Just as technology is helping companies of all sizes expand into new and bigger markets, it’s transforming the way social enterprises deliver on their social and environmental goals. We spoke with Sydney Alfonso, founder of Etkie, a local, social enterprise that operates in a global network and puts women in the forefront, about the impact of technology on her business. Not only is it helping Etkie carve out a space for itself in a highly competitive fashion industry, its empowering women to earn the wages they deserve. Here’s Sydney’s story: 

Over the past couple of years I’ve come to respect the importance of identity and strong identity management as a foundation to any organization’s Enterprise Mobility strategy. Those of you who know my background may recall that, in the late 90’s, I led the Program Management team at Novell delivering Novell Directory Services (NDS). Identity has been something I have worked on/around for close to two decades – and I can tell you it has never been more important that it is now.

As we are enabling users to work anywhere in the world from any device, it’s critical that you have a solution which helps you set access polices that govern access to your organization’s critical and sensitive corporate resources (based, of course, on the identity of the individual and the identity of the device). With device users working from anywhere and everywhere – and with the constant stream of attacks being leveled at every organization – it is also critical that an identity solution helps you to identify and block abnormal access attempts. As we all consume more and more SaaS offerings (the workforce in an average enterprise uses more than 300 SaaS apps!), we need to extend our identity management out to all the SaaS apps our organization is using. Over the next few posts, I am going to cover how we are helping address these needs via the Enterprise Mobility Suite.

As you consider your options, I hope you come to the same conclusion that I have: That the Enterprise Mobility Suite is the most sophisticated and complete Enterprise Mobility Management solution available. I get excited when I talk with customers and show them how they can take advantage of the work we are doing to integrate EMS with their existing AD and SCCM on-premises deployments. The alternative is purchasing separate offerings from the MDM guys (who don’t currently offer identity management) and then buying additional products from identity-focused organizations. After this variety of purchases, you are left to assemble all of this on your own. I can promise you that the piecemeal approach will be much more expensive, far less agile, and it will offer fewer capabilities.

Identity management is something that is in our DNA here at Microsoft. Today over 90% of businesses around the world use AD for their identity management (that is not a typo!) – and that figure goes up to 95% for Fortune 1000 organizations. We have been working hard to enable organizations to expand their on-prem investments to the cloud, and we have actually optimized our solutions for device management with Azure Active Directory (you can read about AAD in depth here).

What to do with Active Directory

Creating a consistent on-prem identity management process has become table stakes for doing business today. AD has been providing significant benefits for your organization for years via a centralized identity management for IT Pros and a great Single-Sign-On (SSO) experience for end users. When you are building your enterprise mobility functionality, you want it to deliver a small handful of critical things:

• Integration into your own infrastructure.
• Easy syncing with your internal Line of Business and 3rd party apps.
• Easy syncing with your identity directories (aka Active Directory).
• Self-service capabilities like password reset, group management, user profile, management, etc. that are consistent across your on-prem infrastructure and the clouds services you are using.

Azure Active Directory: Worker of Small Miracles

As I mentioned earlier, one of the key benefits AD has provided for years is centralized identity and access across the enterprise, with a great SSO experience for end-users to all the enterprise services. Now, as organizations are beginning to use SaaS offerings, consider how many organizations are using salesforce.com, Office 365, Box, etc. Organizations want to continue to have a centralized identity management solution across the SaaS apps they are adopting, and they also want to deliver that SSO experience to end users.

One possible way to accomplish this is to federate each user with each and every cloud-based app. The challenge, however, is that not all apps use the same protocols or standards when it comes to identity management. This can make federation a very complex and costly operation.

What organizations really need is a hub that can do five key things:

1. Connect SaaS identities with their on-prem Active Directory users.
2. Seamlessly connect with a variety of cloud applications.
3. Integrate with various web protocols.
4. Scale around the globe to authenticate users in any location, from any device, in a way that integrates simply with their existing identities.
5. Provide SSO to all these apps for users

Considering the install base of AD, it is safe to say that the industry would likely prefer not to reinvent the wheel or recreate all of their identities in the cloud. The good news is that this kind of reinvention is unnecessary since this is exactly what Azure Active Directory (AAD) provides in a secure and comprehensive way. AAD combines directory services, advanced identity governance, application access management, and a developer’s identity management platform.

Consider for a moment four additional bullets outlining the AAD scenarios that organizations of all sizes will face as they manage identities in the public cloud:

• Many applications, one identity repository.
• Managing identities and access to cloud applications.
• Monitoring and protecting access to enterprise applications.
• Personalizing access and self-service capabilities.

These are the things you need to insist your mobility partners/vendors can provide in a way that connects to the on-prem work where you’ve already invested – and these are things that, I’m proud to say, AAD can consistently deliver at enterprise grade.

Sync & Federation with Azure Active Directory

AAD allows you to sync with the on-prem Windows Server Active Directory using DirSync combined with either Active Directory Federation Services (ADFS), or, alternatively, with password hash sync. This setup helps to configure SSO and, to make SSO even easier, the most popular cloud apps are already pre-integrated in the application gallery – no matter what kind of public cloud is doing the hosting.This kind of integration goes way beyond simple compatibility. We have done the work to integrate more than 2,000 of the most popular SaaS apps with AAD to enable the scenarios described above. Let us do the work so you don’t have to :).

To really add additional value here, we have also preconfigured all the parameters needed to federate with these clouds so that an administrator can select the cloud applications their enterprise is already using and configure SSO accordingly.

Once you have your identities and apps under control, the next action to take is finding the most efficient way to manage them. The Azure Management portal contains a section specifically for AAD administration, and through this portal you can take your custom LOB apps (or the ones you’ve bought from a vendor) and enable them for SSO.

The Value of Cloud-based Identity Management

Once you’re operating your identity management solution from the cloud, your ability to manage a growing number of users and SaaS apps from the same console with the same processes becomes an invaluable advantage.

Access isn’t the only element that benefits from a top-tier identity management solution. Your ability to govern the creation, publishing, and usage of SaaS apps (which can be used via single sign-on) is a huge productivity booster for both you and the end users. There’s not an IT team in the world that goes more than a few minutes without thinking about security – and this is something we think a lot about, too. This is why AAD is based on Trustworthy Computing principals and security is a foundational part of its architecture.

To get a sense of just how secure this setup is, consider this: Microsoft does not require you to store any user passwords in the cloud from the synchronized on-prem identities. Additionally, all access attempts are monitored and can be displayed via a simple set of reports that can track inconsistent access patterns (unknown source logins, multiple failed logins, or logins from multiple geographies). These reports allow you to have the insight necessary to improve access security, respond to potential threats, and make decisions about other ways to mitigate risks (like Multi-factor Authentication).

This is all delivered through Azure Active Directory Premium – which is one of the components of the Enterprise Mobility Suite. This is what you should be building your Enterprise Mobility Suite around.

* * *

To get a lot of additional information about Microsoft’s cloud-based identity management solutions, check out this very helpful Hybrid Identity Management site.

For even more info about Azure Active Directory and its capabilities, check out a couple of these sites:

• The main Azure Active Directory site.

• Active Directory Authentication Library 1.0 for .NET.
• Application Gallery for cloud apps.
• Active Directory Considerations in Azure Virtual Machines and Virtual Networks.
• Setting up Azure Active Directory ACS to provide identities to Windows Azure Pack.
• Federated Identities to Windows Azure Pack through AD FS.
• Azure Active Directory service page.
• Multi-factor Authentication service page.
• Azure Active Directory documentation page.

• The Active Directory Team Blog.

こんにちは SharePoint サポートの森　健吾 (kenmori) です。

今回は、SPSite, SPWeb オブジェクトの解放についてまとめるとともに、SPRequest オブジェクトがどのようなものかについて、よく聞かれる説明をまとめて既存の公開情報を補足する形で説明します。

なぜこの情報が重要なのか

SharePoint Server にサードパーティ製品や Visual Studio で開発した独自ソリューションを一切使用しない場合は、本投稿に記載された懸念点によるリスクはほとんどないと言っても過言ではありません。ただし、現実的に現在の運用環境では、カスタム ソリューションの存在しない環境は少ないと思います。

製品パッケージの上に Visual Studio を使用した .NET Framework ベースのソリューションを追加展開できることは、標準機能では実装できないものも、サードパーティ製品やカスタマイズにより、様々なお客様のビジネスにおけるご要望に応えることを可能にできる SharePoint の大きな魅力の一つといっても過言ではありません。

ただし、開発者が SPRequest オブジェクトを正しく理解して実装していない場合、実行プロセス (アプリケーション プール, SharePoint タイマ サービス) の慢性的なパフォーマンス遅延、予期せぬ実行時エラー (SPException など) の発生、最悪の場合は非常に稀ですがプロセスのクラッシュにつながる状況があります。

本投稿に記載された内容は、SharePoint でサーバー サイド オブジェクト モデル (SSOM) を扱う開発者にとっては必須知識ですが、SharePoint 管理者にとっては問題があったときの対策として必ず理解しておきたい内容となります。

補足
SharePoint クライアントサイド開発 (CSOM, JSOM, REST) では、本投稿に記載された懸念点はありません。

そもそも SPRequest とは何か

SPRequest は、SharePoint API において最も頻繁に利用する基本オブジェクトである SPSite (サイトコレクション)、SPWeb (サイト) オブジェクトが内部的に参照している COM オブジェクトです。

このオブジェクトの由来はリリース当初までさかのぼります。SharePoint は SharePoint Team Service 1.0 (SharePoint Portal Server 2001) として誕生しました。当時は、まだ .NET Framework ベースではなく完全にネイティブ コードで実装され、FrontPage Server Extension を拡張した ISAPI モジュールとして実装されていました。

SPRequest は、その当時使用されていた ISAPI モジュールである owssvr.dll の 1 オブジェクトであり、サイト コレクション、サイト、リスト、ビュー、フォルダ、ファイル、アイテムなどに対する各内部処理を実装した根幹となるコンポーネントです。

タイトル : Overview of the SharePoint Team Services Architecture
アドレス : http://msdn.microsoft.com/en-us/library/ms947858.aspx

現在の SharePoint Foundation 2013 (SharePoint Server 2013) に至るまで、コンテンツ データ格納先の SQL Server 化、.NET Framework ベースの Web アプリケーション化等、時代に合わせて製品が変更されても、根幹部分については多少の改変はあったものの完全に作り替えられることがなく、現存しているのが SPRequest モジュールそのものということになります。

つまり、現在の SharePoint においても、このように長年安定しているコアとなる大規模なコードをそのまま使用し、下記のようなアーキテクチャとして動作しています。
事実上、この構図において大半の処理がネイティブ コード上で実行されます。

.NET Framework における動的メモリ管理の注意点

上記の通り、SharePoint は純粋なマネージ コード アプリケーションではありません。そのため、.NET 相互運用性に対する理解が必要となります。

以下の様に、マネージ コード上でオブジェクトを生成すると、マネージ オブジェクトがストアされる CLR (Common Language Runtime) 上の GC ヒープ上にオブジェクトが割り当てられるだけでなく、そのオブジェクトが内部使用する COM オブジェクトもネイティブ アドレス空間上にマップされます。

図 1 メモリ割り当て

(注意 : 図はわかりやすさを重視するため、いろいろなことを省略しています。)

SharePoint オブジェクト モデルで使用するオブジェクトは、もちろんガベージコレクションによる動的メモリ管理および自動メモリ解放の対象となります。
ガベージ コレクションについては、下記のサイトに基礎部分がまとめられておりますのでご参考にしてください。

タイトル : ガベージ コレクションの基礎
アドレス : http://msdn.microsoft.com/ja-jp/library/ee787088(v=vs.100).aspx

ガベージ コレクションについて非常に簡単な説明をすると、マネージコードの実行中に GC ヒープ (メモリ) が圧迫されてきた (自動算出される閾値に達した) 、または処理を実行するために必要なメモリが足らなくなった時に、もう使われていないオブジェクトなどを検出して破棄します。このことにより、利用できるメモリ サイズを増やして、以降の処理を正常に実行させることが可能となります。

図 2 GC ヒープの敷居値に達した

 ガベージ コレクションによってオブジェクトが破棄された場合、参照しているネイティブ メモリも破棄されるよう実装されております。

図 3 オブジェクトの破棄

ガベージ コレクションによって破棄されるから大丈夫だと安心してはいけません。問題となるのは上記で赤字表記したガベージ コレクションの実行条件です。「マネージコードの実行中に GC ヒープ (メモリ) が圧迫されてきた、または処理を実行するために必要なメモリが足らなくなった時に、もう使われていないオブジェクトなどを検出して破棄します。」

プログラムがまだ使用しているオブジェクトが消えてしまうと、プログラムの動作を破壊してしまいます。つまり、オブジェクトの参照さえ消えれば (もうその変数を使ってないという状況になれば)、ガベージ コレクションによって回収される対象となり、その後ファイナライザーによって破棄される動作となります。

問題点

上記の内容をまとめますと、下記のような問題点があります。

・ネイティブ コード実行時にメモリ不足を検出してもガベージコレクションは実行されない
・GC ヒープの圧迫に気付きにくいため、ガベージ コレクションがトリガーされにくくなる (ネイティブ メモリ消費量の方が一般的に多い※1)

そして、この状況から発生する最悪の状況としては、ネイティブ コードの実行時にメモリ不足が検出され、必要な処理を実行することができず、プロセスがクラッシュする現象となります。

対処策

この問題を解決する一般的な対処策は下記となります。
・使用されなくなったオブジェクトを適切に解放して、オブジェクトの使用時間を減らす。
・SharePoint オブジェクトモデルが実行される常駐プロセスを定期的に再起動する ※2
・パフォーマンステストを実施し、メモリ不足になりやすい端末上で運用しない ※3

今回は、使用されなくなったオブジェクトを適切に解放し、オブジェクトの使用時間を減らすことで対処する方法を記載します。

補足
※1) SharePoint 2010 以降においては、ネイティブ コードでの細かな処理の後、データ ベース アクセス層の実装がマネージ コード化され、結果をまたネイティブ コードが受け取るような実装となりました。このため、SQL Server とのデータバッファなどが動的メモリ管理の対象となるため、2007 以前よりは本問題による重症化が防げており、安定してきたと考えています。
※2) SharePoint 2010 以降では SharePoint Timer サービスも定期的に再起動されるようになり、リスクが大幅に抑えられています。
※3) 32 ビット OS 環境にも対応している SharePoint Server 2007 以前の際には下記の資料はよく論点となりました。32 ビット OS は使用できるメモリ 4GB 制限があり、極めて厳しい動作環境となります。

タイトル : ASP.NET Web アプリケーションで System.OutOfMemoryException が発生する場合のトラブルシューティング
アドレス : http://support.microsoft.com/kb/954830/ja

上記の通り、SharePoint 2010 以降では、メモリの問題に対する対処策が大幅に強化されています。

SPRequest オブジェクトの解放方法

SPSite.Dispose や SPWeb.Dispose メソッドを呼び出してネイティブ オブジェクトである SPRequest オブジェクトを即座に解放します。

本投稿で細かく方法は記述しません。詳細は下記 MSDN サイトを参照してください。

タイトル : オブジェクトの破棄
アドレス : http://msdn.microsoft.com/ja-jp/library/ee557362(v=office.14).aspx

タイトル : アンマネージ リソースをクリーンアップするための Finalize および Dispose の実装
アドレス : http://msdn.microsoft.com/ja-jp/library/b1yfkh5e(v=vs.90).aspx

SPSite, SPWeb クラスは IDisposable インターフェースを継承しています。対処策としては、自分で割り当てたオブジェクトに対して、必ず Dispose メソッドが呼ばれるようにします。try finally で必ずくくってfinally 句で Dispose メソッドを必ず呼ぶか、using ブロックを使用してオブジェクトの使用スコープを明示的に指定するということです。

適切なコード例 1

SPSite oSPSite = null;
SPWeb oSPWeb = null;

try
{
   oSPSite = new SPSite("http://server");
   oSPWeb = oSPSite.OpenWeb(..);
   // 処理
}
finally
{
   if (oSPWeb != null)
     oSPWeb.Dispose();
   if (oSPSite != null)
      oSPSite.Dispose();
}

適切なコード例 2

using (SPSite siteCollection = new SPSite("http://moss"))
{
    using (SPWeb web = siteCollection.OpenWeb())
    {
        // 処理
    }
}

using ステートメントでは、処理ブロックを抜ける際に内部的に必ず Dispose メソッドを呼び出す処理となりますため、上記コード例は書き方の違いだけで内部処理の差異はありません。 

書き方は理解している場合は多いと思います。ただし、実際にどのオブジェクトを解放すべきかについては、ある程度経験した開発者でも即答できない場合が考えられます。上記で案内したサイトには、このような区別が記載されています。下記にまとめますので、チェックしていただけますと幸いです。

その他

最も安全な実装案としては、新しくインスタンスを作成する際には、ローカル変数として使用しオブジェクトを生成して使用が終われば即座に解放する方法です。こうしておけば、オブジェクトがメモリ上で参照され続ける状況を防ぐことができ、問題となることは少ないでしょう。

SharePoint へのデータ アクセス クラスを作り込み、実装の過程でグローバル変数やクラスのメンバー変数などに保持する実装などでは、.NET Framework 側でこれらが参照されていないと認識されるまで、ガベージ コレクションの対象にはならず、メモリ上への存続時間を押し上げている結果につながることもあります。このような実装には細心の注意をお願いします。

特筆すべき診断ログ

SPRequest オブジェクトに関連するログには様々なものがあります。もし、下記の診断ログが出力されている場合、オブジェクト解放が適切に実施されていないことが断定されることになります。

ログ 1

オブジェクトが実行スレッド上からではなく、ガベージ コレクションによって破棄されていることをあらわすログとなります。このログは、オブジェクト解放漏れの赤信号です。

mm/dd/yyyy hh:mm:ss.ff   w3wp.exe (0x1234)        0x5678  SharePoint Foundation       Performance      nask    Monitorable      An SPRequest object was reclaimed by the garbage collector instead of being explicitly freed.  To avoid wasting system resources, dispose of this object or its parent (such as an SPSite or SPWeb) as soon as you are done using it.  Allocation Id: {019F5A8E-E151-40BF-8776-4A1F8F9C00D5}  To determine where this object was allocated, set Microsoft.SharePoint.Administration.SPWebService.ContentService.CollectSPRequestAllocationCallStacks = true.

ログ 2

オブジェクトが実行スレッドが終了するまでに破棄されていないことをあらわすログとなります。このログは、オブジェクト解放漏れの赤よりの黄信号です。
もちろん、生成したのとは別スレッドで、後ほど破棄するという実装も考えられますため黄色とします。

"An SPRequest object was not disposed before the end of this thread. To avoid wasting system resources, dispose of this object or its parent (such as an SPSite or SPWeb) as soon as you are done using it. This object will now be disposed. Allocation Id: {GUID}To determine where this object was allocated, create a registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\HeapSettings. Then create a new DWORD named SPRequestStackTrace with the value 1 under this key."

解放漏れの可能性のあるオブジェクトについて、生成した際のスタックを調べることが可能です。

SharePoint 2007

キー : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\HeapSettings
値 : SPRequestStackTrace = 1

SharePoint 2010 以降

生成した際のスタックを調べるには下記の PowerShell を実行します。 

$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
$contentService.CollectSPRequestAllocationCallStacks = $true
$contentService.Update()

ログ 3

上記ログが出ていなくても、下記の通りオブジェクト数が増え続けている状況は危険です。

下記のログはあくまで閾値よりも多くの SPRequest オブジェクトがメモリ内に存在することを表しているだけのログです。

ユーザー アクセス数が多くサーバー負荷が高い状況においても、この値が上昇することはありますため、このログが出現することがオブジェクトの解放漏れと直結することはありません。

Mm/dd/yyyy hh:mm:ss.ff w3wp.exe (0x1234)                        0x5678 Windows SharePoint Services    General                        0 Medium  Potentially excessive number of SPRequest objects (number of objects) currently unreleased on thread number of thread. Ensure that this object or its parent (such as an SPWeb or SPSite object) is being properly disposed. Allocation Id for this object: {GUID}"

閾値は下記のレジストリ キーで変更できます。

キー : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\HeapSettings
値 : LocalSPRequestWarnCount = desired threshold value

オブジェクトの適切な解放を順守するために

オブジェクトの適切な解放を診断するためのツールとして SharePoint Dispose Checker と呼ばれるツールがあります。本ツールには弊社がサポートを提供している製品ではありません。

ご利用にあたっては、ツール付属の Read me および後述の技術情報等をご参照いただくとともに、使用方法をお客様の検証環境で十分に検証ください。

なお、このツールのダウンロード先は最近変更されたので、リンク切れページが多数存在しております。下記にまだ存在していますので、ご安心ください。

タイトル : SharePoint Dispose Checker Tool
アドレス : http://gallery.technet.microsoft.com/office/SharePoint-Dispose-Checker-01da48e8

見たことのないツールを使用することに抵抗を感じる使い方もいらっしゃると思いますので、使用方法を簡単に説明します。

SharePoint Dispose Checker Tool 使用方法

1-1. 上述のリンクより、SPDisposeCheck.msi をダウンロードし、SharePoint サーバーにインストールします。
1-2. コマンド プロンプトを起動し、以下のフォルダに移動します。(既定では以下のフォルダにインストールされます。)

> cd C:\Program Files\Microsoft\SharePoint Dispose Check

1-3. 以下のコマンドを実行します。

> SPDisposeCheck <path to assemblies> -debug –xml <file>
(コマンド例) > SPDisposeCheck " C:\WINDOWS\assembly\mywebpart.dll" -debug –xml c:\temp\result.xml

 補足 : <path to assemblies> に指定するモジュールは、dll ファイルまたは exe ファイルになります。

 1-4. 出力された xml ファイルを確認します。

レポート結果

対象のソース

これだけ、明確にレポートされます。もちろん、正しくは解放している場合においても、レポートされてしまう可能性があるため正確ではない場合もあります。
ただし、製品のリリース前に、本ツールによるチェックをかけるということも品質向上に役立つのではないかと考えます。

Visual Studio アドオン

上記ツールには Visual Studio のアドオンなども同梱されています。デバッグ時にもコンパイラ メッセージとして表示できるので、とても便利です。

いかがでしたでしょうか。今回の投稿は以上となります。

Posted by Brad Smith
General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft

Amid the current public debates about government surveillance, this is a good day to step back and remember the Third of July.

Of course, the first question you might ask is, what happened on the Third of July?

Many Americans will recall, of course, that it was in Philadelphia at Independence Hall on July 2, 1776, that the colonies voted for their independence. And then it was two days later on July 4 that our Founders signed the Declaration of Independence.

But on the day in between, on July 3, 1776, something interesting happened as well.

[Read more...]

Big, small, B2C, B2B, public or private sector…each business is different in what they do and the way it works . However, when it comes to looking for fresh new employees to join a business the core attributes tend to be the same across the board. Whether the need is due to company growth, topping up the talent pool, or just to get in some fresh blood to invigorate the workforce; companies will be looking for hard-working, team players with excellent communications skills and a willingness to learn.

Historically the traditional way of getting new talent has been through graduate programmes but more recently the trend has been moving more towards apprenticeship programmes. An article in the Guardian suggests that tuition fees are increasingly prohibitive, making university an expensive venture for most students and it doesn’t come with the guarantee of a job at the end. So could this be the reason young adults and companies are moving more towards apprenticeships as an alternative route to employment?

Stats show there’s been a significant increase with young people applying for apprenticeship schemes; with over 1.4 million online applications submitted last year to UK companies to obtain a place on an apprenticeship programme.
From an employer perspective, graduates can be viewed as lacking the necessary practical experience or niche knowledge to make an immediate impact as a contributing member of their team according to a survey conducted by HRZone last year.

Companies are increasingly coming to the conclusion that when investing time and money into training a new employee on the basics, it makes more sense to choose an apprentice. They will generally be younger and perhaps more mouldable into their ideal employee. Companies are also finding that on average graduates are more inclined to leave within 2 years to move on to new roles, whereas an apprentice will generally show loyalty to the company that has trained them from the ground up. All these facts coupled with the government offering a financial incentive to companies taking on apprentices; the benefits are clear and compelling.

The incentives for a young person are also attractive. Apprentices will work towards nationally-recognised qualifications through a blend of on and off-the-job training while being in paid employment. If an apprentice wishes to continue their training they have the ability to progress through the various levels of apprenticeship programme i.e. Intermediate, Higher etc.  Higher apprenticeship programmes can offer the opportunity for apprentices to gain their first qualifications within higher education e.g. HNC, Foundation Degree, which provides a real springboard to their career.

Apprenticeship programmes from Global Knowledge UK can contain a range of leading IT vendor certifications from industry leading vendors such as Microsoft. These programmes can be tailored to client specific requirements and can draw upon an extensive Global Knowledge UK portfolio of learning resources and are delivered through flexible, blended delivery models all supported by e-portfolio.

Global Knowledge can provide you with the new talent you are looking for, so to find out more come find us at WPC or email apprenticeships@pds-group.co.uk.

About the Author
Ray Snowdon is Business Development Consultant at leading IT and Telecoms apprenticeship consultancy PDS Group. His career in academia spanned the 90’s, where he was Director of Academic Programmes and then Manager of the New Technology Institute. He joined e-skills UK, as Regional Development Manager for the North West and Yorkshire and the Humber before moving to Proskills UK in 2006.  During his time at Proskills UK Ray was involved in leading activities across the Nations and Regions Team before taking up the role of Project Director for the National Skills Academy. Ray supported development of the National Skills Academy for IT and the e-skills Professional Programme at e-skills UK before joining PDS Group.

About Global Knowledge UK
PDS Group was formed in 2005 in order to work with large corporate clients in the provision of Apprenticeship and talent programmes. In 2014, PDS became part of Global Knowledge UK, leaders in IT, best practice and business skills training. Their team of expertise includes Human Resources, Learning and Development, IT, Telecommunications, Sales and Telesales and Project Management. www.pds-group.co.uk

Enterprises, executives and ICT professionals must think global and work globally to survive and succeed. The biggest impediment is the serious lack of understanding and respect of foreign markets, customs and culture. The non-profit International Economic Alliance or IEA, initiated via the work of Harvard and US Presidents bridges the gaps. Tom Pickering is a founder and his insights are highly valuable to executives, and ICT professionals. I hope you enjoy the interview as much as I enjoyed doing it.

Ambassador Thomas Pickering, Ambassador Retired, joined Boeing in 2001 upon his retirement as US Under-Secretary of State for Political Affairs, a position he held since May 1997. He served as Senior Vice President of International Relations as a member of the Executive Council of The Boeing Company until July 1st 2006, where he oversaw the company's international affairs, including those with foreign governments. He has been a Senior Advisor for the company since. In December 2006, he became Vice Chair of Hills & Company, which provides advice and counsel to a number of major US corporations. Ambassador Pickering was briefly President of the Eurasia Foundation, a Washington-based organization that makes small grants and loans in the states of the former Soviet Union.

Pickering holds the personal rank of Career Ambassador, the highest in the US Foreign Service, and has served as US ambassador to the Russian Federation, India, Israel, El Salvador, Nigeria, and Jordan in a diplomatic career spanning five decades. From 1989 to 1993, he served as Ambassador and Representative to the United Nations in New York, and from 1973 to 1974, as Executive Secretary of the Department of State and Special Assistant to Secretaries William P. Rogers and Henry A. Kissinger.

Pickering entered active duty in the U.S. Navy from 1956-1959, and later served in the Naval Reserve to the grade of Lieutenant Commander. Between 1959 and 1961, he was assigned to the Bureau of Intelligence and Research of the State Department and later to the Arms Control and Disarmament Agency, and from 1962 to 1964 in Geneva as political adviser to the U.S. Delegation to the 18-Nation Disarmament Conference.

He earned a Master's degree from the Fletcher School of Law and Diplomacy at Tufts University, a Bachelor's degree *** laude, with high honors in History from Bowdoin College. Ambassador Pickering was granted both the Distinguished Presidential Award and the State Department's highest award — the Distinguished Service Award. He is a member of the International Institute of Strategic Studies and the Council on Foreign Relations. He speaks French, Spanish and Swahili and has some fluency in Arabic, Hebrew and Russian.

To listen to the interview, click on this MP3 file link

DISCUSSION:

Interview Time Index (MM:SS) and Topic

:00:30:
What are your top career successes and lessons learned that you feel may be useful to the audience?
"....If you are a Diplomat, listening is probably something you should be doing two thirds of the time. I try to practice that when I'm engaged with folks because in many ways what people have to say and what they want you to hear are often very, very important. But even more important is sometimes what they actually mean underneath all of that isn't exactly what they say. Occasionally I found that they're not really sure what they mean until you have a chance to sit down and ask them a few questions...."

:03:46:
Can you describe your journey leading to your current role as Founding Co-chair of the International Economic Alliance (IEA) and how your prior roles play an integral part in this journey?
"....I had been Ambassador to Russia for a number of months and it became quite clear that a very interesting set of activities were happening at Harvard (which used the business school when it attracted faculty and indeed the Harvard reputation). A number of people in and around Harvard plus some private folks helped to inspire and respond to a Russian desire to be able to meet, work with and develop business contacts that would eventually emerge through into investments in Russia. So Harvard began to sponsor conferences (I went because I was Ambassador to Russia), and that quickly morphed into a situation in which it became clear that many other countries wanted to participate....It has what is purely a historical connection with Harvard and a very useful way to bring to its meetings (which were held annually in New York at the time of the opening of the United Nations General Assembly), a number of key Harvard faculty members who constitute one area of interest to the countries involved, as well as to the corporations who invariably are able to gather two to three hundred people. We have fifty-one countries that have been involved very much in our work...."

:07:14:
If you were to sum it up, why should significant leaders get involved in this work at the International Economic Alliance when there are other venues such as the World Economic Forum or the Economic Forum in Astana?
"....I've been to the World Economic Forum and it's a great talk shop, but you don't have the opportunities that you have at the International Economic Alliance as a leading American corporate executive, to sit down in a private room with a foreign Head of State and talk directly one-on-one about what it is that you're interested in pursuing in that person's country. You gauge, understand and receive commitments and the willingness of that country to open doors to work with you, to support your investment and give you a clear-eyed idea of where that investment may put you in terms of expected returns. This is an enormously useful, targeted, specific set of activities that draws people back because they know and understand that we've had successes....This compresses distances, sparks interest, exchanges information, details the communication, takes the individual entrepreneur and the country leader down the road towards success and we stay with it all the way...."

:12:33:
Why don't technology companies engage further — what are they missing? Can you give examples of why working internationally at the highest level is important to their bottom line and to their success?
"....A lot of the places where we can help the various companies are brand new markets for them. In many cases they will also look for manufacturing, R & D or research opportunities, or cross investment opportunities in these countries and so on the manufacturing side often you are able to take advantage of lower cost manufacturing, not just for that country's markets, but often for other markets so there are real savings to be made and that's one of the benefits of globalization. We help our business clients and their friends to try to take advantage of these sorts of opportunities as rapidly as we can...."

:15:53:
What do you hope to accomplish this year and how will you measure your success?
"....We think this year we want to be able to move up from the 50 or so countries who are involved and move up from the several hundred companies where we have been involved. We would like to see many of the more successful series of events in mid-September in 2014 than we've been able to have before....I would say clearly we should be looking over the next three years at doubling our activity and certainly we would look at a one third increase in 2014 as a very important goal, one that we could meet but it would be a testing goal and I think that's significant. People don't like to come for things that don't represent wide participation, enthusiasm, strong speakers, strong government participation, strong corporate attendance and so I think we are able to continue to provide that and to strengthen them as we go ahead. That will be some of the hallmarks of our success...."

:20:20:
What would a typical event look like? For example, people show up, there is probably a networking function, open table sessions perhaps, some keynote speakers, etc., could you describe a typical event for the audience?
"....That's right and we rely on all of those techniques and more. Normally we would offer several Harvard Business School notables and we would try to offer very senior American business leaders (I mentioned some of them to you just a moment ago), who would give their perspectives. We would bring in the Heads of State from two or three countries, maybe a Prime Minister or two and they would bring a carefully crafted talk to in effect open the doors of the countries to the potential for US company investment and hopefully open the eyes to the US investor to the possibilities in that country....The open table conversations are very valuable and they often provide special introductions for American businessmen with key foreigners. The discussions at those tables, we know that their interests and aspirations are going to be, if not satisfied, at least provided for...."

:23:13:
Everybody knows of your career and the tremendous contributions that you have made to your country and to the world, and yet it sounds like the International Economic Alliance is one of the crowning jewels in all of the things you have been doing?
"....You are kind to say so and my interest in this has been longstanding beginning with Russia, but the people who make this go are the people who also give it 24/7 kind of attention and activism. I mentioned earlier Van McCormick and his student recruits, his interns, some of the Harvard professors who work very closely with us, the long list and then the opportunities we have to contact that list are the American firms and the growing number of partners. We have an Ambassadors Alliance in which we enlist Ambassadors who are in New York at the UN as well as those who are in Washington looking after their country's interests with respect to the United States....A number of us are pleased obviously to have been in on the early days and continue our work as supporters and advisors...."

:25:02:
Are there things that continue to surprise you today in the work that you do?
"....I think this is a world full of surprises, everything from the economic downturn in 2008 and 2009 and its ramified effects, beginning as it did with the total mishandling and misreporting of the household mortgage market in the United States, but spreading way beyond into critical issues into the future of the banking system, the survival of large companies in the United States and abroad and indeed the survival of such economies as Greece, Portugal and so on which were struggling to stay alive in the midst of these huge changes. Those are quite striking and important and hard to predict and I think we need to pay careful attention to those...."

:28:23:
You have corporations, governments and leaders within the various government organizations, you have financial houses, and so on participating at these events. Is there a place for organizations or federations and other non-profits from different areas at an event like the ones held by the IEA?
"....I think we would not want to have our International Economic Alliance meetings turned into a kind of money-raising session for particular non-governmental organizations, but if they felt they had something useful to contribute and showed that then I think that would spin out naturally into where our work is going...."

:30:19:
We see it in the news all the time that there are Geopolitical and investment challenges worldwide. Are there areas that you want to point out that you think people in the audience should be aware of?
"....I think that Northeast Asia in general is some place that people are continuing to look at (Korea, Japan, China, Hong Kong and Taiwan). I think that West Asia, the area which has developed a strong commitment to stability, to markets and to attraction to investment for economic development purposes is important. I think South Asia is important, India, Pakistan, Bangladesh in particular. Africa is growing and perhaps continentally speaking one of the largest continuous long term growth rates in history. I think similarly Latin America got to a much higher state of development with growth over the past two decades. All areas are moving but the ones I mentioned are worthy of particular importance...."

:32:07:
This is probably a sensitive area to talk about, but are there areas of controversy in the areas that you work and what are your views on them?
"....We have seen real change taking place in the Middle East where we still don't know the clear result so that in some ways put a damper on activity and development and we don't want to walk away from that....In Russia a climate that varies now is perhaps more of a down side than an upside and this is a very large market. I think in China the obvious role of the government in almost every aspect of Chinese life (some of it now in a much larger role than it used to be). It's important in India, there are some places where the government is weak and unable to provide security and support in a way that an investor would want to have....All around there are these kinds of local developments we have to be up to date with and follow as well as the general growth factors available in describing the country's economy and developing progress...."

:34:00:
I’m going to put out the three topic areas to which you can provide commentary in any way. The topic areas are: The availability of free content on the internet and your views on that in terms of IP and digital rights and so on....Crowdfunding....Digital currencies. You may wish to comment on any of those areas or not at all.
"....With respect to open media, of course this is a new driver. It's a regular source of valuable information. Sometimes you have to be careful as much of it is driven by futurists one way or another and much of it is loaded into a framework which is kept alive by advertising, but advertising has its own influence....I think that the topics you mentioned including IPR, the failure to recognize and honor patent rights and copyrights and things of that sort, are failings that are fairly widespread. As you know the US government had for a long period of time been urging its colleagues and foreign countries all around the world to straighten up and get rights, join some of the international conventions, observe them and do the things that make a lot of sense. The bitcoin phenomenon is very interesting because it's part an investment in a concept that has value, it's almost a derivative and at the same time it is a currency available to be spent in some limited areas at the present time...."

:38:04:
Do you see some policy changes that should occur in the US in the next two years? What would you like to see internationally?
"....I think by their nature, small wealthy city states do better than large ratified countries with vast populations and obviously a great deal of diversity. Secondly, for the United States which has in fact stayed alive by its innovation and its encouragement of innovation much of our most recent innovation has come through migration and we need to pay attention to that. The third point I would make is that fundamentally we need to pay a great deal more attention than we have been to primary, secondary and higher education in the United States....Innovation alone is not necessarily, in my view, the total measure of success, there are things like smart management, the adoption of lean manufacturing techniques, the ability to inspire and empower a workforce, the ability to generate from within almost organically new and superior ways of carrying out your business, whether it's in audits and finance to manufacturing line work the tool support mechanism or the movement and use of contributing parts or the design process to ensure that maintenance is superb and less costly than it has been in the past...."

:43:22:
On the policy side is there just one policy change you'd like to see (and not just restricted to technology), it could be in anything, for example, better healthcare, better international relations or whatever?
"....I'd like to see a lot, because I see education as such a vital resource for a country that I'd like to see us continuing to move education to the top of the list...."

:45:05:
From your extensive speaking, travels, and work, please share some stories (amusing, surprising, unexpected or amazing).
"....It turned out that the steward on the Air Force plane had given me somebody else's coat. This coat felt a slightly different texture than my suit, but it wasn't a terribly ill match except that it just didn't fit, it was very badly sized.......The Russian Foreign Minister was a very old friend and I took a nice stroll around the sloping ramp at the top of the building, and then we were called to walk several blocks to the Brandenburg Gate to have our picture taken and I was able to hide behind the other Foreign Ministers (probably my appropriate place in protocol). Then we climbed on a bus and went to a very nice palace. In the meantime I got on my cellphone (I wasn't able to contact the Embassy in Berlin because for some reason the phone didn't work), but I could get my office in the United States). I quickly told them what the problem was and said you've got to find my coat and that I needed it by this particular place by this particular time because by then we were going to be on cameras and photos sitting around a table working together. Sure enough they were able to do that...."

:50:10:
If you were conducting this interview, what questions would you ask, and then what would be your answers?
"....What's going to happen in the next 3 years in the world economy and where is the economy going?....What are the crucial technologies that we should be paying attention to that will help shape and move us in the days ahead?....In working in developing countries, particularly big ones, what are the kinds of rules you should follow as a prudent investor?...."

:52:42:
Thomas, with your demanding schedule, we are indeed fortunate to have you come in to do this interview. Thank you for sharing your deep experiences with our audience.

Today, we provide advance notification for the release of six Security Bulletins. Two of these are rated Critical, three are rated as Important, and one is rated Moderate in severity. These Updates are for Microsoft Windows and Internet Explorer.

This month we will also premier the new format for our Security Bulletin Webcast, scheduled on Wednesday, July 9, at 11 a.m. PDT. Registration, downloading the Live Meeting client, and dialing in to a separate number will no longer be required. You can find details on how to view the webcast here.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, July 8, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s Updates. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

Don’t forget, you can also follow us on Twitter at @MSFTSecResponse. 

Thank you,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

~ John Patterson

This article will guide you through the recommended way to setup and configure a typical, highly available (HA) System Center 2012 R2 Virtual Machine Manager (VMM) installation. Topics we’ll cover include the following:

• Overview of a VMM 2012 Environment
• What We Will Be Installing
• The VMM Service Account
• The Container in AD DS for Distributed Key Management
• The VMM Failover Cluster
• Installing Highly Available VMM

Overview of a VMM 2012 Environment

In any VMM installation there are three primary servers that you’ll need to be concerned with. As a note, a production VMM environment will likely have other servers within it such as System Center Operations Manager (OpsMgr) and System Center Data Protection Manager (DPM). VMM can also integrate with other infrastructure servers such as WDS and WSUS servers for deployment and patching workflows respectively. However, for the purpose of this article we will ignore these other servers as they mostly integrate with VMM and are not really a part of the VMM installation itself.

With these three servers in mind, we recommend following these guidelines when installing VMM in your production environment:

(1) Use a highly available installation of SQL Server (we do not recommend SQL Server AlwaysOn)

(2) Use a highly available installation of VMM.

(3) Install the highly available installation of SQL Server on a separate failover cluster from the failover cluster on which VMM is installed.

What We Will Be Installing

In this article we’ll be setting up and configuring a highly available VMM installation on a two node Windows Failover Cluster along with some of the less obvious objects required for a HA installation. I’ll assume you already have a highly available SQL server installation, however there is a very informative MSDN article on various high availability MSSQL solutions at http://msdn.microsoft.com/en-us/library/ms190202.aspx that I suggest you read to discover the different HA SQL solutions available and how to configure the HA SQL solution that is appropriate for you. I also won’t go into setting up a file server cluster to use as a highly available library server. In short, I’ll stick to setting up VMM.

The VMM Service Account

The first order of business when installing a highly available VMM server is to set up a domain account for the VMM service to use. There are no requirements for this account except that it must be a member of the Local Administrators group on each of the nodes in the cluster that VMM is installed on. We refer to this account as the VMM Service Account and it needs to be created in Active Directory before VMM is installed.

Creating the VMM Service Account

(1) Open Active Directory Users and Computers (dsa.msc)

(2) Expand the domain that contains the VMM cluster and right-click on the User folder in the left pane. Then select New > User

(3) Provide the appropriate account details and select Next

(4) Provide a password and set the appropriate password policy settings. Then click Next

(5) Select Finish and complete the wizard.

(6) Close Active Directory Users and Computers

Add the VMM Service Account to the Local Administrator Group on the VMM Nodes

(1) On each node that will be a member of the failover cluster you plan on installing VMM on, open Control Panel

(2) In the top right select View By: Category

(3) Click User Accounts

(4) Again click User Accounts

(5) Select Manage User Accounts

(6) In the pop-up, click the Add… button

(7) Supply the username and domain name for the VMM Service Account we just created

(8) Select Administrator as the level of access for this account

(9) Click Finish to complete the wizard

The Container in AD DS for Distributed Key Management

VMM stores Run As Accounts (RAAs) in its database to manage VM hosts, file servers, VMs, and many other credential-required resources. Essentially this results in VMM storing usernames and passwords in its database and, as security is a paramount concern in any environment, these usernames and passwords have to be encrypted. There are two ways to encrypt this data in a standalone VMM installation: DPAPI and DKM.

DPAPI: When choosing to use DPAPI for encryption, VMM essentially uses the hardware ID of the physical computer that VMM is installed on as the seed for encrypting data. If the physical computer crashes or needs to be replaced there is no way to retain this information. You’ll have to re-enter all your RAA information. Further, with DPAPI there is no way for multiple computers to access the encrypted data.

DKM: When choosing the use DKM for encryption, VMM stores the encrypted data in a container in Active Directory. It is not stored or tied to a specific physical computer.

Since in a HA VMM installation the VMM service may run on any node in the failover cluster, DPAPI is not a valid option for encryption. As such we’ll have to use DKM and as a result we will need to create a container in AD.

Creating the Container in AD

(1) Open the Active Directory Service Interfaces Editor (adsiedit.msc)

(2) Right-click the ADSI Edit object in the left tree and select Connect To…

(3) In most environments it should be sufficient to connect to the Default Naming Context, so the defaults are ok. Click Ok

(4) Once connected, expand the connection object and then right click the domain’s container and select New > Object…

(5) Select container as the class. Click Next

(6) Provide a value for the name of the container

(7) Click Finish

(8) Now the container is created but you will still need to take note of the distinguishedName property of the container and provide it to VMM during installation.

(9) Right-Click the container and select Properties

(10) Write down the value of the distinguishedName property

(11) Later we will need to provide this text string (“CN=VMM,DC=contoso,DC=com”) to the VMM installer during VMM installation. Write it down, and close the Active Directory Services Interfaces Editor.

The VMM Failover Cluster

Now we need to set up the 2-node Windows Server 2012 R2 Failover Cluster that the HA VMM service will run on. In this case we are trying to set up a two node cluster, but if you already have a failover cluster in your environment you can skip this step. Regardless, for any production environment you should read the about extensively documented feature on to ensure your failover cluster meets your resiliency needs (http://technet.microsoft.com/en-us/library/hh831579.aspx). In this example I’m setting up an extremely simple failover cluster.

Installing the Windows Failover Clustering Feature

(1) First we are going to add both servers into the Server Manager of vVMM01 (yeah, there is an extra “v” in there in my environment). This will make it easier for us to add the Failover Clustering feature to both servers from one console.

(2) Open Server Manager in the left navigation pane, right click All Servers and then click Add Servers

(3) A pop-up will open, ender the computer name of the second node to add to the server. In my environment vVMM02. Once it’s found in your domain click the right arrow to add it to the selected computers. Then click OK.

(4) Click All Servers in the left navigation pane. The vVMM02 server is being brought under management. Give it a minute until it says “Online” like vVMM01.

(5) Once it’s online, in Server Manager in the top right corner click Manage > Add Roles and Features

(6) Click Next

(7) Select Role-based or feature-based installation and click Next

(8) Select a server from the server pool to add the feature to. We will have to do this for both servers, and I chose to do the remote server first (vVMM02) and then add the feature to the local server (vVMM02). Select the server and click Next.

(9) Click next, Failover Clustering is a Feature not a Role.

(10) Select Failover Clustering

(11) A pop-up will open. Click Add Features

(12) Click Next then click Install. Since this is the remote computer I don’t mind if it restarts automatically.

(13) Repeat steps 5-12 for the other server (in my case vVMM01). The window is not modal and you can save some time by running both at once. Note: out of fear that restarting the local (vVMM01) machine might tamper with the feature installation on the remote machine (vVMM02), I did not select Restart the destination server automatically, if required when I repeated the steps. Below is an ugly screen shot of the two installations running side by side.

(14) As a final step, restart the servers as needed.

Creating the Failover Cluster

(1) On either of the two nodes that you enabled the failover clustering feature on, open Failover Cluster Manager. In the right hand pane click Create Cluster.

(2) A pop-up will open. Click Next.

(3) Enter the names of the two servers you want to cluster. The click Next.

(4) For a cluster to be supported by Microsoft, cluster validation must be run. Choose to run cluster validation and click Next.

(5) The Validate a Configuration Wizard dialog will open. Click Next

(6) Select Run all tests (recommended) and click Next

(7) Click Next again.

(8) It can take a long time to run cluster validation (sometimes hours). Let it run, and assuming it works and your cluster is configured correctly, you’ll be presented with a report. Click Finish.

(9) Now we’re back to the Create Cluster Wizard. Enter the Cluster Name and click Next.

(10) Click Next to confirm the configuration.

(11) Click Finish to create the Wizard. The failover cluster has been created. I’m getting a few cluster warnings but they won’t impact my environment substantially. We can move on now to installing VMM.

Installing Highly Available VMM

Woo! We’ve finally made it to the point where we can install VMM in a highly available mode. Let’s do it.

Installing VMM in a highly available mode on the first cluster node

(1) On either node of the cluster you created, run the VMM installer. Click Install

(2) Since you are installing VMM on a clustered node, clicking the VMM management server check box will pop up a confirmation box asking if you would like to make the VMM installation highly available. Click Yes.

(3) Both check boxes should be checked, click Next

(4) Enter product registration info, click Next

(5) The next two pages will be the EULA and CEIP program involvement. Accept the EULA and choose whether or not to enroll in the CEIP. Click Next

(6) Specify the Installation location for VMM.

(7) The next page will check for all software requirements. VMM has a strict requirement on the Windows Assessment and Deployment Kit (WADK). If you don’t have it installed on the machine, download and install it. Note that you will only need the Deployment Tools and the Windows Preinstallation Environment, not a complete installation of all the available WADK features. Also, you don’t have to close the installation wizard while you do it. You can click Check prerequisites again and it will let you move forward once WADK is installed.

(8) I installed the WADK, checked the prerequisites again, and presto, we can move forward.

(9) Enter the database information for the MSSQL database you want VMM to use. As stated earlier, this should be a highly available SQL installation installed on a separate failover cluster from the cluster we are installing VMM on.

(10) Enter the service name for the VMM installation. Click Next

(11) Now it’s time to utilize the VMM service account and DKM container we created earlier. Enter the information and click Next.

(12) Enter the port numbers and click ok, I’m leaving the defaults.

(13) Finish installing VMM and close the wizard. At this point you won’t be allowed to create a library share or add an existing one. For a highly available installation you’ll have to create the file server share within VMM after its installed.

Installing VMM in a highly available mode on the second cluster node

Finally you need to install VMM on the second node in the cluster. To do this, log on to the second node and run the VMM installer. The steps to install this are EXACTLY the same as the steps to installing VMM on the first node except that:

1) You’ll be prompted to add this server as a node to the highly available VMM installation (you’ll obviously say you do).

2) You won’t have to enter the DKM information again (you’ll still have to enter the VMM service account password but not the username.

3) You won’t have to enter database information.

4) You won’t have to enter port numbers.

Essentially, installing VMM on the second node is exactly the same as the first node only easier. Finish the installation, sit back and relax.

You’re Done!

At this point we have successfully installed VMM in a highly available mode! It’s ready to go! Hopefully this article has been informative and has helped you make your HA VMM installation successful and straight forward.

Best!

John Patterson | Program Manager | Microsoft

Get the latest System Center news onFacebookandTwitter:

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

During ISIT 2014, the IEEE International Symposium on Information Theory awarded its top prize to Erasure Coding in Windows Azure Storage—an associated systems paper written by Microsoft’s Cheng Huang, Huseyin Simitci, Yikang Xu, Aaron Ogus, Brad Calder, Parikshit Gopalan, Jin Li, and Sergey Yekhanin—which pointed the way to a new method for achieving more efficient storage in the cloud.

We were recently in Studio in order to record the key SMB Azure Boot Camp sessions for your on-going reference or first time viewing convenience.  The Azure Boot Camps were well received by our SMB Partners.  While we attempt to include as many cities as possible with such events we do understand there are always partners than are unable to attend and cities we just can’t cover.

Please visit YouTube to watch the following recorded sessions using the links provided below:

Session 1 – Azure Opportunity– This session provides an overview of the Azure SMB partner opportunity.  A demonstration of the Azure portal is given providing an overview of how to get started with Azure. 

https://www.youtube.com/watch?v=U8opH71WoLQ

Session 2 – Azure Virtual Networks & Virtual Machines -  Plan to spend a little over 1 hour viewing this session.  You will learn about the vocabulary of Azure as well as how to set up virtual networks and virtual machines in Azure.  A demonstration will help you understand the “how to” steps.

https://www.youtube.com/edit?o=U&video_id=a-IgBxZZZEg

Session 3 – Azure Back-up– This session will cover how to take advantage of Azure back-up.  Integration with Windows Server back-up, System Center Data Protection Manager as well as third party offerings will be covered. 

https://www.youtube.com/watch?v=ucplHsKYAt8

Session 4 – AAD and Identity Management– Our final session will cover an overview of Azure Active Directory to include a comparison to on-premises Active Directory.  The session will provide details on how to integrate the two as well as review tools and capabilities provided with Dirsync and Active Directory Federation Services (ADFS)

https://www.youtube.com/watch?v=xvOIw_GsAfU

Kathleen Molosky

先日、セミナーで話をした時にコミュニケーションツールが沢山あり、どのように使い分けるのかという質問がございました。特にメール中心のコミュニケーションをやられているということでしたので、メールとYammerの違いや位置づけについて本日は考えてみたいと思います。

これらを考える上で、先ず働き方について振り返ってみたいと思います。

企業において働くとは、多くの場合一人で仕事をするのではなく、複数の人とコミュニケーションをとり最終的に何かしらのアウトプットを出します。それは受注データ、提案書、規定、作業指示、計画書、設計仕様書など様々です。この時、仕事を進めていく上での制約条件として場所や時間があります。

少し前までは対面会議、電話連絡が当たり前でしたが、メールが普及し連絡手段の主役となりました。昨今はさらにビジネスのグローバル化、競合他社の脅威、在宅勤務などの働き方の多様性を求める背景から、ワークスタイル変革という取り組みが非常に活発で場所と時間の制約をできるだけなくし、いつでもどこでも連絡が取れ、必要な情報にアクセスできるようにするという働き方に多くの企業がシフトしてきております。

これでもう十分なんじゃないかという様に捉えている方も多いと思いますが、本当にそうでしょうか。

現在においても多くの企業ではコミュニケーションのシステムとアウトプットを管理するシステムの分断は続いていないでしょうか。

思い返してください。

・会社の資産として管理されているアウトプットだけあれば、円滑に仕事は回りますか？
・過去のコミュニケーションの履歴情報が必要と感じたことはありませんか？
　　→なんで、この資料はこのような体裁になっているのか？？
　　→変更された背景がわからないなぁ・・・
　　と感じたことはありませんか？
・他の人が行った過去のやり取りの情報は簡単に探せますか？

おそらく、きちんとした正式書類に限っては承認ワークフローで改訂履歴を管理しているかと思いますが、日々扱っている多くの文書や帳票などに関して言えば、レビューひとつとってみてもメールで行っているケースが多いのではないでしょうか。

つまり、多くの企業でメールがキーシステムとなり、メールの中身こそナレッジとなってしまっている現実があると言えます。

メールはコミュニケーションツールの中でも今や一番馴染みがあり誰でも気軽に使えるので、とても便利ですが反面いくつか課題を抱えております。皆様も少なからず感じておられるのではないでしょうか。

【メールの抱える課題】

①メールは派生しコミュニケーションの本流がわからなくなる
　・全員へ返信したり、一部に返信したり、転送したり・・・
　・結果、「そのメール知りません。」という問題が発生する

②自分に関係ないメールが多く、あふれがちとなる
　・「了解」の一言も1つのメール
　・メーリングリスト(配布リスト)で連絡

③メールはあくまでも個人管理
　・過去のやり取りは転送してもらう必要がある
　　　→抜け漏れが発生する、時系列がめちゃくちゃ
　　　→アウトプット側から過去のメールのやり取りは当然追えない
　・業務引継が難しい

いかがでしょうか？思い当たるところはありませんか？

これらの課題の解決のアプローチとしては、メールのリテラシーを向上して解決しようという方法も取れます。但し、それで解決できるのは課題①と②だけとなります。③についてはメールという仕組み、特性上解決し難い問題なのです。そして、これを解決できるのがエンタープライズソーシャル、つまりYammerとなります。

社内コミュニケーションをメールからYammerへシフトしていくことで、①②の課題を解決しつつ、これまでできなかった③を解決することができるようになります。

もしYammerについてはあまり詳しくないという方がいらっしゃいましたら、こちら記事をご参照いただきたいのですが、簡単にポイントを書くと

・グループという共有された場でコミュニケーションを行う
・「いいね」ボタンでポジティブな反応は返信せずに返せる
・添付文書やリンクされた他システムと紐づいたままコミュニケーション履歴を保管できる

という特性があります。

３つ目の会話と文書や他システムとの紐づきとは、今後リリースされるSharePoint OnlineとYammer連携を例にとって説明すると

※インラインソーシャルについてはこちらの記事をご参照ください

通常、外部システムのURL（文書ファイルリンク）を張って（紐づけて）会話を行うというのはよくあることです。この時リンクが張られている文書が他の会話でも同じようにリンクが張られていたとしても、そのことに気づける人は２つの会話に関係している人だけです。

この連携機能が実装されると、文書管理しているSharePoint Onlineで文書を開いた時にこの文書に紐づけられた様々な会話が文書の右側に表示されます。つまり、この文書が紐づけられた会話を逆引きで辿ることができるようになります。これにより文書ができた背景や文書を見た反応など今までの仕組みでは知りうることができなかったコミュニケーションを企業の資産であるアウトプット情報とつなげることで知ることができるようになります。

今回、SharePoint Onlineでの文書という例でご紹介しましたが、Webの仕組みでクラウド(Yammer)との連携ができるシステムであれば同じようにつなげることができるので今後ソーシャルでどんどんつながっていくと思います。なお、Dynamics CRMとYammerの連携アプリは既に用意されています。

※参考情報としてSharePoint OnlineでYammerを連携させる開発はこちらのサイトが参考になります。掲示板とYammerの連携を題材にしています。
http://idea.tostring.jp/?p=1143

これらを踏まえて各ツールの位置づけを整理するとこのようになります。

これまで社内のコミュニケーション手段としてはメールが中心ですが、Yammerへシフトすることでコミュニケーションがオープンになり、企業の資産である業務システムや文書管理システムと連携したコミュニケーション履歴が保管可能となります。

リアルタイム性を重視したコミュニケーション手段としては対面会議、電話、チャット、Web会議で行って頂き、そのアウトプット（議事メモ、議事録、会議ビデオなど）は文書管理システムなりYammerに書き込んで頂ければ、アウトプットとその後のコミュニケーションとがつながります。

プライベートなやり取りやお客様とのコミュニケーションの中心としては今後もメールが活躍すると思います。

ただ、企業内コミュニケーションは今後Yammerを中心とすることで単なるコミュニケーションツールではなく、従業員とコミュニケーションとアウトプットをつなぐプラットフォームとなります。そしてそれを使う企業は、より俊敏な競争力のある組織になっていけると信じております。

As Microsoft continues its move to the cloud first, mobile first strategy under the leadership of our new CEO, Satya Nadella, how we work with our partners must also change. WPC 2014 will be the first Vision Keynote for Phil Sorgen, the Microsoft Channel Chief, and he will talk about how the Microsoft Partner Network is evolving to help you make selling the cloud profitable for your business.

Given this fresh approach we are taking to our business, and based on partner feedback, we are bringing back the US keynote at WPC 2014.

Join Jenni Flinders, Vice President for the Microsoft US Partner Group; Judson Althoff, President of Microsoft North America; and special industry, partner, and customer guests for a discussion about the Microsoft US business today, priorities for the business for the coming year, how the partner ecosystem is evolving and where we think it’s heading, and how you can engage with the United States team as a partner to capitalize on new opportunities.

Make your plans now to join Jenni, Judson, guests, and the US Partner Team on Tuesday, July 15 at 4:00PM in Ballroom ABC of the Walter E. Washington Convention Center.

We’ll see you there!

How to add the US Keynote to your WPC Schedule

Add session LS629, the United States Regional Keynote, to your WPC Schedule in WPC Connect. Sign in to WPC Connect, then click this link http://aka.ms/us-keynote-wpc. Above the session number and title, add it to your calendar by selecting the + My schedule.

Complete your session evaluations and receive a gift from the US Partner Team

Your feedback about the keynote, as well as the other US sessions, is important to us. Complete your session survey for the United States Regional Keynote and for other US sessions you attend, before 4:30PM on Wednesday, July 16. If you are among the first 700 US keynote attendees to submit your survey, you will be eligible* to receive a free portable phone charger. For the other US sessions, the first 25 people per session to submit their evaluations will be eligible. One prize per person. Visit the US Lounge by 5:30PM on Wednesday, July 16,  to claim your prize.

Fill out your session evaluation at https://connect.digitalwpc.com/Pages/MyEvaluations.aspx or through the WPC mobile app. Make sure you have added the session to your calendar so that the evaluation shows up in your Connect or mobile app experience.

Get a comprehensive look at WPC 2014 in the US Partner’s Guide

Flip through our guide to WPC 2014 for a look at what you’ll see, hear, and do while at WPC 2014. The deck includes a content preview, details about US partner activities, and tips for making the most of your conference attendance. You can review the deck and download it from our US Partner Community Yammer network at http://aka.ms/uswpcguide.

As we approach the conference, we’ll update the deck as needed to reflect new details. You can come back to it anytime on the US Partner Community on Yammer at http://aka.ms/uswpcguide.

Stay informed about US activities at WPC 2014 through Twitter @WPCUS, and join the conversation at #WPC14 and #usatwpc.

________________________

* One prize per person. Offer good only to registered attendees of the Microsoft Worldwide Partner Conference who are actively enrolled in the Microsoft Partner Network 18+ and who are not residents of Cuba, Iran, North Korea, Sudan, or Syria and who complete a session evaluation for a US session they attended (verified by badge scan). This offer does not apply to non-US sessions. Offer good only to the first 25 per US breakout session or the first 700 of US keynote attendees to respond.  Limit one gift per person. This offer is non-transferable and cannot be combined with any other offer. This offer ends on July 16, 2014 or while supplies last, and is not redeemable for cash.  Taxes, if any, are the sole responsibility of the recipient.  Any gift unclaimed at the event will be forfeited. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice.

Summary: Learn about looking for folders and files in Windows PowerShell.

 Why does this command show me folders instead of files?

Dir | Where PSIsContainer -eq False

 In Windows PowerShell, use the automatic variables $True and $False to refer to Boolean values
          instead of the string True and False. To perform the comparison, Windows PowerShell converts
          the object on the right into the same type as on the left, so the string False is evaluated as a Boolean True.

In this case, you are converting a string into a Boolean value, so if the string has characters in it, it will
become a True. Only an empty string becomes a False. This is why your sample code gives you folders
instead of files. Try it like this and you will be a lot happier with the results:

Dir | Where PSIsContainer -EQ $False

Hello Readers, Listeners, and Viewers!

Did You Know?

Michael Green and Charles Joy of the Building Clouds Blog each had a part in the June 2014 TechNet Radio Series:

Accelerating DevOps with the Cloud using Microsoft Azure and Friends!

So - If you did know, and have watched the series, Thank You!

And if this is news - Great!Now you have something to watch over the upcoming US Holiday weekend!

(details below)

Accelerate DevOps with the Cloud

As referenced above, the “Accelerate DevOps with the Cloud” series on TechNet Radio took place over four weeks in June 2014, in 10 separate segments, each 30-45 minutes in duration.

The following is a listing of the 10-part series, with embedded video for the two parts Michael and Charles contributed:

• (Part 1) Accelerate DevOps with the Cloud - What is "DevOps" and Why is it Important for IT Pros?
• (Part 2) Accelerate DevOps with the Cloud - How Does Microsoft Azure and the Cloud align with DevOps?
• (Part 3) Accelerate DevOps with the Cloud - Enabling Self-Service On-Demand Developer Environments in the Cloud
• (Part 4) Accelerate DevOps with the Cloud - Source Control in the Cloud with Microsoft Azure & Visual Studio Online
• (Part 5) Accelerate DevOps with the Cloud - Testing in the Cloud with Microsoft Azure and Visual Studio Online
• (Part 6) Accelerate DevOps with the Cloud - Automating for Predictability– Charles
  
• (Part 7) Accelerate DevOps with the Cloud - Configuration Management– Michael
  
• (Part 8) Accelerate DevOps with the Cloud - Rollback Plan? What rollback plan?
• (Part 9) Accelerate DevOps with the Cloud - Scaling Cloud Applications
• (Part 10) Accelerate DevOps with the Cloud - Monitoring, Measuring & Learning for Continuous Improvement

Already with 30K+ views each, this was a obviously a fantastic opportunity, and we are honored to be included in such a great line-up of folks!

enJOY!

We are looking for Operations Manager admins to fill out a short 10 question anonymous survey to better understand how you use the OpsMgr web console today. This will take only few minutes. We appreciate your help in building better products.

https://www.surveymonkey.com/s/HZCFZ3X

Leyla Kazemi

Microsoft

The World Cup is here again! Sort of.

We've got brains in our ball!

And YOU have been selected to play on our team!

Yes blog reader, step up and take a shot!

Slam some techie tips in the back of our nets!

No dribbling please, just lots of problem tackling.

So come on Gurus and use your head!

Show us your skills, wow us with your technique, and win the hearts of your nation (or at least our hearts)!

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations to TechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions in the comments.

More about TechNet Guru Awards

Thanks in advance! And special thanks to XAML guy for hosting this competition!

   - Ninja Ed

 Como parte de la publicación del boletín mensual de seguridad, Microsoft proporciona notificación por adelantado a nuestros clientes sobre el número de nuevas actualizaciones de seguridad, los productos afectados, la máxima gravedad global, y la información sobre las herramientas de detección de la actualización. Esto está pensado para ayudar a nuestros clientes a planear un despliegue de las actualizaciones de seguridad más eficaz.

El 08 julio, 2014, Microsoft planea lanzar seis (6) nuevos boletines de seguridad. A continuación se presenta un resumen.

 Resumen del nuevo boletín 

 Aunque no se prevén cambios, el número de boletines, los productos afectados, la información de reinicio y las gravedades están sujetos a cambio hasta que se publique.

Página Web de notificación de avances: La versión completa de la notificación de avances del boletín de seguridad de Microsoft durante este mes se puede encontrar en https://technet.microsoft.com/library/security/ms14-jul.

Herramienta de Microsoft Windows para remover software malicioso: Microsoft liberará una versión actualizada de la Herramienta de eliminación de software malicioso en Microsoft Windows en Windows Update, Microsoft Update, Windows Server Update Services y el Centro de descargas. 

Webcast del boletín de seguridad Mensual (Inglés): 

Para atender las preguntas de los clientes sobre estos boletines Microsoft transmitirá un Webcast

Miércoles9 de julio de 2014, a las 11:00 a.m., hora del Pacífico (EE.UU. y Canadá).

El registro para este evento y otros detalles se pueden encontrar en https://technet.microsoft.com/security/bulletin/

Webcast del boletín de seguridad Mensual (Español):

Para atender las preguntas de los clientes sobre estos boletines Microsoft transmitirá un Webcast

Jueves10 de julio de 2014, a las 10:30 a.m., hora del Atlántico

Regístrese en este link:  

https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032575641

Nos esforzamos por proporcionarle información precisa en contenidos estáticos (este correo) y dinámicos (basados en la Web). Ocasionalmente se actualiza el contenido de seguridad de Microsoft colocado en la Web para reflejar la información más reciente. Si esto resulta en una inconsistencia entre la información en este documento y la información en los contenidos de seguridad basados en la Web de Microsoft, éstos últimos prevalecerán.

Si tiene alguna pregunta sobre esta alerta, póngase en contacto con su Gerente Técnico de la cuenta.

Gracias,

Microsoft CSS Security Team