Conference Day 4

Spent a lot of time at the expo again today talking to a few Microsoft guys about integrating storage spaces direct with VMware (not possible at this time), monitoring windows 10 client health, using Skype / teams as a phone system and a replacement for Direct Access

This was the last full day of the conference, the expo closed at 4 although the sessions were still going on till 6

Tonight is the conference social night at Universal and everyone is looking forward to that although my feet are already to drop off just from the walking I have done today.

Notes from Today

Storage Spaces Direct

Case studies

Youth Villages

Deployed storage spaces direct for their electronic medical records system for 150,000 patients instead of upgrading their old SAN

They cut their costs in half saving $150,000 and storage performance increased by 30x

King County Library

1.4m residents over 49 locations

Use storage spaces direct to replace an iscsi SAN

Faster and more responsive, consolidated three clusters to 1 saving 15 servers

Create Advertising

Based in Hollywood making trailers for movies

Terrabytes of footage being accessed by 35 editors

Moved to Storage Space direct

4 node cluster with JBODs consitig of 24 disks attached to each node

Performance and cost were drivers to move.  Old storage costs 4X the storage spaces direct solution

 This was their solution

 Allows you to use industry standard servers

Install server 2016

Create a cluster

Enable storage space direct

Pool the disk space on each server to one big pool

Carve the pool up into fault tolerant volumes

Expose the volumes as SMB for virtual NAS

Could run hyperV on top of that space

No support for NFS or VMware yet.

Maximum 1PB of raw storage per cluster

You can dynamically add servers and divers to scale up

Only fabric is Ethernet

New features - need to join windows insider program - free and easy

Can be SSD only or mix of SSD and HDD

Important to have some flash storage (SSD)

SSD is used to provide cache and is allocated automatically

Can be monitored via Honolulu

This can show you throughput, volumes, and which drives are used for storage and which are used for cache

Drives should be in pass through mode, no raid

NVME drives - Flash device that sits on PCIE buss 1.5 x the cost of SSD but 3x faster and uses half the CPU load

Only the fastest type of drive will be used for cache.  If you only have one type of disk there will be no cache

New this year - SCM support

Servers should support RDMA to reduce the load on the CPU

Can configure drive, server and rack resiliance when building a cluster

Disk resilience models

Mirror resiliency - can suffer 2 simultaneous failures

Mirroring gives best peformance but is costly needs 3 the storage you need

Parity

This needs 4+ nodes

Can suffer 2 simultaneous failures

20% wasted space

New this year duplication and compression - Seeing up to 95% savings

All data that is stored is checksumed to ensure data integrity - this is important for archive data

Data can be protected at rest with bitlocker and in transit with SMB encryption - SMB encryption cannot be used with RDMA

Storage spaces direct needs a 2016 datacenter edition

Hardware build your own with supported components or 

Buy vendor solution from 

Daton

Dellemc

Lenov

HP

Fujitsu

GDPR 

GDPR is coming in may 2018.  Effects any company that offers goods and services to people in the EU

People can ask to 
Access their personal data
Correct errors in their personal data
Erase their personal data

Export personal data

Failure to comply could lead to fines of up to 4% of global revenue

Hard to find that information as it could be located on multiple different platforms.  It could even be on backup files on tape which would especially be difficult to remove data from

You need to be able to demonstrate compliance if audited
Any breech should be reported in 72 hours

Comvault showed a product  that integrates into their backup solution which  provides a single search location to find the data on premise, in backups or in the cloud
More information from
Comvault.com/gdpr

Microsoft. Com/gdpr

Microsoft recommended using the Office 365 security and compliance center to help improve your security score.  Office 365 secure score.  You can baseline your score against other organisations.  Outputs a plan to improve security

Azure Information Protection help with keeping information identifiable and secure
Data can be classified and labelled.  Track sharing and log access.  

Enterprise Mobility Suite

Works with Windows, iOS, mac, android

Can separate out personal and company data

When accessing company data user need to Authenticate, could be with a pin.  Once pin is entered don't need to re Auth for different apps.

The tool lets you deploy apps to personal devices

Demo shows an un-managed device accessing email. Got a message to say that they needed a managed device to access this information

EMS can all be run in the cloud.  

They also demonstrated how it restricted copy and pasting data from a company app to a non company app on the same device and restricted you being able to save to non company storage locations.

Permissions can be set on a user or application basis.  This also works for office 365 apps

Windows analytics - managing updates upgrades and health

Upgrade readiness online portal tool in azure portal

Looks at apps installed and shares information about what works and what doesn't

Not just for major upgrades it can be used for minor upgrades as well - feature upgrades

The tool will also report on devices and drivers that may need to be updated to work with the upgrade.

It can monitor alerts about health of environment such as crashes

It shows common blue screen issues resulting from driver crashes

Aka.ms/Windowsanalytics to start

All free tools to achieve this

Need to push out an organization ID with group policy.  The analytics is already built into windows 10.  It will send this information to Azure and tag it with the org ID.

Need Windows 10 1703 march release. 1703 is needed due to proxy authentication may be able to put a direct rule in so it works with early versions.

Remote Access

Had a chat with one of the Microsoft guys around VPN.  

Direct Access is depreciated.  No new features however it will remain supported as long as its a feature of the OS

New replacement is Auto VPN

Auto VPN is still client less and transparent

It can be configured as DAS is now where all traffic except internet traffic goes over the vpn or you can configure it so that only specific end points goes over the VPN triggered either by application or end points

The other big advantage is that you can configure an infrastructure tunnel so that as long as the device is in a wake state you can push updates to the device without the users having to be logged on