WindowsNetworking.com - Monthly Newsletter - September 2015

Welcome to the WindowsNetworking.com newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: dshinder@windowsnetworking.com

 

1. Your Network in the Cloud

Cloud computing can take many forms. Most companies and individuals are using cloud services of some kind, even if they don’t think of themselves as having gone “to the cloud.”  Many use cloud-based storage services such as Box or OneDrive; many use cloud applications such as Google Apps or Office Web Apps. Many have said goodbye to on-premises mail servers and are using online email services such as Exchange Online (with or without a full-fledge Office 365 deployment) or Gmail, as I discussed in my series on Saying Goodbye to On-premises Exchange over on our sister web site, CloudComputingAdmin.com

For many organizations, the first step into the cloud is the use of these types of specific applications, which are classified as Software-as-a-Service or SaaS. With SaaS, the cloud provider does all of the work for you when it comes to troubleshooting and maintenance of the application software and its underlying operating system. This takes a lot of administrative burden off of you, but also takes away a lot of control.

To regain that control, you have to go even deeper into the cloud, where you’ll find Infrastructure-as-a-Service or IaaS.  With IaaS, instead of purchasing the delivery of a turn-key software program over the Internet, you’re purchasing the delivery of virtual machines that are running on the cloud provider’s hardware in its data center. Those VMs can run an operating system of your choice, and you can install, configure and manage whatever applications you want on it.

This means you can create entire virtual networks in the cloud, which you can control the same way you control those in your on-premises data center. Since most admins now use remote tools to manage their local networks, there is very little learning curve involved. In many ways, IaaS gives you the best of both worlds: control and visibility into your network infrastructure without having to worry about or deal with hardware issues.

Amazon’s AWS (Amazon Web Services) and Microsoft’s Azure are the two leading cloud providers in the IaaS space – and in fact are the only two companies that Gartner has categorized as belonging to the leadership quadrant in their IaaS Magic Quadrant. There’s a good chance, then, that if you put your company’s infrastructure (or part of it) into the cloud, you will run it on one of these two platforms. Most organizations will start out with a hybrid infrastructure – part on-premises and part cloud – and I’ve been discussing hybrid networking with Azure in depth in an on-going WindowsNetworking.com series of articles titled Hybrid Network Infrastructure in Microsoft Azure.

If you select AWS to provide your infrastructure, the number of services included in AWS is almost overwhelming, from basic compute to storage to database to security and identity, monitoring and analytics, mobile services, and dev tools. We can help you to navigate your way through this brave new world with the articles and tutorials over at our other sister site, InsideAWS.com.

Networking in the cloud is both similar to and different than on-premises data center networking. You can have many of the same components that you’re used to working with “on land”: domain controllers, DNS, DHCP, security mechanisms; you can create subnets and specify custom routing policies and connect your virtual networks to other virtual networks.

However, depending on your cloud provider and the service(s) you purchase, there will be limitations on what you can do in a cloud infrastructure vs. a physical one. VLANs, for instance, are layer 2 constructs and can’t be implemented on VNets. You may not be able to use multicast and broadcast protocols that you’re used to using on your on-premises networks, or use the tools with which you’re familiar, such as tracert, to troubleshoot connectivity problems. You might not be able to specify a custom DNS suffix for your virtual networks, or manually assign IP addresses to NICs in a VM.

Just because you can’t do something today, though, doesn’t mean you won’t be able to do it tomorrow. Cloud IaaS providers are aggressively competing both with each other and with on-premises networking; they want to woo more organizations to their clouds and they are rapidly developing and implementing new features and capabilities. Unlike with traditional operating systems, where additional features usually come in new versions or at least in service packs, feature sets in AWS and Azure are being updated continually.

The more limited (albeit expanding) feature set isn’t the only drawback to cloud computing, and you’ll want to consider both the pros and cons carefully before making a commitment to a cloud provider. One of the big reasons for moving to the cloud is to save money, and it’s undeniable that the up-front investment is far less, since you don’t have to buy hardware or the building space to house it. There can be hidden costs involved in the cloud, though.

One of the potentially most expensive dangers of the cloud is the possibility of spinning up VMs and then forgetting to shut them down. If you do that in an on-premises data center, it doesn’t really cost you money (although it might limit the performance of your other VMs that are running on the same machine). If you do that in the cloud, the provider will happily charge you for that “usage,” even though you aren’t actually doing anything with the VM. Oops. I’ve known more than one absent-minded cloud user who got slapped with a big bill for that reason.

Additionally, beware “free” cloud services. They’re almost always limited not just in time but to a fairly small amount of usage during that “free” period. If you go over the thresholds, you get billed for the excess usage. Oops again. You might also find that some of the great features a cloud service touts – such as multi-factor authentication, for example – come only with their “premium” services, or cost extra to implement as standalone services. Finally, some services may have different billing options, such as per-use or per-user, and the best selection depends on how your particular organization uses the service.

Bottom line: Cloud computing is here to stay for a while, and it can make IT operations easier and cheaper for your company – if you do your homework and make sure you know what you get and how much it’s going to cost, monitor your usage closely and select the pricing plans that make the most sense for your own situation – and always remember to “turn off the lights when you leave the room.”

‘Til next time,

Deb

dshinder@windowsnetworking.com

=======================

TANSTAAFL: There ain’t no such thing as a free lunch. – Robert A. Heinlein

TANSTAAFC: There ain’t no such thing as a free cloud. - Me

=======================

2. Windows Server 2012 Security from End to Edge and Beyond – Order Today!

Windows Server 2012 Security from End to Edge and Beyond By Thomas Shinder, Debra Littlejohn Shinder and Yuri Diogenes From architecture to deployment, this book takes you through the steps for securing a Windows Server 2012-based enterprise network in today’s highly mobile, BYOD, cloud-centric computing world. Includes test lab guides for trying out solutions in a non-production environment. Order your copy of Windows Server 2012 Security from End to Edge and Beyond. You'll be glad you did

Click here to Order your copy today

 

3. WindowsNetworking.com Articles of Interest

Once again, we’re continuing with several popular article series on Windowsnetworking.com, along with some new topics:

The Real Cost of Data Loss and How to Prevent It

This is a new, standalone article by Sheldon Smith that provides you with a quick look at some of the top data risks that are faced by companies today, along with some strategies to prepare for and prevent them, in light of documented trends indicating a huge increase in the incidence of data loss and an enormous monetary impact on organizations.
http://www.windowsnetworking.com/articles-tutorials/netgeneral/real-cost-data-loss-and-how-prevent-it.html

Hybrid Network Infrastructure in Microsoft Azure (Part 5)

In this series, I’ve been discussing in depth what hybrid clouds are all about and the networking functionality in Azure Infrastructure Services, discussing various aspects of Azure networking in detail. Part 5 addresses Azure Virtual Networks, IP addressing issues, routing behavior and name resolution.
http://www.windowsnetworking.com/articles-tutorials/cloud-computing/hybrid-network-infrastructure-microsoft-azure-part5.html

Active Directory Insights (Part 4)

In this continuation of Mitch Tulloch’s series, he talks more about the subject introduced in Part 3, read-only domain controllers in Active Directory environments and some of the things that you need to be aware of when you plan on deploying them in your network.
http://www.windowsnetworking.com/articles-tutorials/windows-server-2012/active-directory-insights-part4.html

PowerShell for Storage and File System Management (Part 3)

This is the third in a series of articles by Brien Posey in which he looks into the topic of monitoring storage health and the three steps that are involved in building a PowerShell tool for that purpose, including configuring the tool to check the state of the disk, scheduling the script to run on a periodic basis and producing alerts to let you know when a disk’s health is not what it should be.
http://www.windowsnetworking.com/articles-tutorials/netgeneral/powershell-storage-and-file-system-management-part3.html

How to Successfully Create a Hyper-V Cluster Using Virtual Machine Manager (Part 6)

In this very comprehensive multi-part series, Nirmal Sharma continues to explore the tabs that are available on the property page of a Hyper-V cluster as begun in a previous installment, specifically addressing the Shared Volumes tab and the Virtual Switches tab, and all of the options that can be set in these two locations.
http://www.windowsnetworking.com/articles-tutorials/netgeneral/how-successfully-create-hyper-v-cluster-using-virtual-machine-manager-part6.html

4. Administrator KB Tip of the Month

Can I Set User Account Control Flags using Command Line?

This quick tip from Nirmal Sharma explains use of Set-ADAccountControl PowerShell cmdlet to set UAC flag of a user account:

Set-ADAccountControl PowerShell cmdlet allows you set User Account Control flags such as PasswordNotRequired, CannotChangePassword flags via command line:

To make sure a user is required to change the password before logon, execute below command:

• Set-ADAccountControl NickS -PasswordNotRequired $false

To make sure password never expires for a user account such as a service account, use below command:

• Set-ADAccountControl NickS -PasswordNeverExpires $true

To ensure user is not able to change his/her password, execute below command:

• Set-ADAccountControl 'CN=NickS, OU=CyberUser, DC=Test, DC=Local' -CannotChangePassword $true

5. Windows Networking Links of the Month

• A dozen takeaways from VMworld 2015
• 5 IT experts reveal their Windows 10 upgrade strategies
• Good news for jet-setting businessfolk: In-flight wi-if speeds up
• How Google looked to the past to develop a network for the future
• The 2020 WAN takes shape – SDN, virtualization, and hybrid WANs
• Private cloud networking challenges and solutions
  
  

6. Ask Sgt. Deb

Windows 10 Privacy issues

QUESTION:

Hey, Deb, I’ve read some of your things about some new features in Windows 10 that sound useful to our company and since we’re still using Windows 7 on most of our computers and even Vista on a few (40-something computers in a small company) we know it’s  probably time to upgrade but I keep hearing and reading about privacy issues and that makes me nervous because we’re a small business that works with medical records management for small doctors offices and as you know HIPAA and other rules mean we have to be sure data doesn’t get exposed. Are the issues anything to be concerned about? Thanks! – Jordan G.

ANSWER:

Hi, Jordan. Windows 10 definitely has some security advantages over Windows 7 that can help you in meeting HIPAA requirements. Some of the privacy issues that have been brought up involve such features as Cortana, the Edge browser, the peer-to-peer update distribution technology, and the wireless network sharing feature called Wi-fi Sense, as well as location services and app access to the device’s camera and microphone.  The good news is that all of these are configurable so you can change the settings to ensure that users and their data have much more privacy than the default settings give you.  You can also completely disable services that you don’t want or need.

This article can guide you in locking down the privacy settings in Windows 10.

Of course, for sensitive patient data, your company will have policies governing how and where it is stored and accessed, and encryption technologies such as BitLocker and EFS can help to protect the confidentiality of that data, and enhancements to multi-factor authentication and other identity management improvements make it more difficult for unauthorized persons to access systems.