Archive
Windows Azure Active Directory (AD) has reached General Availability!
This is cool! And I think that it’s a great step in the right direction for many companies! đ
Windows Azure Active Directory
Windows Azure Active Directory (Windows Azure AD)Â is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. Now you have one identity service across Windows Azure, Microsoft Office 365, Dynamics CRM Online, Windows Intune and other 3rd party cloud services. Windows Azure Active Directory provides a cloud-based identity provider that easily integrates with your on-premises AD deployments and full support of third party identity providers.
Use Windows Azure AD to:
Integrate with your on-premises active directory
Quickly extend your existing on-premises Active Directory to apply policy and control and authenticate users with their existing corporate credentials to Windows Azure and other cloud services.
Offer access control for you applications
Easily manage access to your applications based on centralized policy and rules. Ensure consistent and appropriate access to your organizations applications is maintained to meet critical internal security and compliance needs. Windows Azure AD Access Control provides developers centralized authentication and authorization for applications in Windows Azure using either consumer identity providers or your on-premises Windows Server Active Directory
Build social connections across the enterprise
Windows Azure AD Graph is an innovative social enterprise graph providing an easy RESTful interface for accessing objects such as Users, Groups, and Roles with an explorer view for easily discovering information and relationships.
Provide single sign-on across your cloud applications
Provide your users with a seamless, single sign-on experience across Microsoft Online Services, third party cloud services and applications built on Windows Azure with popular web identity providers like Microsoft Account, Google, Yahoo!, and Facebook.
Read more about the service here!
Pricing
Access Control
Access Control is available at no charge. Historically, we have charged for Access Control based on the number of transactions. We are now making it a free benefit of using Windows Azure.
Directory
The base directory, Tenant, User & Group Management, Single Sign On, Graph API, Cloud application provisioning, Directory Synchronization and Directory Federation, is available at no charge. Certain additional capabilities such as Azure AD Rights Management will be available as a separately priced option.
Read more about pricing here!
//Richard
Ten websites that teach coding and a bunch of other things – via @caleweissman
This is a great summary blog post with many good references to where you can start learning to code!
Seemingly every day thereâs a new article or blog post imploring you to learn how to code. âThose who code have the power to transform their dreams into reality.â âCoding will help you keep [your job], or help you make a case for a raise.â âYou should learn to program because itâs easy, itâs fun, it will increase your skill set, and⌠it will fundamentally change your perspective on the world.â Whatâs more, âIf you want to start a technology company, you should learn to code.â New York City Mayor Michael Bloombergâs New Yearâs resolution was to learn how to code. Douglas Rushkoff, who calls coding âthe new literacy of the digital age,â wrote an entire book about it. And didnât Marc Andreessen say that âsoftware is eating the world?â As a result, companies from Codecademy to edx and many others have popped up to meet this rising demand.
As a person whoâs grown up in the digital age, I have often heard the cry, âdigital literacy or die.â Conventional wisdom â at least today â is that in the way you know how to read and write English, âyou need to have some understanding of the code that builds the Web⌠It is fundamental to the way the world is organized and the way people think about things these days.â If you buy that then youâll want to start now.
But where should you go? Iâve been dabbling in the black arts, although I am by no means a ninja coder, and am ready to report back. The courses below offer everything from HTML to Python and beyond. HTML and CSS are good, because theyâre the basic building blocks of Web design, and in my opinion, Python is useful, because itâs the most universal in many respects. Others say Java is better to learn, because its so prominent on the Web. I would rebut that you can learn Java from Python. Potayto. Potahto.
In any case, each program below emphasizes different pedagogical techniques and  philosophies, and they are all mass market in the sense that anyone is welcome. No previous experience is necessary.
MIT Courseware Online
MIT has long been a pioneer of online courseware. One course is their Intro to Computer Science & Programming class, thought by many to be the best, most encompassing intro computing course offered. Taught by tenured MIT faculty, the online course is structured via taped lectures, written assignments, and self-assessment quizzes.
The course itself is quite rigorous as it was an intro course for MIT students. This isnât a sort of online class you can do some parts and not the other. Â It requires a certain amount of pre-existing math knowhow to be truly successful. The course description says it only requires high school algebra as a prerequisite but I donât buy this. I remember being pretty stumped by the second assignment, and I passed AP Calc with flying colors. This doesnât mean the math is terribly high-level, but that it probably requires a certain amount of mathematical aptitude beyond algebra unless you want to spend the entire course scouring forums for help. As with any MIT course, there is an expectation that you not only know how to do a function, but why that function is performed and from where it stemmed. After attempting to follow this courseware for two sessions, I was officially stumped and dropped it.
edX
MIT and Harvard partnered up to create edX. It is a conglomeration of all of their available open courseware, along with a new department for the two institutions to perform research about the future of online courses and new pedagogical technologies. For MIT courseware, you can watch the lectures anytime, read the assignments, and self-assess. EdX has you follow the course in real time and complete the assignments and exams to receive a physical certificate from the program. It currently offers numerous classes in more subjects than just coding and far beyond the purview of Computers Science….
Continue reading here!
//Richard
#HP Improves Enterprise #Mobility with Cloud-based Management Solution
Interesting…
PALO ALTO, Calif. â HP Enterprise Services today announced a cloud-based management solution that delivers secure anytime, anywhere access to applications and data from any mobile device.
HP Enterprise Cloud Services â Mobility meets the demands of balancing the responsibilities and requirements of IT with the challenges and expectations of users. This new cloud solution is part of the HP Converged Cloud portfolio, which provides enterprises with the essential foundation of technologies and services to confidently build, operate and consume IT services. Â
The new solution provides fast and flexible deployment of tools and services for secure application access, file storage and sharing via multiple mobile platforms and all types of devices, including tablets and mobile phones. IT organizations are provided the tools to set appropriate security policies and the access controls to protect valuable corporate assets, applications and data.
The solution also allows users to download approved enterprise applications from a secure storefront, upload files to support collaboration and synchronize files between the HP cloud infrastructure and any mobile device. Mobile data is encrypted in transit and at rest, covering the device as well as the cloud infrastructure.
HP Enterprise Cloud Services â Mobility also provides the ability to configure cloud file storage that can scale up and down, and offers local storage options that address data sovereignty and compliance requirements.
âMobility in the workplace continues to be a key focus and concern for IT executives,â said Pete Karolczak, senior vice president, HP Enterprise Services. âHP Enterprise Cloud Services â Mobility leverages HPâs strong cloud portfolio by providing clients with a mobility service that provides the highest level of user experience and productivity while minimizing risk for IT.â
HP Enterprise Cloud Services â Mobility integrates leading industry technologies, including solutions from Citrix and SAP, which are fully managed and maintained by HP to simplify deployment and ongoing operations.
Pricing and availability
HP Enterprise Cloud Services â Mobility is available globally with a set of service features and options priced and packaged to deliver…
Continue reading here!
//Richard
Do you develop your own mobile apps? – #Mobility
Ok, this is a pretty hot topic! Mobility is here to stay for a while, everyone speaks about Enterprise Mobility Management (EMM), MDM, MAM, MIM etc….
But how are business tackling this need to support business processes and functions for todays mobile workforce? And how do you out there build your mobile apps that are to support your users and business?
Do you outsource your app development, or do you do it in-house? Do you use any of the “cloud services” to build your apps like the following examples?
Here are some really interesting blog posts/articles on the subject!
THE BEST WAY TO DEVELOP MOBILE APPS? DON’T DEVELOP MOBILE APPS! – via Jeffrey Hammond
Mobile app dev: Outsource or in-house?
This is an interesting mobile world we live in, but how shall all business adopt to it the best way? đ
Please share your view if you want!
//Richard
Google puts pressure on Microsoft, launches #Quickoffice for iPhone and Android
This is interesting and Microsoft needs some competition for sure! Will have to test it and see how it works and how much of a real alternative to MS Office it is!
Computerworld –Â Google launched its Microsoft Office substitute, Quickoffice, for Apple’s iPhone, Android smartphones and Android tablets, fulfilling a promise made in December.
The release on Tuesday follows the launch of Quickoffice for Apple’s iPad late last year, when a Google executive said that iPhone and Android versions “are on the way.” The move was also preceded by a February announcement that Google was baking the Quickoffice technology into both its Chrome browser and Chrome OS.
The search giant acquired Quickoffice in mid-2012 and rolled the firm’s development team into its Google Apps group. On the iPhone, iPad and Android smartphones and tablets, Quickoffice lets customers view, create and edit Word, Excel and PowerPoint documents.
The new iOS and Android apps are available free to paying customers of Google Apps for Business, a cloud-based suite that costs $50 per user for a one-year subscription.
Customers that don’t subscribe to Google Apps can buy stand-alone apps — Quickoffice Pro for iPhones and Android smartphones, Quickoffice Pro HD for iPads and Android tablets — for $15 and $20, respectively.
Google also boasted that the new apps, as well as the December iPad app, which was updated Tuesday, are now more tightly tied to Google Drive, the search company’s online storage service…
Continue reading here!
//Richard
#Citrix #XenMobile #MDM Integration With #Cisco ISE for #BYOD
Interesting and a good blog post by Sameer Mehta.
World of BYOD
 Bring your own device (BYOD) initiatives are enabling employees to bring their own personal devices to work and allowing them corporate access to services such as Email. We did a recent audit using our ability to integrate with security incident and event management (SIEM) systems for a customer. The audit provided visibility into their ActiveSync traffic and found devices that belonged to executives that were not under IT management. Hereâs a snapshot of their BYO devices.
Â
There are several reasons to enable such access â for example, to boost employee productivity or convenience of accessing email from any device. Having said that, as Uncle Ben puts it, âwith great power comes great responsibilityâ, and this responsibility is on the IT administrator from a security point of view. Itâs ITâs responsibility to make sure that corporate data is not compromised or leaked in the following scenarios:
- What happens when this personal device is lost or stolen?
- What happens if this device is jailbroken or rooted?
- What happens if this device ends up outside an approved geofence. For example, outside of the US?
- What happens if the user inadvertently installs an application that has the ability and access to the entire device memory, thereby having unauthorized access to corporate data?
End Userâs perspective on Enterprise Mobility
End users want access to corporate services such as email, intranet, ability to share and collaborate over documents, and also use 3rd party applications such as Evernote, Quick Office or GoodReader. With mobile solutions such as XenMobile MDM, CloudGateway, ShareFile and GoToAssist, Citrix provides ubiquity i.e. âaccess any app. from any deviceâ, and a unified view for applications with an enterprise app store, documents via ShareFile. Having said that, since the user is accessing multiple applications; end user experience is a key component of mobility solutions. For example, bootstrap authentication and provide single sign on (SSO) to other applications.
Enterprise IT perspective on BYOD
As IT is providing access to corporate services, the main concern is around data loss prevention (DLP) and protecting corporate content on the mobile device. This means, encrypting data at rest for application data, and documents that are hosted either on Sharepoint, Network File share or Cloud storage. From a DLP perspective, for security conscious organizations, the mobile solutions bundle, which includes XenMobile MDM and CloudGateway…
Continue reading here!
//Richard
Configuring Email-Based Account Discovery for #Citrix #Receiver
Check out this great blog post from Avinash Golusula:
Configuring Email-Based Account Discovery
1 Â Â Add DNS Service Location (SRV) record to enable email based discovery
During initial configuration, Citrix Receiver can contact Active Directory Domain Name System (DNS) servers to obtain details of the stores available for users. This means that users do not need to know the access details for their stores when they install and configure Citrix Receiver. Instead, users enter their email addresses and Citrix Receiver contacts the DNS server for the domain specified in the email address to obtain the required information.
To enable Citrix Receiver to locate available stores on the basis of usersâ email addresses, configure Service Location (SRV) locator resource records for Access Gateway or StoreFront/AppController connections on your DNS server. If no SRV record is found, Citrix Receiver searches the specified domain for a machine named âdiscoverReceiverâ to identify a StoreFront/AppController server.
You must install a valid server certificate on the Access Gateway appliance and StoreFront/AppController server to enable email-based account discovery. The full chain to the root certificate must also be valid. For the best user experience, install either a certificate with a Subject or Subject Alternative Name entry of discoverReceiver.domain, or a wildcard certificate for the domain containing your usersâ email accounts.
To allow users to configure Citrix Receiver by using an email address, you need to add a SRV record to your DNS zone.
- Log in to your DNS server
- In DNS > Right-click your Forward Lookup Zone
- Click on Other New Records
- Scroll down to Service Location (SRV)
- Configuring Email-Based Account Discovery
- Choose Create Record
Explaining #Citrix Pass-through Authentication
Check out this great blog post from Joel Bejar:
Introduction
Pass-through authentication is a simple concept. User credentials are passed to a Web Interface site and then to the XenApp/XenDesktop servers, preventing users from having to explicitly authenticate at any point during the Citrix application launch process. While this authentication method seems straightforward, there are some moving pieces, and this article aims to break these down to provide a more detailed understanding of how this process truly works within Citrix.
Pass-Through Authentication â Web Interface Site
The first step to the pass-through process occurs at the Web Interface site. Users are able to navigate to the web interface site, and their credentials are passed through and they are presented with their Citrix delivered resources. Web Interface is built on Internet Information Services (IIS). For pass-through authentication to work, IIS Integrated Windows Authentication must be leveraged. Formerly called NTLM, this authentication method hashes the user credentials before they are sent over the network. When this type of authentication is enabled, the client browser proves its is authenticated through a cryptographic exchange with the Web Interface server, involving hashing. Because of this, the web browser is responsible for authenticating with the Web Interface Server (IIS).  It is important to note, though, that credentials are actually never exchanged. Instead, the signed hash is provided to IIS, proving that said user had already been authenticated at the Windows desktop.  The web interface user uses the userâs AD context (sometimes referred to as a token) to retrieve the userâs AD group membership and pass this list of groups directly to the XML service for authentication. At this point, the user has successfully passed through to the Web Interface site, and can now view his/her Citrix resources.
- The WI server must be in the same domain as the user, or in a domain that has a trust relationship with domain of the user.
- If the WI server and user are in different domains, and resources are published using Domain Local AD groups in the user domain, then the WI will not be able to enumerate these, even with a proper AD trust relationship (due to the very nature of Domain Local groups).
- The WI site should be added as a Trusted Site or Intranet Zone site in Internet Explorer. In addition, the security settings should be modified so that User Authentication\Logon is set to âAutomatic Logon with Username and Passwordâ.
- Pass-through authentication is not supported on Web Interface for NetScalerPlease Note: Pass-through authentication and Kerberos authentication are not interchangeable and they have different requirements.
Pass-Through Authentication â XenApp/XenDesktop Session
One of the biggest misconceptions with Pass-Through authentication in Citrix is that it only occurs when a user navigates to the Web Interface site and he/she is automatically passed through. As mentioned above, this IIS authentication method that is being used does not actually exchange the user password. In other words, Web Interface is never in control of the user credentials. This brings up the question: How are users passed through to the actual XenApp/XenDesktop ICA session?
While the web browser has a role in authenticating the user to the web site, the Citrix client (Citrix Receiver) plays an integral role in making sure the user is fully passed through to the application or desktop. Citrix Receiver installs a process called SSONSVR.exe, which is the single sign-on component of the client (no, not password manager SSO, but rather desktop credential pass-through authentication SSO.) This process is fully responsible for passing the user credentials to XenApp or XenDesktop. Without this piece, pass-authentication will not function.
Continue reading here!
//Richard
The IT Melting Pot! 