For my second day to TechEd Europe 2014 I went to the below sessions:
- Session 1: Directory Integration: Creating One Directory with Active Directory and Azure Active Directory;
- Session 2: System Center Operations Manager: Monitoring in a Modern World;
- Session 3: Protecting Virtual Machines with Veeam: There is More than Just Protection;
- Session 4: How you can Hack-Proof your clients and servers in a day.
The speaker of this session talked about the connection between the Active Directory On-Premises and Microsoft Azure Active Directory. This enables to provide to users a common identity between On-Premises and public services. With the integration of Active Directory Federation Service, users can logon to their applications with Single Sign On.
There are 3 components to connect On-Premises AD and Microsoft Azure AD:
- The On-Premises Active Directory;
- The Microsoft Azure Active Directory;
- An Identity Bridge.
To make the identity bridge, the speaker has presented the preview of Azure Active Directory Connect. There are two configuration mode:
- Express configuration;
- Custom configuration.
The Express configuration is useful only if you have only one forest in your On-Premises Active Directory. It is really easy to configure and you need only your Microsoft Azure credentials and an Enterprise Admin account of your On-Premises Active Directory.
The Custom mode is useful when you have multiple forest in your On-Premises Active Directory and when you want to configure special features (as connecting with an AD FS for the SSO). You can also enable more features for Exchange (ex: GAL Sync) and choose which Active Directory attributes you want to synchronize with Microsoft Azure AD.
To finish with this session, new features called “Write-Back” is available in Azure Active Directory Connect preview. That enables to write modification made in Microsoft Azure AD to the On-Premises AD.
The speaker of this session talked about monitoring in a modern architecture. First of all he presented about some new features in the next version of SCOM. The speaker announced below new features:
- Support of Windows vNext;
- Support of SQL Server 2014;
- Enhanced support of OpenSource software as LAMP stack;
- New Management Packs;
- Easy update process between SCOM and SCOM vNext.
Next the speaker presented the monitoring for Cloud Platform System (CPS) with special dashboard. He said a word about the script center where the community can publish PowerShell script.
He presented the new management pack for VMM and Exchange 2013 that has been released yesterday (pretty impressive management pack).
To finish with this session, he presented the Azure Operational Insights. It enables to transform machine data into a near real-time operational intelligence. Azure Operational Insights collect machine data as event log, IIS Logs etc. Thanks to these data, Azure Operational Insights can generate dashboard and reporting as the number of servers that are not updated. Azure Operational Insights enables also to centralize event log to show alerts. A logs search engine is provided in Azure Operational Insights.
Today the backups and restores take too long time. These are the words of Mike Resseler. A modern backup solution must backup and restore ASAP. Moreover the backup solution should be agentless. That avoids to manage software on the clients. The 3-2-1 rule must be applied:
- Data must be store 3 times (including the data on the production servers)
- Backup on 2 media
- Backup on 1 offsite
After this introduction, Mike Resseler shown Veeam Availability Suite v8. This solution is able to manage missing updates on hypervisors (He said that every update must be applied on Hyper-V host including fixes). He presented some features as Item-Level Recovery for Active Directory or Exchange E-mail.
Next he talked about the necessity to test restores regularly. For that Veeam Availability Suite v8 provides a Virtual Labs that enables to schedule an automate restoration of Virtual Machines.
To finish he made a presentation of Veeam Backup Enterprise Manager which is a web application. This last provides dashboard, reports, the possibility to review jobs, the state of restore points etc.
This was a great presentation of the Veeam Availability Suite v8.
The speakers presented many features to increase the security in your company. To increase the authentication security, the first step is to use password, then smartcard and authentication mechanism assurance (SSO). You can increase security without increase the complexity for the users.
So the speakers presented the smartcard authentication and dynamic group. This feature enables to be a member of a group only if you use smartcard authentication. For example you will be domain admins only if the administrators are logon with the SmartCard Authentication. This is made thanks to a special insurance policy in certificates and the configuration of the “Strong” attribute of the group in Active Directory.
Next the speakers presented the /restrictedadmin option when using mstsc.exe command. In this case, SSO is used between client and RDS server. When the user is logged on the RDS server with this option, the token contains computer information instead of the user information (as SID, hash password etc.).
Next speakers recommended to apply JEA (Just Enough Administration). They made an example with Role-Based PowerShell Access where it is possible to limit PowerShell commands available for a user.
Next they presented a new built in group called “Protected Users” only available on Windows 2012 R2. When a user is a member of this group:
- No locally stored credentials (only a kerberos token)
- No NTLM
- Strong KRB AES encryption (No RC4/DES)
- No account delegation (none can impersonate the account)
- Default TGT Lifetime=4h (configurable by authentication policies)
To finish the speakers made a presentation of Dynamic Access Control. This feature enables to attribute the access to a resource regarding its classification.
See you tomorrow :).