Posts in category Marc van Eijk

Windows Azure Pack – You must first register Service Management Automation on Resource Provider VM Clouds

During a recent Windows Azure Pack deployment at a customer site I encountered an issue with the registration of Service Management Automation. I have done the installation and configuration numerous times without issues before. I performed the same steps at this site and the registration of SMA completed successfully. But when I wanted to link a runbook to an action in the VM Clouds resource provider I was treated with the following surprise. As you can see in the screenshot, the resource provider Automation shows the 27 sample runbooks.

You must first register SMA

We seen some other interesting issues in this environment so I tied this inconsistency to the same list.

My fellow MVP Kristian Nese recently published a blogpost explaining how to re-register SPF in Windows Azure Pack. You can actually use the same cmdlets to unregister SMA (or other resource providers) as well. I unregistered the SMA endpoint on the Windows Azure Pack server with the following cmdlets.

$Credential = Get-Credential

$Token = Get-MgmtSvcToken -Type Windows –AuthenticationSite https://yourauthenticationsite:30072 – ClientRealm http://azureservices/AdminSite -User $Credential -DisableCertificateValidation

Get-MgmtSvcResourceProvider -AdminUri “https://localhost:30004″ -Token $Token -DisableCertificateValidation -name “Automation”

Remove-MgmtSvcResourceProvider -AdminUri “https://localhost:30004″ -Token $Token -DisableCertificateValidation -Name “Automation” -InstanceId “the instance ID you got from Get-MgmtSvcResourceProvider

When you verify the registration status in the admin portal after running the cmdlets you should be able to perform the registration again. I successfully registered the SMA endpoint again in the admin portal.

Register SMA

But the Automation tab in the VM Clouds presented the same surprise again. After poking around with some get- cmdlets and verifying it against a working environment I found a solution. The Service Provider Foundation database is unaware of the Service Management Endpoint. I’m still looking at the root cause, but you can use the some cmdlets on the SPF server to update the SPF database with the endpoint information.

If you encounter the issue described in this blog, make sure you have the SMA endpoint registered in Windows Azure Pack and run the following cmdlets on the SPF server.

import-module spfadmin

Get-SCSpfStamp | fl

$stamp = get-SCSpfStamp –name “Name of the Stamp you got from the Get-SCSpfStamp

New-SCSpfServer –name “IaasAutomation” –ServerType None –Stamps $stamp

$Server = Get-SCSpfServer –name “IaasAutomation”

New-SCSpfSetting –Name EndpointURL –SettingType EndpointconnectionString –Value “https://YourSmaEndpoint:9090/” –Server $Server

After a refresh the admin portal should now reflect the changes we made.

After SPF cmdlets

Yesterday I got a call from Darryl van der Peijl who was deploying a new lab environment and he encountered the exact same issue.If you also see this issue please add a comment to this blog or ping me on twitter @_marcvaneijk

Windows Azure Pack with ADFS and Windows Azure Multi-Factor Authentication – Part 3

In the previous part of this blog series Windows Azure Pack was configured to use ADFS for authentication for the Tenant Site and the Admin Site. We have done numerous implementations of Windows Azure Pack where ADFS was part of the design. In the first production deployments we struggled with setting the correct claim values for Co-Admins on subscriptions and admin access for the Admin Site based on groups, like the issue described at the and of the previous part of this blog series. Since then we have learned (or at least we tried) and there are a couple of ways that you can use to gain some insight into the actual issued claims by ADFS. Now please understand me correctly, there will probably be more ways to do the same. I just collected the procedures that we stumbled upon during the troubleshooting moments. We have used the following functionalities to look at issued claims.

  • ADFS Auditing
  • Get-AdfsToken
  • WIF SDK Claim App

There are probably more or better ways to look at the claims issued by ADFS. If you know any, please don’t hesitate to add them to the comments at the end of this blog post.

ADFS Auditing

Active Directory Federation Service provides a built in functionality to log success and failure audits in the event log of the ADFS server. The success audits contain the actual claims provided by ADFS. Besides enabling this functionality in ADFS, auditing rights must also be enabled for the ADFS service account on the server running ADFS.

The first step is to enable auditing rights for the ADFS service account on the server running ADFS. You can configure this with a local policy or a group policy. Open the local or domain policy that will apply to your ADFS server and browse to the Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment entry.

01 GPO

Open the Generate security audits setting and add the domain service account used in the ADFS configuration wizard in part one of this blog series (domain\SVC_ADFS). Update the policy settings on the ADFS server by running the following command

gpupdate /force

Enable auditing on the ADFS server by running the following command

auditpol.exe /set /subcategory:”Application Generated” /failure:enable /success:enable

Open the ADFS management console. Right-click the root of the entries and select Edit Federation Service Properties.

02 Federation Service

Select the events tab and enable the Success audits checkmark.

READ MORE »

Windows Azure Pack – VM Role custom Virtual Machine sizes

In Windows Azure Pack you can deploy standalone virtual machines, which are directly mapped to VM Templates in Virtual Machine Manager. The VM Templates are limited to deploy an Operating System, without applications. The VM Template allows you to configure the number of CPUs and the amount of Memory assigned to it. Since the standalone Virtual Machine in Windows Azure Pack is a direct mapping to the VM Template in Virtual Machine Manager, a virtual machine that is deployed by a tenant will be configured according to the size you specified in the VM template. If you would like to give a tenant the possibility to change the number of CPUs and amount of Memory assigned to virtual machine you can define hardware profiles in Virtual Machine Manager and add them to the plan that the tenant has a subscription on.

00 Standalone Virtual Machine

Virtual Machine Manager also provides Service Templates. Service Templates use VM Templates as building blocks and add a lot of functionality on top of them. Scale-up, Scale-out, application integration, relation to deployed instances and versioning, just to name a few.

With the release of Windows Azure Pack a new feature called the VM Role was introduced. The VM Role is a Windows Azure Pack gallery item, that uses the service template engine in Virtual Machine Manager. It allows you to deploy a virtual machine with automated application installation. Most of the functionality that you might be familiar with from Service Templates are also present in the VM Role. For a good comparison have a look at this blog.

The VM Role exists of two parts.  The Resource Definition is imported in to Windows Azure Pack and contains the fields to build up the deployment wizard and map to the Resource Extension. The Resource Extension is imported in to Virtual Machine Manager and contains the application logic. Virtual Machine Manager does not provide a Graphical User Interface for The Resource Extension. You can create new or edit existing Resource Definition and Resource Extension files with the VM Role Authoring Tool.

When you deploy your first VM Role, you will notice that the available sizes for the virtual machine are populated automatically.

Untitled

The predefined list contains the following sizes.

Name Description CpuCount MemoryInMB
ExtraSmall Extra Small Size VM 1 768
Small Small Size VM 1 1792
Medium Medium Size VM 2 3584
Large Large Size VM 4 7168
ExtraLarge Extra Large Size VM 8 14336
A6 A6 Size VM 4 28672
A7 A7 Size VM 8 57344

The VM Role is also present in Windows Azure. If you have deployed a virtual machine in Windows Azure before you will immediately recognize these sizes. To minimize the differences for moving the VM Roles between Windows Azure Pack and Windows Azure, it makes sense to match the VM sizes between the two environments. But what if you have a company policy that dictated other VM sizes or you are Service Provider and would like to provide your own VM sizes. The VM Authoring Tool also has a JSON tab to show the actual code.

READ MORE »

Windows Azure Pack with ADFS and Windows Azure Multi-Factor Authentication – Part 2

In the previous part of this blog series we installed Windows Azure Pack and Active Directory Federation Services. In this blog we will configure the WAP Admin Portal and the WAP Tenant Portal to use ADFS for authentication. The configuration steps for both sites are very similar with some exceptions. The following steps will be performed.

  • Change the WAP site bindings in IIS
  • Update the WAP database with the new IIS bindings
  • Configure the WAP database to use ADFS
  • Create a relying party in ADFS
  • Create claim rules in ADFS
  • Enable JWT for relying party in ADFS

After completing these steps, every user that successfully authenticates to ADFS can access the WAP tenant site. To prevent a random user from accessing the WAP admin site, an additional step must be performed to enable access for admins.

  • Configure authenticated users for the admin site

Windows Azure Pack accepts User Principal Name (UPN) claims and Group claims. A tenant requires a UPN claim to logon to Windows Azure Pack. When a tenant subscribes to a plan the UPN is made owner of the subscription. A UPN is required as owner for a subscription. The Group claim is optional and can be used to specify Co-Admins for an existing subscription. A common design is to designate an owner of the subscription that is responsible (for example a department head) and add a group claim as co-admins for the subscription (for example a group containing all the departments users). A couple of tests with group claims pointed out that Domain Local Groups will not work (even if you manage to pass them as claims with some custom claim rules) and that Windows Azure Pack will not accept a space in the Group when configuring Co-Admins for a subscription.

01 CoAdmins req

Two components of ADFS are important in relation to Windows Azure Pack. The Claims Provider and the Relying Party. A Claims Provider authenticates a user, create the claims for that user and configures the claims into security tokens that the relying party uses to make authorization decisions. A Relying Party consumes claims in a particular transaction. Claims that originate from a claims provider can be presented and consumed by the relying party. A default installation of ADFS configures a Claims Provider trust to Active Directory. This default Claims Provider trust has a predefined set of Claims, which contains the UPN claim, but does not contain the Group claim.

It is possible to add additional claims at the Claims Provider level or at the Relying party level. If you add additional claims at the Claims Provider level, these claims are available to all relying parties and can also be used for authorization and transformation in a relying party configuration. If you add additional claims at the Relying Party level, these claims will only be available to that particular Relying Party.

READ MORE »

Microsoft Virtual Academy Free online event – Virtualizing Your Data Center with Hyper-V and System Center

Wednesday, February 19th from 9am – 5pm PST

If you’re new to virtualization, or if you have some experience and want to see the latest R2 features of Windows Server 2012 Hyper-V or Virtual Machine Manager, join for a day of free online training with live Q&A to get all your questions answered.  Learn how to build your infrastructure from the ground up on the Microsoft stack, using System Center to provide powerful management capabilities. Microsoft virtualization experts Symon Perriman and Matt McSpirit demonstrate how you can help your business consolidate workloads and improve server utilization, while reducing costs. Learn the differences between the platforms, and explore how System Center can be used to manage a multi-hypervisor environment, looking at VMware vSphere 5.5 management, monitoring, automation, and migration. Even if you cannot attend the live event, register today anyway and you will get an email once we release the videos for on-demand replay! 

MVA

Topics include

  • Introduction to Microsoft Virtualization
  • Host Configuration
  • Virtual Machine Clustering and Resiliency
  • Virtual Machine Configuration
  • Virtual Machine Mobility
  • Virtual Machine Replication and Protection
  • Network Virtualization
  • Virtual Machine and Service Templates
  • Private Clouds and User Roles
  • System Center 2012 R2 Data Center
  • Virtualization with the Hybrid Cloud
  • VMware Management, Integration, and Migration

I’ll jump in myself too and try to answer some questions.

Marc

Hyper-V.nu moved to Windows Azure

Hyper-V.nu has been around since 2008. A lot of content has been added to the blog since then. Many hours of research and writing form the basis for that. Our site has been running in a hosted VM, managed by Jaap Wesselius since 2008.

We know some Hyper-V, System Center, CloudOS. But this WordPress….. that is a different story. MySQL database, PHP and all other scary stuff. With Jaap leaving Hyper-V.nu we were doomed to manage and troubleshoot the site our own.

We needed a new strategy. We needed a solid foundation with as little WordPress to manage as possible and with an infrastructure we understand. The answer was easy. We needed Windows Azure.

After numerous evenings of testing and a lot of troubleshooting to cleanup some legacy issues in the (now old) environment. We are proud to announce that we succesfully migrated Hyper-V.nu to Windows Azure.

Combined with the migration we changed the layout of the site. We hope you enjoy the new look and feel of hyper-v.nu R2.

Windows Azure Pack with ADFS and Windows Azure Multi-Factor Authentication – Part 1

 

ADFS Series
Windows Azure Pack with ADFS and Windows Azure Multi-Factor Authentication – Part 1
Windows Azure Pack with ADFS and Windows Azure Multi-Factor Authentication – Part 2
Windows Azure Pack with ADFS and Windows Azure Multi-Factor Authentication – Part 3

The last couple of weeks I have been testing a lot of federation scenarios for Windows Azure Pack. Out of the box Windows Azure Pack provides two authentication sites. A Windows Authentication site for the administration portal and a Tenant Authentication site based on a ASP.NET Membership provider for the tenant management portal. It is also possible to use Active Directory Federations Services (ADFS) for authentication with Windows Azure Pack.

Active Directory Federation Services

This opens the door to numerous interesting scenarios. I have tested Windows Azure Pack scenarios with the default ADFS Active Directory claims, federation to partner organizations, federation to Windows Azure ACS (that Shriram Natarajan also posted in an excellent blog a couple of days ago) and integrate ADFS with Windows Azure Multi-Factor Authentication.

Multi-Factor Authentication

If you ask an average person what password policy he or she is using for the online services they access the answer is quite scary. A single password for different entities. How many have been victim of phishing, identity theft  or know someone who has been. And if we look at an average business and their security policies, well… it’s a mess usually. Unless you are disciplined with complex passwords, a simple username password does not cut it any more. Multi-factor Authentication can address these security issues by adding an additional layer of authentication. Besides the username and the password it is possible to validate the user by a phone call, a text message, a validation app, etc. In the past these functionalities where quite complex to implement, let alone integrate in to existing applications. Microsoft announced General Availability of Windows Azure Multi-Factor Authentication in September 2013. This service in Windows Azure Active Directory takes away the pain of setting up Multi-Factor Authentication yourself and allows for easy integration with existing applications by integrating on premises ADFS servers.

mfa

In this blog I’ll describes the steps to configure the tenant site in Windows Azure Pack to use ADFS for authentication and also add Multi-Factor Authentication by leveraging Windows Azure.

First lets have a look at the end result. A tenant opens the Windows Azure Pack tenant portal and is redirected to the ADFS, or even better the Web Application Proxy (Yep, WAP to WAP). The tenant enters his active directory credentials and is prompted to proceed with Multi-Factor Authentication. After proceeding the tenants is called within a couple of  seconds on his mobile (you can configure other options as well). When asked, the tenant presses # in the call and he is instantly logged in to Windows Azure Pack. No matter if you show this to an IT pro, a customer or your boss, it will bring a smile to their face. Guaranteed!

Prerequisites

Before we start clicking away we need to get some insight in the moving parts and the corresponding prerequisites.

READ MORE »

Windows Azure Pack Remote Console with the RD gateway in a DMZ

For the preview bits of Windows Azure Pack I did a blog post on connecting to a virtual machine through a console connection. The Windows Azure Pack tenant site actually allows two ways to connect to a virtual machine. The dashboard tab of a virtual machine in the tenant site present a button connect on the bottom bar. If the remote console functionality is enabled in the plan for the tenant , this button will display two options.

01 Remote Console

When you select the first option, called Desktop, you are prompted with a screen to select a virtual network interface and available IP addresses that are available to the VM. When you select the virtual network interface and IP address that you want to connect on, the IP address is injected in an RDP file that is presented to the user. The RDP file will initiate a regular RDP connection to the IP address that was injected in the RDP file. Pretty straightforward.

The second option, called Console, enables tenants to connect to their virtual machines, even if this virtual machine does not have an IP address configured, is in a blue screen or whatever reason that the default RDP connection in to the virtual machine is unavailable.

Selection this option will prompt you with a security warning advising you not to save the RDP file to a shared location. The warning is there for a reason. This RDP file, that is generated at runtime, contains the required parameters to set up a RDP session to an RD Gateway. The RD Gateway will translate it to a vmconnect session connecting to the Hyper-V host that is running the VM.

Eh.. the underlying host. But is that secure? A tenant connecting to a host? From the internet?

Security

Yeah, it is secure! Microsoft has taken several steps to enforce security. The RD Gateway is adjusted so it can only be used for Remote Console. The settings in each RDP file that is generated is signed with a hash based on a certificate that is configured on the VMM server. The time that the RDP file is valid to initiate the session is limited and configurable by the admin. When a tenant select the Console button, access to the virtual machine for this tenant is verified and the RDP file will only be created if the tenant has the required permissions. The RDP file contains credentials that only grant access to this specific VM on the host, not to any other VMs on the host.

Configuring this functionality in the preview bits required quite some customization. With the GA of Windows Azure Pack the process of configuring Remote Console has been changed. You can find the steps to configure Remote Console in System Center 2012 R2 on Technet.

The connection between the Remote Desktop Gateway server and the Hyper-V host can be configured based on FQDN or based on IP. This setting is used when the RDP file is generated. Based on the settings the FQDN or the IP address of the Hyper-V host is added to the RDP file so the RD Gateway knows to what Hyper-V host the vmconnect session must be initiated.

Lab environment

For a lab environment is makes sense to implement an RD Gateway as member server of the same domain as the SPF, VMM and the Hyper-V hosts.

02 Diagram LAB

In this design the RD Gateway can resolve the Hyper-V hosts on FQDN so you can use set the VMConnectHostIdentificationMode parameter to FQDN.

Production environment

Any serious Service Provider will require all publicly accessible services to be placed in a DMZ. Besides placing all Windows Azure Pack components in a separate site and preferably in a separate domain, the RD gateway also needs to be placed in the DMZ. The RD Gateway is not able to resolve the Hyper-V hosts based on FQDN without a DNS conditional forwarder from the DMZ domain to the management domain. This also requires allowing DNS traffic from the DMZ domain to the management domain.

READ MORE »

Mindset of Microsoft

A couple of days ago I posted a blog about the mindset of the community. What I did not talk about in that blog is the mindset of Microsoft employees. I have worked with many of them over the last year and they all share the same mentality. They are driven to get the most out of the products that they develop and embrace anyone that has that same goal.

I have spend many evenings working with developers on issues we encountered, spoke with program managers about possible future features, or just did some rambling with a support engineer. We share the same interest. Passion for the solution. I have a lot of them on Lync and some of them seem to have a green color coded in. They just never sleep.

Today I got an email that I did not expect. Yeah, I was nominated (a big thank you to Michel Gebbinck) and I had to fill in a form. But becoming an MVP is something else. You can become MVP in many categories. Most of you know I have a strong interest in Windows Azure Pack. I was always wondering in what category that would fit. Now we know.

MVP

What a great way to start 2014. I’m very honored by this award. Thanks to everyone at Microsoft that I have had the privilege to work with last year and my favorite color has been set.

WindowsAzure_transparent1

Mindset of the community

2013 is coming to an end. It’s an understatement to say that it was turbulent year. I left the organization that I worked at for 13 years and agreed to work for Inovativ. A decision I do not regret for a second. Windows Server 2012 R2 and System Center 2012 R2 were released. Together with my personal favorite Windows Azure Pack. We have done some really great projects with these products. I’ve started working in two times zones, GMT+1 (Netherlands) and PST (Redmond) and Lync has changed my world of communication.

But all these things pale in comparison with the people I have met. For a long time I lived with the mindset of keeping the knowledge for myself and did not see any reason of sharing it. It took me days or weeks to get some new feature figured out and I was not about to put in a lot of effort in documenting it, let alone putting it out on the web for everybody to grab. But at the same time, I searched the internet, very happy to find a solution someone posted.

In June 2012, I was at a SharePoint readiness session for partners at Microsoft. Don’t ask!! I was clearly at the right spot, but at the wrong time. The room filled with suits and ties. After a couple of sessions Robert Bakker (SSP Datacenter at Microsoft NL) walked in. Never saw the guy before. He started his session on Virtualization, so I resumed from hibernation. After a couple of slides he asked an open question. “Is there a question you have on the private cloud offering. You can ask me anything.” And for those who know me, yeah I had a couple of questions. I asked about multi-tenancy and the Dynamic Datacenter Suite (a really early version of Windows Azure Pack).

Nico van Veen (Partner Sales Manager Hosting & Cloud at Microsoft NL) that I work with closely nowadays, was my Partner Account Manager at the time. He jumped in, saying that no one in the room was understanding a word we were saying and asked us to continue that discussion at the end of the day. And so we did. Robert introduced me to Edie van den Berge (responsible for Hosting in NL at Microsoft at the time). I spoke with Edie and he advised me to contact Hans Vredevoort.

Hans Vredevoort

Hans was my first contact with the community. After some emails he agreed to meet me. We spoke for an hour or so and after 15 minutes we we already sitting behind a laptop looking at some designs. I proposed to write a blog on network virtualization for hyper-v.nu. He would review it and if it was good enough it was published. To be honest, I put in a lot of effort on that blog. I was not in a writing mode and had to figure out a way to not only document my findings but also make it readable for someone else. I have a background on networking, but this network virtualization was something else. There was almost no information out there at all. That only motivated me more to get a well tested and documented blog. Hans reviewed it and approved it. With the second blog on Windows Azure Services for Windows Server I earned my login credentials for hyper-v.nu. Since that moment I have had more and more contact with Hans. He shared a lot of information with me. He introduced me to his peers in the community and to members from the product teams. When I changed jobs and started at Inovativ we even became direct colleagues. We did some great project together and we complement each other in the knowledge we have and share. If I have to describe Hans in a couple of words, I’d say he is the embodiment of the community.

Peter Noorderijk

The second member of the hyper-v.nu community is Peter Noorderijk. This man is an organizer with every fiber in his body. And don’t mistake him for his knowledge on the Windows Server and System Center platform. Unfortunately most of the work that Peter does for the community goes unseen. Every event hyper-v.nu organized or hyper-v.nu was part of, Peter was a driving force behind the scenes. And not only behind the scenes. He’s a gifted speaker too. Always critical on the parts that did not go according to his high standards. We are very honored to have him as a part of hyper-v.nu and it is the combination of these talents that make it a great community.

Maarten Goet

In my opinion this man is the face of the community in the Netherlands. And for a reason. His relentless effort to give community members a platform is paying of more and more. Take the last Experts Live event. 550 seats sold out. Working until 2am the night before to get the last things organized and ready to rock the stage early the next morning. Maarten knows how to play a crowd and does this like breathing at bigger event like TechEd, MMS (sadly no more) and SCU. He knows how to get the best out of you, challenging you. Most of all he is an enabler. He provides the stage, you have to take it. He should start his own company with that talent, oh wait he did… I work there.

Didier van Hoye

I met Didier in April where he spoke on Advanced Networking features at a hyper-v.nu event. I did a session on NIC Teaming, the Hyper-V switch and QoS. There was no overlap but we could have swapped sessions easily. The mutual interest in the same subject (networking) formed an initial base for a more frequent contact. We talked about issues we were encountering, we exchanged ideas and solution and often we would just ramble for an hour or more. We are both not only very enthusiastic about the  things we do, but we also tend to talk that way. This enthusiasm is also present in his presentations and he does know how to throw some fun in there.

Aidan Finn

Aidan is the walking Hyper-V encyclopedia. And has also written it all down on his blog. There were times where I wondered if he had oil for lunch. Not only the sheer amount of blogs, but also the actual content and research that gone in to them, is mind blowing. But after I met him in Dublin I know for sure he is human. Nothing but respect for this man. I was close to a presentation once, but never actually had the privilege yet. 2014 will bring change to that. I’m sure of it. If you know some Hyper-V, you know Aidan, or at least visited his site a thousand times.

Carsten Rachfahl

Aahh… Unsere deutschen freund! I have spoken with Carsten a couple of times and laughed my head of. What a great guy. But between the jokes he asks the most difficult questions and has answers to even more. Carsten is also putting in a lot of effort in the community. Besides his blogging he is a talented interviewer. I have seen numerous interviews recorded and performed by Carsten with MVPs, program managers and other community members. Think it is easy, I dare you. Try it. And not to forget the podcasts Carsten is doing. Every month a new podcast. And those things are an hour avarage. Can you imagine the time it takes to create them.

Patrick Lownds

Patrick and I were, how should I put it, ….assigned… to the same event in Dublin. Because the hotel, where all the event attendees were staying, was fully booked I was located at another hotel. Well, at least I had time to catch up on some reading. In my 2 by 1 hotel room I noticed a tweet from Patrick saying he arrived at Dublin airport. Asked him if he was in Dublin for the same event and luckily he was. The next morning I went for breakfast. With sixty empty tables I found myself a table with some power supply next to it. Some morning reading on the NVGRE Gateway with a coffee and some toast. About 15 minutes later a guy positioned himself a couple of tables away, also for breakfast. He did have a familiar face. Laptop was still open so checked twitter again. Mmm.. small picture. Might be him. Only one way to find out. “Patrick?” “Yeah! Marc, I thought it was you”. We hanged out for two days. I had a lot of interesting conversations with Patrick and been in contact with him ever since.

Kristian Nese

Since the preview of Windows Azure Services for Windows Server I have been blogging about, speaking on and working with this great product. In the early days of the product there was almost no information available. One of the community members that was also publishing blogs about the Windows Azure Services for Windows Server was Kristian. Recently Kristian and me have more contact and it turns out that the type of projects we do are very similar. Together with Flemming Riis they have released a whitepaper on Network Virtualization, that is now turning in a series of whitepapers on the CloudOS we are doing in a joint effort.

Flemming Riis

I have had a couple of calls with Flemming about the whitepaper series. He actually build the environment for the NVGRE whitepaper. Flemming is enthusiastic but also very realistic. We first started talking about a book about the CloudOS, but with his insight into the effort it takes and the kind of work we are doing that would quickly become a very difficult adventure. Together with Kristian Nese we settled on a series of whitepapers.

Damian Flynn

I know Damian from all the work he is doing on getting the NVGRE story out there. Speaking at event, the blog series with Nigel Cain, webinars, you name it. Over time Damian is also putting more emphasis on Windows Azure Pack. I’m still aiming at a joined Windows Azure Pack session with him on TechEd this year.

I can also mention, Stanislav Zhelyazkov, Daniel Neumann, James van den Berg, Kevin Greene, Thomas Maurer, Gordon McKenna, Ronny de Jong, Darryl van der Peyl, and then some. All these guys have day jobs and usually work more than 40 hours a week. Besides their normal working hours they put in a lot of effort to learn and test new functionalities. They take screenshots, create diagrams and document it in an easy readable format and post in on the internet for you to read at no cost. They create PowerPoint presentations, give presentations, webinars, interviews, podcast and organize events. And they do all of this with a single purpose. Sharing knowledge. Behind every hyperlink in this blog post there is tons of valuable information and its free.

I learned that sharing knowledge is not a bottomless pit, but it forms the basis of gaining knowledge. I’m honored to be part of this community and I want to thank everyone that I was privileged to interact with this year.

Merry Christmas and a happy new sharing year.

Marc van Eijk