Month: October 2012

Opinions on Windows 8 RT, where are we going?

Just five more days and Windows 8 reaches General Availability. And Windows 8 RT devices are for sale next weekend. There’s a lot of opinions going round now, a lot of them angry-like or even negative. I also have an opinion, I happily run Windows 8 and I was in time to pre-order Microsoft’s Surface RT, so my opinion is clear J.

I want to be in front, ahead of things, I’m already done with Server 2012, looking for what’s next. So I’ll be one of the first in The Netherlands to own a Surface RT, without a Start Button and without a Desktop. And I think that’s where we are going, who needs an OS, who needs a Desktop with a Start Button. It’s all about the apps.

And that is exactly what Microsoft is aiming at: deliver consistent apps-experience (apperience) on whatever device, there’s even tiles on Server 2012! Very nice that we can run our VMs on Azure but running VMs is so out of date. Microsoft is the first – and as largest OS producer they should – to recognize the end of the OS era. It will take some time, sure. But look at how fast we abandoned wired phones, both at work and at home. It must be a year ago since I last held a wired telephone device in my hands (or actually DIALED a number). On our mobile phones we talk just a little on the brand and flavor, we talk more about the apps. And if the app will run on a particular device.

That is the next step when there is no more need to run apps on the devices, here is HTML5, so the apps runs in a browser and browsers are found on all devices. Delivering apps is becoming a nightmare because of all those platforms, I think it’s really stupid to want to run a Windows Desktop running in a Datacenter on an iPad through a Citrix Receiver. Only because there are some “legacy” apps on that Desktop that cannot be run on the iPad? In my opinion it’s a transition phase, the Desktop is dying and with that so is VDI, SBC, XP, Windows 7 and even Windows 8.

In a couple of years we will all have pretty simple devices running nothing but a browser and some supporting OS for connectivity and Interface purposes; not for running apps though. Microsoft’s Surface RT is a pretty dumb device, kind of portal for apps. I will use Office2013 WebApps on Office365, save my files on SkyDrive and SkyDrive Pro, tether through my Windows Phone when there’s no Wifi available (hardly imaginable in The Netherlands), and yes, connect to my full blown Windows 8 Enterprise machine if I must (hey, this is a transition phase for me also). Some people are waiting for the Windows 8 Pro tablets, the Intel based machines which can run legacy Windows application. Those people clearly missed something in the conversation. Huh? You wait to by the newest of the newest of the hottest because you want to be able to run LEGACY apps? Yeah, smart. Will cost you something also.

So, I can hardly wait to start working with my Surface RT!

 

Exchange 2013 Hybrid Deployment on Office365 leveraging Azure

With all the new releases of Servers, Services and Devices, I thought it was time to build a Hybrid Deployment using Exchange 2013 Preview and Office 365 Preview.

I set out to do everything on Server 2012 but unfortunately that didn’t work out. So I had to cheat a little (making it more interesting though); my onprem environment consists of Server 2012 machines only. The Win2k8R2 machine I needed runs on Azure. The AD FS Service required for Single Sign On with Office 365 does not (yet) run on Server 2012. As the High Available AD FS Service is a constraint for a lot of customers to go for SSO, this might be good option anyway. Have your AD FS Servers in the Cloud, you could even force geo-redundancy and stuff like that.

So, I first need to acknowledge Office 365 MVP Jethro Seghers (http://jethroseghers.blogspot.nl/ and @jsegehrs) from Belgium who already set up this config but has had no time yet to describe it.

Secondly I used a great blogpost from Paul Cunningham on installing Exchange 2013 on Server 2012 (http://exchangeserverpro.com/install-exchange-2013-pre-requisites-windows-server-2012 .

And Trevor Smith for getting DirSync to run on Server 2012 http://community.office365.com/en-us/forums/613/p/63806/243279.aspx

I also acknowledge myself J for my earlier posts on setting up a Hybrid Deployment (been there, done that, got the certifcations….. no t-shirts though).

Okay, that being said, let’s get going.

Here is my Bill of Materials:

And you need a couple of rainy Sunday afternoons to set it all up. It’s not that hard but we all met Mr.Murphy, he’ll check in every now and then.

Onprem Configuration

I have a lack of resources so I only used 3 VMs in my “Private Cloud”: a Domain Controller, an Exchange Server and a Windows 8 client. It’s certainly no best-practice to put the Directory Synchronization tool on the Exchange server but it works.

It’s all straight forward configuration work, the certificate tool in Exchange 2013 works great. Just make the request, go to your certificate provider to submit the request and import the certificate. This is what it looks like:

 

 

 

I added the “sts” so I can use this certificate on the AD FS Server as well.

Create some users, dynamic distribution groups and mailboxes and start mailing, scheduling and stuff like that. There should be something in there before we start moving things to Office 365.

Then you do ALL of the tests in the Exchange Remote Connectivity Analyser (https://www.testexchangeconnectivity.com/ ):

 

 

 

 

 

 

….. and fix any issue before proceeding (keeps Mr.Murphy away).

 

Azure Configuration

The new Azure Portal is a real pleasure to work with, everything is in the place where you expect it to be. First we have to do some networking so that the VMs running on Azure can connect to the Onprem environment, using also your Onprem DNS Server. On Azure you have to create a so called Gateway Network and private subnet, name them as an Affinity group. Tick the Checkbox that you want to use this Gateway Network to connect to you Onprem environment.

Azure gives you the Gateway IP Address and there’s a button that will show the Pre-Shared Key to use when setting up your IPSec LAN-to-LAN VPN Tunnel. On my Draytek Router (running from my HAN, Home Area Network) that was a quick one. Although the default time-out was too low (300 sec), I adjusted it to 1500 secs. The result (in the pic even my two VMs are already spinning):

 

 

 

 

 

 

 

I set up 2 VMs on Azure, just pick them form the Gallery, I took a Server 2012 for a Read-Only-Domain-Controller (it only serves authentication purposes out there) and a Win2k8R2SP1 for the AD FS Server. When the Networks are properly configured the machines obtain the appropriate IP Addresses. A RDP Endpoint is automatically created so you can manage the machines through RDP. I created an additional Endpoint for the AD FS Service.

I did the dcpromo wizard to create the RODC (the Azure Neworking gave it the right IP settings, including my Onprem DNS Server) and I also joined the AD FS Server to the domain.

 

 

 

 

Office 365 Preview Configuration

The steps to take in the Admin Portal are the same as they are in the current version, it is still very important (keeps you out of trouble) to do thing in the right order.

So, assuming that all is set to go, working and tested, this is the order:

  • Set up Single Sign On by installing AD FS 2.0 and configure it with the proper commandlets in de MSOLPowershell Module.
  • The previous step asks that you must add a TXT Record in DNS for validation, after doing that you re-issue the last commandlet
  • Verify the addition of your domainname in the Portal
  • Enable Directory Synchronization, it’s just a button in the Portal. It says it might take 24 hours, my experience is it takes about 30 minutes.
  • When you see that DirSync is enabled you can run the configwizard prompting for both Online Admin credentials and Onprem (Schema) Admin credentials
  • Verify Directory Synchronization in the Portal, your Onprem AD Users should be listed there
  • Verify SSO by logging in to the Portal with a Synchronized user

All this is necessary because a Hybrid Exchange Deployment uses only Federated Users, thus AD FS and DirSync.

 

Exchange 2013 and Exchange Online Hybrid Deployment

Finally, we’re getting there. Getting the 2 Exchange Organizations talk to each other, allowing for Calendar Sharing, mailbox moves, complete GALs , etc, etc. I was not that enthusiastic about the wizard in Exchange 2010 SP2. It takes away the deeper level insights of what is actually happening. In my Trainings I still do it the manual way and if time permits I let my students do the SP2-Wizard.

So I’m quit curious about the Exchange 2013 “Exchange Administration Center” and the Wizard in there…..

As soon as you hit “Hybrid” in the al new Exchange Admin Center, a button appears with “Enable”, then it asks you to logon to Exchange Online so you end up in the Exchange Admin Center …… online! As soon as you hit Hybrid in there, a button appears with “Enable”. Looks like that way you have enabled Hybrid Deployment on both sides.

 

 

 

 

 

That looks very promising! YES! The next one looks familiar from the “old” Hybrid Deployment, proof of ownership for your domain:

 

 

 

 

 

 

 

I go to GoDaddy to do just that. Oeps, slight error in the “Copy to clipboard”, it also takes the domain name field… do NOT put that into your DNS Tool!! GoDaddy is fast, I could continue right away.

 

 

 

 

 

 

Centralized Mail Transport allows for mail flow from Exchange Online to the Internet to be routed through your Onprem mail servers (Compliance, Journaling or whatsoever). The Edge Role does not exist anymore (as TMG will soon) so I choose Hub Transport.

 

 

 

 

 

Easy choice, I only have one server deployed…. It should be an Internet facing CAS Server though, Hybrid Deployment is leveraged by Exchange Web Services found through Autodiscover. I skip the next screenshot, it’s the same but now it’s about the Sending Server.

 

 

 

 

I have set up my Exchange Certificate real good! Exchange Online recognizes it right away. And asks me for the SMTP Address of my Onprem server:

 

 

 

 

 

 

No surprise here (I’ll keep that for myself J):

 

 

 

 

This looks almost too easy to be true:

 

 

 

 

 

 

 

Checking Onprem, checking Tenant, checking prerequisites ….. a

All the manual steps from the good old times come by….. and yes indeed, this used to be the case all the time….

 

 

It used to be a matter of time-outs, so I’ll just cancel it (changes made are already there) and do some manual stuff, but not after running the wizard for a third time (Mr.Murphy please leave).

 

 

Let’s see what there is to modify….. hmmm, not much, exactly the same Wizard with the same results L.

 

 

Hey, I’m on Wave 15! This appears when I look at the Node “Organization”.

Here’s the FIX!

 

 

 

 

I added my namespace not from the Online Interface but from the Onprem Interface! That seems to be working perfectly! Just passed all the nodes and settings and it looks okay…. Time to move a Mailbox to Online, I guess.

The usual credential stuff (I’m triggering the Move from Online):

 

 

 

 

The Wizard does it wrong again…. As in Exchange 2010 SP2, the automatically configured endpoint is my local FQDN, which is of course not resolvable from Online. I manually enter the webmail.domain.domain endpoint and of we go.

 

 

 

 

YES! There he is! Note the very, very, very small arrow pointing to “Office365”, took me some minutes J, by that time the move had already completed (just 2 items).

Last checks for now:

  • mailflow Onprem-Online and vice versa                                   check
  • mailflow Online-Internet and vice versa                                    check
  • Calender sharing                                                                       check
  • That all will double check the AD FS Deployment as well J    check

Great!

Been there, done that, now I want the T-Shirt!

Thanks for reading and don’t hesitate to comment or to contact me!

 

Office 365 vNext: Ignite Session October 2012

This week I have been attending the Ignite Sessions on Office 365, three days of Technical Deep Dives and the newest features of all the products in the suite. There is quite some new stuff in there!

To enable businesses to use all of those features I think it’s time (at last) to get some form of user training. Because the changes in the client side of the next Office 365 are drastic (and, IMO, users are stuck when it comes to effectively using Office apps). Yeah! Training Time! Not only because of Office 2013 and SharePoint 2013, but also because of Windows 8. We must be very happy with these new versions because now the toolset is in such shape that we can really work on user productivity. Note that I am not using the term “end user”, just “user”. Because the same applies to systems engineers, administrators and so on.

The Windows Desktop and Office Suite haven’t changed much since Windows 95 and Office 95. And neither have our habits of using them. In those days, user training was booming; I trained over a 1.000 persons to get from MS-DOS/WP5.1/Lotus 123 to Windows 95/Office 95. Why did we stop doing that? We invested billions in hard- and software over the past two decades but we left users where they were and thus still are. Seems like a waste. So here is a brand new Desktop and a brand new set of Apps. Boy, will user be baffled when they see a couple of demo’s on touch-windows8-wordwebapp, adoption will take a lot of time if we do not put some effort in education.

So, that being said, what’s new in Office 365? It’s too much, but here are some of my highlights.

The Portal

The top navigation bar will follow whether you go to Outlook Web App, SharePoint Online, People, etc.

 

 

Mail

Two years ago I read on some Exchange Expert blog “We’re done”, Exchange is final, finished, nothing to do anymore. Well, they got it wrong. Exchange 2013 has a couple of totally new architectural concepts. For starters, there are only 2 roles left: Client Access and Mailbox. Secondly RPC/TCP is no longer supported, everything is RPC/HTTP(S). For the real details please look on http://www.microsoft.com/exchange/en-us/exchange-preview.aspx .

On the client side, well Outlook is still Outlook, no very radical changes. OWA is a bit sober, no more colors but the feature set is as expected. Best news is the partial OST-file. Just cache mail from the last 12 months or whatever setting you like.

 

 

Files

SharePoint has been overhauled thoroughly. MySite is now called SkyDrive Pro and there are (touch)tiles all over the place:

 

 

 

 

Everything is called App, so a Library is an App, a List is an App. You add Apps to your sites. A really handy feature is the SiteMailbox. You then have kind of mail able teamsite to keep mail and documents together in either Outlook or SharePoint.

Very spectacular is the way in which the Office Web Apps behave over different devices; the Apps seem to know when you are using a touch (Windows 8) device or a full (mouse) desktop device.

The way in which project, documents, lists are displayed is the same way as the new social pages, now to be found on the top menu bar under People and Newsfeed. So you can follow documents(sets), and people in the same way; very nice and easy!

 

Office

As mentioned, it’s school time! Is it SharePoint or is it Office? I really think that we can boost our productivity significantly by starting to use all of those features the way they are meant to be used. So finally, normal.dot is no longer hardcoded on A-4 or legal paper size. Knowing that just a small percentage will ever be printed. That makes sense and also a huge difference for reading pane and editing panes. Much more fluid and logical. Excel Pivot-tables now so easy for everyone to make use of, some great improvements there, especially when you add Apps into it, like Bing Maps.

Deployment and updates are smooth streaming processes and there even is an option for Office-On-Demand! Need Word for just now, click and go, nothing left when you’re done (I use it all the time on my servers, to read configurations guides and stuff like that).

There is a really nice OneNoteMX Metro App (Preview), it’s kind of “always on” whether you’re on a Mobile device, tablet or desktop, multiple people all at the same time in the same OneNote. Brilliant!

 

And now we’ll have to wait….. current Office 365 Customers will be upgraded and are able to choose for example when SharePoint gets the new looks. No hard dates just yet, somewhere Q1 2013 we’ll have General Availability.

Upcoming Blog: building Exchange 2013 Hybrid Deployments using ONLY Server 2012 (challenge with AD FS).

Server 2012 Certification Tracks

Server 2012 is here! And so are a great deal of the exams necessary to earn your certifications. I took them all, either the real stuff or in beta (beta-period is over though, you’ll have to wait). So what’s available and what are they like?

Microsoft Certified Solutions Associate: Server 2012

  • Exam 070-410, Installing and Configuring Windows Server 2012
  • Exam 070-411, Administering Windows Server 2012
  • Exam 070-412, Configuring Advance Windows Server 2012 Services
  • Or Exam 070-417, upgrading your Skills to MCSA Windows Server 2012, which is the 3 above exam taken all at once

I did 070-410 (beta) and 070-417 and passed them both. There is not much preparation material available yet, so how did I prepare? Well, first of all, I already started playing around with Server 2012 when the first Technical Preview became available. So I’m already pretty familiar with the interfaces, the “what-is-where-and-how” questions on the exams. Secondly, I am really well grounded in the previous versions of Windows Servers. There is a lot off good old stuff in the exams. And third, I took a very close look at the section “Skills being measured” on the Microsoft Learning website: http://www.microsoft.com/learning/en/us/Exam.aspx?ID=70-417&locale=en-us#tab1 (substitute the bold-printed exam number for either which exam). Actually, I did everything mentioned on those pages! Been there, done that, got the Certification (no shirts yet in the eCompany Store though….)

Exam 070-410 was a piece of cake, I took the beta unprepared and for free during Microsoft TechED 2012 in Amsterdam. I was not surprised of the result. I took exam 070-417 playing a game with some co-workers; who would be certified before October first. Jimmy van der Mast and I took it up and both passed. It’s a tough exam! Very lengthy, it took me 2,5 hours to complete. And a lot of stuff is being covered. As a trainer/coach I would suggest to a lot of folks to take the 3 separate exams instead of this one. Which has been the case with all previous versions of Upgrade-your-skills exams. It’s 3 exams in one, you cannot go back to a finished section, you’ll get 3 scores, the lowest one being the final score. So you must Pass on all 3 sections. No surprise that both Jimmy and I had the lowest score on the third section, there’s no “good old stuff” in there.

 

Microsoft Certified Solutions Expert: Server Infrastructure

  • Exam 070-413, Designing and Implementing a Server Infrastructure
  • Exam 070-414, Implementing an Advanced Server Infrastructure

Those exams are currently not available, I took the beta’s, no scores so far…). According to the Microsoft Learning website they will be “live” on October 16. You can look at the “Skills being measured” by taking the URL mentioned above and change the exam number. And then you will see…….. wow, this covers a lot more than only Server 2012! There is quite a bit of System Center 2012 in there so you have to be fairly familiar with SCOM, SCCM, SCVMM and you have know about AppController, Orchestrator, SCSM and SCDPM. And of course there is Networking, networking and more networking. And there is all flavors of Storage. BEWARE!

On exam 070-413, the name is not well chosen (IMHO). I think “Design” would fit better on exam 070-414. Then they would be more in line with the former Server 2000/2003 Design Exams. So exam 070-413 is still about “what-is-where-and-how”. Know the Interfaces, know how to fulfill requirements, step by step, complete the tasks. Whereas exam 070-414 is more about deciding which technology should be implemented give the requirements. More thinking and overview is required for the latter. I’m good at that, so I thought the first one was tougher than the second one.

Again, my preparations were about doing it all, building the complex Infrastructures and DOING it ALL. Fortunately there is Microsoft’s Virtual Labs (http://technet.microsoft.com/en-us/windowsserver/hh968267.aspx so you don’t have to build everything yourself.

Overall, these are really tough exams. The certification will be great asset on your resume.

 

Microsoft Certified Solutions Expert: Desktop Infrastructure

  • Exam 070-415, Implementing a Desktop Infrastructure
  • Exam 070-416, Implementing Desktop Application Environments

Same story here, beta’s, no scores yet, live on October 16. And again a lot of System Center 2012 products, networking, storage, performance and optimization. Depending on your line of expertise (mine is more on infrastructures than desktops and applications) this track is at least as tough as the Server Infrastructure track. Lucky for me that Qwise, my employer, does a lot of “Server Based Computing” (Citrix, RDS), VDI and App-V projects so I am well grounded in those matters. And isn’t everything about the App?

The track is very similar to the Server Infrastructure track for the differences between the 2 exams. And also over here, this certification will look great on your resume because markets will soon find out that not many of us will succeed in passing both exams.

 

Happy studying! Keep you posted!

Update, October 23: no MCSE for me, passed one exam in both tracks.

 

Upcoming: Office 365 Ignite Training + Office 365 User Group NL Meeting

Next week I will be attending the Office 365 Ignite training in Amsterdam to get all the tech-deep-dives for the vNext of Office 365.

A lot of the attendees at the Ignite training will go to the Office 365 Dutch User Group Meeting on Thursday evening. http://www.o365ug.nl if you would like to register.

So watch for my blog posts next week; I have some writing to do 🙂