Search This Blog

Tuesday, December 30, 2014

3rd Book Reviewed: Hyper-V Security

 

2014 is still a day left before move to next challenging year: 2015.  We just received a goods news from Pack Publication that our 3rd Book that we have worked on for the past last couple of month as “Technical Reviewer” has finally published to public and has available in the market.

[ Book cover – Hyper-V Security]

Hyper-VSecurity

Let welcome “Hyper-V Security” as our 3rd book reviewed.

[ Credit page ]

image

[ Reviewer Biography ]

image

image

image

[Table of Content]

Keeping systems safe and secure is a new challenge for Hyper-V Administrators. As critical data and systems are transitioned from traditional hardware installations into hypervisor guests, it becomes essential to know how to defend your virtual operating systems from intruders and hackers.

Hyper-V Security is a rapid guide on how to defend your virtual environment from attack.

This book takes you step by step through your architecture, showing you practical security solutions to apply in every area. After the basics, you'll learn methods to secure your hosts, delegate security through the web portal, and reduce malware threats.

Chapters:-

  • Introducing Hyper-V Security
  • Securing the Host
  • Securing Virtual Machines from the Hypervisor
  • Securing Virtual Machines
  • Securing the Network
  • Securing Hyper-V Storage
  • Hyper-V Security and System Center VMM
  • Secure Hybrid Cloud Management through App Controller

[Where to Buy ]

Currently Pack Pub offered USD 5 during year end promotion. Get it before the offer ends on January 6th 2015. Click here :- https://www.packtpub.com/virtualization-and-cloud/hyper-v-security

Enjoy reader and Happy New Year 2015

From – Virtual Lai

Tuesday, December 23, 2014

Configure Azure Site Recovery (ASR) Without VMM

 

To implement ASR one of the requirement is customer must has System Center Virtual Machine Manager. But this is no longer require. Microsoft has upgraded ASR and provide flexibility to SMB customer adopt ASR without the System Center requirement and use Azure as your DR site. Let explore on how to configure ASR without VMM.

ASRWithoutVMM

[Pre –requisite]

  • Hyper-V Host must be running Windows Server 2012 R2
  • Azure Subscription

[ Create a Site Recovery Vault ]

+ NEW | Data Services | Recovery Services | Site Recovery Vault |

image

[ Create Hyper-V Site ]

Purpose was to group together one or more Hyper-V server located in a physical location

Go to Site Recovery Vault | Servers | Hyper-V Sites | Click + Hyper-V Sites

Click Create Hyper-V Site and enter your site name

image

[ Prepare Hyper-V Servers]

After create Hyper-V Site, download the registration key file and the latest version of the Microsoft Azure Site Recovery Provider for Hyper-V.

Put the key in a location that Hyper-V server can access and use it when install the ASR Provider for Hyper-V

a) Download a registration from Recovery Services | Site Recovery Vault | Dashboard | Select Setup Recovery :- Between an on-premise Hyper V Site and Azure | Click Download a registration key

image

b) Download the Microsoft Azure Site Recovery provider for Hyper-V. Get it from Dashboard | Download

image

Provider setup:-

imageimage

image

image

[ Create and Configure Protection Group]

Still in Site Recovery Vault | Go to Protected Items | Protection Group | Create Protection Group and define your Hyper-V replication settings to Azure

image

image

image

[ Enable Protection for Virtual Machine]

One you’ve define the Hyper-V Replication setting to Azure. Our next step was enable VM that you would like to protect.

Select Site Recovery Vault | Protected Items | Protection Group | Select your Hyper-V Server | Click Add Virtual Machine and select VM

image

image

Protected VM to Azure must fulfill this requirement:-

  • Running Windows Server 2008 R2 or later
  • Linux :- Centos, OpenSuse, SUSE and Ubuntu
  • Must be 64 bit architecture
  • OS disk size – between 20MB and 127GB
  • Data disk size – 20 MB and 1023GB
  • One network adapter and one ip address
  • Not attached to iscsi
  • Not using shared VHD
  • Generation 1 VM
  • Virtual disk is VHD. VHDX is supported if VM is Generation 1 VM

For more detail, please refer to http://msdn.microsoft.com/en-us/library/dn469078.aspx

The configuration of Azure Site Recovery without VMM was straight forward. I got this setup in less than an hour and currently waiting for initial replica to replicate to Azure. Hope you enjoy the new enhancement to lowered the costs of providing a DR solution.

Saturday, December 20, 2014

Hybrid RemoteApp Deployment

 

With recent RemoteApp has GA, it is time for us to test configure it and setup hybrid deployment whereby we are require to setup site to site vpn, on-premise DC sync via Dirsync and application will reside in Microsoft Azure. Microsoft Azure RemoteApp delivers your Windows application from the Azure Cloud.

RA5

We have configure the deployment and step by step guide has posted here:- http://www.ms4ucloud.info/2014/12/hybrid-remoteapp-deployment.html

Enjoy!

Video : Azure RMS in Action

 

We have wrote our first post about Azure RMS in here. To better show you the technology, we think it would be best that we try to show it in video format. Enjoy!

Video 1 – First time using Azure RMS

Video 2 – Share Protect a File

Video 3 – Protect any File

Video 4 – Showing RMS in Action in RMS Sharing App running on Android

Video 5 – What happen when sending to wrong recipient?

Video 6 – What happen when sending to correct recipient?

Friday, December 19, 2014

$5 eBook Bonanza–PacktPub (Every Book, Every Topic)

 

image

Good news reader, we just received news from Packt Publishing. They are offering ebook or video for just $5 in this limited offer . If you’re interested on getting Hyper-V, System Center, Cloud or any technical book that you can think of, kindly proceed to their website:- http://www.packtpub.com/packt5dollar

Get as many eBooks and videos as you like before the offer ends on January 6th 2015 -- build your own library of tech knowledge before 2015 begins!

Enjoy!

-Virtual Lai-

Wednesday, December 17, 2014

64bit Windows Client Computer Support Azure Backup

 

Good news! You can now protect your client computer by backup your important data to Microsoft Azure Backup. Microsoft has announced it in this post: http://support.microsoft.com/kb/3015072

You can refer to our child site which document on how to configure backup from client computer to Azure. Go to http://www.ms4ucloud.info/2014/12/64bit-windows-client-computer-support.html

Azure Active Directory Connect (AD Connect) with Password Sync

Azure Active Directory Connect (AD Connect) with Password Sync

Azure AD Connect is "new" because it is now one integrated tool that includes all the advances of AAD Sync and Dirsync.
The Azure AD Connect wizard Public Preview 1 provides a guided experience for integratingone or multiple Active Directory forests with Microsoft Azure AD.  Optionally you can configure Exchange Hybrid deployment, password change write-back, AD FS and Web Application Proxy.
NOTE:- Azure AD Connect Public Preview 1 is recommended to be run in a lab environment and not in a production AD or AAD environment. To get the installer, click here.
If you plan to run on production environment, please download
Azure Active Directiory Dir Sync from here.
AAD Sync capabilities include the following;
  • Active Directory and Exchange multi-forest environments can be extended now to the cloud.
  • Control over which attributes are synchronized based on desired cloud services.
  • Selection of accounts to be synchronized through domains, OUs, etc.
  • Ability to set up the connection to AD with minimal Windows Server AD privileges.
  • Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
  • Preview AAD Premium password change and reset to AD on-premises.
Let begin the AD Connect configuration
1
After installation , double click AD connect icon on your desktop
image_thumb
Accept the license agreement and click Continue
image_thumb[2]
Note:- Before install this tool, remember to add .Net Framework 3.5 features first.
The AD Connect tool will download and install
  • MS Online Services Sign in Assistant
  • Windows Azure Active Directory Module for Windows Powershell
  • Azure AD Sync Engine
image_thumb[4]
Enter Azure AD Credential
image
Next page will asking about Express setting (default using password sign on) or Customize (allow to select password or Single Sign On)
image
Below screen is how it look when select “Customize”
image
Let select “Password Sync” ..
Enter your Active Directory credential
image
Select optional features
  • Exchange hybrid deployment
- Allow for co-existence of exchange mailboxes both on-premise and in Azure by synchronizing a specific set of attributes from Azure AD back into your on-premise directory.
  • Password write back
- this option allow password changes that originates with Azure AD will be written back to your on-premise directory
image
  • Specify identify user in on-premise directories and Azure
image
image
Final step
image
image
[Verification in Microsoft Azure AD]
You will notice on-premise user account has sync to Azure AD
image

Tuesday, December 16, 2014

Free Guide–The Journey of System Center Consultant Implementing Business Service Management

BSM-Guide--240x200

Well this is interesting. We just help Savision to replace an existing banner with above banner. It sound interesting and consist of 52 pages about how a System Center Consultant help a company to implementing Business Service Management in an organization.

I’ve downloaded a copy and enjoy the reading.

Are you interested? If yes, please feel free to download from here:-

http://www2.savision.com/l/12082/2014-12-15/ps5gk

Enjoy!

Monday, December 15, 2014

Evaluate 5Nine Cloud Security 5.0 For Hyper-V With Kaspersky Antivirus Built-in and 98 Viruses

Recently 5Nine has released a new version for 5Nine Cloud Security. But we are busy with a lot of new product/features available in the market that require us to test it. Just hope that we have more than 24 hours a day. Without further due, let begin our evaluation test.

[ Overview ]

5nine Cloud Security for Hyper-V is the first and only agentless complete security and compliance solution built specifically for Microsoft Cloud OS and Hyper-V, utilizing the extensibility of Hyper-V switch. It allows users to:

  • Secure  multi-tenant Hyper-V environment and provide VM isolation
  • Protect Hyper-V with fast, agentless antivirus
  • Enforce PCI-DSS, HIPAA and Sarbanes-Oxley compliance
  • And more.

Multi-layered protection is provided, with an integrated firewall, antivirus and Intrusion Detection System (IDS). The agentless firewall ensures complete traffic control and isolation between VMs. The antivirus performs incremental scans up to 50x faster and IDS proactively detects malicious attacks.

We have blog about other features, please feel free to visit:-

Virtual Firewall and Anti-Malware Protection for Hyper-V Extensible Switch
Secure Your Hyper-V Infrastructure By Using 5Nine Cloud Security

[Comparison between different Edition ]

image

This round we are going to test the capability of 5Nine Cloud Security with Kaspersky Antivirus.

[ Our Test Scenario ]

  • Test VM running Windows Server 2012 R2 with Update Rollup 1 only. We have pushed an agent into the VM from 5Nine Cloud Security.
  • 98 viruses which provided by our friend :- Jacky Chua (Don’t ask me where he got it? )

Viruses

  • 5Nine Cloud Security with Kaspersky Antivirus Built-in

[ Configuration on 5Nine Cloud Security ]

  • Enable VM Protection by per VM

11

  • Constant Virus definition updates. Auto updates every 120 minutes or manual.

12

  • Able to configure AV Scanning Scheduling

13

  • Configure AV Settings aggressiveness. The most secure settings will impact VM performance.

14

  • Able to configure files/ folder exclusion. We want to prevent from scanning exchange database, SQL database, etc.

15

  • Allowed threats – ???? Still cannot figure out why this tab is available. Must be a reason for it but at this moment, we got no threat to bypass.

16

  • Able to add file extension that you would like the AV to scan. We have manually added .zip

17

[ In Action ]

Time to perform manual scan as we want to get immediate result rather than waiting for 5Nine to perform schedule scan.

Click on Full Scan. Just wait for a while…..

Virus Quarantine

Then the system found viruses and perform remediation without our intervention …

Virus

You can view the status from Antivirus status …

18

[ End result ]

Impressive result. Out of 98 viruses, 5Nine Cloud Security managed to quarantined 95 viruses.

Effective rate is 96.93%

19

Create Bootable USB Drive From an ISO File

 

Do you want to create a bootable usb drive from an iso file? Well, for us is yes especially want to perform installation without looking for DVD burner. This tool has been around since 2009 and we just use it to create a bootable usb for “Windows Server Technical Preview”. It is still working and perform the job well. Interested, please feel free to download “Windows 7 USB/DVD Download Tool” from http://wudt.codeplex.com/

image

image

image

Enjoy!