G->TechLink: G->Pointer's Technology Link

Azure introduced new terms and concepts for IP Addressing. Dynamic IP address (DIP) the internal addresses assigned to VMs either come from a private pool assigned by Azure, or if you configure an Azure virtual network (VNET), you can define your own private IP addresses ranges and subnets survive OS reboots and service healing migration events but when stopped, it might be assigned a different DIP when re-provisioned Virtual IP address (VIP) Azure randomly assigns cloud services a VIP released when all VMs in a cloud service are deallocated (stopped) VIP is shared by all VMs in the same cloud service Microsoft allows you to reserve up to five VIPs in an Azure subscription on VMs with multiple NICs, only supported on a VM’s default NIC Instance-level public IP address (PIP) are assigned to a VMs default NIC, and are exposed directly to the Internet, so traffic should be controlled using the W

The article proposes and summarizes guidelines for exception handling / catching exceptions. AVOID catching exceptions that you’re unable to handle fully. AVOID hiding (discarding) exceptions you don’t fully handle. DO use throw to rethrow an exception; rather than throw inside a catch block. DO set the wrapping exception’s InnerException property with the caught exception unless doing so exposes private data. CONSIDER an exception condition in favor of having to rethrow an exception after capturing one you can’t handle. AVOID throwing exceptions from exception conditional expression. DO use caution when rethrowing different exceptions. Rarely use System.Exception and general catch blocks—except to log the exception before shutting down the application. AVOID exception reporting or logging lower in the call stack. Sources: Essential .NET - C# Exception Handling, by Mark Michaelis, November 2015 Review of the details of each of the guidelines

"There’s a never-ending stream of things developers apparently must know about, but at the same time confusion around all the different ways of accomplishing the same thing. It’s not easy to put all these pieces together and see the “big picture.”" You can roughly segment Azure into three layers: the datacenter infrastructure infrastructure services platform services Sources: Microsoft Azure - Microsoft Azure--the Big Picture, By Tony Meleg, October 2015

Managing accounts with a security-first approach will help to avoid costly incursions. Sources: 10 Tips for Securing Active Directory Environments

One of the many new and nice C# 6.0 features is the Null-conditional operators. The example given in the linked presentation is the following: You want to do something as simple as raise an event, e.g. OnChanged(this, args); To be on the null pointer-safe side, you will have to make this an ugly abomination like: { var onChanged = OnChanged; if (onChanged != null) { onChanged(this, args); } } With C# 6.0 you can perform those checks easily with the so called "Elvis"-operator "?.": OnChanged?.Invoke(this, args); Sources: What's new in C# 6.0

There is a nice article on Azure AD on the things to consider when thinking about working with Azure Active Directory. "Microsoft's identity and access management (IAM) strategy has mostly been playing out in the cloud with its Azure AD service." "Microsoft has three components that power its Azure IAM solutions." Azure cloud computing services, which serve as Microsoft's infrastructure-as-a-service (IaaS) solution Azure AD Premium, [..] Microsoft's "Identity Management as a Service" offering (abbreviated as "IDaaS"). Microsoft's IDaaS provides IAM services for Azure services that are built on the Azure platform. "identity bridge" solutions. An identity bridge is an on-premises component that's used to synchronize local directories to Microsoft's IDaaS and enable single sign-on to IDaaS. Microsoft's identity bridge solutions can bridge Kerberos and LDAP to JSON over REST, as well as SAML. Mark Dio

Containers are a powerful means of cleanly isolating applications without the tremendous overhead of having each application running in its own virtual machine. So far, the Docker project brought containers to the Linux operating system(s). Sources: Containers: Docker, Windows and Trends by Mark Russinovich Windows Containers Debut in New Windows Server 2016 Preview Keywords: Windows Server, Docker, Containers, Virtualization

For those playing with networking at home and who have an Domain Controller with Active Directory set up (although it would not be needed) and likely have that main server running as a virtual machine it is interesting to know if it has any side effects to revert back to old snapshots. Asking yourself this question, you will pretty quickly find many articles and posts that this would be a bad idea. The why is likely not found so quickly. The linked blog post nicely explains why. In short: You do not want your update sequence number (USN) getting out of sync. Furthermore starting with Windows Server 2012 cloning an AD server IS supported. Sources: Virtual Domain Controller Cloning in Windows Server 2012 Never Snapshot a Domain Controller! Here’s Why… Snapshots and Domain Controllers - Are they ALWAYS bad??? Keywords: Windows Server, Active Directory, Domain Controller, Virtualization, Snapshot

By default a domain controller is a read/write domain controller. So, it can be used to authenticate against it, but also to e.g. set a new password. That password will then be replicated out to other domain controllers on your network. Why would you need a read-only domain controller now? In short: for security reasons (not performance, availability, ...). The assumption is that remote offices will be less secured than the company headquarters for many reasons (e.g. reducing IT costs on security). As such it is handy to have a local domain controller that clients can use to authenticate on-site. Yet, those should not be allowed to replicate data back to the central system, as they are assumed to be more vulnerable to attacks and breaches than the (hopefully) fortified HQ. Sources: Introduction to Active Directory Infrastructure in Windows Server 2012 @ ~20:00

Atlassian provides a tool for each and every software development necessity (defect tracking, Wiki, source control, ...). But all those tools have their own brand name, which does not make it obvious for those new to the tool chain. Sources: Jira (Issue & Project Tracking Software) Confluence (Collaborative Software & Wiki) Stash (Git repository management for Enterprise teams) Bamboo (Continuous Integration & Build Server) Crucible (Code Review Tool‎) Crowd (Centralized Identity Management with Single Sign-On‎)

Nice rant for any developer fed up with Microsoft keeping a high pace of discontinuing all kind of tools and platforms rendering investments valueless. "Trust is an important part of any product. If a user can't trust the product and the institution behind it, it is almost inevitable that the product will wither and die. " "The Windows trust and value proposition was always compatibility, low-cost devices, and an open architecture (to name a few). From DOS to Windows, your apps would always just work. If you were a Lotus 1-2-3 for DOS or a WordPerfect for DOS user, everything continued working as you went to Windows 3, 3.1, Win95 (etc)." "At the end of the day, developers walked away from Microsoft not because they missed a platform paradigm shift. They left because they lost all trust. You wanted to go somewhere to have your code investments work and continue to work." Sources: Trust, Users and the Development Divison

There is the common misconception that only a app.exe.config can be read in .NET C#. The truth is that the app.config is automatically read, while any other (correctly formed) app.config XML file can be read "manually". To open a named config file: Reference System.Configuration.dll assembly Using System.Configuration Create code like: Configuration GetDllConfiguration(Assembly targetAsm) { var configFile = targetAsm.Location + ".config"; var map = new ExeConfigurationFileMap { ExeConfigFilename = configFile }; return ConfigurationManager.OpenMappedExeConfiguration(map, ConfigurationUserLevel.None); } Sources: stackoverflow: Reading dll.config (not app.config!) from a plugin module Keywords: .NET, C#, app.config, dll.config, ConfigurationManager

For those playing with networking at home and who have an Domain Controller with Active Directory set up (although it would not be needed) and regularly shut down that main server it is interesting to know if it has any side effects. As long as you do not keep the Domain Controller shut down longer than the days set for the Active Directory forest's tombstone lifetime you should be safe. ADSIEdit can be used to check the set tombstoneLifetime for that particular server. The default for Windows 2008 R2 and upward is 180 days. See the linked TechNet article on how to determine the tombstone lifetime for the forest. Sources: DC offline for 2 months, best way to handle? Determine the tombstone lifetime for the forest Keywords: Windows Server, Active Directory, Domain Controller, TSL, Tombstone Lifetime

It can be done with the certutil command line tool or the GUI. Just perform these steps: Go to the Certificate Authority (e.g. through Server Manager / Tools or Administrative Tools) Right-click the CA to backup All tasks Backup... Similar if you want to restore a CA. Sources: Training Guide Configuring Advanced Windows Server 2012 R2 Services (MCSA), page 216f Keywords: Windows Server 2012 R2, Active Directory, Certification Authority

"The root of the trust chain in any PKI is the Root Certification Authority." For security reasons the machine that you will be using is an isolated / standalone / non-domain joined machine. You want to limit access to this machine as much as possible. The function of the Root CA is to "generate the server certificates that will be installed on the subordinate CAs. And those subordinate CAs will actually distribute user and computer certificates." Note that the default hash algorithm SHA-1 has been flagged as weak meanwhile. As this will be the root CA you can and should go for something strong like SHA512 and a key length of 4096 bits. Sources: Installing a Two Tier PKI Hierarchy in Windows Server 2012: Part II, Installing a Root Certification Authority with the GUI Step by Step Install Root Certificate Authority on Windows Server 2012 R2 Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation TechNet

In the attempt to combine private cloud (aka on-premise installation), public cloud (e.g. Microsoft Azure) and hosted cloud (servers provided by 3rd parties) Microsoft released a while ago the Azure Service Bus through the additional install for Windows Server 2012 R2 called "Windows Azure Pack". The Service Bus provides unified messaging capabilities across the different deployment scenarios. It addresses 3 core scenarios: 1. Application Messaging Patterns with Service Bus Messaging with the Service Bus allows building loosely coupled applications. "To enable a wide variety of messaging scenarios, Service Bus provides message queues and “Publish/Subscribe” topics. A queue is a message store in which messages are ordered by send date. One or multiple senders can send messages into a queue, and one or multiple receivers can read and remove messages from the queue. Once a receiver has received a message, that message cannot be received by another receiver. T

Azure web and mobile apps can be hosted for free, even beyond the 30-day trial. Apparently also SQL Azure can be used with a 20 MB DB size limit. Sources: Azure Pricing Azure App Service Pricing Get a free 20-MB SQL database to power your Mobile Services and Web Sites Keywords: Azure, Webhosting, Web App, Mobile App, SQL Azure

This quickly shows how to install the DHCP server role on Windows 2012 R2 and how to quickly configure an IPv4 scope. Sources: Windows Server Administration Fundamentals: Part 5: Essential Services @ 0:22 - 0:28 Keywords: Windows Server 2012 R2, Roles, DHCP

For the Kerberos protocol, which is used on Active Directory to work properly all machines need to be in sync regarding their local time. Linked are two articles on how to configure Network Time Protocol (NTP) servers correctly with the Windows Server 2012 R2. In essence the following needs to be done in the powershell: w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL Stop-Service w32time Start-Service w32time You can use the event log in case you need to troubleshoot issues. In case you get the error message "The computer did not resync because no time data was available" the problem could lie in the fact that you need to modify the group policy settings accordingly. Also see linked MS KB article on that issue. You can retrieve the current configuration with: w32tm /query /configuration To resync right away: w32tm /resync Sources: Sysadmin Lab Blog: Configuring NTP on Windows Server 2012 Microsoft Knowledge Base Article for &quo

In service level agreements (SLAs) usually there is a nice number given on availability. No one will guarantee 100% of uptime, but like 99%. Over a year this means quite some downtime. Microsoft claims to aim to keep their systems at 99.999% uptime (except planned downtime). So, during a whole year such a system should not fail for more than about 5 minutes. Sources: Windows Server Administration Fundamentals: Part 4 @ ~0:40 minutes Keywords: Uptime, SLA

When working with multiple machines I found it rather stupid that the Windows explorer always shows "My computer". I have 10 mstscs open and then wonder why I copied that file. But this can also be renamed: just name it like the Hostname and you will never work or copy on/to/from the wrong machine. Keywords: Windows, Disk Management

Why do disk letters start with C:? When my nephew asked me this he was 20 years old and I knew I was getting old. In the late days of floppy disks the first 2 drives were always the (removable) disk drives A & B. Only later computers started to get hard disk drives that were built into the machines and as such they got the next letter: C. A long time ago on Windows it could even generate issues if you would assign custom drives to the letters A: and B: because Windows still expected floppy drives there. Often you would end up partitioning a hard disk having the Windows operating system partition on C:, the optical drive on D: and then multiple partitions more on letters later in the alphabet. These days are gone. At least I got accustomed to put the optical drive on A: and an external hard disk on B:. The hard disk partitions start at C: and go throughout the letters in a more logical fashion. (and today you usually anyways just have one optical drive, not a dedicated CD-

The advantage of a linked list data structure over a plain array is that you can easily insert new items to the linked list. There is a good example and analogy in this post : "You have some errands to do, so you grab a piece of paper and write: bank groceries drop off drycleaning Then you remember that you also need to buy stamps. Because of the geography of your town, you need to do that after the bank. You could copy your whole list onto a new piece of paper: bank stamps groceries drop off drycleaning or you could scribble on the one you had: bank ....... STAMPS groceries drop off drycleaning As you thought of other errands, you might write them at the bottom of the list, but with arrows reminding yourself what order to do them in. This is a linked list. It's quicker and easier than copying the whole list around every time you add something. Then your cell phone rings while you're at the bank "hey, I got the stamps, don't pick u

On first glance it might be tempting on smaller networks to put the Windows Server Update Services (WSUS) on the DC; it won't drag that much performance, right? But no, according to MSDN the impact will be "If WSUS is installed a domain controller, this will cause database access issues due to how the database is configured." Sources: WSUS: WSUS should be installed on a non-domain controller Guidance about WSUS on a Domain Controller Step by Step : Installing & Configuring WSUS in Server 2012 R2 Step by Step : Installing & Configuring WSUS in Server 2012 R2, Comment Keywords: Windows Server 2012 R2, Updates, WSUS, Domain Controller

Probably there are many ways to decide on how to purchase server hardware, but a simple approach is (yet another) triangle of parameters: Performance Availability Cost The nice picture the two presenters give: you will allow more cost on an important business-critical server to assure performance and availability, as compared to hosting a website with cat pictures. First you should investigate the minimum and optimal requirements for the application you want to run on the server. Also, you would try to anticipate current and future usage/users on the system. Try to anticipate ahead for 3-5 years. You don't want to just plan for the immediate now, but for the foreseeable future. Furthermore keep in mind that some amount of processor time, memory, storage and network will be already eaten up by Windows itself. Also take a good look at mandatory Windows Server services that are required by your application or service and add them to the list of the required hardware. The

Share permissions add up (you have permissions from multiple groups, so you get more permissions each). Folder/NTFS permissions add up (you have permissions from multiple groups, so you get more permissions each). BUT share and NTFS permissions added up together, actually limit down to the file permissions. E.g. you have read-write for the share, but only read from NTFS; subsequently you will only be able to read a file or folder, but not write to it. Sources: Security Fundamentals: Part 2 at about 40 min. Keywords: Security, Windows Server 2012 R2

C onfidentiality deals with keeping information, networks and systems secure from unauthorized access. can be achieved by using encryption, authentication, and access control. S ecurity is defined as the consistency, accuracy, and validity of data or information. can be achieved by hashing. A vailability describes a resource being accessible to a user, application, or computer system when required. It should be well understood that those do actually contradict - especially confidentiality and availability. Confidentiality (keep data from people) VS Availability (get people to data). The key is that you want to be able to give access at the appropriate data at the appropriate time. This then directly connects to the next slide: Least Privilege Users, applications and systems should have no more privilege than necessary to perform their function or job. Attack Surface Set of methods and avenues an attacker can use to enter a system and potentia