Prepare Windows 10 Master Image & Deploy Windows Virtual Desktop

Gallery

Microsoft announced Windows Virtual Desktop and began a private preview. Since then, we’ve been hard at work developing the ability to scale and deliver a true multi-session Windows 10 and Office 365 ProPlus virtual desktop and app experience on any … Continue reading

Backup VMware Server Workloads to Azure Backup Server

Gallery

This gallery contains 1 photo.

In my previous article, I explained how to install and configure Azure Backup Server. This article explains how to configure Azure Backup Server to help protect VMware  Server workloads. I am assuming that you already have Azure Backup Server installed. … Continue reading

Azure Backup Server v2

Gallery

This gallery contains 2 photos.

Azure Backup is used for backups and DR, and it works with managed disks as well as unmanaged disks. You can create a backup job with time-based backups, easy VM restoration, and backup retention policies. The following table is a … Continue reading

Migrate Office 365 Relying Party Trust to Different ADFS Farm

Gallery

To migrate Office 365 Relying Party Trust from an existing ADFS Farm to new ADFS Farm, follow the step by step guide. Migrating Office 365 Relying Party Trust will incur a minor disruption to SSO environment. Prerequisites: Existing ADFS Farm … Continue reading

Deploy Work Folder in Azure Cloud

Gallery

The concept of Work Folder is to store user’s data in a convenient location. User can access the work folder from BYOD and Corporate SOE from anywhere. The work folder facilitate flexible use of corporate information securely from supported devices. … Continue reading

ADFS 4.0 Step by Step Guide: Federating with Splunk Cloud

Gallery

To integrate On-Premises SSO with Splunk Cloud, you need the following items: On-premises Active Directory On-premises ADFS 2016 A Splunk Cloud tenant Splunk cloud Sign-on URL https://yourinstance.splunkcloud.com/saml/acs Splunk cloud Sign-on URL https://yourinstance.splunkcloud.com/saml/logout ADFS Sign-on URL https://sts.domain.com/adfs/services/trust ADFS Sign-Out URL  https://sts.domain.com/adfs/ls/?wa=wsignout1.0 … Continue reading

ADFS 4.0 Step by Step Guide: Federating With Google Apps

Gallery

To integrate On-Premises SSO with Google Apps, you need the following items: On-premises Active Directory On-premises ADFS 2016 A Google Apps single sign-on enabled subscription Google Apps Sign-on URL https://mail.google.com/a/domain.com ADFS Sign-on URL https://sts.domain.com/adfs/ls/ ADFS Password Change URL https://sts.domain.com/adfs/portal/updatepassword/ ADFS … Continue reading

ADFS 4.0 Step by Step Guide: Federating with ServiceNow

Gallery

Prerequisites: Windows Active Directory Windows Server 2016 with ADFS Role installed ServiceNow Tenant ADFS Signing certificate from ADFS Server ADFS Service Identifier: http://sts.domain.com/adfs/services/trust ServiceNow Sign On URL: https://company.service-now.com/navigate.do ServiceNow Identifier: https://company.service-now.com ADFS Signout URL: https://sts.domain.com/adfs/ls/?wa=wsignout1.0 Step1: Export Token Signing Certificate … Continue reading

Building Multiple ADFS Farms in a Single Forest

Let’s paint a picture, you have an unique requirement to build multiple ADFS farms. you have a fully functional hybrid environment with EXO. you do not want to modify AAD connect and existing ADFS servers. But you want several SaaS applications use different ADFS farm with MFA but their identity is managed by the same Active Directory forest used by existing ADFS farm.

Here is the existing infrastructure:

  • 1 single forest with multiple hybrid UPNs (domainA.com, domainB.com, domainC.com and many…)
  • 2x ADFS servers (sts1.domainA.com)
  • 2X WAP 2012 R2 cluster
  • 1x AAD Connect
  • 1X Office 365 Tenant with several federated domains (domainA.com, domainB.com, domainC.com and many….)
  • 1x public CNAME sts1.domainA.com

Above configuration is working perfectly.

Now you would like to build a separate ADFS 2016 farm with WAP 2016 cluster for SaaS applications. This ADFS 2016 farm will be dedicated to authenticate these SaaS applications. you would also like to turn on MFA on ADFS 2016. Add new public authentication endpoint such as sts2.domainA.com for ADFS 2016 farm.

End goal is that once user hit https://tenant.SaaSApp.com/ it will redirect them to sts2.domain.com and prompt for on-prem AD credentials and MFA if they are accessing from public network.

New ADFS 2016 infrastructure in the same forest and domain:

  • 2X ADFS 2016 Servers (sts2.domainA.com)
  • 2X WAP 2016 Servers
  • 1 X separate public IP for sts2.domainA.com
  • 1X public CNAME for sts2.domainA.com
  • 1X Private CNAME for sts2.domainA.com

Important Note: You have to prepare Active Directory schema to use ADFS 2016 functional level. No action/tasks necessary in existing ADFS 2012 R2 environment.

Guidelines and referrals to build new environment.

Upgrading AD FS to Windows Server 2016 FBL

ADFS 4.0 Step by Step Guide: Federating with Workday

Branding and Customizing the ADFS Sign-in Pages

Deploy Web Application Proxy Role in Windows Server 2012 R2 –Part I

Deploy Web Application Proxy Role in Windows Server 2012 R2 –Part II

Office 365 Hybrid Deployment with Exchange 2016 Step by Step

Gallery

Hybrid Configuration Business Case. On-premises IRM- Information Rights Management (IRM) enables users to apply Active Directory Rights Management Services (AD RMS) templates to messages that they send. Antispam and malware protection- Mailboxes moved to Office 365 are automatically provided with antivirus … Continue reading

Upgrading AD FS to Windows Server 2016 FBL

Gallery

This article will describe how to install new ADFS 2016 farm or upgrade existing AD FS Windows Server 2012 R2 farm to AD FS in Windows Server 2016. Prerequisites: ADFS Role in Windows Server 2016 Administrative privilege in both ADFS … Continue reading

ADFS 4.0 Step by Step Guide: Federating with Workday

Gallery

This article provides step by step guidelines to implement single sign on using ADFS 4.0 as the identity provider and Workday as the identifier and service provider. Important Note: Workday does not provide a service provider metadata XML file to … Continue reading

Manage Remote Workgroup Hyper-V Hosts with Hyper-V Manager

Gallery

This gallery contains 2 photos.

The following procedures are tested on Windows Server 2016 TP4 and Windows 10 Computer. Step1: Basic Hyper-v Host Configuration Once Hyper Server 2016 is installed. Log on to Hyper-v host as administrator. You will be presented with command prompt. On … Continue reading

VMware Increases Price Again

Gallery

VMware increases price again. As per VMware pricing FAQ, the following pricing model will be in effect on April 1, 2016. vSphere with Operations Management Enterprise Plus from US$4,245/CPU to US$4,395/CPU VMware vCenter Server™ Standard from US$4,995/Instance to US$5,995/Instance vSphere … Continue reading

Hyper-v Server 2016 What’s New

Changed and upgraded functionality of Hyper-v Server 2016.

  1. Hyper-v cluster with mixed hyper-v version
  • Join a Windows Server 2016 Hyper-v with Windows Server 2012 R2 Hyper-v
  • Functional level is Windows Server 2012 R2
  • Manage the cluster, Hyper-V, and virtual machines from a node running Windows Server 2016 or Windows 10
  • Use Hyper-V features until all of the nodes are migrated to Windows Server 2016 cluster functional level
  • Virtual machine configuration version for existing virtual machines aren’t upgraded
  • Upgrade the configuration version after you upgrade the cluster functional level using Update-VmConfigurationVersion vmname cmdlet
  • New virtual machine created in Windows Server 2016 will be backward compatible
  • Hyper-V role is enabled on a computer that uses the Always On/Always Connected (AOAC) power model, the Connected Standby power state is now available
  1. Production checkpoints
  • Production checkpoints, the Volume Snapshot Service (VSS) is used inside Windows virtual machines
  • Linux virtual machines flush their file system buffers to create a file system consistent checkpoint
  • Check point no longer use saved state technology
  1. Hot add and remove for network adapters, virtual hard drive and memory
  • add or remove a Network Adapter while the virtual machine is running for both Windows and Linux machine
  • Adjust memory of a running virtual machine even if you haven’t enabled dynamic memory
  1. Integration Services delivered through Windows Update
  • Windows update will distribute integration services
  • ISO image file vmguest.iso is no longer needed to update integration components
  1. Storage quality of service (QoS)
  • create storage QoS policies on a Scale-Out File Server and assign them to one or more virtual disks
  • Hyper-v auto update storage policies according to storage policies
  1. Virtual machine Improvement
  • Import virtual machine with older configuration version, update later and live migrate across any host
  • After you upgrade the virtual machine configuration version, you can’t move the virtual machine to a server that runs Windows Server 2012 R2.
  • You can’t downgrade the virtual machine configuration version back from version 6 to version 5.
  • Turn off the virtual machine to upgrade the virtual machine configuration.
  • Update-VmConfigurationVersion cmdlet is blocked on a Hyper-V Cluster when the cluster functional level is Windows Server 2012 R2
  • After the upgrade, the virtual machine will use the new configuration file format.
  • The new configuration files use the .VMCX file extension for virtual machine configuration data and the .VMRS file extension for runtime state data.
  • Ubuntu 14.04 and later, and SUSE Linux Enterprise Server 12 supports secure boot using Set-VMFirmware vmname -SecureBootTemplate MicrosoftUEFICertificateAuthority cmdlet
  1. Hyper-V Manager improvements
  • Support alternative credential
  • Down-level management of Hyper-v running on Windows Server 2012, Windows 8, Windows Server 2012 R2 and Windows 8.1.
  • Connect Hyper-v using WS-MAN protocol, Kerberos or NTLM authentication
  1. Guest OS Support
  • Any server operating systems starting from Windows Server 2008 to Windows Server 2016
  • Any desktop operating systems starting from Vista SP2 to Windows 10
  • FreeBSD, Ubuntu, Suse Enterprise, CentOS, Debian, Fedora and Redhat

9. ReFS Accelerated VHDX 

  • Create a fixed size VHDX on a ReFS volume instantly.
  • Gain great backup operations and checkpoints

10. Nested Virtualization

  • Run Hyper-V Server as a guest OS inside Hyper-V

11. Shared VHDX format

  • Host Based Backup of Shared VHDX files
  • Online Resize of Shared VHDX
  • Some usability change in the UI
  • Shared VHDX files are now a new type of VHD called .vhds files.

12. Stretched Hyper-V Cluster 

  •  Stretched cluster allows you to configure Hyper-v host and storage in a single stretch cluster, where two nodes share one set of storage and two nodes share another set of storage, then synchronous replication keeps both sets of storage mirrored in the cluster to allow immediate failover.
  • These nodes and their storage should be located in separate physical sites, although it is not required.
  • The stretch cluster will run a Hyper-V Compute workload.

 

Unsupported:

Hyper-V on Windows 10 doesn’t support failover clustering