Shahid Roofi Khan

Microsoft Technologies Blog

New cluster model for Windows 2019 allows router USB to be used as witness node

Cluster arbitration needs a third computer hosting a share folder as judge to facilitate automatic failover between two computers hosting high available service.

However it was costly to have one. It must be joined to domain, must not be a domain controller and must not be down and can't be in DMZ as domain authentication must also succeed.

That is really easy on hardware and software. Good News is MS Windows Server 2019 remove ALL! of these requirements.

This means NO kerberos , NO domain controller , NO certificates , and NO Cluster Name Object needed. While we are at it, NO account needed on the nodes. Oh my!!

Just use even your router's USB share to arbitrate your internal clusters !!!!

Now it does make a lot of sense to use your cloud machine to arbitrate your internal on premise cluster setups!!!

Just need that atleast SMB 2.0 level file sharing is supported by your shares.

#CloudWitness #Windows Server 2019 #NewFileShares #Security

Inventory your Servers using PowerShell

Inventory your servers is very time taking task, most the methods to automate collecting inventory information cannot fetch detailed BIOS information and MAC Address.

With powershell and WMI, I've contributed a script that additionally queries and tag that information as well. Details will include BIOS details, Serial number, Platform as well.

Output sample:

Script available at my MS Gallery contribution: https://gallery.technet.microsoft.com/How-to-inventory-all-ce4e1f34?redir=0

SQL Always-On - Choose between Async vs Sync Replication mode.

SQL Always-ON is great technology. Often times architects and decision makes get stuck on a model of replication to decide in it. Confusion arises from the fact that it provides two flavors of replication: synchronous as well as asynchronous. Both approaches come with pros and cos.

Just to settle the confusion and reference for all decision makes and architects, I've documented the MS Article available at below MS Link:

Checkout my Microsoft Article Posting: https://social.technet.microsoft.com/wiki/contents/articles/52671.sql-alwayson-choosing-between-the-right-replication-model.aspx

Further Reading: Microsoft Article

 

SharePoint DocumentSet and why you should always use them!

There are so many workflow solution that exist on planet, however what that differentiates and makes SharePoint stand out as workflow solution is its capability to document centric workflows and you can even use them for document sets. Normally in other solutions you have option of attachments. Contrary to that in SharePoint, content is the first class citizen. Consider a workflow where a set of documents move with the workflow with versioning of documents feature still there, and grouping of documents also possible. For e.g we developed a loan management system for one of the leading bank of the region with loan documents being centric to the workflow. That turned into a big success.

SharePoint is a content management system. Managing Content and documents are the core of this software. One such concept that it facilitates is grouping set of documents into a set. This is enabled through a feature called Document Set. 

Or you may say, Document Set is a special feature of SharePoint that can help group multiple document to make up a set and treated a single object or simply stating a "folder". e.g. as below,

 

Why SSL fate is doomed and TLS is the only option left

SSL, which refers to Secure Socket Layer, is a protocol used to provide secure connections between a client and a server. A TCP connection can provide a reliable link between a server and a client but cannot provide services such as confidentiality, integrity and end point authentication. So, SSL was introduced by Netscape in early 1990s to provide these services. The first version of SSL, which is known as SSL 1.0, was never released to the public as it had many security holes. However, in 1995, SSL 2.0, which provided better security than SSL 1.0, was introduced and, in 1996, SSL 3.0 was introduced with more improvements. The next versions of the SSL protocol appeared under the name TLS.

SSL, which is implemented in the transport layer, can secure a protocol such as TCP by applying various security measures. It will provide confidentiality by using encryptions to prevent anyone from eavesdropping. It uses both asymmetric and symmetric encryption. First, using asymmetric key encryption, a symmetric session key is established which then would be used for encrypting the traffic. Asymmetric key cryptography is also used for digital certificates used to authenticate the server. Then Message Authentication Code, which uses various hashing techniques, is used to provide integrity (identify any unauthenticated modification done to the real data). So a protocol like SSL allows transmitting sensitive information such as banktransactions and credit card information over the internet. Also, it is used for providing confidentiality for services such as email, web browsing, messaging, and voice over IP.

SSL is now outdated and has many security issues where its usage is not much recommended currently. SSL 3.0 was enabled by default until recently in many browsers but now they are planning to disable in the future versions due to severe security bugs such as POODLE attack.

Power of Two Factor Authentication using Microsoft Identity Manager 2016

Microsoft Identity Manager 2016 can increase the security and reduce help desk calls for password management substantially. It allows integration of authentication infrastructure with SMS gateway so that users mobile device can be used as OTP device for the password reset, unlock requirements. 

The windows environment, becomes latest with the industry trend of using One Time Password that is sent using SMS Messages.

The last organization where we implemented this technology became a great value to the infrastructure.

Never Install SQL Ent or Standard edition. Always use developer edition. Here's why

SQL editions can give you tough times, especially when you have used enterprise edition and later you find you cannot downgrade it to standard edition. Often times this is core requirement from the customer once they renew their Microsoft licenses.

Only edition flexible enough to be downgraded as well as upgraded is the developer edition which works for six months without any issues.

Once this period elapses you have chance to either upgrade to enterprise edition or downgrade the solution.

It will save you lot of wasted deployment hours.

SQL Editions

 source: https://docs.microsoft.com/en-us/sql/database-engine/install-windows/supported-version-and-edition-upgrades-2017?view=sql-server-2017#-edition-upgrade