ValidateRwsCertCRL, select Modify, and change the Value data to 0restart IISPlease, note that disabling certificate validation process may not be an acceptable security practice in certain environments.For a complete list of UAG registry keys consult the following TechNet article. Also, there are different uses for certificates within UAG, to understand them better I strongly recommend reading through the following excellent blog post by Ben Ari.

Windows Live - Reimagined

Windows Live was born on November 1st, 2005; and now, almost seven years later, with Windows 8 and Windows Phone striding towards more meaningful cloud services integration than ever before, it is about to undergo some serious changes. Want to know more about it? Check out the following post - "Cloud services for Windows 8 and Windows Phone: Windows Live, re-imagined"

UAG Logging

Image
Microsoft Forefront Unified Access Gateway (UAG) is a comprehensive, secure remote access solution; and as such provides robust logging capabilities including the following options: Built-inRADIUSSyslogMailSQLPlease, note that all file locations mentioned in this article are installation defaults and may differ from locations you have selected during the installation.Most of the logging options (with the exception of SQL logging configured via TMG) can be configured via "Admin > Event Logs Settings":



UAG built-in option is enabled by default and default log files location is C:\Program Files\Microsoft Forefront Unified Access Gateway\Logs\Events\. It could be a good idea to periodically backup the content of this directory either via a backup software or a script. UAG Web Monitor can then be used to query event log files, and to filter events according to type, time, and other parameters:
The following briefly outlines other logging options:


For more detailed information plea…

UAG Backup

Image
Every organization should have disaster recovery and continuity of operations plans that commensurate with its risk reduction goals and its overall risk management profile. And of course UAG infrastructure should be an integral part of such plans, subject to associated backup and recovery procedures. However, this post doesn't have much to do with these fundamental things. Instead, it aims to cover the very basics of UAG configuration settings backup or import/export. Here's where one would configure automatic backups (that will be performed automatically every time new configuration is activated):


Please, note that all file locations mentioned in this article are installation defaults and may differ from locations you have selected during the installation.The password must be at least 8 characters long and backup default location is C:\Program files\Microsoft Forefront Unified Access Gateway\Backup\. It could be a good idea to periodically backup the content of this directory …

UAG Basic Customization, Part 2

Image
For information on how to change basic logon page settings please, refer to the first part of this post - UAG Basic Customization, Part 1.
Please, note that all file locations mentioned in this article are installation defaults and may differ from locations you have selected during the installation.We can also customize basic properties of the UAG Portal pages (displayed after successful logon on trunks that use built-in Portal as a default application):
header & toolbar
footer Under C:\Program Files\Microsoft Forefront Unified Access Gateway\von\PortalHomePage\Data\Languages\ locate an appropriate language file, in our case en-US.xml, and copy it to C:\Program Files\Microsoft Forefront Unified Access Gateway\von\PortalHomePage\Data\Languages\CustomUpdate\.Open en-US.xml file in the \CustomUpdate folder using Notepad and perform the following edits (based on the above sample):<String id="12" _locID="12"> - desired title<String id="182" _locID=&qu…

UAG Basic Customization, Part 1

Image
In one of my previous posts I have referenced a couple of good resources on the subject of UAG customization: 
TechNet resource "Customizing Forefront UAG" is a good starting point, and there’s a book that was just published that covers this very topic – “Mastering Microsoft Forefront UAG 2010 Customization” by Erez Ben-Ari.Much is possible when it comes to customizing and extending UAG, and this is when you would need to refer to those materials mentioned above and to study them carefully; but in some cases only basic customization may be desired, like changing default logon page (say edit the title and add a standard security banner). This post aims to cover those basic changes. So, let's say we want our default logon page to look somewhat like this:
And here are the things we would need to do:
Please, note that all file locations mentioned in this article are installation defaults and may differ from locations you have selected during the installation.Under C:\Program Fi…