Latest Posts

Controlling external access to O365

In some scenarios you may want to control how you need to authenticate and also if the service is allowed to be accessed outside of the Company.

Over the last weeks Microsoft has been rolling out some features in preview for Azure AD. With this new functionality you can control granular authentication levels per service.

  • Outlook Web access
  • SharePoint Online and OneDrive

So say you only want to allow OWA outside of the Company with two-factor authentication while SharePoint and OneDrive should be blocked you can now test that scenario in preview.

So to test this out you can follow the steps below

  1. Logon to https://manage.windowsazure.com
  2. Select your AAD AAD_1
  3. Go to your Applications Tab
  4. Select the Application you want Office 365 Exchange Online for an example AAD_2
  5. On the top select Configure, and Enable the Access Rules and then choose your desired behavior, when using the work based rules, you need to define your work locations. AAD_3
  6. Defining your work locations is done by clicking on the link at the bottom.
  7. On the Trusted IPs section, you need to define your IP Addressed that shall be seen as your work locations, here you need to define your public IP Addresses. More on that you can read here: https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-whats-next/#trusted-ips AAD_4
  8. And then when we want to block SharePoint and OneDrive you create a block rule for SharePoint Online.

AAD_5

End users that are trying to access a service that is blocked will get this message when they try to access it.

blocked_access_aad_worklocation

 

Blocking access to SharePoint and OneDrive via web

If you want to block web access to SharePoint or OneDrive in O365 from unmanaged devices you can now do that with Conditional Access in Intune. From the testing I have been doing latley it has been working well for me. Since I enabled it I havent been able to access the services from devices that are not beeing managed.

The only setting we have right now is to block SharePoint. And by blocking SharePoint, OneDrive will automaticlly be blocked. So if you want to block only OneDrive but not SharePoint there is no way of doing that right now.

block_sp_1drv

And just like OWA the message the end user will get is the following when access is being blocked.

blocked_access_ca

Blocking O365 OWA from Unmanaged Devices

If you want to block access to Outlook Web Access in O365 from unmanaged devices you can now do that with Conditional Access in Intune. From the testing I have been doing latley it has been working well for me. Since I enabled it I havent been able to access OWA from devices that are not beeing managed.

 

block_owa

If you try to access OWA from an unmanaged device you will get this response from the service.

blocked_access_ca

TechDays Sweden 2016

In November I will be presenting on Azure Networking at TechDays in Sweden.

http://tdswe.se/session/azure-networking-deep-dive-level-400/ 

People who know me, knows that I have a broad technology background. When I started in the 90ths I started with Red Hat Linux and some early Windows versions, I soon found my way over to working with Cisco and Checkpoint network/security components. So I seem to have some kind of passion for Terminal Windows with a dark background and green text. Probably thats why I also still love IRC.

So over the last 20 years I have taken the journey from 10BASE2 with BNC T-Connectors to Software Defined Networking in Azure.

Moving to a Software Defined World can be challenging for many Network Admins but there are not many configurations I haven’t seen. So I hope to see you at the session where I will be sharing my knowledge together with a friend Johan Dahlbom. Together we hope to give you all you need to know about Azure Networking.

td

Installing bash on Windows 10

Bash was introduced in Windows 10 Build 14316 so to test this feature you need to be on that build or later.

build_14316

To get started you need to Add the Feature for Linux Subsystem

add_feature_linux

Execute bash.exe and bash will start to downloading from the Store

w_10_bash

Once downloaded launch bash from the start menu

launch_bash

If the screen just flashes, you can try to run bash from a normal command prompt. You might be prompted with a bash error 0x800070057 this most likely is because you have set your Command Prompt to execute in Legacy Mode.

w10_bash_error

Once you have unchecked “Use Legacy Console” and relaunched the Commad Prompt you should be able to launch bash.

cmd_legacy

Launch Bash

bash_on_w10

If you want to learn more about running bash in Windows Microsoft has recorded an awesome video to describe this in more detail. You will find the video here.
https://channel9.msdn.com/Events/Build/2016/P488

 

Cloud Definitions

So everyone is talking about Cloud Computing, does Cloud Computing necessary mean that you run your applications or systems in Amazon AWS, Google, Microsoft Azure or any other known cloud you know of?

 The short answer is NO, Cloud Computing is a model build on of characteristics, Service Models and Deployment Models om a combination. 

Cloud Computing Characteristics

  • Self-Service
  • Broad Network Access
  • Resource Pooling
  • Rapid elasticity
  • Measure service

Service Models

  • SaaS
  • PaaS
  • IaaS

Deployment Model

  • Private Cloud
  • Community Cloud
  • Public Cloud
  • Hybrid Cloud

 

NIST (National Institute of Standards and Technology) has written a great definition of Cloud Computing you can read up on on this link.

NIST Cloud Definition (PDF)

My Storage Spaces Best Practices

I have been working with storage spaces for a while now and there has been very little documentation that is clear on how to best tune it. Over time I have gathered a bunch of best practices which I have listed below. hopefully some of them might come in handy for you. Recently some new information form Microsoft was also released so its a good read.

PLEASE NOTE: This is a area that is changing allot depending on recommendations from Hardware Vendors and Microsoft so changes may apply, but I will try to keep this post updated.

First off read this new design guide and design calculator that was just released.

  • Read the Design Consideration Guide found here.
  • Use the Design Calculator found here.

Always configure your Storage pools via Powershell

  • Update Drivers and Firmware to the latest supported version
  • Install Latest Hotfixes (Markus has a great list here from 4th June 2015)
  • Disable Trim (fsutil –set disabledeletenotify 1)
  • We have found 4-6 Column count to work very well for most workloads (Dont forget to reduce with 1 disk for failures)
  • Spread Virtual disk across SOFS Nodes
  • Leave the Write Back Cache to 1GB for best experience at fail-overs.
  • Max 80 Disks in Pool, Max 4 Pools per Cluster, Max 64 Virtual Disk/Storage Spaces per pool. (Max 240 Disk in Total)
  • Keep Virtual Disks/Storage Spaces to no more then 10TB
  • Use 64kb Interleave and Block Size for VM Workloads
  • If you want to be able to loose a whole disk enclosure use minimum 3 enclosures and don’t forget to enable enclosure awareness.
  • Reserve ~10-15% for SSD and ~15-20% for HDD of free space for faster rebuilds
  • Choose RepairPolicy – Paralell is faster but can impact I/O and Sequential is slower with less I/O Impact
  • Optimise Parallel Disk Rebuilds Technet Link
  • Set RetireMissingPhysicalDiskPolicy to Always for Auto Repair (Auto Repair will kick in 5 minutes after first failed write)
  • Most scenarios Include Tiering and sometimes you need to reschedule the Schedule Task that does the move of hot and cold data, so keep that in mind. (Microsoft doesn’t recommend running this task more than 4 times per day.)
  • If you will use SharedVHDX  you may need to apply this hotfix KB3025091 or configure your Pool with  -LogicalSectorSizeDefault 512
  • Set MPIO Default Settings to Load Balancing Set-MSDSMGlobalDefaultLoadBalancePolicy –policy LB HDD  Should have LB and Round Robin for SSD (Markus has a nice script here.)

 

For the SMB Communication we have been using RDMA with Mellanox Connect X3 Pro Cards with good results. Dont forget to configure it for Multichannel.

 

Other Storage Spaces Resources

Storage Spaces FAQ

Dell Deployment Guide

Channel 9

Spaces-Based, Software-Defined Storage: Design and Configuration Best Practices

Architecting Software Defined Storage: Design Patterns from Real-World Deployments

Best Practices for Deploying Tiered Storage Spaces in Windows Server 2012 R2

Storage Spaces – Scale-out file server deep dive

Microsoft Virtual Academy

Storage Spaces MVA

Blogs

Automatic SMB Scale-Out Rebalancing in Windows Server 2012 R2

Step-by-Step for Mirrored Storage Spaces Resiliency using PowerShell

File Server Tip: How to rebalance a Scale-Out File Server using a little PowerShell