Tuesday, May 22, 2012

Microsoft Private Cloud Solutions

It's all about the cloud nowadays, and the competition is tough. First, there's Amazon, arguably the largest cloud computing platform out there, but being a market leader is both a blessing and a curse - others are constantly trying to dethrone you. And the list of those others is a notable one: Google and Microsoft are working tirelessly to improve their already impressive cloud platforms as are other industry heavyweights - IBMHP, CA; and let's not forget telecom giant - AT&T, Sprint, and Verizon; and many others - Rackspace, GoGrid, Joyent, Savvis, SoftLayer, CloudShare, Skytap, ...


So, how does Microsoft fair against the competition? I think it fairs quite well, thanks to its strong foothold in the Enterprise and the breadth and depth of its cloud solutions. Whether it is a traditional on-premise deployment, highly virtualized datacenter, private cloud, or public cloud offering - Microsoft has a compelling solution, great integration story, deep corporate pockets, and strong technical expertise required to further enhance and support it. So, you choose whatever road to take, it's on your terms:
When it comes to Microsoft's public cloud offerings, they are fairly well known and publicized: Dynamics CRM Online, Office 365, Windows Intune, Windows Azure, SkyDrive. So, I wanted to spend some time highlighting the features and benefits of Microsoft's private cloud offering and its cornerstone - System Center 2012. Hence, meet SC2012, I suggest you start with reviewing the following:
Then, work your way down to the individual products and technologies:
And now, take a look at the entire private cloud stack:
Impressive? I think so, but this is not the whole story yet. So far we have only covered the foundation - infrastructure, process automation, management and monitoring - necessary to establish a solid platform for applications and services; after all, this is what business users and consumers alike are typically after - I guess it's not all about the cloud, it's about the apps.

Naturally, Microsoft's own wide-ranging product portfolio (from productivity, communications and collaboration software; to customer relationship management and enterprise resource planning solutions; to data warehousing, online analytical processing, and business intelligence), along with a diverse ecosystem of products from Microsoft partners and independent software vendors, present a perfect fit and deliver significant value when provisioned, delivered, managed, and monitored via the private cloud platform.

About the benefits. Private cloud can provide a healthy mix of usual cloud incentives - such as agility, focus, and economics - along with enhanced abilities to control, secure, and customize the environment. Here are a few specific benefits of the Microsoft private cloud:  
  • Heterogeneous support: multiple hardware vendors (Dell, IBM, HP, Hitachi, Fujitsu, NetApp, Cisco), hypervisors (hyper-v, vmware, xenserver), operating systems (Widows, Linux), and application platforms (.Net, Java, PHP, Ruby) are supported.
  • Process automation: strong automation capabilities via Orchestrator across all System Center products as well as 3rd party tools (HP, CA, BMC, EMC)
  • Self-service infrastructure: robust self-service capabilities delivered via App Controller and Service Manager, supported by process automation
  • Service-centric approach: holistic approach to service definition (includes hardware, software, multiple inter-related systems) 
  • Comprehensive systems and application manageability: solid management  capabilities delivered via Configuration Manager, supported by process automation 
  • Deep systems and application monitoring and diagnosis: robust monitoring capabilities delivered via Operations Manager, supported by process automation
  • Flexible delegation and control: role based administration and granular control 
  • Cross-cloud application management: manage private and public cloud applications  via a single console, move applications between clouds
  • Physical, virtual, and cloud management: use the same set of tools to manage physical and virtual infrastructure, as well as public and private clouds
To summarize - how would a sample Private Cloud based, System Center 2012 infused environment conceptually look like? Somewhat like this:
Cloud computing and Microsoft private cloud solutions - these are voluminous topics, but I hope you get the picture. To learn more please, follow the links, read through the datasheets, and do some digging of your own.
Many of the leading cloud computing platforms are proprietary in nature (i.e. Amazon, Microsoft), while others are build upon open source projects (i.e. HP and Rackspace using OpenStack, Datapipe and Zynga using CloudStack; CERN using OpenNebula; NASA using Eucalyptus; Yandex using Nimbula). Neither approach is either good or bad, right or wrong. Time will settle the score; meanwhile, there's nothing wrong with variety and a healthy competition is always good for the consumers of cloud services and platforms.

Wednesday, May 9, 2012

Cloud Standards

Want to keep up on all the current cloud standards (as well as those that are work in progress), but have trouble keeping track of the rapidly changing field? Look no further than - Cloud Standards Wiki. Great resource!

Tuesday, May 8, 2012

UAG Authentication Capabilities


Sometimes the subject of authentication in UAG seems to confuse people, and to lead them to the wrong conclusions. To set the record straight on a couple of issues:

Misconception #1: UAG includes robust authentication capabilities - this is a true statement, but sometimes is gets interpreted in a way that implies a presence of some sort of secure identity store within UAG. This is not the case. UAG leverages different authentication repositories and options and can temporarily hold certain identity information to support things such as single sign-on (SSO), but is not a repository in itself. Here's a list of repositories and options supported out of the box (OOB):    


Options such as "WINHTTP" and "Other" allow for new methods to be implemented to extend the OOB functionality (see a great example here). 

Misconception #2: UAG supports multi-factor authentication, including bio-metrics, hardware and software tokens, one time passwords (OTP), etc. - once again, this is a true statement, but supports does not mean includes. You would need a solution that implements said capabilities (bio-metrics, OTP, etc.) and integrates with UAG.


Luckily, UAG is a highly extensible products and integration is its strong suite. You would find plenty of great, ready to use solutions in both software only or appliance formats or you could opt to implement your own unique scheme. Furthermore, for your convenience many of the appliance based solutions include both the UAG itself + those strong authentication extensions, all integrated and ready to go. Here's a quick sample of what's available:
  • Winfrasoft UAG Appliance with PINsafe, link
  • PORTSYS UAG Applicance with SafeLogin, link
  • Clestix WSA UAG and HOTpin Appliances, link 
  • Deepnet Security DualShield Unified Authentication Platform, link 
  • PointSharp ID Unified Authentication, link
  • Gemalto SA Server, link
  • nGSA Gemalto Appliance, link
So, one might ask - "What does UAG do?" Well, first of all - it is pretty busy being scalable, secure, remote access solution that supports granular access control and provides robust support for different authentication repositories and options. And then - it is the remote access platform that put's it all together (multiple repositories, advanced authentication options, single sign-on, etc.)

Thursday, May 3, 2012

UAG Certificate Validation


Sometime it may be desirable to disable certificate validation for the SSL protected back-end services published via UAG. You can do this by editing the following registry keys:
  • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSL
    • right-click ValidateRwsCert, select Modify, and change the Value data to 0
    • right-click ValidateRwsCertCRL, select Modify, and change the Value data to 0
    • restart IIS
Please, note that disabling certificate validation process may not be an acceptable security practice in certain environments. For a complete list of UAG registry keys consult the following TechNet article. Also, there are different uses for certificates within UAG, to understand them better I strongly recommend reading through the following excellent blog post by Ben Ari.

Wednesday, May 2, 2012

Windows Live - Reimagined

Windows Live was born on November 1st, 2005; and now, almost seven years later, with Windows 8 and Windows Phone striding towards more meaningful cloud services integration than ever before, it is about to undergo some serious changes. Want to know more about it? Check out the following post - "Cloud services for Windows 8 and Windows Phone: Windows Live, re-imagined"