Archive
Converged Microsoft Account and Azure Active Directory Programming Model – #Microsoft, #Azure
Wow, finally Microsoft is doing something about the Microsoft Account and Azure AD identity “mess”! 🙂
Until now, building an application that worked with both personal and business accounts from Microsoft required integrating with two different technology stacks. Not only that, you had to have separate buttons in your app where your user needed to choose, up front, to sign-in with a personal account or a work or school account.
With the v2 app model preview, it is possible to sign-in both personal and work users with a single button. Let’s take a quick look at the end user’s experience. We begin with your application, with the addition of a “Sign-in with Microsoft” button.
We’re using the Microsoft brand because end users don’t know about Azure or Azure Active Directory. But they do know that Windows, Outlook, OneDrive, Xbox, and Office 365 are services from Microsoft and they need an account from Microsoft to sign-in there.
When the user clicks the button, they come to a consolidated sign-in page:
The user enters their username. Under the covers we figure out if the username corresponds to a personal account or a work account. Then we take the user to the right page to enter their password. Today this may involve a redirect – in the future we’ll optimize this out.Â
Read more here!
//Richard
Synergy 2015 – A condensed recap of everything you need to know – via @gkuruvilla, #Citrix, #CitrixSynergy
This is a great summary recap that George Kuruvill has done of Citrix Synergy 2015! Great work and enjoy this blog post!
For those of you who were not able to attend Citrix Synergy this year & dont have the time to sit through the key note recordings, I decided to put together a condensed version of some of the key announcements. So here goes!
Citrix Workspace Cloud
- Citrix hosted control plane that enables customers to deliver a comprehensive mobile workspace to end users.
- Gives customers the flexibility to host workloads on premises, in public or private clouds.
- Control plane also provides end to end monitoring of user connections.
- Evergreen infrastructure since Citrix maintains all core infrastructure components.
- Workspace Cloud Connector installed on premises on a Win 2k12 server that establishes SSL communication between control plane and customer environment. Used to talk to infrastructure components like Active Directory and hypervisors hosting workload
I wrote a blog on CWC and the value proposition a month back that you can find here.
SYN 217 –  Workspace Cloud – Technical Overview [Video]
Â
Citrix Lifecycle Management
- Comprehensive cloud based service that can be used to design, deploy and manage both Citrix and other enterprise applications.
- Based on the ScaleXtreme technology.
- Lifecycle Management enables customers/partners to deploy infrastructure not only on premises but also public/private clouds (resource locations)
- Customers/Partners have the ability to create blueprints to automate infrastructure deployments end to end. Examples of blueprints include a XD deployment for instance where you could not only install all the XD infrastructure but also automate the installation of all supporting infrastructure like Active Directory, SQL etc.
- Vendors have the ability to create blueprints as well that can then be consumed by customers and partners alike.
- Customers/Partners also have the ability to incorporate scripts (new/existing) into the deployment.
- Once a blueprint is developed, its added to a library. Any resource within the library can then be deployed to a resource location (on premises, public/private cloud)
- Another key benefit of the Lifecycle Management technology is the ability to automate application upgrades.
XenApp/XenDesktop
- Xenapp 6.5 maintenance extended till end of 2017, EOL extended till 06/2018. Details here
- New Feature Pack for XA 6.5 (enhance storage performance, Lync support enhancements, UPM enhancements, Director “Help Desk” troubleshooting”, Storefront 3.0, Receiver.next)
- XenApp/XenDesktop 7.6 FP2 Â (End of Q2)
- New Receiver X1
- Lync 2013 on Mac
- Touch ID Support
- HDX with Framehawk
- Native Receiver for Linux
- Linux Apps and Desktops (Redhat and SUSE support)
- Desktop Player for Mac 2.0 (June)
- Desktop Player for Windows (Tech Preview)
SYN 233 – Whats new in XenApp and XenDesktop [Video]
SYN 319 – Tech Update for XenApp and XenDesktop  [Video]
#Microsoft Desktop Hosting Reference Architecture Guides
Wow, these are some compelling guides that Microsoft delivered!! Have a look at them! But of course there’s always something more U want! Let Service Providers provide DaaS services based on client OS’s as well!!!
 |
Microsoft has released two papers related to Desktop Hosting. The first is called: “Desktop Hosting Reference Architecture Guide” and the second is called: “Windows Azure Desktop Hosting Reference Architecture Guide“. Both documents provide a blueprint for creating secure, scalable, multi-tenant desktop hosting solutions using Windows Server 2012 and System Center 2012 SP1 Virtual Machine Manager or using Windows Azure Infrastructure Services.
The documents are targeted to hosting providers which deliver desktop hosting via the Microsoft Service Provider Licensing Agreement (SPLA). Desktop hosting in this case is based on Windows Server with the Windows Desktop Experience feature enabled, and not Microsoft’s client Operating Systems like Windows 7 or Windows 8.
For some reason, Microsoft still doesn’t want service providers to provide Desktops as a Service (DaaS) running on top of a Microsoft Client OS, as outlined in the “Decoding Microsoft’s VDI Licensing Arcanum” paper which virtualization.info covered in September this year.
The Desktop Hosting Reference Architecture Guide provides the following sections:
- Desktop Hosting Service Logical Architecture
- Service Layer
- Tenant Environment
- Provider Management and Perimeter Environments
- Virtualization Layer
- Hyper-V and Virtual Machine Manager
- Scale-Out File Server
- Physical Layer
- Servers
- Network
- Tenant On-Premises Components
- Clients
- Active Directory Domain Services
The Windows Azure Desktop Hosting Reference Architecture covers the following topics:
Configuring #ShareFile and #SAML Walkthrough – via @andyjmorgan
Another great blog post by Andrew! Great job!
While working with a customer recently on a sharefile implementation, I set about creating a SAML / Active Directory single sign on deployment. Configuring ADFS and SAML were complete unknowns to me so I set about documenting the process end to end for future reference.
The end result of this activity will allow you to login to sharefile using a native account (think Guest) or an active directory account (think internal user).
What you will need in order to follow this guide:
- An enterprise Sharefile account.
- A local domain.
- An active directory service account. (standard user rights are fine)
- A windows 2012 server to host ADFS (windows 2008 r2 is fine, but you’ll need to install ADFS 2.0 manually).
- This windows server must be accessible via https (443) from the internet. (Netscaler SSL works fine).
- An external trusted certificate for the web server hosting saml (e.g. adfs.yourdomain.com). For this walk through, I’ll assume you have already done this. *
- A copy of the Sharefile User Management Tool.
- About 2-3 hours spare.
* for this, generate a server certificate and import it into the local machines personal certificates.
Steps:
- Installing Active Directory Federated Services.
- Configuring Federated Services.
- Configuring Sharefile for SAML.
- Syncing Active Directory users with Sharefile.
- Testing the saml login….
Continue reading here!
//Richard
Connect #Office365 to #AD for Free, with #Okta
This is kind of cool! Check it out!
Connect Office365 to AD for Free, with Okta
- Simple Set Up and Configuration – Enabling AD integration is a simple, wizard driven process. With the click of a button from the Okta administrative console you can download the Okta Active Directory agent and install it on any Windows Server that has access to your Domain Controller.
- Intelligent User Synchronization – Once the agent is installed and the initial user import takes place Okta intelligently processes the results.
- Robust Delegated Authentication – Okta’s AD integration also allows you to delegate the authentication into Okta, to your on-premises AD Domain.
- Integrated Desktop Single Sign-On – Okta leverages Microsoft’s Integrated Windows Authentication to seamlessly authenticate users to Okta that are already authenticated with their Windows domain.
ACTIVE DIRECTORY OVERVIEW
#Windows #Azure Active Directory steps out of the shadows
I’ve blogged about this release before with some info but here is another good article about how it can assist you in managing user authentication in the cloud.
Microsoft recently announced the general availability of Windows Azure Active Directory, a cloud-based service that lets admins manage multiple user identities and access. Although it’s been lurking in the background of other Microsoft products for some time — and still requires work to make it a fully useful tool — it’s a step in the right direction.
At its core, Windows Azure Active Directory is essentially a copy of Active Directory held in the cloud that provides basic authorization and authentication when users access cloud services. Ideally, admins use it to centralize the database of authorized users for cloud services, which then lets them authorize employees and contractors to work in certain applications. This allowance includes both Microsoft and third-party applications that accept authentication through common industry standards.
Through synchronization with an on-premises Active Directory deployment, you can also deploy single sign-on, so users don’t have to remember multiple passwords or enter them more than once to access cloud applications. More importantly, it provides a better way to remove access to cloud services for users who have left the company — a previous weak link in the cloud identity management story.
Windows Azure Active Directory: Not exactly new
True to Microsoft’s history of dogfooding its own products, Windows Azure Active Directory had been in use for nearly a year before its current general release. Few actually knew that all Office 365 accounts have been using a preview release of Windows Azure Active Directory for some time. Users of the general Windows Azure service, Dynamics CRM andWindows Intune also have their details stored in private Windows Azure Active Directory accounts.
According to Microsoft, since just after the beginning of the 2013 calendar year, “Windows Azure AD has processed over 65 billion authentication requests while maintaining 99.97% or better monthly availability.” Windows Azure Active Directory is a distributed service running across 14 of Microsoft’s data centers all over the globe.
User interface improvements
One improvement that happened between the preview release of Windows Azure Active Directory and the Web version release is the user interface, which was basically nonexistent before. Now you can access a clean section of the modern-looking Windows Azure control panel to create and manage instances of Windows Azure Active Directory (Figure 1).
You can add these instances to your Windows Azure subscription by logging into your Microsoft account, which…
Continue reading here!
//Richard
Windows Azure Active Directory (AD) has reached General Availability!
This is cool! And I think that it’s a great step in the right direction for many companies! 🙂
Windows Azure Active Directory
Windows Azure Active Directory (Windows Azure AD)Â is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. Now you have one identity service across Windows Azure, Microsoft Office 365, Dynamics CRM Online, Windows Intune and other 3rd party cloud services. Windows Azure Active Directory provides a cloud-based identity provider that easily integrates with your on-premises AD deployments and full support of third party identity providers.
Use Windows Azure AD to:
Integrate with your on-premises active directory
Quickly extend your existing on-premises Active Directory to apply policy and control and authenticate users with their existing corporate credentials to Windows Azure and other cloud services.
Offer access control for you applications
Easily manage access to your applications based on centralized policy and rules. Ensure consistent and appropriate access to your organizations applications is maintained to meet critical internal security and compliance needs. Windows Azure AD Access Control provides developers centralized authentication and authorization for applications in Windows Azure using either consumer identity providers or your on-premises Windows Server Active Directory
Build social connections across the enterprise
Windows Azure AD Graph is an innovative social enterprise graph providing an easy RESTful interface for accessing objects such as Users, Groups, and Roles with an explorer view for easily discovering information and relationships.
Provide single sign-on across your cloud applications
Provide your users with a seamless, single sign-on experience across Microsoft Online Services, third party cloud services and applications built on Windows Azure with popular web identity providers like Microsoft Account, Google, Yahoo!, and Facebook.
Read more about the service here!
Pricing
Access Control
Access Control is available at no charge. Historically, we have charged for Access Control based on the number of transactions. We are now making it a free benefit of using Windows Azure.
Directory
The base directory, Tenant, User & Group Management, Single Sign On, Graph API, Cloud application provisioning, Directory Synchronization and Directory Federation, is available at no charge. Certain additional capabilities such as Azure AD Rights Management will be available as a separately priced option.
Read more about pricing here!
//Richard
#Citrix #AppController 2.6 released as part of #MobileSolutions #Bundle #BYOD
As a part of the Mobile Solutions Bundle that now is available on MyCitrix you can find a new version of AppController.
AppController 2.6 supports the following new features:
- Certificate support. When you configure AppController for the first time in the web-based management console, you can add or create certificates on the Active Directory settings page.
- Microsoft Hyper-V support. You can install the AppController 2.6 virtual machine on Windows Server 2012 with Hyper-V enabled or on Microsoft Hyper-V Server 2012.
- Migration support to AppController 2.6. You can upgrade to AppController 2.6 from AppController 2.0 or from AppController 2.5.
- Mobile store support. You can upload mobile apps from the Apple App Store or Google Play to AppController. You can use the Citrix App Preparation Tool to wrap iOS and Android apps from the Apple App Store or Google Play. When you wrap the app, you can secure access and enforce policies. When you upload the app to AppController, you can configure the policies. You can also upload an app from the App Store or Google Play to AppController without using the App Preparation Tool.
- Secure connections to Active Directory. You can configure secure connections to Active Directory when you configure AppController 2.6 for the first time.
- ShareFile updates. In previous AppController versions, when you configured ShareFile, the domain sharefile.com was automatically appended to the domain name. In this release, the domain sharefile.com does not automatically append to the ShareFile domain name. You must enter the entire ShareFile domain name.
- Support for mobile links. You can configure mobile links to retrieve the name and description of apps automatically from the Apple App Store. For apps available through the Google Play Store, you enter the name, description and URL of the app. When you configure mobile links, links appear in Receiver with the Play Store or App Store name.
-  Web proxy user name format. When you configure the web proxy, you can use either the SAMAccount format or the User Principal Name (UPN) as the user name.
Read more about it here!
//Richard
Performance Tuning Guidelines for #Windows Server 2012
This is a whitepaper that all techies out there should read if you’re dealing with Windows Server 2012!
About This Download
This guide describes important tuning parameters and settings that you can adjust to improve the performance and energy efficiency of the Windows Server 2012 operating system. It describes each setting and its potential effect to help you make an informed decision about its relevance to your system, workload, and performance goals.
The guide is for information technology (IT) professionals and system administrators who need to tune the performance of a server that is running Windows Server 2012.
Included in this white paper:
- Choosing and Tuning Server Hardware
- Performance Tuning for the Networking Subsystem
- Performance Tools for Network Workloads
- Performance Tuning for the Storage Subsystem
- Performance Tuning for Web Servers
- Performance Tuning for File Servers
- Performance Tuning for a File Server Workload (FSCT)
- Performance Counters for SMB 3.0
- Performance Tuning for File Server Workload (SPECsfs2008)
- Performance Tuning for Active Directory Servers
- Performance Tuning for Remote Desktop Session Host (Formerly Terminal Server)
- Performance Tuning for Remote Desktop Virtualization Host
- Performance Tuning for Remote Desktop Gateway
- Performance Tuning Remote Desktop Services Workload for Knowledge Workers
- Performance Tuning for Virtualization Servers
- Performance Tuning for SAP Sales and Distribution
- Performance Tuning for OLTP Workloads
Download here!
//Richard
The IT Melting Pot! 