March 2012 - Posts

• Exam Prep for 70-659 Part 4: Configuring Storage

  As I wrote in an earlier post, there is no better time to write your exam for 70-659 Windows Server 2008 R2, Server Virtualization, than now and particularly before May 31, 2012. So to aid in that endeavour, Joseph Yedid, an IT specialist with Enhansoft in Ottawa, has put together a series of posts focused on getting IT folk ready to pass this exam. Joseph writes his blog at www.josephyedid.com but has allowed me to repost this series here. Configuring Storage So, what is MPIO? MPIO is short for Multipath I/O. When installed, it is responsible for providing redundant paths to storage. Should one path to the storage array fail, MPIO will redirect traffic to the storage array through another path. As an example of its use, when you connect to a storage array, you might see in Disk Management two copies of the same storage location show up. This is not what we want to see. To solve this, install MPIO. Once installed, MPIO will create a virtual representation of the shared storage, making it look like one disk instead of two. Note also that MPIO is a feature not a role. Installing MPIO on a Server Core install is straight forward. Use the following from the command line: start ocsetup MultipathIo Multipath I/O has a control panel in Server Core which can be accessed by running mpiocpl.exe. Use mpclaim.exe to manage the MPIO configuration. Mpclaim is responsible for taking control of storage devices. To claim ISCSI devices, open the MPIO control panel. Click Discover Multi-Paths tab, select Add support for ISCSI devices, and then click Add. Restart the computer. When the system restarts, new hardware IDs will be listed under the MPIO Devices tab in the MPIO control panel. Dynamic I/O redirection is a function of CSV. I/O is dynamically redirected based on an available path. The ISCSI Initiator is used to connect to an ISCSI target. It is available for both the Windows client and Server products. Iscsicli.exe is the command line version of the ISCSI Initiator. Iscsicli.exe should be run from a command prompt with elevated privileges. This way you display the syntax of the program withiscsicli.exe /?. Since there is too much info and too many switches available to list, it would be best to run the previous command to get a full listing of what can be done.   Read the full series >> Joseph Yedid is an IT specialist working at Enhansoft a company based in Ottawa, Canada, that develops products and services to extend the value of System Center Configuration Manager 2007 (SCCM) and System Center Configuration Manager 2012. He is an avid user of technology and is certified in many areas of Microsoft infrastructure technologies. He is MCTS and MCITP certifed - Windows Server 2008 and Microsoft Vista/Windows 7. Other interests revolve around virtualization technologies, System Center and Private Cloud. Joseph is a member and on the executive of the Ottawa Windows Server User Group. Posted Friday, March 30, 2012 6:35 AM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, Windows Server, Windows Server 2008 R2, Hyper-V, Ruth Morton, 70-659

• Where’s The Windows “Start” Button?

  Over the last few weeks I have received many emails from IT professionals across the country about their experience with Windows 8 Consumer Preview.  Overall, I have to admit that the switch to the Metro UI by a number of you has not been a happy one.  Looks like you’re having some challenges with the new UI and I hope sharing my own experience with Windows 8 Consumer Preview may help others feel more comfortable with Metro.  Before I get started with my own story, I want to point out a couple of really good articles on the new Windows 8 Metro user interface.  My colleague, Pierre Roman, also blogged about his experience with Metro on his own blog – Thoughts…but Mostly After Thoughts.  Check it out!  As well, a MUST READ blog post from the Windows 8 product team is Getting around in Windows 8 which does a great job of helping you make the transition.  It also references an earlier post that introduces the new UI to provide a little more background and relevant info. Ok, now back to my story with Windows 8. Like many of you, I was very excited when the Windows 8 Consumer Preview was released on February 29th and downloaded it right away.  Working at Microsoft, we also have an internal version supplied by our own IT department that we are encouraged to install on our company machines.  I did both – I installed Windows 8 Consumer Preview on my home machine (no touch – just mouse and keyboard) as well as on my work machine – a touch-based Lenovo X201T.  My initial reaction after installing Windows 8 Consumer Preview was Where’s the Windows “Start” Button?  I had gotten so used to that little icon being in the bottom left corner of my screen, that it threw me for a loop for a little while.  The Metro UI showed me all of the things that I was working with in a single pane (email, calendar, instant messages, weather, stock reports, IE, etc.) but I really just kept looking for the “Start” button.  Besides clicking on the apps and scrolling them left to right, my first question is how do I install an app.  Funny enough, the old tried-and-true method of installing a CD in the drive worked – I got prompted to install the app, and did so.  Windows Explorer is also there and works the same as always, so I can navigate to an install folder on a share or a USB key and also install apps from there.   Once the apps was installed …lo and behold – it appeared as a tile on Metro!!!  OK, now we’re getting somewhere. I also learned that apps, when launched, also appear on the Windows Desktop just like they did in Windows 7.  All of my apps that I used in Windows 7 worked fine and they all worked as I expected them to – via the Desktop.  In fact, for most of my time, the interface that I find myself in looks an awful lot like it did in Windows 7: When I want to get back to Metro, I simply press the “Windows” key on my keyboard, which toggles between Metro and the Desktop, or the last app I was in.  Even better, I can move the apps in Metro so that the most often used ones appear right away on the Start screen (that’s right – it’s a screen with useful stuff and not just a button anymore).  If I want to start an app while in Metro, I can click on it, or scroll to locate it (like I used to do before in Windows 7 after clicking on the “Start” button), or just start typing the name and a Search window pops up with a list of apps that match what I’m typing, like when I’m looking for Windows Live Writer and I start typing "live”.  One really cool thing is that I can also try out apps from the Store and find out what others have developed.  My kids love this since all of the apps are free to try right now and there are some really cool games out there.  I’m hoping to see more over the next little while and so are my kids. So, what’s my verdict?  I have to admit it took a little getting used to.  I kind of felt like my wife when I handed her the new remote after I converted a single TV in our living room to a home theater with several components all working from a unified remote.  She (and others in the family) were challenged by my instruction to keep the remote pointed at the TV until it stopped sending a signal and were constantly wondering why they had a picture but no sound (receiver not turned on) or the XBox came on when they expected the PVR to (hit wrong button) and so on.  It took them a while but now everyone is now enjoying a much richer experience than before.  They wouldn’t go back to the way things were.  I wouldn’t either – I’m sold on Metro and Windows 8!  Funny enough, the machine I use most often is not touch-based and my Metro experience with a keyboard and mouse is a good one.  Posted Thursday, March 29, 2012 7:30 AM from Canadian IT Professionals | 0 Comments Filed under: Windows 8

• Need help studying for your 70-659 exam? Join one of our study groups!

  Different people learn in different ways and in my last post about the great incentives there are to take exam 70-659 Windows Server Virtualization before May 31st, I also listed a number of resources you could use to study up. Depending on your learning style, different resources will appeal to you. Well, if you’re the type that does better in a group or at a set time, then perhaps an online study group that meets once a week is just what you’re looking for. We’ve got a number of study groups lined up and more coming. I’ll update this post as other study groups come online. Here are details: Each group meets online through Lync for 3 hours at a time, once a week for 4 weeks. The cost is $75, which goes directly back to the “hosting” user groups, plus the processing fee for Eventbrite or Paypal. Each study group participant is sent a copy of the Windows Hyper-V Resource Kit book and has access to all the study group materials. Here are the scheduled group and registration links:      User Group “Host” Time (in EDT) Day Dates   Calgary* 6-9pm Sunday April 1, 8, 15, 22 REGISTER Edmonton* 6-9pm Sunday April 1, 8, 15, 22 REGISTER Vancouver noon – 3pm Saturday April 7, 14, 21, 28 REGISTER Montreal 4-7pm Sunday April 22, 29, May 6, 13 REGISTER (link coming soon) Toronto TBD     REGISTER (link coming soon) * One group is hosted by both the Calgary and Edmonton user groups and registration fees will be distributed depending on the registration link that is used to register.   I’ve said it before and I’ll say it again: There has never been a better time to get certified than now! Posted Wednesday, March 28, 2012 4:41 PM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, Windows Server, Certification, Windows Server 2008 R2, Hyper-V, training, Ruth Morton

• Exam Prep for 70-659 Part 3: Configuring Virtual Networks and VLAN Security

  As I wrote ain an earlier post, there is no better time to write your exam for 70-659 Windows Server 2008 R2, Server Virtualization, than now and particularly before May 31, 2012. So to aid in that endeavour, Joseph Yedid, an IT specialist with Enhansoft in Ottawa, has put together a series of posts focused on getting IT folk ready to pass this exam. Joseph writes his blog at www.josephyedid.com but has allowed me to repost this series here. Configuring Virtual Networks and VLAN Security In this section we will cover Virtual Networks and VLAN Security. Hyper-V Manager allows for MAC address ranges to be set to dynamically and be assigned to VMs. This can be found in the Virtual Networks page, Global Network Settings option. Network locations are usually determined by Network Location Awareness. However this can be overridden and needs to be done for ESX hosts. You will need to open the properties page of the host; choose the Hardware tab and choose a network adapter for which you want to configure. On the properties page, choose the Override discovered network location check box, then enter a new location in the text box. You can also set a network tag, under the Networking tab. Network tags help in distinguishing multiple virtual switches on the same logical network. When it comes to VLANS, there are 2 places that you can configure the VLAN settings. The first is in the settings of the VM in the properties of the VM’s network adapter. This is an individual VM setting. The second place is in the Virtual Network Manager. This is a global VLAN setting for all VMs connected to the same virtual network. VLAN Security can be achieved by isolating the host and VM networks’ physical network security; for example using a dedicated NIC for host management, and using VLAN tagging. The Virtual Network Manager is where you configure the network settings for VMs. There are 3 types of networks you can setup: External, Internal, or Private. External gives the VM access to everything. Internal restricts VM access to only the host and other VMs for internal communications. Private restricts VM access to private communications only with other VMs. For both Internal and Private settings there is no external communications outside the VMs. Previous Posts: Part 1: Installing Hyper-V Part 2: Remote Management Joseph Yedid is an IT specialist working at Enhansoft a company based in Ottawa, Canada, that develops products and services to extend the value of System Center Configuration Manager 2007 (SCCM) and System Center Configuration Manager 2012. He is an avid user of technology and is certified in many areas of Microsoft infrastructure technologies. He is MCTS and MCITP certifed - Windows Server 2008 and Microsoft Vista/Windows 7. Other interests revolve around virtualization technologies, System Center and Private Cloud. Joseph is a member and on the executive of the Ottawa Windows Server User Group. Posted Wednesday, March 28, 2012 3:00 PM from Canadian IT Professionals | 0 Comments Filed under: Windows Server 2008, Virtualization, Windows Server, Certification, Windows Server 2008 R2, Hyper-V, Ruth Morton, 70-659

• Monthly Online learning opportunity listing

  Hello folks, This is my compilation of some of the online resource available to you in April 2012. This list featuring both live and on-demand content including webcasts, videos, virtual labs, and podcasts by product and topic. this is not the WHOLE list of the available content. but these are the ones i thought were relevant to customers and IT pros. Microsoft webcasts are 30-90 minutes in length and feature interactive presentations, product demonstrations, and question-and-answer sessions. Virtual labs give you an opportunity to test drive Microsoft’s newest products in an online environment. It's simple—no complex setup or installation is required. Stream or download audio podcasts and quickly access content with RSS feeds. Microsoft podcasts are free — just click and Learn! You can View all the podcasts for IT professionals here. Or visit the Interactive IT Professional Webcast Calendar. Live Webcasts: TechNet Webcast: The Baker's Dozen: What's New in SQL Server 2012 (Part 3 of 13): New FileTable Enhancement (Level 300) Friday, April 06, 2012 - 9:00 AM - 10:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032508277&Culture=en-US TechNet Webcast: Information about Microsoft Security Bulletins for April (Level 200) Wednesday, April 11, 2012 - 11:00 AM - 12:00 PM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032499650&Culture=en-US TechNet Webcast: How Microsoft IT Improved Wireless Standards and Practices (Level 300) Tuesday, April 24, 2012 - 9:30 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032507915&Culture=en-US TechNet Webcast: Live! IT Time: Private Cloud Chat (Episode 6) (Level 200) Wednesday, April 25, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032503691&Culture=en-US Microsoft Office System Webcast: Outlook 2010: Customize Your Outlook Environment, and Work with Options for Email, Calendar, Tasks, and More (Level 200) Wednesday, April 11, 2012 - 9:00 AM - 9:45 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032503418&Culture=en-US Microsoft Office System Webcast: Excel 2010: Control Data Entry, Secure Your Workbooks, and Do More with Excel 2010 (Level 200) Wednesday, April 11, 2012 - 11:00 AM - 11:45 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032503420&Culture=en-US Highly Rated On-Demand Webcasts: TechNet Webcast: Hyper-V: The Base of a Private Cloud TechNet Webcast: You've Got a Cloud: Familiar Tools to Manage It TechNet Webcast: Complete a Seamless Transition from GroupWise to Office 365 Microsoft Office Tips and Tricks: Do More with Data in Excel 2010 New Videos: TechNet Radio: Virtually Speaking with Yung Chou –“What is Cloud?” TechNet Radio: Virtually Speaking with Yung Chou: Understanding Cloud Computing TechNet Radio: Virtually Speaking with Yung Chou: “What is Private Cloud? TechNet Radio: Virtually Speaking with Yung Chou: “How Does Cloud Computing Apply to Me?” TechNet Radio: Virtually Speaking with Yung Chou: Become the Next Private Cloud Expert Office 365 Jump Start (01): Microsoft Office 365 Overview for IT Pros (Level 200) Office 365 Jump Start (02): Deploying Clients For Office 365 (Level 200) Office 365 Jump Start (03): Microsoft Office 365 Administration & Automation Using Windows PowerShell (Level 200) New Podcasts: TechNet Radio: STB News Bytes - System Center 2012 Reviewer’s Workshop (Part 1) WMV | WMA TechNet Radio: STB News Bytes - System Center 2012 Reviewer’s Workshop (Part 2) WMV | WMA TechNet Radio: IT Time – Microsoft Virtual Academy Preview – Windows 8, SQL Server 2012 and System Center 2012 WMV |  WMA TechNet Radio: IT Time – Inside Microsoft IT – The Consumerization of IT WMV | MP4 Business insights, Microsoft Dynamics, IT talk shows, and small business content: Business Insights Webcast: Office 365: Business Utilization of SharePoint Online (Level 200) Wednesday, April 04, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032506153&Culture=en-US Microsoft Dynamics Webcast: Learn how your Active Microsoft Dynamics Business Ready Enhancement Plan help you Collaborate with your Peers (Level 100) Tuesday, April 10, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032501554&Culture=en-US Business Insights Webcast: You Can't Hack Yourself Secure (Level 100) Thursday, April 12, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032508389&Culture=en-US Microsoft Dynamics Webcast: Management Reporter 101 for Microsoft Dynamics SL (Level 100) Thursday, April 12, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032501473&Culture=en-US Microsoft Dynamics Webcast: Financial Reporting with Management Reporter for Microsoft Dynamics GP (Level 100) Wednesday, April 18, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032501557&Culture=en-US Microsoft Dynamics Webcast: Management Reporter and Performance Management with Microsoft Dynamics AX 2012 (Level 100) Thursday, April 19, 2012 10:00 AM – 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032501559&Culture=en-US Microsoft Dynamics Webcast: Transitioning from Module Based Licensing to Business Ready Licensing (Level 100) Tuesday, April 24, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032501562&Culture=en-US Microsoft Dynamics Webcast: Outgrowing Your Entry-Level Accounting Solution? Microsoft Dynamics GP Can Help (Level 100) Tuesday, April 24, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032501565&Culture=en-US Microsoft Dynamics Webcast: Microsoft Dynamics GP 2010 R2 Functionality Review (Level 100) Wednesday, April 25, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032501567&Culture=en-US Microsoft Dynamics Webcast: Statement of Direction, Product Strategy, and Roadmap for Microsoft Dynamics NAV (Level 100) Thursday, April 26, 2012 - 10:00 AM - 11:00 AM Pacific Time https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032507221&Culture=en-US   Please let me know if this is something you find valuable. or if there is something specific you’re looking for. There is so much to learn. we should take advantage of every opportunities. As always, please contact me should you have any comments or questions. Cheers! Pierre Roman, MCITP, ITIL | Senior Technical Account Manager | Directeur de Compte Technique Senior Twitter | Facebook | LinkedIn   This article also appears on Thoughts… But mostly after thoughts. Posted Wednesday, March 28, 2012 11:13 AM from Canadian IT Professionals | 0 Comments Filed under: Webcast, IT Guy / IT Gal, Pierre Roman, Canadian IT Folks, Learning, webcasts, Online, Microsoft

• The “SQL Guy” Post # 22: Understanding Transparent Data Encryption

  You may have heard about Transparent Data Encryption (TDE), which was introduced in SQL Server 2008. But what does it do, what are its advantages and disadvantages and how can you leverage this technology in SQL Server? Keep reading this tips and tricks article to learn how.   Transparent Data Encryption (also called as TDE) is a technology in SQL Server that offers encryption of data-at-rest. This feature automatically encrypts the entire database (data and log files), as well as database backups, without requiring any programming or code changes to your application. The process is entirely transparent, hence the name Transparent Data Encryption.   When TDE is first enabled for a specific database, SQL Server encrypts the database in the background. During this process, the database remains online and responsive to client requests (similarly, when encryption is disabled, SQL Server decrypts the database in the background). Encryption is performed at the page level, and does not increase the size of the database in any way. Once the entire database is encrypted, new data gets encrypted on the fly as it is written to disk, and all data gets decrypted when read back.  Figure 1 illustrates the typical key hierarchy used for transparent data encryption.   If you are worried about protecting your sensitive data at rest, the solution is to use Transparent Data Encryption in SQL Server.   Figure 1: Transparent Data Encryption     Benefits of using TDE: (1)    Ease of implementation and transparency: TDE is essentially a “flip-the-switch” solution that allows you to encrypt your entire database and log files without application modifications. (2)    Additional security compared to cell-level encryption: TDE automatically encrypts tempdb and the database log files to prevent data leakage. (3)    Any data-type supported: Unlike cell-level encryption that returns only varbinary data, TDE allows you to store data using any native data type. (4)    Support for indexes: Because data is decrypted in the buffer pool, TDE allows the SQL Server query processor to use existing indexes on the data.   Drawbacks of TDE: (1)    Lowest support encryption granularity is the database. (2)    The data is not protected from authenticated, authorized database users, including the DBA.   HOW TO ENABLE TDE IN 5 EASY STEPS --Step 1: Create a Database Master Key in for the master database if --it does not already exist.   USE Master; GO   IF NOT EXISTS (SELECT 1 FROM sys.symmetric_keys WHERE name = '##MS_DatabaseMasterKey##')   CREATE MASTER KEY ENCRYPTION BY PASSWORD = '1GoodPassw0rd';   --Step 2: Create a server certificate for the TDE. This certificate is --used to protect the Database Encryption Key (DEK).   IF NOT EXISTS (SELECT 1 FROM sys.certificates WHERE name = 'SampleDatabase TDE Certificate')   CREATE CERTIFICATE SampleDatabaseTDEcertificate WITH SUBJECT = 'SampleDatabase TDE Certificate';   --Step 3: Create a Database Encryption Key (DEK) in the user database --(SampleDatabase) for use by TDE.   USE SampleDatabase; GO   IF NOT EXISTS (SELECT 1 FROM sys.dm_database_encryption_keys WHERE database_id = ( SELECT dbid FROM master..sysprocesses WHERE spid=@@SPID ))   CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_256 ENCRYPTION BY SERVER CERTIFICATE SampleDatabaseTDEcertificate   --Step 4: Turn on TDE encryption ALTER DATABASE SampleDatabase SET ENCRYPTION ON   --Step 5: Query DMV to confirm TDE is in effect SELECT DB_NAME(database_id) as DB,encryption_state FROM sys.dm_database_encryption_keys WHERE database_id=DB_ID(); GO     HOW IS DATABASE ENCRYPTION KEY MANAGED? Since the symmetric database encryption key (DEK) is used the encrypt the database in TDE, it cannot be left un-encrypted. To learn more on how SQL Server encrypts the DEK refer to this blog post.   CERTIFICATE EXPIRY – SHOULD I WORRY ABOUT IT? TDE encryption does NOT enforce expiration dates for certificates. You can continue to decrypt data with a certificate in TDE even if it is expired. This is different than service brokering and mirroring features where certificate expiry needs to be acted upon by the DBA.   However, don’t forget to backup your TDE certificates with the private key. The certificate backup is required while restoring / attaching the encrypted database.   TDE AND BACKUP COMPRESSION – CAN’T HAVE YOUR CAKE AND EAT IT TOO! Encryption introduces randomization in the data to maintain confidentiality. The high entropy of encrypted data makes it very difficult to compress, possibly even growing in size, because there is no statistical tendency to eliminate. It is because of this reason that backup compression is not recommended on a database with TDE enabled.   Figure 2 : Backup compression with TDE (BUFFERCOUNT = default, MAXTRANSFERSIZE = default, 1 backup device)   Observations : (1)    On a TDE enabled database, backup compression doesn’t reduce the size of the database. (2)    CPU utilization for the compressed backup is higher than the uncompressed backup, even though the backup size is not much different because the CPU resources are wasted in the compressed backup operation since attempts are made to compress the data even though it is not very compressible. (3)    On a TDE enabled database, it takes longer to perform a compressed backup that it takes to perform an uncompressed backup. Click here for more information on backup compression.   Posted Wednesday, March 28, 2012 7:30 AM from Canadian IT Professionals | 0 Comments Filed under: Security, SQL Server, SQLGuy

• Déployer Windows 7 avec MDT 2010, Partie 1 - Installation du serveur

  This post is the start of 4-part series for our French-speaking readers on how to use MDT 2010 to deploy Windows 7 in your environment.  The series is written by Yannick Plavonil, a Microsoft MVP based in Quebec.  You can find this and more on his own blog – Revue du Geek. Let me know what other topics you would like covered in the future.  Leave a comment or send an email by clicking on the link to the right of this post. Bien qu’il soit facile de trouver des guides sur internet pour déployer Windows 7, j’ai décidé de partager le mien avec mes fideles lecteurs! L’approche reste la meme mais il y a juste ma touche personnelle. Ce guide est composé de 4 étapes qui sont les suivantes: Installation et configuration du serveur de déploiement MDT 2010 Création d’une image référence de Windows 7 Déployer l’image référence de Windows 7 Configuration automatique avec la base de donnée avec MDT 2010 Objectifs: Cette partie 1 explique les étapes necessaires pour installer et configurer les composants Windows pour avoir un serveur de déploiement MDT 2010. Le tout se fait sur un serveur Windows 2008 R2 puis j’ajoute les differents roles et fonctionnalités: DHCP - ne pas installer ce role si vous l’avez déja dans votre environnement. Windows Deployment Services (WDS) Windows Server Update Services (WSUS) – ne pas installer ce role si vous l’avez déja votre environnement. Microsoft Deployment Toolkit 2010 SQL Server 2008 R2 Express – ou utiliser votre base de donnée de production. Pré-requis: Avoir un domaine Active Directory y compris un serveur DNS. Un serveur Windows 2008 R2 à jour (patchs windows update) nommé MDT01 membre du domaine. MDT 2010 peut aussi bien s’installer sur Windows Server 2003 ou 2008. Mais en utilisant la derniere version Windows 2008 R2, on bénéficie de meilleures performances et fonctionnalités comme le multicast. Pour un souci de performance, le serveur MDT01 doit avoir au moins 2G de RAM et 2 disques durs ou partitions (votre choix). Les sources de Windows 7 Télécharger MDT 2010 Télécharger Windows AIK 2.0 Report Viewer 2010 SQL Server 2008 R2 Express (SQL Management Studio n’est plus fourni de base avec cette version il faut donc le télécharger à part) 1. Préparation de l’environnement pour MDT01 On va dans cette partie on va ajouter les roles DHCP et WDS. Aussi creer les comptes de service et les OU dans Active Directory que MDT utilisera. Se connecter sur le Domain Controler Dans Active Directory User and Computers, creer les OUs suivants: a. NewComputers b. WDS Servers c. Service Accounts Dans l’OU Service Accounts, creer les comptes de service suivant avec pour mot de passe “Passw0rd”. Configurer les comptes pour que le mot de passe n’expire pas et désactiver le changement de mot de passe au prochain login. a. BuildAccount b. JoinAccount J’ai vu des situations ou les admins préferent simplement creer un seul compte de service et l’ajouter au groupe Domain Admins pour ne pas avoir à configurer les permissions. Mais pour des raisons de sécurité je préfere utiliser les 2 comptes. Toujours dans Active Directory User and Computers, déplacer l’objet computer MDT01 vers l’OU WDS Servers. Configurer une GPO DNS pour le serveur WDS Ceci est facultatif car je peux simplement configurer l’entrée DNS sur la carte réseau du serveur MDT01 mais il m’est arrivé une fois d’avoir recu un serveur avec le DNS mal configuré. Du coup j’ai décidé de faire cela avec une GPO car c’est un élément important pour le serveur WDS. Avec Group Policy Management, étendre la foret puis le domaine Choisir l’OU WDS Servers et sélectionner Create a GPO in this domain and link it here. Nommer cette GPO, Configuration DNS Server et sélectionner Edit. Dans Group Policy Management Editor, étendre Computer Configuration > Policies > Administrative Templates > Network > DNS Client. Choisir DNS Servers, sélectionner le bouton Enabled et dans le champ IP Addresses: taper les IP de vos serveurs DNS. Ok Redémarrer MDT01. Configurer les permissions sur l’OU NewComputers Si vous utilisez un compte de service Domain Admins alors ceci n’’est pas necessaire. Activer la vue Advanced Features sur la console Active Directory and Users. Dans Active Directory User and Computers, autoriser le compte de service JoinAccount pour gerer les objets Computer sur l’OU NewComputer. Dans les propriétés de l’OU NewComputers, sélectionner l’onglet Security puis cliquer sur Advanced. Sur la fenetre Advanced Security Setting for NewComputers, cliquer sur Add et ajouter le compte JoinAccount. Sur la fenetre Permissions Entry for Workstations, s’assurer que la section Apply to correspond à This object and all descendant objects. Puis cocher les permissions suivantes: a. Create Computer objects b. Delete Computer objects puis confirmer avec ok. Sur la fenetre Advanced Security Setting for NewComputers, cliquer sur Add à nouveau et ajouter le compte JoinAccount. Sur la fenetre Permissions Entry for NewComputers, configurer la section Apply to pour Descendant Computer objects. Puis cocher les permissions suivantes: a. Read All Properties b. Write All Properties c. Read Permissions d. Modify Permissions e. Change Password f. Reset Password g. Validated write to DNS host name h. Validated write to service principal name puis confirmer avec ok. Installation et Configuration role DHCP Utilisez votre DHCP de production si vous en avez un. Ici l’ajout du role DHCP se fait sur le serveur MDT01. Sur MDT01, se connecter avec le compte admin du domaine. Sur Server Manager, choisir Roles > Add Roles > DHCP Server puis suivant. Sur la page Select Network Connection Bindings, accepter les parametres par défaut. Sur la page Specify IPv4 DNS Server Settings, accept accepter les parametres par défaut. Sur la page Specify IPv4 WINS Server Settings, accepter les parametres par défaut. Sur la page Add or Edit DHCP Scopes, cliquer Add. Utiliser les parametres de votre choix ou les suivants. a. Scope Name: 192.168.1.0/24 b. Starting IP address: 192.168.1.100 c. Ending IP address: 192.168.1.199 d. Subnet Type: Wired (lease duration will be 8 days) e. Activate this scope: Selected f. Subnet Mask: 255.255.255.0 g. Default Gateway (optional): 192.168.1.1 h. Cliquer OK Sur la page Configure DHCPv6 Stateless Mode, accepter les parametres par défaut. Sur la page Specify IPv6 DNS Server Settings, accepter les parametres par défaut. Sur la page Authorize DHCP Server, accepter les parametres par défaut puis cliquer Suivant. Sur la page Confirm Installation Selections, cliquer Install. Installation et configuration de WDS Toujours sur MDT01 avec un compte admin du domaine, tapez les commandes suivantes dans PowerShell. Vous pouvez utiliser la console Server Manager si vous n’aimez pas le scripting! Import-Module servermanager Add-WindowsFeature –Name WDS –IncludeAllSubFeature Configuration de WDS une fois WDS installé, on va maintenant configurer les propriétés du serveur. Lancez la console Windows Deployment Services Se positionner sur MDT01 (si le serveur n’apparait pas alors faire un clic droit > Add Server > choisir local computer) Faire un clic droit > Configure Server > suivant Sur la page Remote Installation Folder location, dans le champ Path: entrez D:\RemoteInstall puis suivant. Sur la page DHCP Option 60, sélectionner Do not listen on port 67 and Configure DHCP option 60 to PXEClient puis suivant. Sur la page PXE Server Initial Settings, choisir Respond to all client computers (known and unknown). Ne pas cocher Require administrator approval for unknown computers. Sur la page de configuration, décocher Add images to the server now puis Finish. Installation et configuration de SQL Server 2008 R2 Express Toujours sur MDT01 avec un compte admin du domaine, commencez par installer le Framwework 3.5.1 dans PowerShell avant d’installer SQL Server. Faire ceci si vous ne voulez pas utilisez votre serveur SQL en production. Import-Module servermanager Add-WindowsFeature –Name NET-Framework, NET-Framework-Core Installer SQL Server 2008 R2 en suivant l’assitant. Il faut juste s’assurer de configurer correctement les parametres suivants: Feature Selection: cocher Database Engine Services (+ Management Tool basic pour SQL Server 2008) Instance Configuration: SQLExpress et installer sur le partion D:\ Server Configuration: a. SQL Server Database Engine: AUTHORITY\SYSTEM b. SQL Server Browser: Startup Type Automatic Database Engine Configuration: Ajouter le compte actuel dans le champ Specify SQL Server Administrators Poursuivre le reste de l’installation. Une fois l’installation terminée, il faut activer le protocole Named Pipes dans SQL Lancez la console SQL Server Configuration Manager > SQL Server Network Configuration > Protocols for SQLEXPRESS > Clic droit sur Named Pipes et selectionner Enable. Redémarrer le service SQL Server. Installation et configuration de WSUS Toujours sur MDT01 avec un compte admin du domaine. Passez par la console Server Manager si vous n’utilisez par PowerShell. Faire ceci si vous n’avez pas déja de serveur WSUS en production. Dans une fenetre PowerShell Import-Module servermanager Add-WindowsFeature –Name OOB-WSUS –IncludeAllSubFeature Configurer votre serveur WSUS comme vous le désirez. Installation de MDT 2010 et des composants Toujours sur MDT01 avec un compte admin du domaine. Installer Windows AIK. Installer Report Viewer 2010 Installer MDT 2010 Ceci est un patch pour corriger l’erreur: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Télécharger le fichier ZTIUtility.vbs et le copier dans C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Scripts. Creation et partage du dossier Logs Creer le dossier Logs sur D:\Logs et le partager avec le nom Logs$ Autoriser le groupe Everyone sur Change permissions dans la partie Sharing Permissions. Autoriser le compte BuildAccount sur Modify permissions dans la partie NTFS Permissions. Mettre à jour le serveur MDT01 avec Windows Update. Eh ben dis donc! c’est bien long de configurer ce petit serveur. Posted Monday, March 26, 2012 7:30 AM from Canadian IT Professionals | 0 Comments Filed under: MVP, français, how-to, Windows 7, #CDNWIN7, french

• Exam Prep for 70-659 Part 2: Remote Management

  As I wrote ain an earlier post, there is no better time to write your exam for 70-659 Windows Server 2008 R2, Server Virtualization, than now and particularly before May 31, 2012. So to aid in that endeavour, Joseph Yedid, an IT specialist with Enhansoft in Ottawa, has put together a series of posts focused on getting IT folk ready to pass this exam. Joseph writes his blog at www.josephyedid.com but has allowed me to repost this series here. In this section, I will cover remote management. Remote Management VMM Agents are installed automatically on all hosts and library servers. The agents can also be installed manually or locally through the VMM setup or with the vmmAgent.msi file. When installing in a perimeter network, you must use the vmmAgent.msi file and provide additional information. Firewall rule settings also need to be applied to allow for remote management Firewall rules are added automatically when Hyper-V is installed and when a host is added from VMM. To enable remote management from the command line use the following: netsh advfirewall firewall set rule group="remote administration" new enable=yes Configuring Virtual Network Manager settings consists of 2 categories: Virtual Networks and Global Network Settings. Virtual Networks allow you to create External, Internal, or Private networks. It also allows you to configure LAN and cluster settings. The Global Network Settings allow you to configure MAC ranges to be assigned to VMs dynamically. Previous Posts: Exam Prep for 70-659 Part 1: Installing Hyper-V Joseph Yedid is an IT specialist working at Enhansoft a company based in Ottawa, Canada, that develops products and services to extend the value of System Center Configuration Manager 2007 (SCCM) and System Center Configuration Manager 2012. He is an avid user of technology and is certified in many areas of Microsoft infrastructure technologies. He is MCTS and MCITP certifed - Windows Server 2008 and Microsoft Vista/Windows 7. Other interests revolve around virtualization technologies, System Center and Private Cloud. Joseph is a member and on the executive of the Ottawa Windows Server User Group. Posted Monday, March 26, 2012 6:31 AM from Canadian IT Professionals | 0 Comments Filed under: Windows Server 2008, Virtualization, Windows Server, Certification, Windows Server 2008 R2, Hyper-V, Ruth Morton, 70-659

• Exam Prep for 70-659 Part 1: Installing Hyper-V

  As I wrote ain an earlier post, there is no better time to write your exam for 70-659 Windows Server 2008 R2, Server Virtualization, than now and particularly before May 31, 2012. So to aid in that endeavour, Joseph Yedid, an IT specialist with Enhansoft in Ottawa, has put together a series of posts focused on getting IT folk ready to pass this exam. Joseph writes his blog at www.josephyedid.com but has allowed me to repost this series here. In this series of blog posts, I will be trying to explain the requirements for the 70-659 exam. In mirroring the actual exam outline, I will start with Installing and Configuring Host and Parent Settings. Installing Hyper-V To start off, the required BIOS settings should be turned on to allow Hyper-V to work. The BIOS must support: Hardware Assisted Virtualization:   Intel-VT   or   AMD-V Data Execution Prevention (DEP):     The nomenclature for DEP can differ between Intel and AMD, or BIOS vendors. But the standards are below: AMD CPUs – AMD No-Execute (NX) bit must be turned on. Intel CPUs – Intel Execute Disable (XD) bit must be turned on. Once the BIOS settings are enabled, Hyper-V can be installed. There are a few ways that Hyper-V can be installed. In Server Core: Use Start /w ocsetup Microsoft-Hyper-V command. GUI: In the full GUI of Windows Server 2008 R2, you will have to add the role. Virtual Machine Manager (VMM): A third method to install Hyper-V on a system is using VMM. In host systems without the Hyper-V role installed, VMM will install the Hyper-V role, as long as they are discoverable in AD. The host systems must be Windows Server 2008 or Windows Server 2008 R2. For Windows Server 2003 systems, VMM will install Virtual Server 2005. Hyper-V Server R2 is a standalone server that does only one thing; Hyper-V. It is the only role in the product. Configuring it is pretty straight forward. This is due to fact that it is configured with a menu type interface. The menu allows for quick configuration of the server, due to the fact that no GUI is present. The file name used to bring the menu back (if closed) is HVCONFIG. Don’t confuse HVCONFIG with SCONFIG. Although they look the same, SCONFIG is the menu for Server Core, whereas HVCONFIG is the menu for Hyper-V Server. Joseph Yedid is an IT specialist working at Enhansoft a company based in Ottawa, Canada, that develops products and services to extend the value of System Center Configuration Manager 2007 (SCCM) and System Center Configuration Manager 2012. He is an avid user of technology and is certified in many areas of Microsoft infrastructure technologies. He is MCTS and MCITP certifed - Windows Server 2008 and Microsoft Vista/Windows 7. Other interests revolve around virtualization technologies, System Center and Private Cloud. Joseph is a member and on the executive of the Ottawa Windows Server User Group. Posted Friday, March 23, 2012 6:30 AM from Canadian IT Professionals | 0 Comments Filed under: Windows Server 2008, Virtualization, Certification, Windows Server 2008 R2, Hyper-V, Ruth Morton, 70-659

• Creating a New Active Directory Forest in Server Core

  We often get asked how to do certain “simple” operations on the GUI when running the Server Core installation of Windows Server 2008 R2.  While the SCONFIG utility allows you to perform a number of tasks quickly, it does not cover every possibility.  There are still times when you need to go to the command line or look into using PowerShell.  In this post, Mitch Garvis takes you through how to create a new Active Directory Forest in Server Core. This article explains how to install a new domain forest on Windows Server Core, or in the Windows Server CLI (Command Line Interpreter). I will not discuss any other option for RODCs, existing domains, child domains, and so on… there are a plethora of articles out there that describe those already. It astounded me the first (several) times I tried to create a new domain using Windows Server Core installations as my first domain controller in the forest. There are, I should mention, copious articles on creating additional DCs in an existing domain, but I have not come across too many (any?) that explained creating the FIRST… i.e.: creating the forest FOR the trees This evening Steve Syfuhs and I sat down and attempted to do just that. Actually our original intentions had very little to do with that, but as we discovered along the way we would have two choices: Create a new physical server with Windows Server 2008 FULL install, create a new domain on GUI mode, join our Server Core machine to that domain, promote it to Domain Controller, transfer all Operations Master Roles to the Server Core machine, and continue on; or Figure out once and for all how to create our domain in Server Core. I should point out that between us we read several dozen articles (including some written by some very reputable IT Pros) that CLAIMED that it was possible, but none that elaborated. So we started clawing our way through the tidbits we gleaned from various sources and came up with the following unattend file that did the job: [DCInstall] InstallDNS=yes NewDomain=forest NewDomainDNSName=swmi.ca DomainNetBiosName=SWMI SiteName=Default-First-Site-Name ReplicaOrNewDomain=domain ForestLevel=3 DomainLevel=3 DatabasePath="%systemroot%ntds" LogPath="%systemroot%ntds" RebootOnCompletion=yes SYSVOLPath="%systemroot%sysvol" SafeModeAdminPassword=Pa$$w0rd Now: Once the file was created we put it in the root of C: on the server core machine, and typed the following command: dcpromo /unattend:c:unattend.txt The next user interaction was (after a reboot) a logon prompt for the SWMIAdministrator account. I hope this helps the next group of IT Pros trying to claw their way through the process… Creating AD Forests and Domains is something I have done a thousand times but always in GUI mode; from now on I can do it either way… and so can you! Mitch - I'm a Windows 7 PC My blog | Twitter | Facebook | LinkedIn | MVP Profile | Virtual Business Card | About Me This post also appears on garvis.ca. Posted Thursday, March 22, 2012 7:30 AM from Canadian IT Professionals | 0 Comments Filed under: Windows Server 2008, how-to, Windows Server 2008 R2, Mitch Garvis

• The “SQL Guy” Post # 21: Efficiently Manage Large Data Modifications

  Did you know that you can now use the TOP operator for Deleting, Inserting and Updating data in SQL Server tables? Using the TOP operator for DML operation can help you in executing very large data operations by breaking the process into smaller pieces. This can potentially help with increased performance and also helps with improving database concurrency for larger and highly accessed tables. This is considered as one of the best techniques for managing data modifications on large data loads for reporting or data warehouse applications. When you perform an update on large number of records using single set updates, it can cause the Transaction Log to grow considerably. However, when processing the same operation in chunks or pieces, each chunk is committed after completion allowing SQL Server to potentially re-use the T-Log space. Another classic issue many of us have experienced is when you are performing very large data updates and you cancel the query for some reason, you would have to wait for a long time while the transaction completely rolls back.   With this technique you can perform data modifications in smaller chunks and you can continue with your updates more quickly. Also, chunking allows more concurrency against the modified table, allowing user queries to jump in, instead of waiting for several minutes for a large modifications to finish. Let’s take an example of deleting 1000 rows of records in a chunk. Assume a table called LARGETABLE table that has millions of records and you want delete 1000 records in chunk: DELETING LARGE TABLE IN CHUNKS   --CREATE A DEMO TABLE CALLED LARGETABLE CREATE TABLE LARGETABLE (ID_COL INT IDENTITY(1,1), COL_A VARCHAR(10),COL_B VARCHAR(10)) GO   --INSERT THE DATA IN LARGETABLE.. NOTICE THE USE OF ‘GO 10000’ INSERT INTO LARGETABLE VALUES ('A','B') GO 10000   --QUERY THE TABLE SELECT COUNT(*) FROM LARGETABLE;   --PERFORM DELETION OF 1000 ROWS FROM LARGETABLE WHILE (SELECT COUNT(*) FROM LARGETABLE) > 0 BEGIN             DELETE TOP (1000) FROM LARGETABLE             SELECT LTRIM(STR(COUNT(*)))+' RECORDS TO BE DELETED' FROM LARGETABLE --THIS IS JUST A COMMENT. END     The above technique can also be used with INSERT and UPDATE commands.  One thing to remember is that this is ideally suited for data warehouses and not really something to be used if the table you are making changes to is also being modified by other users in an OLTP type of database environment.  Posted Wednesday, March 21, 2012 7:30 AM from Canadian IT Professionals | 0 Comments Filed under: SQL Server, SQLGuy

• Microsoft Private Cloud part 3: VMware private cloud and per-VM licensing

  A new whitepaper was released in January comparing private cloud solutions from Microsoft and VMware, taking a look at the functionality, benefits and economics of each solution. This series of blog posts breaks down the components of the whitepaper into consumable chunks and I’ve added my own commentary. Related Posts: Microsoft Private Cloud part 1: what is a Private Cloud? Microsoft Private Cloud part 2: unlimited virtualization rights Licensing a VMware private cloud with per-VM licensing VMware did us a favour when they announced changes to their licensing last summer. Their approach to private cloud taxes business who are looking to virtualize more of their workloads and scale out their private cloud infrastructure. This section of the whitepaper takes this on directly, making a comparison based on VMware’s licensing on their website as of January 2012. From the whitepaper: VMware announced the latest version of its virtualization platform, vSphere 5.0, along with updated versions of surrounding technologies; vCenter Site Recovery Manager, vShield Security and vCloud Director. These products collectively are referred to as Cloud Infrastructure Suite. VMware has also released several management products like vCenter Operations Management Suite and vFabric Application Performance Manager (APM) to provide capabilities like monitoring, application performance management, and configuration management. To build a comparable private cloud solution using VMware technologies, you‟ll require components from VMware Cloud Infrastructure suite, vCenter Operations Management Suite and vFabric APM as a private cloud solution requires capabilities like monitoring, configuration, automation, orchestration and security in addition to the virtualization platform. We explore the product comparisons later in the whitepaper. Unlike Microsoft ECI Datacenter, VMware Cloud Infrastructure Suite, vCenter Operations Management Suite, and vFabric APM cannot be licensed as a single SKU, but have to be licensed separately for individual products. Moreover, VMware private cloud products follow a combination of three different licensing schemes- vSphere 5.0 is licensed on a per processor basis with virtual RAM entitlements2 vCenter is licensed on a per-instance basis3 Cloud Infrastructure products - vCloud Director, vCenter Site Recovery Manager, and vShield are licensed on a per-VM basis3  vCenter Operations Management Suite and vFabric APM are licensed on a per-VM basis3 This fundamental difference in private cloud licensing approach implies choosing VMware for your private cloud solution can cost you up to $4730 per-VM (3 year license and support cost included). We‟ll provide an explanation later on how this cost is calculated. Fig. 3: Differences in approach towards private cloud licensing   2 vSphere 5 & vCenter 5 licensing information from VMware website as of January, 2012 3 vCloud Director, vCenter SRM, vShield, vCenter Operations Management Suite, vFabric APM licensing information from VMware website as of January, 2012 Posted Tuesday, March 20, 2012 6:30 AM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, System Center, Windows Server, VMware, Ruth Morton, private cloud

• Creating and Managing a Private Cloud: free 2 day online training

  You may already be well versed on Windows server 2008 and Hyper-V and you may already be running a component or two of the System Center suite, but do you know how to put it all together to to build out, manage and operate a private cloud? Join this free 2 day online Jump Start course designed for IT admins and professionals who are looking for a fast-paced approach to get technical understanding of Microsoft’s approach to private cloud. Course: Creating and Managing a Private Cloud with System Center 2012 Jump Start Date/Time: April 3-4, 2012 from 9:00am – 5:00pm PST Where: Live virtual classroom (online from wherever you are) Cost: FREE! Target audience: IT Professionals (IT Implementers, managers, decision makers) Posted Monday, March 19, 2012 5:13 PM from Canadian IT Professionals | 0 Comments Filed under: Webcast, Virtualization, System Center, Windows Server, training, Ruth Morton, private cloud

• Découvrir les outils pour mener à bien votre déploiement windows 7

  One of the challenges I face is how to properly serve the French-speaking IT Professionals out there.  I don’t write French very well and others on the team are, unfortunately, primarily English speakers.  I suppose that if I wanted to I could craft a blog post or two in Croatian since this is the country of my birth, but I’m not sure that it would really reach a very large portion of the IT Professionals out there. Lucky for us, we have a great community of MVPs and other individuals in the community always willing to help – and why we really are very thankful to them for their help and contribution to the entire IT Professional community across Canada.  One such person is Yannick Plavonil who volunteered to provide a series of blog posts on deploying Windows 7 in French.  This is the first of a series of posts on Windows deployment you can expect from him that are also posted on his own blog – Revue Du Geek.  I hope to be able to post many more, and would be interested in hearing from others who would like to share their expertise with other IT Pros across the country! 1. Planifier Windows 7 Microsoft a créé une collection remarquable d'outils de déploiement pour Windows 7. Si le dernier OS que vous avez déployé était Windows XP, alors vous pourriez être intéressés de connaître les outils disponibles qui vous aident à vous débarrasser de ce système totalement dépassé. Dans cette partie, je vais vous donner une brève description des outils de déploiement Windows qui vous aident à planifier les installations et d'évaluer la compatibilité matérielle et logicielle. Évaluer l'état de votre matériel avec Microsoft Assessment and Planning (MAP) Toolkit MAP est essentiellement un outil d'inventaire matériel qui vous aide à évaluer si oui ou non les ordinateurs de votre réseau sont prêts pour Windows 7 et Windows Server 2008 R2. L'utilitaire gratuit recueille également des informations liées aux logiciels tels que les installations de Microsoft Office et des composants SQL Server. Le plus important à l'égard de déploiement de Windows 7 est que MAP signale la disponibilité de pilotes de périphériques pour votre matériel. MAP ne nécessite aucune installation de l'agent, car il utilise Windows Management Instrumentation (WMI), le service Remote Registry, Active Directory Domain Services, et le service Computer Browser pour accéder aux données d'inventaire à distance. Télécharger Microsoft Assessment and Planning (MAP) Toolkit Présentation de MAP Toolkit MAP Toolkit : FAQ Inventorier et évaluer la compatibilité des applications avec Microsoft Application Compatibility Toolkit (ACT) ACT évalue la compatibilité des logiciels alors que MAP évalue la compatibilité matérielle. Cet outil vous permet d'analyser les applications de votre réseau pour déterminer si elles sont compatibles avec Windows 7 et vous pouvez également utiliser l'outil pour résoudre les problèmes de compatibilité que ça soit 32 ou 64 bit. Cet outil vous permet également d'analyser la compatibilité des sites web avec la dernière version d'Internet Explorer. Il faut comme prérequis une installation de SQL Server, ce qui indique que l'outil répond aux besoins des grandes entreprises. Télécharger Microsoft Application Compatibility Toolkit (ACT) Liste de compatibilité des applications Windows 7 Présentation de la compatibilité des applications avec Windows 7 Présentation de la compatibilité des applications dans votre environnement Cinq étapes pour préparer vos applications à Windows 7 Mise en route de la compatibilité des applications dans un déploiement Windows Vue d'ensemble ACT Évaluer et atténuer les problèmes de compatibilité avec ACT Utilisation d'ACT Dépannage d'ACT Vue d'ensemble d'Asset Inventory Service Conseiller de mise à niveau Windows 7 ACT et MAP sont des outils d'entreprise. Si vous avez à gérer un seul petit réseau, le conseiller de mise à niveau Windows 7 est probablement le meilleur choix. Il manque les capacités d'inventaire des deux autres outils d'évaluation de compatibilité. Par conséquent, vous devez installer toutes vos applications sur votre machine de test si vous voulez évaluer leur compatibilité avec Windows 7. Si vous avez des ordinateurs avec du matériel différent, vous n’avez pas d'autre choix que de lancer le conseiller de mise à niveau Windows 7 sur chaque machine. Télécharger le conseiller de mise à niveau 2. Fournir et déployer Windows 7 Une fois que vous avez planifié votre déploiement, vous êtes prêt à préparer et déployer vos images Windows 7 sur vos ordinateurs. Cette deuxième partie donne un aperçu des méthodes et outils Microsoft pour déployer Windows 7. Choisir une méthode de déploiement Avant de choisir son outil de déploiement, Microsoft recommande quelques stratégies ciblées pour le déploiement du système d’exploitation Windows 7. Ces stratégies vont de la configuration manuelle du logiciel Windows 7 sur quelques ordinateurs à l’utilisation d’outils et de technologies d’automatisation pour le déploiement du logiciel sur des milliers d’ordinateurs. Il y a 4 méthodes et je vous recommande de lire chaque méthode : Zero Touch, déploiement volumineux Lite Touch, déploiement volumineux High Touch avec image standard High Touch avec média version commerciale Utilisation de Windows Deployment Services (WDS) Cet outil qui s'adresse aux petites et moyennes entreprises est un rôle de Windows Server qui permet le déploiement d'OS. Ses principales limites comparativement à des outils sophistiqués de déploiement sont que vous ne pouvez installer Windows à distance au sein d'un sous-réseau et qu'il manque de fonctionnalités de planification et les capacités de supervision. Il permet toutefois l'approvisionnement dynamique des pilotes, le déploiement sur disque dur virtuel (VHD), le multicast, le fournisseur de PXE pour le serveur de transport, et une fonctionnalité supplémentaire de EFI. Utilisation de System Center Configuration Manager (ConfigMgr) Le produit de déploiement phare de Microsoft est ConfigMgr et il est livré avec tout ce qu’il faut pour un déploiement de rêve : l’installation Zero Touch (ZTI) du déploiement de système d’exploitation (OSD) planifié/obligatoire, la possibilité de cibler des ordinateurs spécifiques avec un OSD en fonction des critères que vous avez définis. ConfigMgr vous permet d’opter pour un OSD sur les ordinateurs de votre choix au moment où vous le souhaitez grâce à la fonctionnalité éveil par appel réseau (WOL, Wake on LAN) intégrée. En plus de l’OSD, ConfigMgr offre bien plus encore : l’inventaire matériel et logiciel, la gestion des correctifs dans Windows Server Update Services (WSUS) et les fonctionnalités de création de rapports détaillés qui vous permettent de suivre chaque étape d’un OSD. ConfigMgr s’adapte à la taille de l’entreprise, quel que soit le nombre de bureaux ou l’emplacement géographique. Vous pouvez également choisir d’intégrer les services de déploiement Windows (WDS) pour leur fonctionnalité de multidiffusion. WDS offre la possibilité d’envoyer une image d’OS simultanément à plusieurs ordinateurs au lieu d’un trafic monodiffusion qui surcharge un peu plus votre serveur. MDT peut aussi être intégré à ConfigMgr pour ajouter d’autres fonctionnalités. Utilisation de Microsoft Deployment Toolkit 2010 Si ConfigMgr n’est pas une option pour vous, l’outil qui s’en approche le plus est Microsoft Deployment Toolkit. MDT 2010 réalise des déploiements LTI et propose des modèles intégrés pour l’actualisation, le remplacement, la mise à niveau et des installations complètes. Une de mes fonctionnalités préférées de MDT est la façon dont il compartimente l’ensemble de votre solution de déploiement. Cela facilite la gestion de vos images, de l’ajout ou de la suppression des pilotes au remplacement très simple du système d’exploitation que vous souhaitez déployer. Avec les séquences de taches, c’est facile de prendre en compte les images épaisses et images fines. Vous pouvez utiliser une image fine en y intégrant vos logiciels d’entreprise (appelée image hybride) puis un logiciel optionnel que vous pouvez installer durant le processus de déploiement. MDT offre également deux fonctionnalités importantes pour les entreprises qui ont de petites succursales et qui ne disposent pas de serveur : des supports multimédias vous permettent de mettre une solution de déploiement complète sur un DVD (ou un ensemble de DVD selon la taille), sur un lecteur Flash USB (UFD) ou sur un disque dur externe vous pouvez créer un déploiement lié, partager et copier la solution de déploiement complète (ou simplement des parties) vers un bureau local afin que ces clients puissent réaliser localement leurs déploiements vous pouvez également lier WDS à MDT 2010 pour deux fonctionnalités : la capacité de démarrage de PXE (F12) pour commencer un déploiement et une fonctionnalité de multidiffusion pour les images MDT ; l’intégration de MDT et WDS pour le démarrage de PXE requiert que vous stockiez le WinPE (Windows Preinstallation Environment) généré par le MDT dans les images de démarrage de WDS. La derniere chose à préciser c’est que MDT s’appuie sur les outils disponible dans WAIK. C’est le logiciel que je vous recommande si vous n’avez pas besoin de ConfigMgr.   Le kit d’installation automatisée (Windows AIK) pour Windows 7 Je commence tout de suite à dire que vous ne devriez pas utiliser WAIK pour déployer Windows mais plutôt d’utiliser ses outils pour préparer vos images. Je vois beaucoup de personnes qui confondent MDT et WAIK. Pour faire simple, utilisez MDT si vous pensiez que WAIK est ce qu’il vous faut! Windows AIK comprend des outils que ConfigMgr et MDT 2010 utilisent en arriere plan. Windows AIK inclut ImageX pour créer et appliquer des images, et l’outil de gestion et maintenance des images (DISM) pour monter, démonter et gérer des images (ajouter des pilotes et des packages à une image d’OS ou les supprimer). Les autres outils sont les suivants : OSCDIMG, qui convertit les images WIM en ISO ; l’Assistant Gestion d’installation (WSIM), qui crée des fichiers de réponse sans assistance au format .xml ; l’outil de migration USMT (User State Migration Tool) 4.0 pour vous assister pendant la migration des informations de profil utilisateur, des favoris IE, des documents et des paramètres d’application ; Copype.cmd pour créer un environnement de travail WinPE afin que vous puissiez créer un WinPE personnalisé ; l’outil VAMT (Volume Activation Management Tool) 1.2, qui vous permet de gérer l’activation en volume de manière centralisée. La plupart des outils dans Windows AIK fonctionnent uniquement par ligne de commande et ceux qui fournissent une interface utilisateur sont plus difficiles à apprendre. Bien qu’il soit possible de réaliser un déploiement complet en utilisant Windows AIK, les outils peuvent être difficiles à apprendre car ils ont chacun une syntaxe unique. Scénarios Windows AIK Planifier votre déploiement Créer votre environnement de déploiement Préparer et personnaliser votre image Windows Déployer votre image Windows Gérer et maintenir votre image système Windows Création d'une image multilingue Guide utilisateur de l'Outil de migration utilisateur (USMT) Migration Windows de base avec USMT Migration de fichiers pendant une installation distante avec USMT et les services de déploiement Windows Migration hors connexion avec USMT Pour résumé, que vous ayez à peine 50 ou 100 000 ordinateurs à déployer, chaque outil peut fournir une solution complète de déploiement avec ses avantages et inconvénients. Ca demande juste un peu de temps et de tests pour bien se faire la main avec ces logiciels. J’espère que cet article vous aidera à déterminer quel outil convient le mieux pour vous et qu’il constituera un point de départ pour votre recherche d’informations. Posted Monday, March 19, 2012 7:30 AM from Canadian IT Professionals | 0 Comments Filed under: Windows 7, #CDNWIN7, deployment, french

• Hyper-V in Windows Server “8” Beta and VMware–Looking at the Numbers

  This week I delivered a number of sessions at Prairie IT & DevCon in Calgary.  These included a SOLD OUT IT Virtualization Boot Camp, an IT Camp where most of the conversation centered around Windows Server “8” Beta, as well as 2 sessions at the conference itself on What’s New in Windows Server “8” Beta for Hyper-V – where we only scratched the surface on all the great capabilities you can find in this exciting new operating system.  While I was delivering these sessions, the inevitable question of how Hyper-V in Windows Server “8” Beta stacks up against VMware popped up.  I had planned to write a blog post about this but Mitch Garvis was kind enough to do it for me, so I figured I’d share it with you here. The short answer – Windows Server “8” Beta Hyper-V looks really god when compared with VMware.  Take a look at the numbers and let me know whether or not you agree, then go download the beta and try if for yourself! It’s here! Ok, what I should say is that its BETA edition is here! Windows Server “8” is going to be a game changer for all sorts of reasons. However for those people who have been saying that Hyper-V is not ready for prime-time (it has been for a while) the new limits are going to make a lot of people re-evaluate that position.   1 Terabyte of RAM per Virtual Machine The previous limitation of 64 gigabytes per virtual machine in Windows Server 2008 R2 Hyper-V did not limit most workloads, but there are certainly cases for some servers that do need more RAM then that for very large workloads. I don’t think you are going to see a lot of virtual machines running the full terabyte anytime soon… but being able to break the 64GB barrier is nice! VMware went the same way in vSphere 5, whereas their previous limit was 255GB.  (vSphere 5.0: same)   160 Logical Processors per Host The 160 LPs (includes cores, hyper-threads) is going to keep coming up as long as Intel and AMD keep putting more cores onto a CPU, and more CPUs onto the board. VMware went the same way, up to 160 LPs. (vSphere 5: same) 1024 Virtual Machines per Host With a previous limitation of 384 VMs per host I used to wonder who really needed that. However when taking into account how much RAM can go into a host (2TBs) that is a lot of room for a lot of workloads. Add to that the fact that CPUs are more powerful than ever (Thanks to Moore’s Law) and any respectable datacentre stores their virtual machines on external storage, we are in a place where it makes sense to put more and more VMs on a single hosrt. With that being said, it is not likely that companies are going to run that high density under normal conditions, but when planning a failover environment you can now plan for fewer failover hosts (if necessary). VMware also boosted their limitations, previously at 320 VMs per host, they increased their limit: (vSphere 5: 512 VMs per host) 64 Nodes per Cluster For all of those who have badmouthed Microsoft clustering over the years (I am one of them) Failover Cluster Services in Windows Server 2008 / R2 was a breath of fresh air. What was previously daunting and scary was made friendly and useable, and now it is not uncommon to see small business customers implementing failover clustering (see Busting the Myth: You cannot cluster Windows Small Business Server) in environments that were previously too small for it to be cost efficient. In Windows Server “8” Beta  Microsoft has increased the maximum number of nodes in a cluster from 16 to 64, which is huge for datacentre environments that really need that scale. VMware has also increased their number, but not to the same level. (vSphere 5: 32 nodes per cluster) 4000 Virtual Machines per Cluster By my math, if you can have up to 1024 virtual machines per host, and up to 64 nodes in a cluster, the theory should be that you could support up to 32,768 virtual machines in the cluster that would support up to half of the hosts failing simultaneously before you max out your resources. Obviously someone on the product team knows something that I don’t (probably several somethings) and caps it to 4000 VMs per cluster, a 300% increase over the number of VMs in a cluster supported in Windows Server 2008 R2 Hyper-V, which was capped at 1000. This is a huge lead over VMware, whose limits have not also increased from vSphere 4.1 to vSphere 5 but not to the same extent.  (vSphere 5: 3000 virtual machines per cluster) 32 virtual CPUs per Virtual Machine Here is where Microsoft has really hit a home run. previous versions of Hyper-V limited your virtual CPUs to four. Kicking this up to 32 shoots way past VMware’s previous version, and matches their current limits. If you have virtual machines that require huge processing capacity you can go as high as you want… with the limiting factor being your physical hardware (you cannot assign more virtual CPUs than you have physical cores, including hyper-threading). This will be another game changer and will go a long way to proving the enterprise-readiness of Hyper-V.  (vSphere 5 limit: same) 64 Terabytes per Virtual Hard Drive Advantage: Microsoft… in a huge way. With the previous limit of two terabytes per VHD file, the new and improved VHDX file format shoots through the ceiling and will support much larger volumes. While most of us have no need for volumes this large, there are customers who have been using either pass-through disks (or RDMs or extents in VMware) to support large database files. VMware’s VMDK files will still be limited to 2TB, but can be expanded to 64TB using extents (which I am not a fan of). As well, they also offer support for 64TB volumes in Raw Device Maps, but in Physical Compatibility Mode only. (vSphere 5: 2TB) Other Features There are too many new features to mention, and over the next few months I will be writing about these and more in more detail. Both Microsoft and VMware have added support for UEFI boot systems; VMware is offering a better graphical experience in your virtual machines that now support Aero graphic capabilities in Windows 7; Microsoft’s RemoteFX is going to be huge… but there isn’t much I am currently allowed to say about it, except for the fact that you are going to like your VDI experience going forward with Windows Server “8” Beta! There is a lot more to say, but I do not want to flirt with my NDA. If you are an IT Pro it is time for you to download the bits for Windows Server “8” beta, install it, play with it, and get used to it. You are going to noticed a huge difference over 2008, and if you don’t fall in love with it, I will give you a money-back guarantee (yes, the beta is free). The future of Windows Server Virtualization is BRIGHT… and for the proponents of VMware who feel that nobody will ever touch them, I look forward to seeing the two sides push each other to make the experience better and more powerful, because that way it is the IT shops – the administrators, the IT Pros – who really win! This post also appears on garvis.ca. Posted Thursday, March 15, 2012 2:35 PM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, Hyper-V, VMware, Windows Server 8

• “The SQL Guy” Post #20: Using Cell Level Encryption in SQL Server

  Last week you learned how to setup the encryption key hierarchy in SQL Server.  Now, let’s use encryption to encrypt sensitive data in SQL Server.   It is quite possible that you might have sensitive data that needs encryption at a finer level of detail than the entire database. Most of the row might need to be visible to users, while certain sensitive information such as employee salary might require encryption. You might also want the ability for certain users to be able to encrypt/decrypt certain cells as shown in figure 1.   The solution is to use cell-level encryption in SQL Server.     Figure 1: Cell-level encryption with 2 different users and keys on a data table With cell-level encryption in SQL Server, it is possible to encrypt data in individual cells within a table.   BENEFITS OF USING CELL-LEVEL ENCRYPTION: (1)    Granular, user specific control on encrypting individual cells or column values rather than entire databases (compared to using Transparent Data Encryption – TDE). (2)    Data retains its encrypted state in memory unless it is actively decrypted.   DRAWBACKS OF USING CELL-LEVEL ENCRYPTION: (1)    Requires application changes and analysis of tables to locate sensitive data that needs to be encrypted. (2)    Encryption of data introduces randomization. This makes it impossible to index data and causes a performance impact since indexes on encrypted columns cannot be used while searching for a value. (3)    Cell-level encryption built-in functions only return varbinary type data and the output is limited to up to 8000 bytes.     IMPORTANT BUILT-INS FOR CELL-LEVEL ENCRYPTION ENCRYPTION ·         ENCRYPTBYKEY ·         ENCRYPTBYCERT ·         ENCRYPTBYPASSPHRASE ·         ENCRYPTBYASYMKEY   DECRYPTION ·         DECRYPTBYKEY ·         DECRYPTBYCERT ·         DECRYPTBYPASSPHRASE ·         DECRYPTBYASYMKEY ·         DECRYPTBYKEYAUTOASYMKEY ·         DECRYPTBYKEYAUTOCERT   WHAT IF SOMEONE TAMPERS WITH ENCRYPTED DATA? You can now mitigate this risk by using the @add_authenticator and @authenticator arguments of the cell-level encryption built-in’s.   Refer to this blog post to learn how.     HOW TO USE CELL-LEVEL ENCRYPTION? -- Show how a column can be encrypted and decrypted and how an authenticator value can be used   create database demo; use demo;   -- create a simple employee table create table t_employees ( id int primary key, name varchar(300), salary varbinary(300));   -- create a key to protect the employee sensitive data, in this case - the salary create symmetric key sk_employees with algorithm = aes_192 encryption by password = '1Str0ngPassword';   -- open the key so that we can use it open symmetric key sk_employees decryption by password = 1Str0ngPassword';   -- verify key was opened select * from sys.openkeys;   -- insert some data -- we will use the id as an authenticator value to tie the salary to the employee id insert into t_employees values (101, 'Alice Smith', encryptbykey(key_guid('sk_employees'), '$200000', 1, '101')); insert into t_employees values (102, 'Bob Jones', encryptbykey(key_guid('sk_employees'), '$100000', 1, '102'));   -- see the result; salary is encrypted select * from t_employees;   -- create a view to automatically do the decryption -- note that when decrypting we specify that the id should be used as authenticator create view v_employees as select id, name, convert(varchar(10), decryptbykey(salary, 1, convert(varchar(30), id))) as salary from t_employees;   -- see the result, the decrypted data is available select * from v_employees;   -- demo the authenticator role -- copy salary of Alice and overwrite the value for Bob -- execute next 3 lines as batch declare @salary varbinary(300); select @salary = salary from t_employees where id = 101; update t_employees set salary = @salary where id = 102;   -- note that both entries have the same salary blob select * from t_employees;   -- see the result, the decrypted data for Bob is no longer available -- because it doesn't match the authenticator, which is his employee id select * from v_employees;   -- now close the key close symmetric key sk_employees;   -- verify key was closed select * from sys.openkeys;   -- see the result, we can no longer decrypt any data because the key is closed -- to access the data again we would need to reopen the key select * from v_employees;   -- cleanup drop view v_employees; delete from t_employees; drop table t_employees; drop symmetric key sk_employees;   use master;   drop database demo;   OOPS – MORE THAN 8000 BYTES OF CIPHER-TEXT! Because there is a hard 8000 byte limit on the output of built-in’s for cell-level encryption, your application will need to slice the input before encrypting it!   Refer to this blog post to learn how.   WORRIED ABOUT INDEXING YOUR ENCRYPTED DATA? Because the cell-level encryption built-in functions are nondeterministic, which means that every time a function is called, the output will be different, indexing encrypted data is not possible.  However this problem can be solved by using hashes or MAC’s of the plain-text for indexing purposes.   Refer to this blog post to learn how.   Posted Wednesday, March 14, 2012 7:30 AM from Canadian IT Professionals | 0 Comments Filed under: SQL Server, SQLGuy

• The best time to pass the 70-659 Windows Server Virtualization exam is NOW!

  There has never been a better time to study for and pass the 70-659 exam because we here at Microsoft Canada are determined to get as many Canadian system admins, network admins, IT managers, IT job seekers, and whatever-else-you-want-to-call-yourself certified on Window Server virtualization as possible. Why? Virtualization is the foundation for private cloud and dynamic IT infrastructure. Being certified is how you prove your skills. And now you can take the exam for free and get $75 for passing! Here’s what you need to do: Contact D’Arcy at CTE Solutions (sales@ctesolutions.com) and get an exam voucher. This voucher allows you to take the 70-659 exam for free but only if you take the exam before May 31, 2012 (more details). Book your exam at with Prometric. Yes, book it now – then you’ll be motivated to buckle down and get studying! Here are some resources you can use: Register for a virtual study group that meets online over the course of a few weeks for 12 hours total going through the material. More on this will be coming with specific dates – we’ve been running a pilot study group and I’m now pulling together group leaders for subsequent groups. The cost is $75CAN which goes towards local user groups. Email me if you’re interested in participating. Sign up for the Microsoft Virtual Academy for free and work through the virtualization modules. Download free evaluations of Windows Server 2008 R2, Hyper-V Server 2008 R2, Virtual Machine Manager 2008 R2 to build out your study lab. Download and read Mitch Tulloch’s free ebook “Understanding Microsoft Virtualization Solutions”. Purchase and read the book “Windows Server 2008 Hyper-V Resource Kit”. Take a 1 day online Jump Start class for $99USD on April 12th or May 9th. Write the 70-659 exam and get $75 for passing. If you pass – Email me your Transcript ID and Access Code so I can verify your transcript using this tool along with your mailing address, and I’ll send you a $75 gift card (see legal stuff below). Yeah – it’s a pretty sweet deal – you pass your exam AND get a gift card! If you don’t pass – don’t fret…if it was easy, everyone would do it. Many people don’t pass it the first time around but still go on to pass it on their next try. At this point you have the option to register for course #10215 at CTE Solutions (for a fee) and retake your exam using the same free voucher you got from CTE Solutions in step 1. Or you can go back to step 2 but pay to book your second exam. Either way, once you pass your exam, be sure to email me for your gift card!   Important legal stuff about the gift card promotion (aka Terms and Conditions): * Offer good only in Canada to legal residents of Canada. Offer runs from 12:01AM EST, March 1, 2012 until 11:59PM ET, May 31, 2012, or when all the 100 gifts have been awarded. To participate in the offer and be eligible to receive the gift, individuals will be required to successfully pass exam 70-659 and email their transcript ID, Access Code and mailing address to ruth.morton@microsoft.com by June 1, 2012. There is a cost associated with taking the exam. More information on the exam can be found at: http://www.microsoft.com/learning/en/us/certification/virtualization-campaign.aspx http://www.microsoft.com/learning/en/us/exam.aspx?ID=70-659#tab3 To schedule your exam, please visit the exam provider here: http://www.register.prometric.com/Menu.asp Upon successfully passing exam 70-659 and emailing the required information to ruth.morton@microsoft.com, the first 100 individuals will receive a $75 American Express gift card. For Terms and Conditions of the gift card use, please visit http://www.americanexpress.com/canada/en/giftcards/terms-conditions.html. There will be a limit of one (1) gift per person. The gift card will be shipped to the address provided by the individual. This offer is non-transferable and cannot be combined with any other offer.  This offer is not redeemable for cash.  Taxes, if any, are the sole responsibility of the recipient.  Any gift returned as non-deliverable will not be re-sent. Please allow 6 – 8 weeks for delivery of your gift. We reserve the right to substitute a gift of equal or greater value. Have you already passed your exam since March 1? Did you read all the legal stuff above? Well then you know that the promotion started as of March 1 so you get to go directly to step 3 and get your gift card without further ado. How do you like them apples? :)   Posted Sunday, March 11, 2012 10:53 PM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, Certification, Windows Server 2008 R2, Hyper-V, training, Ruth Morton

• Flight Delays, Lounges & Continuous Learning

  I write this while sitting in an Air Canada Maple Leaf Lounge in Winnipeg waiting for my flight to Calgary for Prairie IT & DevCon West (March 13-16, 2012 at the Telus Convention Center).  I had actually planned to write this later tonight but because the we had to wait for our pilots on my connecting flight from Toronto to arrive, I have a comfortable hour-long delay in the brand new terminal at Winnipeg International Airport to put some thoughts down and share them with you. I always use flights to cities where I attend events and deliver key presentations as both an opportunity to relax as well as a time to think through some things that are on the go.  Recently, I’ve been thinking about the amount of very positive feedback we have received about the IT Virtualization Boot Camps we have run in Toronto, Vancouver, Ottawa & Montreal.  My thoughts center around how to we take these to the next level and incorporate more System Center 2012 content into them and help take you hands-on through Microsoft’s Private Cloud offerings, but also help you to continue your learning online.  Here’s what I came up with so far. In-Person Learning Opportunities Ruth Morton and I are working on a number of things for May and June that include Private Cloud Boot Camps and System Center 2012, particularly System Center Virtual Machine Manager (SCVMM) 2012, System Center Operations Manager 2012, System Center Orchestrator 2012, as well as System Center Service Manager 2012.  Like the IT Virtualization Boot Camps going on right now, these will be organized through your local user group so let them know you are interested or send me an email and I’ll pass on the message.  Don’t forget that if you are in Alberta or Saskatchewan, we still have IT Virtualization Boot Camps under way.  You can still register for them in Calgary – March 12 (SOLD OUT) Edmonton – March 16 Saskatoon – March 30 & 31 (SOLD OUT) We are also hosting an IT Camp Event in Calgary on March 14, which is a free-form event allowing you to set the agenda and let us know what you want to talk about and see.  I’m really excited about this one because I never know what to expect so I have to be ready for anything – even questions on Windows Server “8” Beta!  Sign up and see the fun we have! Online Learning Resources Are Always There! While it is great to get out to an in-person event and interact with your peers and the presenters, the reality is that there are a finite number of seats available and, as you can see by the status of the events above, they can sell out.  Online learning is always there and something you can take advantage of when you want to.  I outlined some great online resources for Virtualization and Private Cloud in a blog post a while back, but it`s worth repeating some of them here (and 1 or 2 new ones): TechDays Online - This is Microsoft Canada’s site for IT professionals and developers containing content from TechDays 2011 and TechDays 2010, as well as new episodes of TechDays TV to keep you informed about the latest technologies.  If you have not yet visited, go now.  Like all the resources below, it is absolutely free! Microsoft Virtual Academy is a great place to learn all about our offerings as well as get points for completing courses, and also asses your knowledge through online assessments. Best of all, it is FREE and continues to offer new courses on a regular basis. It has many courses including those to help VMware professionals get a better handle on Microsoft Private Cloud technologies, as well as allowing those that have begun to work with Hyper-V and System Center to dive deeper and gain a better understanding of how to get even more out of their infrastructure.  There are even new courses on Windows Server “8” Beta to help you find out what will be coming down the pipe in the future. Private Cloud Jump-Start Online Course provides two days of great content to take you from the basics of Private Cloud on your way to becoming an expert – and its FREE! The course is on April 3 & 4 and well worth taking part in! The Springboard Series has great resources on deployment and getting your organization up to the current Windows release.  Don’t forget that Windows XP support ends on April 8, 2014 so getting to Windows 7 and Office 2010 now is the right approach.  Windows 8 Consumer Preview is out, and Springboard has some courses on Windows 8 to help you understand how it will integrate with your environment in the future but deploying Windows 7 and Office 2010 is the best way to get ready for Windows 8 when it becomes available. TechNet Edge is a great resource for videos on topics of interest to IT Professionals.  If you have not yet visited, check it out. As always, the main TechNet site remains a great place to find videos, articles as well as links to blogs and whitepapers on virtualization and Private Cloud. If you have not already done so, bookmark the TechNet page and visit often for the most recent technical resources to help you grow in your career. Getting Closer to Calgary – My Flight’s About to Board! Looks like my time in Winnipeg was well spent.  If you are currently using other online resources to keep updated on current technologies, comment on this post or send me an email using the link on the top left above.  Between the two, I prefer comments because they can be shared with all the other readers of this blog and we all learn together.  Posted Sunday, March 11, 2012 4:28 PM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, System Center, Hyper-V, VMware, MVA, Learning, IT Camps, Privte Cloud

• Coming to a computer near you: the Global Relationship Study (GRS) survey

  Every fall and spring, a survey goes out to a few hundred thousand IT folk in Canada asking what they think of Microsoft as a company. The information we get from this survey helps us understand what problems and issues you’re facing and how we can do better. We take the input we get from this survey very seriously. Now I don’t know who of you will get the survey and who won’t but if you do find an email in your inbox from "Microsoft Feedback” with an email address of “feedback@e-mail.microsoft.com” and a subject line “Help Microsoft Focus on Customers and Partners” from now until April 13th – it’s not a hoax or phishing email. Please open it and take a few minutes to tell us what you think. This is your chance to get your voice heard: If we’re doing well, feel free to pile on the kudos (we love positive feedback!) and if you see areas we can improve, please point them out so we can make adjustments (we also love constructive criticism!). Thank you for all your feedback in the past – to those of you who have filled out the survey and sent us emails. Thank you to all who engage with us in so many different ways through our events, the blogs, online and in person. You are why we do what we do and we feel lucky to work with such a great community! One last thing - even if you don’t get the survey you can always give us feedback by emailing us directly through the Microsoft Canada IT Pro Feedback email address or by simply leaving a comment on this blog. Posted Friday, March 09, 2012 11:38 AM from Canadian IT Professionals | 0 Comments Filed under: Global Relationship Study, Ruth Morton

• On-Screen Keyboards in Windows 8 Consumer Preview

  So I am thrilled to post my first blog article on Windows 8, at least from the Consumer Preview. This will be the first tip of many I am sure. I am doing my best to stick to the tablet experience, even though I have the full keyboard on my HP EliteBook 2740p. As such, this is my first ever blog article written entirely with the on-screen keyboard. It is that keyboard that is the subject of the piece. If you are familiar with the on-screen keyboard in Windows Phone 7 then you won’t be surprised that Microsoft has done a good job here. However the flexibility in preferences was pretty impressive. 1) The default is the large-key four row QWERTY keyboard. It is what I am using now, and love it. the keys are reasonably large – I have pretty big fingers, and on my 12.1” screen am pretty comfortable. 2) The handwriting recognition in Windows 8 is great! The only issue I have with it is that it is infuriatingly difficult to take a screen shot of it in action. I was thinking to take a picture of it in action, but I am sitting in a room where I am not allowed to use a camera right now. 3) THUMBS! The world has evolved in a weird direction… thanks to smart phones we have learned to type with our thumbs. Of course our tablets are probably too small for most peoples’ hands to do that with from the normal keyboard… we couldn’t hold our tablet with both hands and type like that. The split keyboard solves that. It has the look of the old ergonomic keyboards, but with the number pad in the middle. You can even make the keys larger or smaller depending on your comfort level. 4) If you don’t like having to get used to different keyboards, or if you type using a lot of numbers and special characters, you may prefer a standard alpha-numeric QWERTY keyboard, complete with the numbers, square brackets, slashes, and so on. The keys will be smaller, but you will have everything you need on screen, without having to change contexts. What about accents? I cannot tell you how frustrating accents are… for me that extends far beyond typing, but if you speak (and type) in languages that do use them, typing can be a pain. The most used accent in French, for example, is an e with an accent aigue. To type this character on a standard English keyboard you have to press Alt-130. If you are using a keyboard without a number pad, that number pad is integrated into the QWERTY keys… on most laptops you have to press the FN key to access it, which means for the 5 key you would have to press Fn-Alt-5. Wow… The onscreen keyboard is highly intuitive, and if you hold the E key down all of the various accents pop up, and you slide your finger to the appropriate one… é. Unfortunately this will not help my French spelling or grammar. What do you think? Try it for yourself…   Mitch - I'm a Windows 7 PC My blog | Twitter | Facebook | LinkedIn | MVP Profile | Virtual Business Card | About Me This post also appears on garvis.ca. Posted Thursday, March 08, 2012 8:45 AM from Canadian IT Professionals | 0 Comments Filed under: Mitch Garvis, Windows 8

• “The SQL Guy” Post #19: Working with Encryption Keys in SQL Server

  Ever wonder how encryption keys are protected and managed in SQL Server?   Microsoft SQL Server makes use of a key hierarchy, which helps to protect keys that are to be used for encryption. This hierarchy can best be viewed as a series of layers, in which each layer encrypts the layer below it.  This hierarchy provides a highly secure infrastructure for sensitive data.   Figure 1 illustrates the encryption key hierarchy:   Figure 1: SQL Server Encryption Key Hierarchy At the core of the encryption hierarchy is data that needs to be encrypted. The arrows in the diagram illustrate the most common encryption configurations used to encrypt data. Data is first either encrypted with a symmetric key or a password. In symmetric key cryptography, the same key is used for encryption and decryption of the data. Symmetric key encryption is faster than asymmetric key cryptography or certificate base encryption. After encrypting data using a symmetric key, the symmetric key itself cannot be left un-encrypted and it is encrypted with another symmetric key or an asymmetric key. An asymmetric key consists of a key-pair – public key and private key. The private key is protected by a password or database master key (which is a symmetric key). There are 2 copies of the database master key in SQL Server, one protected with a password and another protected with the Service Master Key (SMK). The service master key resides at the root of the encryption hierarchy and is protected using Windows Data Protection API (DPAPI).   In summary, keep in mind the following concepts: (1)    For best performance, always encrypt data using symmetric keys instead of certificates or asymmetric keys. (2)    There are 2 copies of the Database Master Key (DMK) – protected with a password and the Service Master Key (SMK). (3)    The Service Master Key (SMK) is created by SQL Server setup and is encrypted using Windows Data Protection API. (DPAPI). (4)    The Extensible Key Management (EKM) module holds symmetric or asymmetric keys outside SQL Server. (5)    SMK and DMK are symmetric keys. (6)    Always use strong passwords for encryption. (7)    Always use stronger encryption algorithms.   QUERY SYMMETRIC KEYS SELECT * FROM SYS.SYMMETRIC_KEYS; GO   CREATING A SYMMETRIC KEY CREATE SYMMETRIC KEY MySymKey WITH ALGORITHM = AES_256 ENCRYPTION BY PASSWORD = '1Str0ngPassword’; GO   QUERY CERTIFICATES SELECT * FROM SYS. CERTIFICATES; GO   CREATING A CERTIFICATE ENCRPTED WITH A PASSWORD CREATE CERTIFICATE MySelfSignedCert ENCRYPTION BY PASSWORD = ‘1Str0ngPassword' WITH SUBJECT = 'Self Signed Certificate By Damir', EXPIRY_DATE = '07/14/2016'; GO   CREATE DATABASE MASTER KEY IN TEST DATABASE Use Test; GO   CREATE MASTER KEY ENCRYPTION BY PASSWORD = '1Str0ngPassword'; GO   QUERY ENCRYPTIONS OF SYMMETRIC KEYS SELECT * FROM SYS. KEY_ENCRYPTIONS; GO   QUERY ENCRYPTIONS OF SYMMETRIC KEYS SELECT * FROM SYS. KEY_ENCRYPTIONS; GO   QUERY CERTIFICATES SELECT * FROM SYS. CERTIFICATES; GO   CREATING A CERTIFICATE ENCRYPTED WITH A PASSWORD CREATE CERTIFICATE MySelfSignedCert ENCRYPTION BY PASSWORD = ‘1Str0ngPassword' WITH SUBJECT = 'Self Signed Certificate By Damir', EXPIRY_DATE = '07/14/2016'; GO   CREATE DATABASE MASTER KEY IN TEST DATABASE Use Test; GO   CREATE MASTER KEY ENCRYPTION BY PASSWORD = '1Str0ngPassword'; GO   QUERY ENCRYPTIONS OF SYMMETRIC KEYS SELECT * FROM SYS. KEY_ENCRYPTIONS; GO   Posted Wednesday, March 07, 2012 8:30 AM from Canadian IT Professionals | 0 Comments Filed under: SQL Server, SQLGuy

• SQL Server 2012 RTM Now Available–Attend the Virtual Launch Event

  Today, when I went to www.microsoft.com/sql I was delighted to find the image to the left with a link to download the evaluation edition of the newest release of SQL Server  - SQL Server 2012.  There are so many great features in this edition that listing them would not make sense. Instead, you should register for and attend the SQL Server 2012 Virtual Launch event tomorrow (March 7th) to find out more. The SQL Server 2012 Virtual Launch Event includes 30+ sessions to learn about the new capabilities of SQL Server 2012 at your own pace, on your own schedule. This event brings together a who’s who of industry experts and executives to tell the SQL Server 2012 story in this unique online launch event. You will also “meet” with partners, experts, and peers in a virtual “Expo Hall” to discuss SQL Server 2012 one-on-one. The full agenda for the SQL Server 2012 Virtual Launch event is broken down into three tracks:  Mission Critical Confidence covering all elements that make SQL Server 2012 the right data platform and a better choice for DBAs than Oracle (there’s even a session on that!) including AlwaysOn, ColumnStore Indexes, and more. Breakthrough Insights where you will learn about the great new features to help your business intelligence projects succeed including the BI Semantic Model, integration with SharePoint, new features in SQL Server Integration Services (SSIS) and more. Cloud On Your Terms including SQL Server’s integration with Apache Hadoop, the blazingly fast capabilities of the the Parallel Data Warehouse Appliance, as well as how to integrate with and take advantage of SQL Azure. The SQL Server Virtual Launch event starts March 7th at 8am PST.  Register today and attend tomorrow.  Don’t forget to also download the SQL Server 2012 RTM Evaluation Edition to get started working with SQL Server 2012 today.  Stay tuned for SQL Server 2012-focused blog posts by the “SQL Guy” coming Wednesdays over the next while. Posted Tuesday, March 06, 2012 5:03 PM from Canadian IT Professionals | 0 Comments Filed under: SQL Server

• Microsoft Private Cloud part 2: unlimited virtualization rights

  A new whitepaper was released in January comparing private cloud solutions from Microsoft and VMware, taking a look at the functionality, benefits and economics of each solution. This series of blog posts breaks down the components of the whitepaper into consumable chunks and I’ve added my own commentary. Related Posts: Microsoft Private Cloud part 1: what is a Private Cloud? Licensing rights for your cloud Private cloud building is not for everyone. That’s right – I said it. Despite some of the FUD that exists out on the Interweb private clouds are not the best option for everyone and their dog. While you gain in security and control, you lose in economies of scale. Licensing through the Enterprise Enrollment for Core Infrastructure means that you need 50 processors to use initially, which is a fair bit of computing power, and you have to be ok with making a 3 year commitment. However, for companies that are looking to better use their IT infrastructure in a way that adds real value to the business and who want or need more control than what a public cloud scenario can provide, building a private cloud is a great option to have. The tools (Windows Server + System Center) have been around for a while and are proven solutions which your IT staff are likely already familiar with. Compared to other options, using Windows Server and System Center is quite cost effective (more on this coming in future posts in this series). From the white paper:  Microsoft Private Cloud – Unlimited Virtualization Rights Microsoft private cloud solutions are built using Windows Server with Hyper-V and System Center – the combination of which provides enterprise class virtualization, end-to-end service management and deep insight into applications so you can focus more attention on delivering business value. Microsoft private cloud solutions are delivered through our wide ecosystem of partners and are offered as custom, pre-configured, or hosted offerings - so, no matter your unique business need; there is a Microsoft private cloud solution for it. Microsoft private cloud solution is licensed through the Microsoft Enrollment for Core Infrastructure1 (ECI) licensing program. ECI is a Microsoft Enterprise Agreement (EA) enrollment, available in two editions (Datacenter and Standard), that allows a simple and flexible per processor licensing option. ECI Datacenter is strongly recommended for customers exploring Microsoft private cloud solutions. ECI Datacenter edition includes Windows Server Datacenter, which supports unlimited virtualization rights. This means that customers license on a per processor basis, with ability to have unlimited Windows Server based virtual machines on a particular physical processor. Additionally, ECI Datacenter also includes System Center 2012 Datacenter edition, which provides rights to manage an unlimited number of physical or virtual operating system environments. The components of ECI Datacenter are shown below. Fig. 2: Microsoft ECI Datacenter Components and Value Proposition Our approach is focused on delivering the benefits of scale to you – through unlimited virtualization rights and significantly simplified licensing for Windows Server and System Center. A deeper cost analysis is provided in the Private Cloud Economics section of this whitepaper. [This article also appears in the IT Manager Connection blog] Posted Tuesday, March 06, 2012 10:20 AM from Canadian IT Professionals | 0 Comments Filed under: Virtualization, System Center, Windows Server, licensing, Ruth Morton, Microsoft Private Cloud series, private cloud