Windows Azure now validated for PCI-DSS Compliance

by Shijaz Abdulla on 17.01.2014 at 09:58

Windows Azure has been validated for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) by an independent Qualified Security Assessor (QSA).

The PCI DSS is the global standard that any organization of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. By providing PCI DSS validated infrastructure and platform services, Windows Azure delivers a compliant platform for you to run your own secure and compliant applications. You can now achieve PCI DSS certification for those applications using Windows Azure.

To assist customers in achieving PCI DSS certification, Microsoft is making the Windows Azure PCI Attestation of Compliance and Windows Azure Customer PCI Guide available for immediate download.

Visit the Trust Center for a full list of in scope features or for more information on Windows Azure security and compliance.

Read more on Scott Guthrie’s blog.


Barracuda Web Application Firewall, Cloud Edition: Now on Windows Azure

by Shijaz Abdulla on 16.01.2014 at 18:30

image

Barracuda Networks offers a fully scalable security solution running in Windows Azure to protect services from different types of attacks. For any projects requiring extra security Barracuda Web Application Firewall can be used for Security-as-a-Service option.

The Barracuda Web Application Firewall, Cloud Edition is the first integrated, fully scalable security solution on Windows Azure. With predefined security templates and load balancing built in, companies of all sizes can enjoy total application security with no need to learn, configure, and manage complex technology. Download the Barracuda WAF on Azure whitepaper to learn more on why application firewalls makes sense in Azure.

  • Comprehensive protection against inbound attacks – including zero-day exploits and the OWASP Top 10
  • Advanced Outbound data loss prevention (DLP) to ensure confidential data stays that way
  • Automatic security updates and virtual patching through Energize Updates to stay ahead of new and evolving threats.

Windows Azure Deep Dive training: January 27-31

by Shijaz Abdulla on 16.01.2014 at 13:28

Microsoft Virtual Academy (MVA) are running a Windows Azure Deep Dive week this month Jan 27-Jan31.

Registration Link: http://www.microsoftvirtualacademy.com/colleges/windows-azure-deep-dive#?fbid=c3faeuin-q8

This will be a weeklong series of live, interactive sessions from the experts who built Azure that will show you how to start using Windows Azure in your solutions today. In addition to seeing lots of demos and real world examples, you’ll be able to get your questions answered in real time Q&A.

Scott Guthrie, Azure Guru and Microsoft Corporate Vice President, will kick off the week on Monday January 27 by building a real world application from scratch, end to end, to show you the latest capabilities of Azure.

Then each day, we’ll have deep dive sessions led by Microsoft’s top cloud platform development experts, including Scott Hanselman, Scott Hunter, Marc Mercuri, Cheryl McGuire, and Miranda Luna

These sessions are:

  1. Get Started with Windows Azure Today Jump Start: Overview Day, Monday January 27
  2. Designing Applications for Windows Azure Jump Start: Architecture Day, Tuesday January 28
  3. Building Windows Azure Applications Jump Start: Developer Day, Wednesday January 29
  4. Windows Azure IaaS Deep Dive Jump Start: Infrastructure Day, Thursday January 30
  5. Mobile Apps to IoT: Connected Devices with Windows Azure: Mobile Services Day, Friday January 31

Note: You need to register for each day/session. Registration link above.

clip_image001


Cloud OS Boot Camp | Doha | Dec 10-11

by Shijaz Abdulla on 20.11.2013 at 21:16

clip_image001

You are invited.

imageMicrosoft’s hybrid cloud approach allows IT to get all the benefits of scale, speed, and agility while still protecting existing investments.

Please join us for our upcoming Cloud OS Boot camp; an expert-led, no-cost, Live Demos for IT professionals, centered on the issues and workloads you’re tackling in your environment today.

At Cloud OS IT Pro Camps you’ll gain deep technical insight into the new features and functionalities of Windows Server 2012 R2, System Center 2012 R2. interactive discussions with Microsoft technical experts will cover a variety of topics including Server, Storage, Network Virtualization, Datacenter Management and Automation, Virtual Desktop Infrastructure, Storage as a Service and Infrastructure as a Service as a Service with Azure, SQL 2014, O365. You can download free trials to experience the new features.

Save the date and secure your seat now.

 

clip_image001

clip_image002

clip_image003

clip_image004

clip_image005

clip_image006

clip_image007


The Surface launch | Dec 4 2013 | Qatar

by Shijaz Abdulla on 17.11.2013 at 20:36

imageimageimageimage

Text:

Meet the new Surface, the one device for your everyday use, at work
and at home. Surface tablets let you work the way you always have,
with the tools and applications you’re used to, allowing you
to do so much more.

Join us in Doha, Qatar for the exclusive commercial launch
of the Surface tablets in the MEA region. Find out about
the brand new features that make these devices
more than just another tablet.

The future of productivity changes today.

Event:
Surface Launch
in Qatar

When:
Wednesday,
December 4, 2013

Time:
09:15 – 14:00

Venue:
Sheraton Doha Resort
& Convention Hotel,
Salwa Ballroom


clip_image001


Savision brings smart dashboards for System Center

by Shijaz Abdulla on 16.11.2013 at 06:04

Savision are a great application development partner that have solutions for System Center by transforming complex IT data into meaningful, well organized, actionable dashboards. They are well-known in the global System Center community for their ‘Live Maps’ software add-on for System Center.

image


Microsoft & Cisco extend cloud partnership

by Shijaz Abdulla on 09.11.2013 at 15:41

Microsoft and Cisco have announced their extended partnership at the Cisco Application Centric Infrastructure (ACI) event in New York on Wednesday.

This is a great example of how a prominent hardware manufacturer like Cisco can take advantage of Microsoft’s proven track record and experience in building and managing some of the largest clouds on the planet and bring the best solutions to our customers.

Through this expanded partnership, we will bring together Microsoft’s Cloud OS and Cisco’s Application Centric Infrastructure to deliver new integrated solutions that help customers take the next step on their cloud computing journey. These new solutions are designed to improve business agility and reduce cost by driving infrastructure automation in support of core business processes and applications. This next-generation infrastructure will deliver increased application performance, resource pooling, visibility, automation and mobility through:

  • Converged ACI stacks that include fully integrated versions of Windows Server 2012 R2 Hyper-V, System Center 2012 R2, SQL Server, Exchange and SharePoint
  • Optimized application and workload performance through dynamic network policies that automate and simplify deployment
  • Comprehensive management, infrastructure programmability and deep visibility and automation across Cisco UCS/ACI, System Center and Windows Server 2012 R2 virtual and non-virtual environments
  • Complete support for workload mobility using gateway solutions delivered by both companies – delivering on the promise of hybrid clouds

Please read the below post by Satya Nadella, Executive Vice President, Cloud & Enterprise – Microsoft.

http://blogs.technet.com/b/microsoft_blog/archive/2013/11/06/microsoft-and-cisco-s-application-centric-infrastructure-hello-cloud.aspx


Agentless Antivirus protection for Hyper-V

by Shijaz Abdulla on 02.11.2013 at 23:11

5nine last month presented their Hyper-V security and management products at the Microsoft Cloud OS Launch event in Singapore.

At the time of this writing, 5nine software reportedly is the only vendor that delivers agentless/host-based security and management products for Windows Server and Hyper-V.

5nine Security for Hyper-V delivers a strong virtual machine separation and segmentation solution together with secure, multi-tenancy, agentless antivirus and antimalware technologies including an intrusion detection system. The complete product description is available on the company website at http://www.5nine.com/59SecurityDatacenter

See http://www.5nine.com/Docs/5nine_Security_Manager_White_Paper.pdf

The Beta version of NEW 5nine Cloud Security v4.0 provides full multi-tenant security, advanced user- and roles-based access, new LWF Hyper-V Switch extension, secure network virtualization/VM Security Groups, support of multiple antivirus engines and full use of Windows Server 2012 R2 and System Center 2012 SP1/R2 features. 5nine Cloud Security exists in both System Center VMM plug-in version and as a standalone application.

Read the whitepaper.


Free StorSimple 7020 storage appliance with Windows Azure

by Shijaz Abdulla on 02.11.2013 at 22:52

With the recent acquisition of StorSimple, we have an interesting offer for Windows Azure customers.

Till December 31, 2013, customers who sign up for Windows Azure with an annual minimum commitment of US$ 50,000 of Windows Azure credit will receive a StorSimple 7020 appliance that supports up to 200 TB of storage on the cloud. We will also throw in free gold support for the appliance for the first year.

image

The StorSimple is a unique, cloud-integrated storage solution, that works differently from conventional storage.

To know how cloud storage works, watch this video:

An overview of hybrid Cloud Storage

If you are in Qatar and would like to take advantage of this opportunity, contact me.

image


Hosting your public DNS servers on Windows Azure

by Shijaz Abdulla on 03.10.2013 at 00:35

Here’s how you can host your public (internet) DNS servers on Windows Azure.

In this example I will be building two public DNS servers (name servers) running Windows Server 2012 on Windows Azure. These name servers will be used to resolve names for internet domain names such as those used for public websites and email.

For those of you who want to run non-Microsoft DNS for your public domains, you can also run Linux versions of DNS software on Windows Azure, as it also supports a host of Linux OS platforms such as Ubuntu, SUSE and CentOS.

Benefits of hosting your DNS servers on Windows Azure:

  1. Secure: Moving your public DNS server on to the cloud gives you the security assurance that can only be found in the datacenters of a large-scale cloud storage vendor such as Microsoft. In fact it is a best practice, to host your DNS outside your environment.
  2. Handle demands: You can easily scale up resources or hardware configuration of your servers any time on a pay as you grow model, or even temporarily when you anticipate a large number of DNS requests.
  3. Hybrid, distributed model: You can even have a few name servers on premises and a few on the cloud to spread them in to hybrid model. It is a best practice to geographically distribute your DNS.
  4. Increase Uptime: Remove hardware downtime, hardware maintenance contracts, and hardware refresh from the equation.

Major Considerations:

However, at the time of writing this blog post, there are still major considerations that need to be taken before you decide to move your DNS servers to Windows Azure, owing to the nature of the service.

1. All Windows Azure VMs have dynamic IP addresses with an infinite lease (in other words, no expiry date). Which means the IP addresses will be dynamic but will not change even if you reboot your VM. However, if you redeploy or stop the VM, the IP address will change and your old IP address may be re-assigned, requiring you to update your NS IP address records. I recommend you use availability sets and when you have to restart the VM, use the ‘restart’ option instead of ‘Stop’ followed by ‘Start’.

2. Regardless of whether you host in your DMZ or Windows Azure, make sure you secure your DNS installation. Follow this guide and checklist on TechNet.

Part 1: Build your VMs

1. Choose the appropriate OS image from the Gallery and build your VMs. I chose Windows Server 2012.

image

2.  Choose a hostname, VM size, local administrator username and password. (No, you can’t use “P@ssw0rd”. Smile)

image

3. Choose to create a new cloud service for your first name server. Choose a location, and a storage account (or choose to create a new one). For production servers, I recommend you use Availability Sets to protect against downtime when Microsoft does hardware maintenance.

image

4. Add the DNS Endpoint to the list of default endpoints. This will allow DNS requests to pass to the VM. The default endpoint in the list only creates a TCP endpoint on Port 53.

image

5. Important: However, DNS also needs a UDP endpoint on port 53. This is not in the list as of writing this blog entry. So you will need to create it manually. Let’s call this custom endpoint “DNS-U”. Without the UDP endpoint, NSLOOKUP will fail and names cannot be resolved, although a telnet on port 53 will work.

image

6. Virtual machine will now be created. Create a second virtual machine with similar parameters. This is because most domain name providers will require you to register two name servers if you are using your own custom name server.

What you have now is two VMs, both with private IP addresses behind a NAT, exposed to the internet via public IP addresses.

Part 2: Configure DNS

1. Install DNS role on the servers. Self explanatory. For more information, see TechNet. You might get a warning that the machine doesn’t have a static IP address. You can ignore this for now because Windows Azure DHCP leases are forever (unless you rebuild your VM). Alternately you can change the IP to static and apply exactly same IP that was leased.

2. Make it an authoritative DNS server.

a) Disable Recursion: Right click on the server, choose Properties. Go to the Advanced tab and choose Disable Recursion (also disables forwarders).

image

image

b) Create a Forward Lookup Zone named “.” (dot). See steps below.

image

image

image

image

image

image

image

3. Create the Forward Lookup Zone(s) for your domain(s). Create some records – for example A, MX, CNAME records. In my example, the domain name is iloveazure.net

a) Create the forward lookup zone named yourdomain.com, following the instructions in step 2(c)

b) Right click on the NS (name server) record that was created in the new forward lookup zone for your domain and choose Properties.

image

Make sure the internet FQDN of the name server is correct and manually change the IP address so that the public IP is listed. This should not have the local (private) IP address of the VM or the local FQDN/hostname. This step is important. If you have two name servers you can add them both.

image

c) Click on the Start of Authority (SOA) tab. Under primary server put the internet FQDN of your name server. Under Responsible person put your email address but substitute the @ sign with a dot (.)

image

Click OK. You will notice that the system automatically creates A records for your name servers, pointing to the public internet IP address of your name servers.

d) Create all the DNS records you need for the zone. This could be A records, CNAME records, SRV records, etc.

image

Part 3: Register your name servers with your domain name provider

The steps for registering your own custom name servers varies from provider to provider. For godaddy.com, see this article. This is a required step, otherwise DNS queries for your domain name will not be forwarded to your name servers. For assistance, contact your domain name provider.

GoDaddy steps shown below.

image

image

These changes will take a few hours to propagate. You may not see results immediately.

Part 4: Test your servers

When you’re done use a tool like dnsstuff.com or mxtoolbox.com to run a DNS test. You should get something like this:

image

On a machine connected to the internet, run NSLOOKUP against the name server you just created.

image

Websites like WhatsmyDNS.net will help you check if your DNS has propagated throughout the world.

image


< Previous postsNext posts >