Inova Solutions NV: Moving EVERYTHING to the Cloud

A lot has happened since my last post. My wife and I moved to Aruba in The Caribbean and I found a great job as Solutions Architect for Inova Solutions NV. Inova Solutions NV is a Microsoft Gold Partner in Licensing, formerly known as LAR (Large Account Reseller), nowadays it’s called LSP (Licensing Solutions Provider). One of my roles is that of IT Manager for our own IT and that is what this blog is about.

As a true Caribbean Company we are scattered across a couple of islands: Aruba, Curacao, Trinidad & Tobago and Jamaica and we have customers on those and a lot of other islands. The Network Infrastructure consists off some site-to-site VPNs and Client VPNs so we can reach our resources located on Curacao where ever we are.

The CEO had a goal for me to achieve by putting 50% of those resources in the Cloud by June 30th 2014. Soon I discovered that we actually only use applications that are available in the Microsoft Cloud already: Exchange, SharePoint, Lync and CRM. My goal now is to have all that migrated to the Online Services by the end of the year.

Plus some extra wins: we don’t really need Active Directory, authentication also goes to the Cloud. That means our PC’s and laptops can no longer be managed by AD and GPO’s. For that we will leverage Windows Intune. And finally we have this RDS Server that hosts 2 applications, neither of which relies on AD, we will just rebuild that RDS Server as VM on Windows Azure.

My Christmas wish list (here on Aruba you can already buy your Christmas stuff):

  • Office365
  • CRM Online
  • Windows Intune
  • Windows Azure AD
  • Windows Azure Network
  • Windows Azure VM

Sounds like we have a plan! By the 1st of January 2014 we can start decommissioning our whole Onprem Infrastructure, all the site-to-site VPNs and oh boy, all that Client VPN stuff (I do not understand that companies still deploy that, don’t we have DirectAccess at our disposal?).

The bet is on, I have 2 months from now to make it so.

Hopi Bon!

TechEd Europe 2013 SCVMM R2 Session

After joining a session on ConfigMgr and Intune, which brought me nothing new, I joined a session on System Center Virtual Machine Manager 2012 R2 (http://channel9.msdn.com/Events/TechEd/Europe/2013/MDC-B357#fbid=hBjzVKd6xg9 ).

There is some interesting new stuff in SCVMM2012R2:

  • Apart from SC AppController for Self-Service there is the Windows Azure Pack. WAP gives the look and feel of Azure but is targeted at your Private Cloud.
  • Cisco now provides a Virtual Nexus 1000 Switch (http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns955/ns963/solution_overview_c22-687087.html ) for Virtual Networks based on Hyper-V.
  • VMM R2 will provide a Gateway out-of-the-box with the Border Gateway Protocol.
  • There will be Service Templates for all System Center Components (sounds like a deeper development of the Powershell Deployment Toolkit)
  • Guest Cluster can now use a VHDX as shared storage (as long as the VHDX resides on a CSV Cluster).
  • VMM R2 can manage Physical Switches.
  • I already mentioned in yesterdays’ Blogpost the Azure Hyper-V Replica Manager for orchestrating a failover to a DR Site.

Pretty neat features for a R2 release!

I’ll be back tomorrow.

TechEd Europe 2013 My Keynote Highlights from Madrid

Although TechEd North America finished some three weeks ago I would like to mention a couple things from the, mostly the same Keynote as 3 weeks yonder. They have not become less worthwhile in that short period of time.

And, there was a great announcement! The bits of a lot of upcoming stuff are available as of today as Preview:

  • Server 2012 R2
  • System Center 2012 R2
  • SQL 2014
  • Visual Studio

Here comes the summer J.

As an IT Pro I focus on what was said concerning this line of IT Business. A quote I really liked: “BYO is not a privilege, it is a right.” Such is the perception of users. Out of that Identity Management is a major thing and Microsoft proposes to leverage Azure Active Directory with the Onprem Active Directory (no-brainer for Office365 en Intune admins). The same goes for leveraging Windows Intune with SCCM! SQL 2014 Management Studio can connect to SQL Azure

Extending stuff to Azure with the Windows Azure Pack, gives the look and feel of the Azure Portal to both your Private Cloud and the Azure Public Cloud. The MSDN accounts on Azure are now calculated per minute (as per hour in the “old” days), making it easier for Devs to test their Apps.

A super Server 2012 R2 feature is “auto-tiering” of storage where you can mix SSD with JOBD and the OS will find out what to store where, now that is cool!

Azure now has a Hyper-V Recovery Service with which you van Orchestrate Data Center failovers….. pffff.

A demo of Windows 8.1 showed us “workplace connect” en “worker folders”. I like the Wrker Folders (on Server 2012 R2 that is); it syncs and secures ordinary fileshares over hhtps to any user-device…. Very very neat!

The rest of my 1st day was filled with assisting as Microsoft Certified Trainer so no details from me on the breakout sessions which you can see on http://channel9.msdn.com/Events/TechEd/Europe/2013?wt.mc_id=homepagetop#fbid=CJ-2jXdm1ag

Enjoy, I’ll be back with more!

Attending Microsoft Management Summit 2013

On April 6 I will fly to Las Vegas where MMS2013 will start.

I just finished building my Schedule and I will append my notes from each session into this Blog post.

Here’s my schedule:

  • The Benefits and Reasons for Upgrading to Windows Server 2012 Active Directory
  • Getting Started with Orchestrator and Service Manager
  • System Center 2012 Configuration Manager SP1 Overview
  • System Center 2012 SP1 Operations Manager Overview
  • Getting Started with Windows Azure Virtual Machines and Virtual Networks
  • How to Design and Configure Networking in VMM and Hyper-V
  • Designing a Virtual Desktop Infrastructure Architecture for Scale and Performance
  • Orchestrating Hyper-V Replica Planned Failover with System Center 2012 SP1
  • Implementing Common Scenarios in Virtual Machine Manager: Services and Service Templates
  • Cisco Virtual Networking Solutions for Microsoft Hyper-V Environments
  • Develop a Successful Flexible Desktop Strategy in Today’s Digital Era
  • Monitoring and the Network and Storage Infrastructure with Operations Manager 2012
  • Manage and Monitor Your Windows Azure Usage From System Center 2012 SP1
  • How to Manage and Deploy Microsoft User Experience Virtualization Across an Enterprise
  • Software Defined Networking with Windows Server 2012, System Center 2012 SP1
  • Microsoft Application Virtualization 5.0: Migration and Coexistence
  • Building the Perfect Windows 8 Image

Now that I see it in all its glory it’s an impressive list, a lot of great work to do! Long days and short nights.

So, it’s Friday night and I’m all set to go, my flight is tomorrow morning at 10 AM from Amsterdam. A 4 hour stopover in Philadelphia so I’ll be in Las Vegas around 9 PM Pacific Time.

That was a long trip, some 25 hours… Sunday morning I went of to Wallmart to buy me a bicycle for taking up up and down to the MMS2013 Venue; Manadalay Bay, which is some 5 miles from my hotel. For $ 95 I’m done, no cab fares for me (that’s what I thought).
Going to Manadalay Bay I had a flat tire within 3 miles… bummer. A thorn is the backtire. I left my bicycle and continued walking. Got my MMS2013 Badge after walking The Strip up and down. And then I took a cab (poor excuse… blisters on my feet) back to the hotel and arranged to pick up my bike.
Ok, Monday I’ll start posting teh Technical Stuff.

MMS2013 KeyNote

I attended quit a few keynotes over past 5 years at various Microsoft Conferences. In this MMS2013 Keynote one thing was really different: IT IS ALL HERE!

No promises of upcoming releases or beta demos. It’s all about what is available right now. Server 2012 with all its features in the middle, surrounded by System Center 2012 SP1, SQL 2012, Azure, Intune, Advisor, Office 365. So now is the time to automate all that stuff, leveraging all the features to enable businesses to do their business.
I think of it as a very smart keynote: we have work to do NOW! Whether it is on premises or in a public cloud, probably a lot of bits of both for most enterprises. But with one and only one toolset and underlying technology: Microsoft.

MMS2013 The Benefits and Reasons for Upgrading to Windows Server 2012 Active Directory

This breakout sessions showed how easy it is to upgrade current domains to Server 2012, there is no reason not to. Domain Controllers become clonable on Hyper-V. Dynamic Access Control keeps data safe bases on multiple policies. Remote execution out of the box. Software controlled networking and Storage Spaces. Let’s go for it.

MMS2013 System Center 2012 Configuration Manager SP1 Overview

SCCM2012 has at least 2 highlights for me:
1. User-centric approach enables to give users the same experience on whatever device.
2. Integration with Intune meaning that we can manage devices without them connecting to the corporate network. Devices such as Windows RT, Windows Phone, iOS and Android!

MMS2013 Private Cloud Reference Architectures

This session was about all the work Microsoft and its Vendors have put into making things work. The biggest takeaway is that most of the things have already been done and are tested and documented. The trial and error method, as a lot of IT Pros use, is not going to do it when building Private Clouds. S you’d better use those Reference Architecture documents!

MMS2013 Getting Started with Windows Azure Virtual Machines and Virtual Networks

David Aiken turned out to be a very funny speaker and his session was great. He pretended to be a newbie and went through all the steps with all the questions while creating some VMs and connecting them. He concluded with: you do it once or twice like this and from then on you use Powershell!

MMS2013 How to Design and Configure Networking in VMM and HyperV (Part 1 and 2)

Wow, tough technical stuff at the end of the day: network virtualization or software based networking. You really need to switch some buttons in your brain to figure this out. Mainly it’s about 2 things:
1. Network Convergence: we can now put all network communications through just one NIC (teamed) instead of having separate NICs for different kind of communications. Less hardware, less cables!
2. Isolation: although we can use convergence we still can isolate VM Networks from each other. We can use the same (virtual) IP Ranges multiple times, tenants/customers can bring their own IP Ranges.
A couple of advantages are that we can manipulate IP settings without configuring that on individual hosts or guests and that we can do Live Migrations across (physical) subnets.
Don’t start with VMM and Clusters before you ingrained this stuff!

MMS2013 Orchestrating Hyper-V Replica Planned Failover with System Center 2012 SP1

Okay, you can initiate a planned replica failover from Hyper-V Manager manually. The @OrchestratorGuy took a different approach. From heavy touch, through lite touch, to zero touch. The principles of Orchestrator are simple; it does nothing but it can do everything. So he assembled a couple of tiered runbooks to do the trick. Run the runbook and the failover occurs. Alsways nice to see such demo’s.
Then he introduced System Center Service Manager into the game; initiate the failover through a Service Request in the Self Service Portal. Worked like a charm, with the CMDB being being updated, tickets opened and closed, properties of the VMs adjusted etc. etc. Great demo!
The key point out of this session: before you can automate something, get your procedures straight!

MMS2013 Implementing Common Scenarios in Virtual Machine Manager: Services and Service Templates

The VM is not important, the Service is. So you should even use Service templates if the Service consists of only one V. It gives you more repeatability, consistency and ease of management. At first glance it looks somewhat overdone but when you think it through it’s quite logical if you are getting into automation.

MMS2013 Develop a Successful Flexible Desktop Strategy in Today’s Digital Era

I am a BIG fan of Eduardo Kassner. He was once again brilliant in his confronting sarcasm, I really like that. I am NOT saying anymore, here is the abstract, the video should be available tomorrow on Channel9.
New desktop technologies such as BYOD, VDI, Slates, Consumerization, among other pressures are causing many IT environments to consider re-architecting their desktop infrastructure. In this session you will see predictions, market trends, and then proceed to separate myths from facts by proposing a mobile workspace strategy that focuses on meeting your users’ desktop requirements based on roles / personas, and enabling technologies rather than implying that one technology solution would fit all.

MMS2013 How to Manage and Deploy Microsoft User Experience Virtualization Across an Enterprise

UE-V is part of MDOP and it eases the pains of roaming profiles and combining profiles for desktops, laptops, remote desktops and VDI.
UE-V does this in a smart way by using an agent on the client(s). The Agent captures the changes on either OS or Application level and stores them locally and on a Network Share when the reconfigures app is being closed or the OS being locked/logged off. Now the smart thing is that only the changes are uploaded and downloaded instead of the complete profile.
There are no servers involved (except for the network share, which can be the AD-homedirectory), it also works offline, it is manageable through GPO and SCCM ant it comes with a bunch of out-of-the-box templates.
It makes no sense not using this if you have MDOP!

MMS2013 Automating System Center Deployment with the Powershell Deployment Toolkit

Well, this was a really COOL session. The demo, started at beginning of the session, completed in 55 minutes and the System Center Suite was completely installed, including SQL, prerequisites, integration and Management consoles. Pffffff.
They took a bit off effort to build this but then you have something. You only have to fill in some parameters such as server names, service accounts and stuff and the Powershell scripts do the rest, including the download of all necessary components!
Awesome!

MMS2013 Microsoft Application Virtualization 5.0: Migration and Coexistence

I’m supposed to be an App-V specialist so this was a very interesting session. I’ve been doing stuff with App-V 5.0 but I did no go in yet to coexistence and upgrading. Now that I have seen the things mentioned in the abstract below, I see great opportunities at our customers!
This session focuses on the process of migrating from App–V 4.6 to App–V 5.0, including coexistence of the App–V 4.6 Client and the App–V 5.0 Client.
The process of migrating App–V 4.6 packages to App–V 5.0 will include using the App–V 5.0 Package Converter tool and the process of customizing converted packages to leverage App–V 5.0’s new features.
We will also discuss some of the new features of the App–V 5.0 Sequencer that may make customers consider re–sequencing their applications instead of converting their App–V 4.6 packages

MMS2013 Building the Perfect Windows 8 Image

This session was almost a Hands On Instruction Lab, so I actually did the HOL after the session. An excellent session/HOL leveraging MDT and Windows8 for either Desktop Deployment or VDI Deployment.
That concluded my MMS2013 participation.

General insights are mostly about automation and the roadmap towards that automation. I have a lot of stuff to share, why we should do those things and where to start.

Redefine Backup for Online Services

I see a lot of questions in all sort of forums on backups. And I think it might be worth an effort to redefine what we mean and want to accomplish wit backups.

In the old days my definition of backup was that it’s only the preparation for a restore. Some file or system gets lost or corrupted, you look in your backups for a moment in time that the file or system was still working and you restore the file or system back to that point in time. That approach might lead to data loss of recent modifications to the file or system. When was the backup created and what happened to the file or system since that moment in time. We call that Recovery Point Objective (RPO), the data loss window. Next to RPO we haven RTO, Recovery Time Objective; how much time does it take to have systems or files available for use after a disruption. And last but not least, how far back in time do we want to go for recovery of files or systems

A lot of people tend to confuse a backup with an Archive. The purpose of an archive however is not to restore things to a certain point back in time, it’s about the ability to look up things from the past. So let’s have those two clearly distinct from each other: backup is no archive!

Looking at Online Services, like Exchange Online, are backups available in that environment? Well, they are not available to users. Microsoft only uses backup technologies for continuity of service and data integrity. That means there is no way of getting back a deleted mail item once all retention periods have been expired. Not one way. The same goes for SharePoint Online. Exchange also has a feature called Litigation Hold, from a mailbox placed under that policy, items can never be deleted. Not accidentally and not on purpose. Running Exchange on premises with DAGs is also about continuity, when setup across multiple datacenters, there’s also no need for backups.

Is that bad? I don’t think so. If Microsoft guarantees continuity of service and data integrity then it’s up to users to deal with that data. The retention policies allow for enough time to recover accidentally deleted items and for the rest I don’t see any reason at all for having backups, considering that a backup is NOT an archive.

I am not suggesting we stop making backups but we can be more aware of the why, when, where and how. Could save a bit money J.

Move Forward; Carving out the Future

I ran into two articles this week on which I would like to comment. Why do things not move faster in Enterprise IT is the common denominator in the two articles.

Sorry for my non-Dutch readers, the first article was posted in “IT-Executive” with the title “Automating IT is better than Outsourcing”. The second article is from “Business Insider” and carries the title “Our Obsession with Efficiency is Killing Innovation”. Let me put down a quote from each of them:

  • Companies spend millions trying to integrate legacy systems and they keep running slow and unimaginable inefficient systems. On top of that, those systems do not reflect business processes and put a big strain on IT putting out fires.
  • We are focused on the wrong metrics. Our universities are training entrepreneurs—and investors — to focus on fast and efficient return on capital investment. Efficiency innovations provide return on investment in 12-18 months. Empowering innovations take 5-10 years to yield a return.

That looks an awful lot like an ever spinning wheel with only two ways to stop it:

  1. Break out of it
  2. Don’t break out of it and die

Simple but true, in my opinion. I’m stuck in there as well, being both economist and IT Professional. But the second quote gives me a direction in which I was already heading. Establish long term relationships with customers, doing roadmap sessions and stop thinking in “quick wins” only. How I hate Quick Wins! But it’s a magic word…… and, it’s only a conversation. And conversations can be created.

Can we have both Quick Wins AND long term Wins! Of course we can! But in order for that happen we should start focusing on the latter and make sure we come up with significant spin-offs regarding the former. I call it future-driven projects and that is quite the opposite of how we normally run IT Projects, those are mostly passed based; we have an issue and it needs to be resolved, we have to get rid of that legacy system. Passed Based.

A major value of future-driven projects is that the likelihood of success is bigger. Let me explain that. Passed Based projects need agreement of all stakeholders and technical possibilities, and if there is one thing hard to get among IT people and decision makers it is agreement.

Projects then follow a very thin line to keep agreement (lengthy, inflexible Project Plans) in place, the agreement gets more important than the results, meaning al lot of paperwork full of agreement, meetings to re agree on the agreement, planning and re-planning. Actually, agreement is scope, and we tend to not manage scope (agreement) but only time and money. The only agreement left is time and money. And then that thin line breaks. IT projects do not have high success rates.

Future driven projects, however, only need alignment on a vision (or whatever word you would like to use here), of no more than two pages. The important word here is “Alignment” which is very distinct from “Agreement”. The next step is to plan backwards from that future to the present, getting things in place to fulfill that future. And the funny thing is, we all know how to do that, we all do it when we plan and book our holiday. We make sure everything is in place to be able to leave on the date set. Holiday planning has a very high success rate.

So, in the drawing we have a time line and the thinner blue lines indicate the uncertainty of the conditions but we are still heading in the right direction. We might end up somewhere between the two blue arrows. In the course of time we can adjust to the conditions whereas in passed based projects the conditions are always just constraints. If we know what has to be in place in 2016, we also know what has to be in place in 2015 to fulfill that. If we know what has to be in place in 2015 we also know what has to be in place in 2014, and so on. Planning back from the future to now, we know exactly what to do and what to start with. There is plenty of space to squeeze in some quick wins as well! No deadlines but milestones, which sounds much better from a motivational point of view.

Looking back at the first quote, the spending of millions, in this model we completely abandon the path of legacy compatibility because we only look at the future. Also, looking at the second quote, we create a future in which there is room for the so called empowering innovations. Sounds like a win-win situation to me!

 

 

 

Opinions on Windows 8 RT, where are we going?

Just five more days and Windows 8 reaches General Availability. And Windows 8 RT devices are for sale next weekend. There’s a lot of opinions going round now, a lot of them angry-like or even negative. I also have an opinion, I happily run Windows 8 and I was in time to pre-order Microsoft’s Surface RT, so my opinion is clear J.

I want to be in front, ahead of things, I’m already done with Server 2012, looking for what’s next. So I’ll be one of the first in The Netherlands to own a Surface RT, without a Start Button and without a Desktop. And I think that’s where we are going, who needs an OS, who needs a Desktop with a Start Button. It’s all about the apps.

And that is exactly what Microsoft is aiming at: deliver consistent apps-experience (apperience) on whatever device, there’s even tiles on Server 2012! Very nice that we can run our VMs on Azure but running VMs is so out of date. Microsoft is the first – and as largest OS producer they should – to recognize the end of the OS era. It will take some time, sure. But look at how fast we abandoned wired phones, both at work and at home. It must be a year ago since I last held a wired telephone device in my hands (or actually DIALED a number). On our mobile phones we talk just a little on the brand and flavor, we talk more about the apps. And if the app will run on a particular device.

That is the next step when there is no more need to run apps on the devices, here is HTML5, so the apps runs in a browser and browsers are found on all devices. Delivering apps is becoming a nightmare because of all those platforms, I think it’s really stupid to want to run a Windows Desktop running in a Datacenter on an iPad through a Citrix Receiver. Only because there are some “legacy” apps on that Desktop that cannot be run on the iPad? In my opinion it’s a transition phase, the Desktop is dying and with that so is VDI, SBC, XP, Windows 7 and even Windows 8.

In a couple of years we will all have pretty simple devices running nothing but a browser and some supporting OS for connectivity and Interface purposes; not for running apps though. Microsoft’s Surface RT is a pretty dumb device, kind of portal for apps. I will use Office2013 WebApps on Office365, save my files on SkyDrive and SkyDrive Pro, tether through my Windows Phone when there’s no Wifi available (hardly imaginable in The Netherlands), and yes, connect to my full blown Windows 8 Enterprise machine if I must (hey, this is a transition phase for me also). Some people are waiting for the Windows 8 Pro tablets, the Intel based machines which can run legacy Windows application. Those people clearly missed something in the conversation. Huh? You wait to by the newest of the newest of the hottest because you want to be able to run LEGACY apps? Yeah, smart. Will cost you something also.

So, I can hardly wait to start working with my Surface RT!

 

Exchange 2013 Hybrid Deployment on Office365 leveraging Azure

With all the new releases of Servers, Services and Devices, I thought it was time to build a Hybrid Deployment using Exchange 2013 Preview and Office 365 Preview.

I set out to do everything on Server 2012 but unfortunately that didn’t work out. So I had to cheat a little (making it more interesting though); my onprem environment consists of Server 2012 machines only. The Win2k8R2 machine I needed runs on Azure. The AD FS Service required for Single Sign On with Office 365 does not (yet) run on Server 2012. As the High Available AD FS Service is a constraint for a lot of customers to go for SSO, this might be good option anyway. Have your AD FS Servers in the Cloud, you could even force geo-redundancy and stuff like that.

So, I first need to acknowledge Office 365 MVP Jethro Seghers (http://jethroseghers.blogspot.nl/ and @jsegehrs) from Belgium who already set up this config but has had no time yet to describe it.

Secondly I used a great blogpost from Paul Cunningham on installing Exchange 2013 on Server 2012 (http://exchangeserverpro.com/install-exchange-2013-pre-requisites-windows-server-2012 .

And Trevor Smith for getting DirSync to run on Server 2012 http://community.office365.com/en-us/forums/613/p/63806/243279.aspx

I also acknowledge myself J for my earlier posts on setting up a Hybrid Deployment (been there, done that, got the certifcations….. no t-shirts though).

Okay, that being said, let’s get going.

Here is my Bill of Materials:

And you need a couple of rainy Sunday afternoons to set it all up. It’s not that hard but we all met Mr.Murphy, he’ll check in every now and then.

Onprem Configuration

I have a lack of resources so I only used 3 VMs in my “Private Cloud”: a Domain Controller, an Exchange Server and a Windows 8 client. It’s certainly no best-practice to put the Directory Synchronization tool on the Exchange server but it works.

It’s all straight forward configuration work, the certificate tool in Exchange 2013 works great. Just make the request, go to your certificate provider to submit the request and import the certificate. This is what it looks like:

 

 

 

I added the “sts” so I can use this certificate on the AD FS Server as well.

Create some users, dynamic distribution groups and mailboxes and start mailing, scheduling and stuff like that. There should be something in there before we start moving things to Office 365.

Then you do ALL of the tests in the Exchange Remote Connectivity Analyser (https://www.testexchangeconnectivity.com/ ):

 

 

 

 

 

 

….. and fix any issue before proceeding (keeps Mr.Murphy away).

 

Azure Configuration

The new Azure Portal is a real pleasure to work with, everything is in the place where you expect it to be. First we have to do some networking so that the VMs running on Azure can connect to the Onprem environment, using also your Onprem DNS Server. On Azure you have to create a so called Gateway Network and private subnet, name them as an Affinity group. Tick the Checkbox that you want to use this Gateway Network to connect to you Onprem environment.

Azure gives you the Gateway IP Address and there’s a button that will show the Pre-Shared Key to use when setting up your IPSec LAN-to-LAN VPN Tunnel. On my Draytek Router (running from my HAN, Home Area Network) that was a quick one. Although the default time-out was too low (300 sec), I adjusted it to 1500 secs. The result (in the pic even my two VMs are already spinning):

 

 

 

 

 

 

 

I set up 2 VMs on Azure, just pick them form the Gallery, I took a Server 2012 for a Read-Only-Domain-Controller (it only serves authentication purposes out there) and a Win2k8R2SP1 for the AD FS Server. When the Networks are properly configured the machines obtain the appropriate IP Addresses. A RDP Endpoint is automatically created so you can manage the machines through RDP. I created an additional Endpoint for the AD FS Service.

I did the dcpromo wizard to create the RODC (the Azure Neworking gave it the right IP settings, including my Onprem DNS Server) and I also joined the AD FS Server to the domain.

 

 

 

 

Office 365 Preview Configuration

The steps to take in the Admin Portal are the same as they are in the current version, it is still very important (keeps you out of trouble) to do thing in the right order.

So, assuming that all is set to go, working and tested, this is the order:

  • Set up Single Sign On by installing AD FS 2.0 and configure it with the proper commandlets in de MSOLPowershell Module.
  • The previous step asks that you must add a TXT Record in DNS for validation, after doing that you re-issue the last commandlet
  • Verify the addition of your domainname in the Portal
  • Enable Directory Synchronization, it’s just a button in the Portal. It says it might take 24 hours, my experience is it takes about 30 minutes.
  • When you see that DirSync is enabled you can run the configwizard prompting for both Online Admin credentials and Onprem (Schema) Admin credentials
  • Verify Directory Synchronization in the Portal, your Onprem AD Users should be listed there
  • Verify SSO by logging in to the Portal with a Synchronized user

All this is necessary because a Hybrid Exchange Deployment uses only Federated Users, thus AD FS and DirSync.

 

Exchange 2013 and Exchange Online Hybrid Deployment

Finally, we’re getting there. Getting the 2 Exchange Organizations talk to each other, allowing for Calendar Sharing, mailbox moves, complete GALs , etc, etc. I was not that enthusiastic about the wizard in Exchange 2010 SP2. It takes away the deeper level insights of what is actually happening. In my Trainings I still do it the manual way and if time permits I let my students do the SP2-Wizard.

So I’m quit curious about the Exchange 2013 “Exchange Administration Center” and the Wizard in there…..

As soon as you hit “Hybrid” in the al new Exchange Admin Center, a button appears with “Enable”, then it asks you to logon to Exchange Online so you end up in the Exchange Admin Center …… online! As soon as you hit Hybrid in there, a button appears with “Enable”. Looks like that way you have enabled Hybrid Deployment on both sides.

 

 

 

 

 

That looks very promising! YES! The next one looks familiar from the “old” Hybrid Deployment, proof of ownership for your domain:

 

 

 

 

 

 

 

I go to GoDaddy to do just that. Oeps, slight error in the “Copy to clipboard”, it also takes the domain name field… do NOT put that into your DNS Tool!! GoDaddy is fast, I could continue right away.

 

 

 

 

 

 

Centralized Mail Transport allows for mail flow from Exchange Online to the Internet to be routed through your Onprem mail servers (Compliance, Journaling or whatsoever). The Edge Role does not exist anymore (as TMG will soon) so I choose Hub Transport.

 

 

 

 

 

Easy choice, I only have one server deployed…. It should be an Internet facing CAS Server though, Hybrid Deployment is leveraged by Exchange Web Services found through Autodiscover. I skip the next screenshot, it’s the same but now it’s about the Sending Server.

 

 

 

 

I have set up my Exchange Certificate real good! Exchange Online recognizes it right away. And asks me for the SMTP Address of my Onprem server:

 

 

 

 

 

 

No surprise here (I’ll keep that for myself J):

 

 

 

 

This looks almost too easy to be true:

 

 

 

 

 

 

 

Checking Onprem, checking Tenant, checking prerequisites ….. a

All the manual steps from the good old times come by….. and yes indeed, this used to be the case all the time….

 

 

It used to be a matter of time-outs, so I’ll just cancel it (changes made are already there) and do some manual stuff, but not after running the wizard for a third time (Mr.Murphy please leave).

 

 

Let’s see what there is to modify….. hmmm, not much, exactly the same Wizard with the same results L.

 

 

Hey, I’m on Wave 15! This appears when I look at the Node “Organization”.

Here’s the FIX!

 

 

 

 

I added my namespace not from the Online Interface but from the Onprem Interface! That seems to be working perfectly! Just passed all the nodes and settings and it looks okay…. Time to move a Mailbox to Online, I guess.

The usual credential stuff (I’m triggering the Move from Online):

 

 

 

 

The Wizard does it wrong again…. As in Exchange 2010 SP2, the automatically configured endpoint is my local FQDN, which is of course not resolvable from Online. I manually enter the webmail.domain.domain endpoint and of we go.

 

 

 

 

YES! There he is! Note the very, very, very small arrow pointing to “Office365”, took me some minutes J, by that time the move had already completed (just 2 items).

Last checks for now:

  • mailflow Onprem-Online and vice versa                                   check
  • mailflow Online-Internet and vice versa                                    check
  • Calender sharing                                                                       check
  • That all will double check the AD FS Deployment as well J    check

Great!

Been there, done that, now I want the T-Shirt!

Thanks for reading and don’t hesitate to comment or to contact me!

 

Office 365 vNext: Ignite Session October 2012

This week I have been attending the Ignite Sessions on Office 365, three days of Technical Deep Dives and the newest features of all the products in the suite. There is quite some new stuff in there!

To enable businesses to use all of those features I think it’s time (at last) to get some form of user training. Because the changes in the client side of the next Office 365 are drastic (and, IMO, users are stuck when it comes to effectively using Office apps). Yeah! Training Time! Not only because of Office 2013 and SharePoint 2013, but also because of Windows 8. We must be very happy with these new versions because now the toolset is in such shape that we can really work on user productivity. Note that I am not using the term “end user”, just “user”. Because the same applies to systems engineers, administrators and so on.

The Windows Desktop and Office Suite haven’t changed much since Windows 95 and Office 95. And neither have our habits of using them. In those days, user training was booming; I trained over a 1.000 persons to get from MS-DOS/WP5.1/Lotus 123 to Windows 95/Office 95. Why did we stop doing that? We invested billions in hard- and software over the past two decades but we left users where they were and thus still are. Seems like a waste. So here is a brand new Desktop and a brand new set of Apps. Boy, will user be baffled when they see a couple of demo’s on touch-windows8-wordwebapp, adoption will take a lot of time if we do not put some effort in education.

So, that being said, what’s new in Office 365? It’s too much, but here are some of my highlights.

The Portal

The top navigation bar will follow whether you go to Outlook Web App, SharePoint Online, People, etc.

 

 

Mail

Two years ago I read on some Exchange Expert blog “We’re done”, Exchange is final, finished, nothing to do anymore. Well, they got it wrong. Exchange 2013 has a couple of totally new architectural concepts. For starters, there are only 2 roles left: Client Access and Mailbox. Secondly RPC/TCP is no longer supported, everything is RPC/HTTP(S). For the real details please look on http://www.microsoft.com/exchange/en-us/exchange-preview.aspx .

On the client side, well Outlook is still Outlook, no very radical changes. OWA is a bit sober, no more colors but the feature set is as expected. Best news is the partial OST-file. Just cache mail from the last 12 months or whatever setting you like.

 

 

Files

SharePoint has been overhauled thoroughly. MySite is now called SkyDrive Pro and there are (touch)tiles all over the place:

 

 

 

 

Everything is called App, so a Library is an App, a List is an App. You add Apps to your sites. A really handy feature is the SiteMailbox. You then have kind of mail able teamsite to keep mail and documents together in either Outlook or SharePoint.

Very spectacular is the way in which the Office Web Apps behave over different devices; the Apps seem to know when you are using a touch (Windows 8) device or a full (mouse) desktop device.

The way in which project, documents, lists are displayed is the same way as the new social pages, now to be found on the top menu bar under People and Newsfeed. So you can follow documents(sets), and people in the same way; very nice and easy!

 

Office

As mentioned, it’s school time! Is it SharePoint or is it Office? I really think that we can boost our productivity significantly by starting to use all of those features the way they are meant to be used. So finally, normal.dot is no longer hardcoded on A-4 or legal paper size. Knowing that just a small percentage will ever be printed. That makes sense and also a huge difference for reading pane and editing panes. Much more fluid and logical. Excel Pivot-tables now so easy for everyone to make use of, some great improvements there, especially when you add Apps into it, like Bing Maps.

Deployment and updates are smooth streaming processes and there even is an option for Office-On-Demand! Need Word for just now, click and go, nothing left when you’re done (I use it all the time on my servers, to read configurations guides and stuff like that).

There is a really nice OneNoteMX Metro App (Preview), it’s kind of “always on” whether you’re on a Mobile device, tablet or desktop, multiple people all at the same time in the same OneNote. Brilliant!

 

And now we’ll have to wait….. current Office 365 Customers will be upgraded and are able to choose for example when SharePoint gets the new looks. No hard dates just yet, somewhere Q1 2013 we’ll have General Availability.

Upcoming Blog: building Exchange 2013 Hybrid Deployments using ONLY Server 2012 (challenge with AD FS).

Upcoming: Office 365 Ignite Training + Office 365 User Group NL Meeting

Next week I will be attending the Office 365 Ignite training in Amsterdam to get all the tech-deep-dives for the vNext of Office 365.

A lot of the attendees at the Ignite training will go to the Office 365 Dutch User Group Meeting on Thursday evening. http://www.o365ug.nl if you would like to register.

So watch for my blog posts next week; I have some writing to do 🙂