bet.ucoz.co.uk

Posts Tagged ‘Management’

« Older Entries
Newer Entries »

Minimum Certificate RSA Key Length Windows Update (1024 Bits) October 5th, 2012

Vinod Kumar

sign_red

Microsoft Security Advisory (2661254) – This is the root to all the content available.

PLEASE TEST THE PATCH AND THE IMPACT ON APPLICATIONS BEFORE DEPLOYMENT. THIS UPDATE WILL BE AVAILABLE ON OCT-9th-2012.

What is this update about?

Microsoft is announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length. The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Recommendation: Microsoft recommends that customers download the update and assess the impact of blocking certificates with RSA keys less than 1024 bits in length before applying the update to their enterprise.

What OS / Systems/ devices does this update apply to?

Read about the affected software and devices at http://technet.microsoft.com/en-us/security/advisory/2661254. Navigate to the section on Affected Software and Devices.

Where can I download this update from?

The update is available on the Download Center as well as the Microsoft Update Catalog for all supported releases of Microsoft Windows.

Direct Catalog Link.

What could be the potential impact if I do not test this update before deploying in my environment?

It is possible that after the update, some systems will cease to function as before, because their underlying digital certification relies on certificates that do not meet the new requirement, a key length of at least 1024 bits.

Read about known issues here: http://support.microsoft.com/kb/2661254

How do I know if my environment is impacted by this?

There are four main methods for discovering if RSA certificates with keys less than 1024 bits are in use:

  1. Check certificates and certification paths manually
  2. Use CAPI2 logging
  3. Check certificate templates
  4. Enable logging on computers that have the update installed

Read about each of the four methods in detail at this link (Under section Discover RSA certificates with key lengths of less than 1024 bits) http://support.microsoft.com/kb/2661254

What if I find a certificate with a RSA key less than 1024 bits in length?

Customers that identify any certificates that use RSA key lengths less than 1024 bits in their environments:

  1. Will need to request longer certificates from their certification authority.
  2. Customers that manage their own PKI environments will need to create new longer key pairs and issue new certificates from these new keys.

Customers should evaluate using a sufficient key length to match their requirements for data encryption which may exceed the minimum required by this update.

What if I am not ready to deploy this update? What are my options?

1. Enable certificate logging to help identify the usage of RSA keys less than 1024 bits in length

By default, logging is not enabled. Logging can be enabled to help identify the usage of RSA keys less than 1024 bits in length by setting the logging directory in the registry.

Warning - If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config]
" WeakSignatureLogDir"

You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, see Core Group Policy Tools and Settings.

2. Block the update from being deployed through your deployment solution.

Use your current patch deployment solution [System Center Configuration Manager or WSUS or any other.] and disable the automatic deployment of this patch.

Opt-out Setting – You can also make manual changes to the key lengths that are blocked. Read here: http://blogs.technet.com/b/pki/archive/2012/07/13/blocking-rsa-keys-less-than-1024-bits-part-2.aspx

Example – You can modify a registry setting using the certutil command to modify the size of the keys that are blocked. For example, if you wanted to allow 512 bit keys, but block all keys less than 512 bits, you could run the following command:

Certutil -setreg chain\minRSAPubKeyBitLength 512

Note - This approach should not constitute a long term solution, as you will remain exposed to digital certificate weaknesses until you finally renew their certificates with a key size equal or greater than 1024 bits.

Where can I read more about this update?

Below is a chronological listing of the blog postings discussing this upcoming change:

  1. RSA keys under 1024 bits are blocked (2012-06-11)
  2. Certificate Trust List update and the June 2012 bulletins (2012-06-12)
  3. Gadgets, certificate housekeeping and the July 2012 bulletins (2012-07-10)
  4. Microsoft’s continuing work on digital certificates (2012-07-10)
  5. Blocking RSA Keys less than 1024 bits (part 2) (2012-07-13)
  6. Blocking RSA keys less than 1024 bits (part 3) (2012-08-14)

Microsoft released a security advisory, KB article, and software update for all supported versions of Windows that blocks RSA certificates with keys less than 1024 bits. The software update was released to the Download Center.

  1. The security advisory is located at http://technet.microsoft.com/security/advisory/2661254.
  2. The KB article is available at http://support.microsoft.com/kb/2661254.

The update is available now to allow organizations to assess the impact of this update and to reissue certificates with larger key sizes, if necessary, before the update is sent out through Windows Update. The update is planned to be sent out through Windows Update in October 9, 2012.

September ANS and an important heads-up concerning certificates (2012-09-06)

Thought this was important update to pass on. Feel free to spread the news.

1 Comment »

Continue reading...


 

Windows Server 2012–Virtual Academy Training October 5th, 2012

Vinod Kumar

Yesterday I wrote a blog post around what is new in Windows Server 2012 and I had couple of my friends ask how to learn it more efficiently. Thought I will write about the same in this post with links to the Virtual Academy Courses that are awesome and available online as TechNet resources. So here is a dump of links to various Microsoft Virtual Academy (MVA) around Windows Server 2012. This can easily take away your couple of weekends if you want to learn it properly :) – Trust me it is worth it !!!

These videos are part of the Microsoft Virtual Academy (MVA). The MVA is a free program delivering structured learning paths for IT Professionals on various Microsoft products and solutions.

Microsoft Virtual Academy: Hyper-V Network Virtualization | TechNet VideoThe module introduces the new Hyper-V Network Virtualization feature and this video rounds off the module with a how-to look at the Hyper-V Network Virtualization.

Microsoft Virtual Academy: IP Address Management in Windows Server 2012 | TechNet VideoThis module introduces the IP address management (IPAM) feature in Windows Server 2012. You will see why IP address management is important for network infrastructures in modern organizations, followed by the installation process and requirements for the new IPAM feature. You will also see some of the IPAM server options, and how to delegate access to IPAM and related tasks. This Video shows how to configure IP Address Management.

Microsoft Virtual Academy: Managing Data Deduplication | TechNet Video - This module is part of the Windows Server 2012: Storage course. This video shows how to manage Data Deduplication by excluding file types, scheduling out of hours and using the DDPEVAL tool.

Microsoft Virtual Academy: Windows Server 2012 Server Virtualization Part 2 | TechNet VideoThis video explains how you can achieve increased flexibility with virtual machine mobility. The video includes a demo of Shared Nothing Live Migration.

Microsoft Virtual Academy: Windows Server 2012 Server Virtualization Part 4 | TechNet Video – This video looks at the things Microsoft has done to work with Partners to increase the capabilities of Hyper-V. The video includes a demo of Managing Windows Server 2012 with System Center 2012 SP1.

Microsoft Virtual Academy: Windows Server 2012 Server Virtualization Part 5 | TechNet Video – This video explains how you can manage Isolation and Multitenancy in your organization with Windows Server 2012. The video includes a demo of Resource Metering of a Virtual Machine.

Microsoft Virtual Academy: Windows Server 2012 Storage Part 1 | Technet Video  – This video looks at the improvements that have been made in Storage within Windows Server 2012. The video includes a demo of Data Deduplication.

Microsoft Virtual Academy: Windows Server 2012 Storage Part 2 | Technet Video -This video covers Windows Server 2012 storage solutions that deliver continuous application availability. The video includes a demo of Cluster-Aware Updating.

Microsoft Virtual Academy: Windows Server 2012 Storage Part 3 | TechNet Video -This video explains how Microsoft have innovated with partners to maximize performance, scalability and choice. The video includes a demo of ODX.

Microsoft Virtual Academy: Windows Server 2012 Storage Part 4 | TechNet VideoThis video explains how Windows Server 2012 helps improve operational efficiency through simplified manageability.

Microsoft Virtual Academy: Windows Server 2012 Identity and Access Part 1 | TechNet VideoThis video explains how Windows Server 2012 helps IT Professionals manage their Identity and Access. The video includes a demo of Dynamic Access Control.

Microsoft Virtual Academy: Windows Server 2012 Identity and Access Part 2 | TechNet Video – This video covers Active Directory for the Cloud and the enhancements made in Active Directory in Windows Server 2012.

Microsoft Virtual Academy: Node Drain | TechNet VideoThis video shows how to use node drain to pause a Windows Server 2012 cluster node, ready for maintenance, and then to resume that node with all roles automatically failing back.

Microsoft Virtual Academy: Add Storage Space to Cluster Share Volumes | TechNet Video  – This video shows how to add a mirrored Storage Space to a Cluster Shared Volume in Windows Server 2012.

Microsoft Virtual Academy: BitLocker on Cluster Share Volumes | TechNet VideoThis video shows how to use BitLocker to encrypt a Cluster Shared Volume in Windows Server 2012.

Microsoft Virtual Academy: Add disk to CSV in Windows Server 2012 | TechNet VideoThis video shows how to add available disk storage to a Cluster Shared Volume in Windows Server 2012.

Microsoft Virtual Academy: Setting up Clustered Shared Volumes | TechNet VideoThis video shows how to configure Cluster Shared Volumes in Windows Server 2012.

Microsoft Virtual Academy: End to End Management | TechNet Video – This video shows how Windows Server 2012 gives a consistent management experience across all standard compliance storage arrays and has simplified the management of storage end-to-end.

Microsoft Virtual Academy: SMB 3. 0 High Performance Storage with Transparent Failover | TechNet Video  – This video shows SMB transparent failover in action using SQL Server running with 200,000 IOPs.

Microsoft Virtual Academy: Local Server Experience and Deployment Options | TechNet VideoThis module is part of the Windows Server 2012: Manageability & Automation course and covers the Standards-based management that is the foundation of the management experience in Window Server 2012, robust automation through PowerShell 3.0 and Multi-machine experience thought the new Server Management. This video focuses on Server Manager running on Minimal Server Interface.

Microsoft Virtual Academy: Live Migration of Virtual Machines with Nothing Shared | TechNet VideoThis video shows the new option in Windows Server 2012 to live migrate virtual machines between Hyper-V servers that do not share an infrastructure.

Microsoft Virtual Academy: Windows Server 2012 Web Application and Platform Part 1 | TechNet VideoThis video explains how Windows Server 2012 delivers an application platform that offers high performance and high density applications. The video includes a demo of Centralized Certificate Store.

Microsoft Virtual Academy: Windows Server 2012 Web Application and Platform Part 2 | Technet Video – This video looks at Non-Uniform Memory Architecture (NUMA) Scalability. The video includes a demo of CPU throttling and dynamic restrictions.

Microsoft Virtual Academy: Personalizing Your Experience with Server Manager | Technet Video  – This module is part of the Windows Server 2012: Manageability & Automation course and covers the new Server Manager in Window Server 2012. This video shows you how to customise the Server Manager Tools menu to suit your personal preferences.

Microsoft Virtual Academy: Deep Dive into Core Functionalities | Technet VideoThis module is part of the Windows Server 2012: Manageability & Automation course and covers the new Server Manager in Window Server 2012. This video shows the key features of the new Server Manager.

Microsoft Virtual Academy: Multi-Machine Server Management | TechNet VideoThis module is part of the Windows Server 2012: Manageability & Automation course and covers the Standards-based management that is the foundation of the management experience in Window Server 2012, robust automation through PowerShell 3.0 and Multi-machine experience thought the new Server Management. This videos shows how Server Manager in Windows Server 2012 improves the multi-machine server management experience for administrators.

Microsoft Virtual Academy: Live Migration between Clusters | TechNet VideoThis module is part of the Windows Server 2012: Server Virtualization and covers the new features in Windows Server 2012 Hyper-V related to virtual machine mobility and scale up technologies. This video shows the new option in Windows Server 2012 to live migrate virtual machines between two Windows Server 2012 clusters.

Microsoft Virtual Academy: Windows Server 2012 Networking Part 1 | TechNet Video - This video covers some of the networking features of Windows Server 2012 and how those features help customers to overcome networking challenges in their organizations.

Microsoft Virtual Academy: Windows Server 2012 Networking Part 2 | TechNet VideoThis video explains how Windows Server 2012 provides a simplified multitenant network infrastructure. The video includes a demo of Network Virtualization.

Microsoft Virtual Academy: Windows Server 2012 Networking Part 3 | TechNet VideoThis video looks at how Windows Server 2012 enables high-performance networking with current and next-generation hardware. The video includes a demo of Receive Segment Coalescing.

Microsoft Virtual Academy: Windows Server 2012 Networking Part 4 | TechNet VideoThis video covers operational efficiency through simplified manageability with Windows Server 2012. The video includes a demo of IP Address Management (IPAM).

Microsoft Virtual Academy: Windows Server 2012 Networking Part 5 | TechNet VideoThis video explains how to build a rich and diverse ecosystem with Windows Server 2012. The video includes a demo of Extensible Shift.

Microsoft Virtual Academy: Windows Server 2012 Networking Part 6 | TechNet VideoThis video summarizes how Windows Server 2012 can help overcome networking challenges in your organization.

Microsoft Virtual Academy: NIC Teaming in Windows Server 2012 | TechNet VideoThe module examine the new DHCP high availability solution, options for providing fault tolerance and higher bandwidth for network adapters, and how you can apply QoS within a Hyper-V environment in order to ensure predictability of network performance for virtual machine workloads. This Video show how to team NICs and change their properties.

Microsoft Virtual Academy: Windows Server 2012 Virtual Desktop Infrastructure Part 1 | TechNet VideoThis video explains the enhancements that have been made in Windows Server 2012 to Virtual Desktop Infrastructure. The video includes a demo of VDI deployment, administration and management.

Microsoft Virtual Academy: Windows Server 2012 Virtual Desktop Infrastructure Part 2 | TechNet VideoThis video covers the best value for VDI with key platform capabilities. The video includes a demo of User experience improvements in VDI.

Microsoft Virtual Academy: Windows Server 2012 Virtual Desktop Infrastructure Part 3 | TechNet VideoThis video summarizes how Windows Server 2012 enhancements have improved Virtual Desktop Infrastructure.

Microsoft Virtual Academy: Windows Server 2012 Web Application and Platform Part 3 | TechNet VideoThis video covers consistent and repeatable configurations and Ecosystem and Extensibility.

Exchange Storage Discussion | TechNet VideoThe UK Exchange team discuss storage in Exchange 2010.

UK Exchange Team Top Tips | TechNet VideoThe UK Exchange team discuss their top tips for Exchange 2010

Bytes by TechNet Sean Deuby and Harold Wong | TechNet VideoJoin Harold Wong, Senior IT Pro Evangelist for Microsoft, and Sean Deuby, Technical Director for Windows IT Pro and SQL Server Pro discuss Active Directory. Sean talks about what he feels will be the most impactful in Windows Server 8 like using Dynamic Access Control to set central access policy, claims based authorization and what the big deal is about VM Gen ID that is built into Hyper-V. Another amazing Bytes interview!

PS Session Reconnect via PowerShell Web Access | TechNet VideoWindows PowerShell supports disconnecting and reconnecting to Windows PowerShell sessions. You can start a session through Windows PowerShell Web Access on one device and then reconnect to that session later on the same or different device either through Windows PowerShell Web Access, PowerShell.exe, Windows PowerShell ISE, or another PowerShell host.

Customizing the Wizard Pages in MDT UDI | TechNet VideoSystem Center 2012 Configuration Manager OSD and MDT User-Driven Installation (UDI) work together to deploy Windows. This video shows from a developer perspective how to customize the wizard pages in MDT UDI. Watch this if you would like to code your own customizations into the pages.

Building Extensions for the MDT UDI Designer | TechNet VideoSystem Center 2012 Configuration Manager OSD and MDT User-Driven Installation (UDI) work together to deploy Windows. In this video, see how to build extensions for your deployment to further customize MDT UDI for your environment.

Configuring MDT UDI for Hardware Refresh Deployments | TechNet VideoSystem Center 2012 Configuration Manager OSD and MDT User-Driven Installation (UDI) work together to deploy Windows. In this video, see additional information on the MDT UDI Refresh Deployment Scenario, including language pack installations.

Microsoft Virtual Academy: (Part 1) Competitive Advantages of the Microsoft Private Cloud over the VMware Private Cloud | TechNet Video

Microsoft Virtual Academy: (Part 2) Competitive Advantages of the Microsoft Private Cloud over the VMware Private Cloud | TechNet Video

Microsoft Virtual Academy: (Part 3) Competitive Advantages of the Microsoft Private Cloud over the VMware Private Cloud | TechNet Video

Microsoft Virtual Academy: (Part 4) Competitive Advantages of the Microsoft Private Cloud over the VMware Private Cloud | TechNet Video

Microsoft Virtual Academy: (Part 5) Competitive Advantages of the Microsoft Private Cloud over the VMware Private Cloud | TechNet Video

Microsoft Virtual Academy: (Part 6) Competitive Advantages of the Microsoft Private Cloud over the VMware Private Cloud | TechNet Video

We will analyze how the cloud is traditionally built in a VMware environment using vSphere, and the vCenter server. Then taking this analysis further, we will show how Microsoft provides comparable solutions to these products, and to additional products such as vFabric Application Director and vCenter Operations Manager. You will learn how Microsoft can manage virtual machines in a more granular way, and monitor the performance of applications running in virtualized and in physical environments.

Microsoft Virtual Academy: (Part 1) Competitive Advantages of Hyper-V Server 2012 over VMware ESXi 5.0 | TechNet Video

Microsoft Virtual Academy: (Part 2) Competitive Advantages of Hyper-V Server 2012 over VMware ESXi 5.0 | TechNet Video

Microsoft Virtual Academy: (Part 3) Competitive Advantages of Hyper-V Server 2012 over VMware ESXi 5.0 | TechNet Video

Microsoft Virtual Academy: (Part 4) Competitive Advantages of Hyper-V Server 2012 over VMware ESXi 5.0 | TechNet Video

We will focus the demonstrations and presentation on Microsoft Hyper-V Server, the free product from Microsoft that contains the core hypervisor components.

We will detail how the core driver model works to enable interoperability with different hardware and software. We will discuss concepts such as Live Migration, and how IT administrators can move running virtual machines around between physical nodes within a cluster. Following this, we will demonstrate exactly how a cluster can be built within Hyper-V Server to provide high availability. Then we will cover how to run virtual machines on the clusters.

Microsoft Virtual Academy: (Part1) Competitive Advantages of Windows Server 2012 Hyper-V over VMware vSphere 5.0 | TechNet Video

Microsoft Virtual Academy: (Part 2) Competitive Advantages of Windows Server 2012 Hyper-V over VMware vSphere 5.0 | TechNet Video

Microsoft Virtual Academy: (Part 3) Competitive Advantages of Windows Server 2012 Hyper-V over VMware vSphere 5.0 | TechNet Video

Microsoft Virtual Academy: (Part 4) Competitive Advantages of Windows Server 2012 Hyper-V over VMware vSphere 5.0 | TechNet Video

We will look specifically at Hyper-V and how it competes effectively against VMware vSphere 5 when building virtualized infrastructures.

This session will focus first on scalability, performance and density. Then we will look at multi-tenancy and the improvements we have made around security and networking. We will look at how Hyper-V can power an agile infrastructure, giving you flexibility to move workloads around better than before. Finally, we will look at the different levels of availability and resiliency built-in to Hyper-V, and how they can provide the best platform for your mission critical applications and workloads.

Microsoft Virtual Academy: (Part 1) Competitive Advantages of System Center 2012 over VMware’s Management Technologies | TechNet Video

Microsoft Virtual Academy: (Part 2) Competitive Advantages of System Center 2012 over VMware’s Management Technologies | TechNet Video

Microsoft Virtual Academy: (Part 3) Competitive Advantages of System Center 2012 over VMware’s Management Technologies | TechNet Video

Microsoft Virtual Academy: (Part 4) Competitive Advantages of System Center 2012 over VMware’s Management Technologies | TechNet Video

We will take an in-depth look at the technologies and how they map to a private cloud strategy, comparing the VMware vCloud and System Center 2012.

We will cover several key areas of management including VM management, monitoring, service management, self-service automation, and configuration management. The presentation and demonstrations will evaluate the competing products component-by-component, and how each brings their own benefits. In addition, we will address the concept of protection, and how it is a central part of the private cloud infrastructure protecting virtualized and non-virtualized environments.

Hope you have a great learning time with these links and resources. Feel free to drop a comment anytime.

2 Comments »

Continue reading...


 

What is new in Windows Server 2012 October 4th, 2012

Vinod Kumar

With the release of Windows Server 2012, there is so much to learn from each version and this release is no excuse. In this post, let us look at some of the enhancements done with Windows Server 2012 for reference. There are some interesting features introduced for SQL Server 2012 too and we will look at it in future posts.

What’s New in Active Directory Domain Services (AD DS)
Active Directory Domain Services (AD DS) in Windows Server 2012 includes new features that make it simpler and faster to deploy domain controllers (both on-premises and in the cloud), more flexible and easier to both audit and authorize access to files, and easier to perform administrative tasks at scale, either locally or remotely, through consistent graphical and scripted management experiences.

  1. Dynamic Access Control (DAC), permissions based on AD attribute eg. Location, Department

What’s New in BitLocker
BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen.

  1. Used Disk Space Only encryption allows for a much quicker encryption experience
  2. Support for Encrypted Hard Drives for Windows

What’s New in BranchCache
BranchCache in Windows Server 2012 and Windows 8 provides substantial performance, manageability, scalability, and availability improvements.

  1. Data De-duplication, duplicate content is stored once and downloaded once

What’s New in Failover Clustering
Failover clusters provide high availability and scalability to many server workloads. These include file share storage for server applications such as Hyper-V and Microsoft SQL Server, and server applications that run on physical servers or virtual machines.

  1. Scalability, Scales to 64 nodes and 4,000 virtual machines per cluster
  2. Cluster-Aware Updating, applies software updates across the cluster nodes while maintaining availability
  3. Scale-Out File Servers, provides CSV storage and integrates with File Services features to support scalable, continuously available application storage
  4. Dynamic Quorum, simplifies quorum setup and increases the availability

What’s New in File Server Resource Manager
File Server Resource Manager provides a set of features that allow you to manage and classify data that is stored on file servers.

  1. File Classification, automatic classification processes

What’s New in Hyper-V
The Hyper-V role enables you to create and manage a virtualized computing environment by using virtualization technology that is built in to Windows Server 2012. Hyper-V virtualizes hardware to provide an environment in which you can run multiple operating systems at the same time on one physical computer, by running each operating system in its own virtual machine.

  1. Client Hyper-V, now available in a desktop operating system
  2. Hyper-V Replica, replicate virtual machines between storage systems
  3. Live migration, perform a live migration in a non-clustered environment
  4. Scale and resiliency, significantly larger compute and storage resources
  5. SMB 3.0 file shares, SMB 3.0 file shares to provide storage for virtual machines
  6. Virtual switch, open framework that allows third parties to add new functionality, extensible capabilities to connect virtual machines to the physical network

What’s New in Networking
Discover new networking technologies and new features for existing technologies in Windows Server 2012. Technologies covered include BranchCache, Data Center Bridging, NIC Teaming, and more.

  1. SMB 3.0 and RDMA, very fast inter-process communication (IPC) and inter-computer communications
  2. Network (IP) virtualization and Virtual switch, decouples virtual networks for customer virtual machines from the physical network infrastructure
  3. NIC teaming, bandwidth aggregation and traffic failover
  4. Quality of Service, deliver predictable network performance to virtual machines
  5. DirectAccess and RRAS, new Remote Access server role allows for centralized administration, configuration, and monitoring

What’s New in Remote Desktop Services
The Remote Desktop Services server role in Windows Server 2012 provides technologies that enable users to connect to virtual desktops, RemoteApp programs, and session-based desktops. With Remote Desktop Services, users can access remote connections from within a corporate network or from the Internet.

  1. Fairshare experience (Network, Disk, and CPU), one user does not negatively impact the performance of another user’s session
  2. Multi-Touch RDP

What’s New in Smart Cards
Smart cards and their associated personal identification numbers (PINs) are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, a user must have the smart card and know the PIN to gain access to network resources.

  1. Virtual smart cards, emulate the functionality of traditional smart cards

PowerShell 3.0 and ISE, improved IDE eg. Intellisense

Storage Spaces, virtualize storage by grouping industry-standard disks into storage pools (thin provisioning)

SQL on SMB, store clustered user database files on SMB file shares

Hope these will make a good weekend reads. If you feel we missed something significant from Windows Server 2012 in this post, feel free to write it over the comments.

UPDATE: Links and resources to Microsoft Virtual Academy Courses on Windows Server 2012.

2 Comments »

Continue reading...


 

Contained Databases inside SQL Server 2012 October 3rd, 2012

Vinod Kumar

Recently I was reading one of the blog post from Pinal around “Importance of users without Logins” and this triggered this post. The concept of contained databases are lesser known inside SQL Server 2012 release and hardly mentioned. In this post let me introduce what Contained Databases are and explain some of the benefits.

Before we hit the basics, it is important to understand what are the different things applications require from the database? Apart from the database, data and some logics (SP’s, functions, triggers etc) there are also components that live outside the scope of the application database. Some of them include:

  1. Logins: Maintained in the master DB.
  2. Temp tables: T-SQL code use them and are manipulated in the tempDB Database.
  3. Jobs: These can be agent jobs for specific automation or day end jobs for cleansing.
  4. Error Messages: Custom error messages are stored inside the master DB.
  5. Linked Servers: These are stored in the master database.

There can be other things that get missed from the above list. But the problem starts when this application needs to be moved around between environments for system upgrades, high availability, consolidation or load balancing etc reasons. Before SQL Server 2012 there was no systematic process to take these items along in this situation. The biggest downfall today is to have significant familiarity with all these moving components and to manually set them on each of the environments. I am not trying to make this sound really bad, but these are things to keep in mind even today.

Partial Containment in SQL Server 2012

Now that we know the basics of why and need for some changes, let me introduce the containment concept. SQL Server 2012 introduces partial containment concept which introduces an application boundary around the database yet allowing features that cross the application boundary to be accessible. As the name suggests, in this release we have the contained authentication and some subtle collation dependencies added. This means:

  1. We can have a new SQL User with a password part of the contained authentication.
  2. Now tempDb objects don’t use the default collation of tempDB but uses that defined with the contained database.

I feel this is a great start atleast. In the future, we can see enhancements going into this feature to make it more complete by adding all the application objects into the containment boundary. Only the future releases will define these, let us see what we have in hand.

Enable Contained Databases at Instance level

Using SQL Server Management Studio, the steps are simple.

  1. In Object Explorer, right-click the server name, and then click Properties.
  2. On the Advanced page, in the Containment section, set the Enable Contained Databases option to True.
  3. Click OK.

image

If you would like to script this step and use it part of your application deployment strategy.

EXEC sp_configure ‘show advanced options’, 1 ;
GO
RECONFIGURE ;
GO
EXEC sp_configure ‘contained database authentication’, 1;
GO
RECONFIGURE ;
GO
EXEC sp_configure ‘show advanced options’, 0 ;
GO
RECONFIGURE ;
GO

The above option enables both contained databases and contained authentication.

Creating a Partially Contained Database

Just like the option with the Server node, there is a containment type option that has been added to the existing database options. The same can be set in the database properties –> Options page like the image below:

image

From a T-SQL perspective, you can use the option extended part of the CREATE Database command to enable the same.

CREATE DATABASE database_name
[ CONTAINMENT = { OFF | PARTIAL } ]
[ ON
[ PRIMARY ] <filespec> [ ,...n ] ….

Now coming for existing databases to be converted to contained databases, there are few steps to be taken. I would highly recommend to check if there are any containment errors that might come before this step. The first and simplest way would be to use the DMV (sys.dm_db_uncontained_entities). Just run:

select * from sys.dm_db_uncontained_entities

Some of the Dynamic SQL cannot be determined till the run time and can be ignored or needs further attention. To pick these errors at runtime use the database_uncontained_usage Xevent if needbe. Since this XEvent will fire for actual uncontained entities at run time, it will not identify any uncontained user entities that you have not run.

Once the errors have been eliminated and we are sure the database is safe to be turned into contained database, use the SQL Server Management Studio to do the same or use the below T-SQL.

USE [master]
GO
ALTER DATABASE [AdventureWorks2012] SET CONTAINMENT = PARTIAL
GO

Once this step has been performed, check if the same has taken effect. The two columns namely containment and containment_desc can be used to determine the containment state of the databases.

SELECT containment, containment_desc FROM sys.databases
WHERE name like ‘AdventureWorks2012′

Next step would be to Migrate your existing logins to be converted to SQL users for contained databases. This can be done using the SP sp_migrate_user_to_contained. A typical login called “AppUser” can be converted like below:

EXECUTE sp_migrate_user_to_contained
        @username = ‘AppUser’,
        @rename = N’keep_name’,
        @disablelogin = N’disable_login’;

If you would like to find out specific Logins associated with users inside a given database, feel free to use the below query:

SELECT dp.name
       FROM sys.database_principals AS dp
       JOIN sys.server_principals AS sp
       ON dp.sid = sp.sid
       WHERE dp.authentication_type = 1 AND sp.is_disabled = 0;

Creating Contained Users

We started this blog post talking about users without logins. Contained users are new and authenticated inside SQL Server 2012 and can be of 3 types.

  1. User based on a Windows user who has no login.
  2. User based on a Windows group that has no login.
  3. Contained database user with password.

To create a new contained user, under the Security node inside the Database node you have the New –> User option.

image

Once inside the dialog, Select either SQL user with password or Windows user. On the General page, enter a name for the new user in the User name box and click OK.

image

To do the same operation inside T-SQL, feel free to use the below syntax. You can see we have not referenced the Login here for the user. For a contained DB this will be an contained user.

CREATE USER MyDBUser
WITH PASSWORD = ‘my$tr0ngPwd’;
GO

How are Users Authenticated?

For SQL Server authentication in a contained database, the connection must specify an initial catalog and the authentication in this scenario is first attempted against the contained user. In event of no such user exists, SQL Server will fall back to check the authentication at the server level. If the user or password donot match then the authentication will fail.

The concept is similar incase of Windows authentication too but the order is reversed as the first check is done at the server level and then at the DB level.

Final thoughts

I think this is a great start to understand contained databases to start with. Do try to play around with this feature and drop a line if they are making interesting scenario’s for you. We have refrained from talking about other fine prints and scenarios of duplicate names (Login ID), tempDB objects, Collation etc in this post. We will reserve the same for a later post.

Hope this post makes it easy to understand what contained databases are, how to create contained users and what are some of the fine prints to understand. Your comments are most welcome.

15 Comments »

Continue reading...


 

Picture Post: World of information overload October 2nd, 2012

Vinod Kumar

Data is not information, information is not knowledge, knowledge is not understanding, understanding is not wisdom – Clifford Stoll

This is a simple concept to understand. Let us assume the amount of time we spend on the internet, amount of data we download, how we fill every single hard disk we have and yet complain we need more. Yes, the number of blogs out there are plenty, every day we will never be able to read so much of content that is present in the open world. We need to pick and make conscious choices of what we want to read and make plenty of the given time.


Now, think about the same concept inside our organizations. I discussed this concept in a different way in my previous post around paralysis by analysis. As decision makers if we need to analyze something we need to be able to pick the anomalies from the overdose of data that exists inside our Data warehouse. Be focused is the most important concept I would like to drive here.

Everybody gets so much information all day long that they lose their common sense – Gertrude Stein

1 Comment »

Continue reading...


 

Change yourself to let success follow you September 27th, 2012

Vinod Kumar

There is a constant struggle to always question our inner self why me? Why am I not able to succeed as I wanted? Why does it feel that the whole world around me is trying to conspire against me? Why are the results not coming for me? This frustration filled with anxiety has been in all our lives and we always struggle to understand it completely. In this blog post, let me take my top 20 things we need to change within ourselves so that the results are fundamentally just an outcome. Doing the right things and letting the results be taken care is always the right approach to anything we do in life. I am a big time supporter of this concept and use this at work to the max.

Always be yourself, express yourself, have faith in yourself, do not go out and look for a successful personality and duplicate it – Bruce Lee

Here are my top 25 things that need to be changed to make sure you expect the desired output. These are not exhaustive and would love to hear from your experiences too. Success can be got ….

  1. … when we work harder.
  2. … when we stop making excuses.
  3. … when we stop being narrow in our thoughts.
  4. … when we doubt others less.
  5. … when we start caring about others too in the journey.
  6. … when we ask for help keeping our ego’s away.
  7. … when we start being creative and smart in solving the problem.
  8. … when there is a solid plan for execution.
  9. … when you enjoy and are learning in the process.
  10. … when you resist and don’t stop with short term failures.
  11. … when you make the problem part of the team’s problem and walk with others.
  12. … when you conquer your fears.
  13. … when you are all ears to listen the solution from others.
  14. … when you inspire others and get inspired by people around you.
  15. … when you fight through the failures.
  16. … when you stop believing purely by what others say.
  17. … when you control what your mind says and make sure you put your heart behind it too.
  18. … when you are persistent in your pursuit.
  19. … when you are always in a positive attitude.
  20. … when you protect team from failure and share the success with whole team.
  21. … when you are bold enough to say “I am sorry”.
  22. … when you stop being selfish.
  23. … when you give your complete 100% without holding back.
  24. … when you are ready to adapt as the situation demands if needbe. Be agile !!!
  25. … when you don’t forget to say “Thank You”.

Try to do couple of them as you transform yourself a better person every single day. Understand, success is a journey and not a destination. We need to trust and believe in our own self first and stop complaining. Do feel free to tell me your views on this topic.

I’ve failed over and over and over again in my life and that is why I succeed – Michael Jordan

23 Comments »

Continue reading...


 

Picture Post: Paralysis by Analysis September 25th, 2012

Vinod Kumar

It requires a very unusual mind to undertake the analysis of the obvious.

As I start to talk with CIO’s at various organizations, they are constantly at Dashboard or metrics discussion. It is a fair call and I respect their needs because being at that level, there is no point going through the fineprints.

Also, there have been IT Managers who constantly post the session come and ask, how can I drill and find problems out of my current data. The solutions to the problem are always with you as the data is also with you :). It is to have that inclination to read it in an efficient consumable format is the problem statement here.

Above picture post got inspired by those nit-picking people. The number of people creating these analysis for the top management are small but are available at every level. But at each level, the analysis takes a different shape and the assumptions made at the previous stage gets missed out. Hence the top management who views the output is perplexed why :). Now you will understand why the reports generated by some get questioned and the numbers validity raised at a review meeting.

I don’t really get into a big intellectual analysis of why I am going to do a certain script or not. – Clint Eastwood

I am also from the school of thought where “Paralysis by Analysis” is the case. Over analyzing can also be detrimental and you might miss out some of the obvious data observations. Do feel free to tell me your thoughts on this.

3 Comments »

Continue reading...


 

Picture Post: What drives our persistence? September 21st, 2012

Vinod Kumar

For a change it is a heavy concept I think :). We have seen people persist with something for a long time and come out with flying colors. What is it that they have that made them go the extra mile?

And here is my take on why is happening – When people believe in something they hold onto it longer than expected. Hence the theory, more you believe, longer will you persist with it.

It’s the repetition of affirmations that leads to belief. And once that belief becomes a deep conviction, things begin to happen. – Muhammad Ali

3 Comments »

Continue reading...


 

Be happy– A-Z mantra September 18th, 2012

Vinod Kumar

What can one innovate when it comes to defining happiness? Well, here is a simple shot in understanding like a child from A-Z. You not only inherit insanity from a child, you also need to understand how happiness is defined by the simple things one uses from a child. So here are my generic take and a simple post with simple things we can do to be happy. I know the list can be completely different for you and feel free to share if you would like to add more.

A Accept the present and be realistic.

B Be bold in your decisions, be considerate too.

C Create something innovative and exciting.

D Decide your own future.

E Exercise daily.

F Face your fears and emotions.

G Give / Share, be it knowledge or happiness.

H Help others whenever possible or opportunity presents itself.

I Ignite the passion within and explore new horizons.

J Jump outside your comfort zone.

K Knowledge never goes waste. Learn something new every single day.

L Laugh out loud and enjoy the moments in front of you.

M Make clear goals in life. Be realistic and optimistic about achieving.

N Never give-up on your efforts.

O Observe the world around you.

P Paint your future by living your dreams.

Q Quit the bad habits that affect you.

R Risk are good provided you are completely sold on what you are doing.

S Smile at people, the best gift you can give to others every day.

T Thank people for what they do for you.

U Unleash your strengths. No one succeeded by just working on their weaknesses.

V Visualize the dreams come true.

W Write your thoughts and Walk for a healthy life.

X Xerox your passion as you talk with others.

Y Yield to your thoughts.

Z Zero the negative emotions. Be positive.

I know these are simple concepts and we accept it. Sometimes, it is nice to become a child and learn them all over again !!! Feel free to pass me your comments.

15 Comments »

Continue reading...


 

Dead Horse in the Modern era September 13th, 2012

Vinod Kumar

This is a very common theory and was proposed in the war days about the dead horse. The best strategy when you discover a horse is dead, is to dismount and move ahead. There is no way you can pull the weight around and win the war !!! This is common sense and when we read it in the war situation this makes complete sense. In the modern era, the strategies and techniques of corporate culture thinks otherwise and there are a number of things that they try to enforce or workaround.

We are not trying to stereotype the companies in general nor are trying to critique the HR practices. We are also not trying to see what the internal politics or like’s of the management are. I am just calling out some of the strange behaviors I have seen organizations make and thought would make a fun read for my readers :).

My top 10 hated techniques:

  1. If you are not able to manage an employee because of his command, try to get an even more assertive manager to deal with him and squeeze the heck out till he quits. Management always wants it their way, not your way else it will be highway !!!
  2. Whenever you see a sinking ship, blame the management and hire a new guy to take over, ultimately to die sooner. A step before this is to threaten to terminate the top management which you already have in mind via the board (remember the Spiderman movie :))
  3. Whenever there is a sinking ship, find how you can get someone from outside to study the situation and make a rosy (not-so-bad) situation. Understand, analysts are those who get paid heavily so that you can hear what you wanted. Worst are the cases of sending others to trainings and different divisions to study and come back to implement (you forget the environment and people that make it work).
  4. If a manager is sub-standard and doesn’t get along well with management, he tends to hire folks who overall bring the standard of the team down.
  5. When you see you are not able to manage with your own people get work done, strategies are to get bunch of contractors to do the same job thinking it will lower the overheads. One thing is for sure, you have increased your headache – because no one will be competent enough to maintain it later.
  6. When overall productivity and efficiency is down, management tends to get into training mode to improve the performance of the overall team. Though trainings are required, what the team needs more is sense of trust and purpose.
  7. If the non-performer is the favorite then the performance review is done using yardstick reference of that employee. Sometimes the management tends to see the smallest contributions as achievements and oversee the largest impact as work.
  8. Promoting incompetence’s up the chain, which in-turn will recruit incompetent people. This is the downhill for the organization as a whole.
  9. In order to get operational efficiency people revoke the small benefits (can range from reduced travel benefits, no free lunch, no team outing, no internet claims etc) thinking it will improve the profitability. Trust me, in the long run it will only hamper creativity and is demoralizing when such things happen.
  10. Identifying the non-performer and making an easy exit path without providing an genuine opportunity to show the talent. In the HR world called as desired attrition and not giving any hike to automatically demotivate them.

I am sure there are many more avatars of the modern era dead horse philosophy, I am sure you will be able to relate to few of the things I am mentioning above. Do tell me if you have seen any of the above characteristics in your life?

14 Comments »

Continue reading...


 
« Older Entries
Newer Entries »