Azure Live for Australia

Today I logged onto Azure with my MSDN account, and considered setting up a Terraria server. That’s just the sort of fun I have on a Sunday afternoon.

To my surprise, I noticed that there were two new regions available on the virtual machine I was about to create: Australia East and Australia Southeast. If my primary school geography had taught me correctly, that would be Sydney for East, and Melbourne for Southeast.

I of course immediately tweeted about it to share the good news.

Creating a few VMs seemed to be a very quick process, particularly compared to creating VMs in other regions. I’m going to guess that this is because there aren’t too many people creating VMs right now, but come tomorrow it may have a bit of load – especially due to TechEd Australia starting in Sydney where I’m sure they’ll share the news.

Speed wise, it also seems much more responsive to RDP to – makes a lot of sense when the data doesn’t have to travel overseas and back – so I thought I’d ping one of the new VMs to see what sort of roundtrip difference there was.

It was at this stage I found out that you can’t ping an Azure VM from the public internet, which makes sense due to load balancers and other infrastructure smarts getting in the way. I could have set up a VPN, but this solution was much easier; using psping from Sysinternals. This works by using TCP and letting you specify which port. By default, Windows VMs are created with two ports forwarded: 3389 for RDP, and 5986 for PowerShell. I first tried this with port 3389 but didn’t get a response, but 5986 worked:

azureping1Adelaide to Sydney ping

Sub 40ms from my home Telstra Cable internet connection in Adelaide to Australia East (Sydney). Is it any better if my VM is hosted in Melbourne?

azureping3Adelaide to Melbourne ping

That… seems about the same. I would have expected Melbourne to have less latency, but it’s still quite decent.

For comparison, how does the region East US look in Azure?

azureping2Adelaide to East US ping

Huge difference. Above what I’d want clients to be connecting to a server at, as many applications can get a bit funny above 150ms or so. Still usable in many scenarios of course!

Azure going live in Australia will be the green light that many Microsoft based businesses have been waiting for to give the cloud a real chance, and I’m sure there will be interesting times ahead for those who start playing with Azure.

Quick Update:

David O’Brien was unable to see the Australian datacentre options, and came up with this explanation:

“only available for australian subscriptions. Every other region is available for everybody, not Australia.”  https://twitter.com/david_obrien/status/526339016245800961

So, if you can’t see the Australian options either you might have the same problem. Hopefully it will be available to all regions soon?

People Don’t Care About Security

Someone dumped hundreds of Dropbox uernames and passwords today, with the claim that they are just a small sample of the 7 million hacked accounts. One of the pastebins with this information is located here  http://pastebin.com/Ntgwpf  containing the following intro:

Dropbox Hack third Teaser.

Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts
To see plenty more, just search on pastebin for the term Dropbox hack.

According to Dropbox, most of the credentials shared so far (roughly 400) don’t actually work. Dropbox are also saying they weren’t hacked, but an unrelated service had these credentials stolen instead. That’s actually very likely, but Dropbox themselves don’t have the best track record. In 2012, they were hacked when someone used credentials of Dropbox staff members to gain access. Maybe this has happened again, but you’d hope that they forced two form authentication onto their staff members, rather than making it optional for outside users of their service.

Looking back further to 2011, Dropbox was under heat about their security practises and ability to actually protect data. It was reading that news that first made me very concerned about the company Dropbox, and their ability to protect documents.

Jumping forward to 2013, it was then shown that the two form authentication could be reverse engineered, yet again pointing out Dropbox’s insecurities. This one required access to the victim’s Dropbox client, and if they’ve gotten that far the victim is in a world of trouble anyway.. so not as scary as previous incidents, but not ideal.

Despite this, Dropbox has over 200 million users. It would be an article in itself to see how they got to this stage, but the two main reasons are: They were free, and simple to use. Security is not a consideration for most people, and the general idea that a well known corporate entity should know what they’re doing is more than enough assurance for the general user of their services. The latest breach, regardless of who was at fault, will not see a mass exodus of users from their service.

I believe this comes down to the lack of caring from people. Most out there wouldn’t know that Dropbox ever had an issue. They probably started using it when someone shared a file with them, and seeing how easy it was, they used it to share another file. It is easy, and that’s really all that matters (the free part matters greatly, but really adds to the ‘easy’ label). Dropbox gets used in businesses all the time, by people who just need to get work done. The chance that someone else might read a confidential document doesn’t even cross their minds – they’ve emailed things around for years, so why not upload a document and share it with one person?

For most people reading this, I’ve probably just stated the obvious. My point on this though, is that the mindset of people won’t change anytime soon, possibly ever… so you shouldn’t expect it to. ytplasy Anyone who had a Playstation 3 account in 2011 lost their credentials due to a hacker, but the PS4 is the best selling console of the current generation. Xbox 360/Wii didn’t have this, but people just don’t care about their personal information enough to actually *not* get something they want.

If people found out that the government was actually recording every single phone call made, people would be up in arms. But along with that, would be everyone else still using their phones and not caring. You can be walking down the street and hear someone read out their credit card number over the phone for the same reason.

What is the solution to this lack of caring? For a business, it’s generally enforcing rules. Strong password requirements, RSA tokens, lock down of settings and USB devices on computers – whatever the business can justify to itself to protect it’s own data. In the consumer world though, nobody else is going to protect the consumer’s data without a financial reason to do so. Should a company like Dropbox force two factor authentication upon all their users? If they’d done this from the start, would they be as successful as they are now, or would everyone have signed up to another service that just used a username and password – easier to use?

So, in the consumer space all we have to work with is education. “Don’t use the same password for everything you do” is a simple tip, but again do people actually care enough to follow? Usually not – so something has to change. Maybe it will be government legislation around security and user requirements for services, and put the onus on the companies providing the services to meet these requirements.

Feel free to comment if you disagree or have an amazing solution, and we’ll go halves in selling it to the world. For me, I’m just going to use a fake name and password for everything I do, and add an extra layer to the tin foil hat.

Signing Out,

Mr X

 

Western Digital Make Backup Devices?

Western Digital (WD) is well known for it’s hard drives. They’re one of the few remaining manufacturers and have a reasonable reputation in this market. They’ve also made great media players which again have a good reputation of ‘just working’. Being a storage company though, it makes sense that they make backup devices too, namely the Arkeia range of WD products. I’ve had a chance to check out theWD Arkeia DA2300 that they sent out to me, and it’s turning out to be a decent piece of kit.

Hardware – The Box
Physically, the WD Arkeia DA2300 is a modern and functional looking cube (almost a cube at least, it’s slightly longer). It measures roughly 16cm H  x 21 W x 22cm L which seems pretty small for what it’s packing.

arkeia2 The LCD screen shows the device name and IP address, and below it has a lockable front door which conceals the four hot swappable drive bays. One of the nice things about this is that there’s no screws required which some other 4 bay devices have, you just slide in a raw SATA drive. Looking at the back of the device, there’s an abundance of ports. 6 USB ports, with 4 being USB3 should cover any USB connectivity requirements. Below the USB ports are two gigabit NICs and a 3rd port which you can ignore… it’s not functional, and doesn’t appear in any spec sheets. There’s also a single VGA port, and two power holes. Two power packs are provided with the unit, so if one either fails or accidently gets unplugged, the device itself continues to stay up. As you can see from the photo, I just plugged one in and it worked perfectly fine:arkeiaSpecifications – What’s Inside?

Firstly, there’s two options depending on your requirements. You can either go the 2 x 4TB size option (which has 16GB RAM), or the 4 x 4TB option (which has a bit extra RAM, 24GB). The disks are configured in RAID 1, so you’ll either get 4TB or 8TB of usable space with redundant mirrored disks. The disks themselves are WD SEs which are Western Digital’s Datacenter flavour of spinning disks which are the most reliable of the WD series. Usable space is a different story though, due to the deduplication technology used in the software, WD claim you’ll be able to store 5x the amount of usable space. There’s also a 128gb SSD inside which is used for caching to speed up common data reads and writes. All of this is powered by an impressive Intel Xeon E3-1265Lv2 2.5ghz Quad Core CPU.

Software

As with most devices these days, it’s a web driven interface. After logging in, you’re greeted with a dashboard that does quite a decent job of showing you what’s going on with the device. It’s a reasonably clean interface to navigate, but will probably take a bit of clicking around to find all the configuration and options you need (As you can see, I had a failed job and a successful job):

wd1

Clients

For the Arkeia to do it’s job, the clients it will connect to need the Arkiea Agent installed. This lets the WD Arkeia Applicance connect to the client and backup the relevant data. The client itself is easy to install, and packages are available for a large amount of operating systems including many flavours of Windows, Linux and OS X. The client itself seems very lightweight, and I didn’t have any issues with it running.

Backup Options

The options available are one of the biggest selling points of this device. You could buy a cheap NAS with the same amount of disks for a lot less, but the Arkeia’s software lets you back up a lot of different types of data. There’s all the common file level backups, but there’s also VM support for both VMWare and Hyper-V. Being able to back up VMs to a central point easily is a huge value-add in my opinion. There’s also support for Domino and Exchange database backups (not mailbox level), SQL Server/MySQL, VSS snapshots and others. Bare Metal Recovery is also available, where you can restore by creating an ISO and booting off of it from the affected server to start the restoration process.

Also supported are both Cloud backups to CloudStorage, as well as Tape (based on providing your own tape drive) which again gives users of the device enough choice on where they want to keep their data long term. There’s also the ability to seed to another WD Arkeia device which may be suitable if you have multiple sites.

Bells and Whistles

Apart from the above features, there’s also a few other nice features the WD Arkeia 2300 has. Inbuilt reports can be generated and scheduled on backups, restores, disk and tape replication, tape drives etc giving you visibility on how your backups went, without needing to log on to the device daily and checking. The data deduplication also gives you storage saving benefits of being able to back up a lot more data than the raw 4tb available.

Conclusions

The WD Arkeia DA2300 is aimed at small to medium businesses who have more complicated backup requirements than just a file share, but also don’t have a highly complex environment. Having this device set up once and making sure backup reports are OK is all you need to have a reliable backup system that supports both full backups and incremental, and is easy enough to use without needing to study or sit a course like more sophisticated and complicated backup solutions may require. WD have provided sufficient redundancy options in the device too, which some lower end devices ignore. There are other flavors in the Arkeia range depending on your storage and performance requirements too. The device can be purchased from many resellers, or online stores such as Amazon

Nokia Lumia 930 Review

Thanks to Nokia Australia, I was given a new Nokia Lumia 930 to try out. It’s Nokia’s latest flagship Windows Phone running Windows Phone 8.1 straight out of the box, and it’s running on some pretty nice hardware. Here’s my thoughts on it: (also I have to give the phone back at the end of an 8 week trial, so I wonder if they’ll fall for the original phone box full of sand trick?)

For some history, I’ve used all of Nokia’s flagship WP8 devices being the Nokia Lumia 1520, 1020 and 920 (I think that’s all of them). So, how does the 930 compare to the previous models, and if you have one should you upgrade?

Screen

Skipping the Windows Phone 8.1 side of things (as I’ve talked about this previously), the 930 at first glance seems to be a pretty looking phone. The screen is 5″ 1080p which after trying the 4.5″ 1020 and the 6″ 1520, I think the 930 is the sweet spot for a smart phone display. It’s not so big that you have to wear pants with big pockets, and not so small that basic web browsing requires excessive amounts of pinching and zooming. The screen seems a bit glossier than others, I’ve noticed light reflections. It also has a bit of a curve near the borders which isn’t off putting when using the phone, but noticeable when the screen is off. The screen itself shows vibrant colours while seeming very clear to me.

One drawback of the 930 is that they’ve dropped Glance. This gave you simple information such as the time and your last email, even when the screen was in standby mode. It meant you could check to see if you had any messages without pressing anything, just a glance at the screen. According to WPCentral, this is because of the type of screen used on this particular model. I miss this feature, but really it just means I have to double tap the screen or press the screen unlock button to see what’s going on… not a deal breaker.

wp_ss_20140904_0001Screenshot of my 930 running WP8.1

Hardware

The Lumia 930 has 32GB of storage built in which should be enough for most people. It’s really snappy to respond, and going back to the 1020 I notice the difference. It’s powered by a Quad-core 2.2 GHz CPU with 2GB RAM.

Wireless charging is built into this model, which  the 1020 didn’t have (unless you bought a a cover that supported it). Not having wireless charging is something you miss once you’re used to it. If you haven’t used wireless charging before, just think about how many places you put your phone down – at work on your desk, next to your bed, in the car. If each of those places had a stand where you could just put your phone and it’s charging without any effort, you get used to that luxury. Taking away the stands and having to plug in a ‘right way’ USB connector into a tiny slot is tedious. First world problems I know, and I’m surprised myself how used to it I am. I had a brief encounter with a Samsung Galaxy S5 recently which reminded me of this.

One missing feature is a MicroSD slot, which has appeared on some Lumia phones while not on others. It would be nice if they just added it to all phones, but personally I don’t keep enough data on my mobile to need more than the inbuilt memory. Auto saving of photos to OneDrive means I can just get the photos from the cloud anyway (even though it logically pains me for my data to go via a long path around the world and back, just to move it 1 metre away).

Note that this phone takes Nano-SIM, while most other Lumias are Micro-SIM meaning you’ll need to swap SIM cards when you change over.

Camera

The Lumia 930 sports a 20mp camera, which is more than enough for a smartphone. Below I’ve zoomed in on a part of a bigger photo, and the zoomed in version looks of high quality. The original version is only 3mb in size.


wiggles
Cropped version

WP_20140831_15_43_01_ProOriginal Version

I’m not a camera enthusiast, and the Lumia 1020 was a bit of overkill for me. It’s good to have a point and shoot device that seems to take great photos, and doesn’t have the protruding lens that the 1020 is so well known for. The camera has a dual LED flash, which works great as a flashlight.

Nokia have built a bunch of apps to supplement the inbuilt WP8 experience, such as Lumia Storyteller which creates a video clip with music based on photos and videos you select, montage style and Lumia Cinemagraph which I’ve mentioned in previous reviews, allowing you to make wacky animated gifs based on a few seconds of video.

Cover

There’s only one official Nokia cover at the time of writing, which is the CP-637 Nokia Protective Cover. I tried one, and didn’t like it. It does what it should – protects, but it’s really bulky too. I don’t like having the flap over the front of the phone, and it won’t actually fit in the official CR-200 Nokia Wireless Charging Car Holder (link indicates there’s an updated version of it for the 1520, unsure if this makes a difference.. and why did the keep the same model number?) which lead me to order a cheap $6 cover off eBay – fits perfectly around the back of the phone and even came with a screen protector. I’d highly recommend a 3rd party one compared to the ~$40 official cover, unless you really want one in that style.

Other Bits

Colours – they’ve gone with the options of Bright orange, bright green, white and black. Mine’s black, but it’s good they’re giving options for the conservative approach as well as letting people use the phone as a safety device in case they get lost in the woods.

Charger – 1.5a output which is more than the standard 1a, maybe to decrease charging times?

OS Name – I’m a bit confused if I should be calling this a WP8 device, or a WP8.1 device. Still, anything that used to run WP8 can run WP8.1

Apps – WP8(.1?) still lacks apps, but less so – the gap is closing. Do you really care though? I don’t use that many apps, and there’s enough stuff in the Windows Store to keep me occupied. A free game that’s just come out is Tentacles: Enter the Mind which is an interesting platformy type game.

Should I Buy One?

If you’re on an older Windows Phone… maybe. If you want things to feel smoother and faster, or you’re running certain things that could do with more grunt, then sure. If you want a bigger screen but don’t want a giant 1520, yes, you’ll be happy. Otherwise, there’s no leaps and bounds in this phone vs the older Lumias. It’s better for sure, but maybe not worth paying hundreds of dollars for when you’ll still have a pretty good experience on the device you have.

If you’re on another device and looking for a change, the Lumia 930 is a reasonable time to jump. You’re probably going to miss all your apps, but are they mostly just timewasting apps anyway? You’ll find new ones. The hardware is solid, and the OS is creeping closer with features that I can’t think of anything glaringly omitted vs iOS and Android. Maybe you’ll like your old phone better though, or live in an Apple ecosystem where it’s going to be painful to have a non iOS mobile. I would be surprised if anyone would strongly dislike the WP8 experience, but the same can be said about iOS and Android. You’ll just need to decide for yourself!

Script to Change Multiple Out Of Office Messages

This is probably an inefficient script, but I needed to create it as a once off to change the wording of any user with an Out Of Office message. It will go through every account, and change any instance of swearword and replace it with censored (no, this isn’t what I needed to use it for!).

This is using the Exchange Management Shell:

$data = get-mailbox -resultsize unlimited
foreach ($user in $data){
$currentreply = Get-MailboxAutoReplyConfiguration $user.alias
$newreply = $currentreply.internalmessage -replace “swearword”, “censored”
Set-MailboxAutoReplyConfiguration $user.Alias -InternalMessage $newreply -ExternalMessage $newreply
}

You can also use this to find any accounts with an Out Of Office message containing a certain word or phrase:

$data = get-mailbox -resultsize unlimited
foreach ($user in $data){
Get-MailboxAutoReplyConfiguration $user.alias | Where-Object {$_.internalmessage -like “*swearword1 swearword2*”}
}

Used on Exchange 2010, but should work on 2007 and 2013 also. You may notice the results of InternalMessage and ExternalMessage are hard to read, as by default they’ll show the HTML coding – you may need to factor this into any searches or replaces you perform.

Updating Active Directory from a CSV

Scenario:

You’ve been asked to populate everyone’s Active Directory job title. The payroll system is correct, and they’re able to export you a list of usernames and correct job titles. All you need to do is get that into AD.

Solution:

You could do this manually of course, but that’s no fun and a waste of time. This is one of those scenarios where you’ll hopefully think ‘PowerShell can do this!’ and possibly wonder how. That’s what I did anyway, so set out to make it work.

Here’s a fake example of the data I was working with, in a file called fake.csv:

EMPLOYEENAME,JOBTITLE
AFOWLER,IT OPERATIONS MANAGER
RSOLE,JANITOR

Tip: If you open a csv file in Excel it is a bit easier to read.

From this data, we want to match the EMPLOYEENAME to the correct AD account, then update the Job Title field from the JOBTITLE entry of the csv file.

A script that will do this is:

Import-module ActiveDirectory
$data = import-csv -path c:\fake.csv
foreach ($user in $data){
Get-ADUser -Filter “SamAccountName -eq ‘$($user.employeename)'” | Set-ADUser -Replace @{title = “$($user.Job Title)”}
}

So, what’s happening here? It can take a bit to get your head around especially if you’re not used to programming (like me), so I’ll try to explain it:

Import-module ActiveDirectory
Importing the ActiveDirectory module so the Get-ADUser command works. If you can’t load the module, install RSAT (Remote Server Administration Tools) which includes the AD module.

$data = import-csv -path c:\fake.csv
This is setting the $data variable to memory, which will contain all the contents of the fake.csv file.

foreach ($user in $data){
This is saying ‘for each line of information from the $data variable (which is the csv file), map that to $user and do the following”

Get-ADUser -Filter “SamAccountName -eq ‘$($user.employeename)'” | Set-ADUser -Replace @{title = “$($user.Job Title)”}
This is getting any AD User where their SamAccountName matches the employeename column of the $user variable (which is the current line of information from the csv at time of processing). Then with the pipe | it will use the result to then Set the AD User’s title field (where the job title goes) to the Job Title part of our $user variable. This command will run twice, because there are two lines for ‘foreach’ to process.

}
This is closing off the command which each ‘foreach’ command runs.

 

I hope that explains it enough so you’re able to manipulate the script to your own requirements.

 

KMS and MAK Licensing

Microsoft licensing is one of the things that puts fear into most people who have dipped their toes into it. Understanding how to be compliant with Microsoft – and how to make sure the company’s money is being spent properly – can be daunting. From an admin’s side, this is often not a concern as it’s not a part of their job – but at least understanding the implications of installing 10 different SQL servers in the environment is a necessity. One of the more fundamental models Microsoft now uses with Windows Server, Windows Client (e.g. Windows 7) and Office is using a key to register the products. So, how do you do it if you’re on a Volume Licensing Agreement?

What are KMS and MAKs?

With a Volume License Agreement with Microsoft, you are normally given two types of keys: Multiple Activation Key (MAK) and Key Management Services (KMS). The MAK will normally have an activation count, while the KMS does not. Simply put, MAK is a key that registers direct back to Microsoft with a certain amount of allowed activations. KMS on the other hand, lets all your clients use a generic key to talk back to a KMS Server on premise, and that centralised server talks back to Microsoft. The MAK side of things is pretty straight forward: you put a different key in per client, it will phone home and then either activate or fail. This works, but isn’t the way you should do things in a large environment. KMS gives you that automation.

KMS sounds great, how do I set that up?

I’ve written about this before on How To Enable Office 2013 KMS Host and How to add your KMS keys for Windows 8 and Server 2012, so I’ll just clarify how the process works. There are two types of KMS keys – client and server. The client key is normally the default key installed when using a volume license version of software, and the keys are publicly available. Here’s a list on Technet of keys. The KMS server needs to be configured as per my “How to” articles. Having a KMS Client key registered on your client will make it go through a different process of phoning home and check DNS records. The KMS server on premise gets the request, approves and activates the client. Technet as per usual has great documentation covering all of this, available here.

I’ve set it up and it’s not working – help!

OK, don’t get too worried here. First, you need to have enough clients trying to register on your KMS server before it will activate any of them. For Windows Client operating systems, you’ll need 25. Yes, that’s a lot. For Windows Servers and Microsoft Office, you’ll only need 5.

For an example, let’s say you’ve installed Microsoft Visio 2013 and it’s not registered (if you’re unsure if it’s registered or not, in Visio go to File > Account. On the right hand side it will tell you if the product is activated or not). Start by checking that you have a correct KMS key entered – you can re-enter it in the product.

You can force the activation of Office 2013 by going to the folder where it’s installed (by default it’s C:\Program Files (x86)\Microsoft Office\Office15) and running the command:

cscript OSPP.VBS /act

This will either tell you that you’ve successfully activated your product, or give an error. One of the most common errors is:

ERROR CODE: 0xC004F038
ERROR DESCRIPTION: The Software Licensing Service reported that the product could not be activated. The count reported by your Key Management Service (KMS) is insufficient. Please contact your system administrator.

Nice description. So, next up you’ll need to check your count reported on the KMS server. Forgot what server your KMS server is? You might be able to find out by using the command:

slmgr /dlv

which will give you an informative window telling you the KMS machine name from DNS. Or you can check your DNS for the entry from the DNS console under DNS Server > Forward Lookup Zones > internal domain name > _tcp > _VLMCS record.

On your KMS server, you can display the client count so far, to see if it’s hit the magic 5 with this command:

cscript slmgr.vbs /dlv 2E28138A-847F-42BC-9752-61B03FFF33CD

The string on the end is the Office 2013 Activation ID. For Office 2010 it’s “bfe7a195-4f8f-4f0b-a622-cf13c7d16864″. You’ll see a lot of information, but the important part is this:

Key Management Service is enabled on this machine
Current count: 5
Listening on Port: 1688
DNS publishing enabled
KMS priority: Normal

In this example, I’ve just hit the 5 so clients will now activate. If it was less than 5, I’d still be getting the previous error on the clients I had.

If you generally want to see what licenses you have on the KMS server, you can run the ‘Volume Activation Management Tool’ which is available as part of the Windows Assessment and Deployment Kit (ADK). Install instructions from Technet are available here. This tool will visually show you what products you have licensed, but won’t go into great detail. It’s good to have just as an overview.

There are other scenarios and issues that can happen with KMS activation. On the KMS server, you can check the KMS event logs in Event Viewer under Applications and Service Logs > Key Management Service. On the client, there are a huge amount of switches you can use with the slmgr.vbs script – you can run it without any switches to see them all.