Vol. 18, #6 - February 11, 2013 - Issue #916

Image

Cloudy Thinking - Identity Management

  1. Editor's Corner
    • Newsflash!
    • Reader needs help!
    • Cloudy Thinking - Identity Management
    • Tip of the Week
    • Recommended for Learning
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • Americas
    • Africa
  4. Webcast Calendar
    • Register for Webcasts
  5. Tech Briefing
    • AD FS 2.0 Content Map
    • Office 365 SSO Content Map
    • Single-sign-on between on-premise apps, Windows Azure apps and Office 365 services
    • Identity (Management) Crisis
    • Claims Based Identity: What does it mean to you?
    • A Technology Blueprint for the Enterprise of the Future
    • Best practice for using cloud computing in Europe 2013 (Part 1)
    • Best practice for using cloud computing in Europe 2013 (Part 2)
    • Are Your Clients Ready To Move To The Cloud?
    • What's New in Windows 8 for Hyper-V Based Cloud Computing
    • Windows Server 2012 home lab preparation
    • Windows Server 2012 IT Camp – Lab #1
    • Microsoft Windows Server vs Chevy Camaro
    • Mobile Printing: Workers Don't Have to Leave Printing Behind
    • We need a good business reason for investing in IT
    • What Government Employees Think About Consumer Technology at Work
    • IT Admins and Security Auditors
  6. Windows Server News
    • Building redundancy into your cloud outage strategy
    • Q&A: How to troubleshoot common VDI problems
    • VM lifecycle management: Beware the immortal VM
    • Ready for a vSphere 5.1 upgrade? Depends on your current version
  7. WServerNews FAVE Links
    • This Week's Links We Like. Fun Stuff.
  8. WServerNews - Product of the Week
    • Sensitive Data Discovery just got a lot easier…and cheaper

 

Sensitive Data Discovery just got a lot easier…and cheaper

STEALTHbits Technologies recently released a must-have tool for network and security administrators everywhere. After decades of managing file systems, everyone knows there’s sensitive data tucked away (many times unprotected) in virtually every corner of the network; buried deep within desktops, servers, and shared file systems. STEALTHbits’ StealthSEEK offers administrators a lightweight, agent-less, low-cost alternative to cumbersome, expensive DLP frameworks for data-at-rest, allowing near instantaneous discovery of sensitive data across networks large and small. If you’re subject to compliance regulations like PCI or HIPAA and want to discover a faster, easier way to stay secure and compliant, check out StealthSEEK.

Download Now

 

Editor's Corner

This week's newsletter is all about identity management in cloud computing environments. But before we dig into this topic, let's say for a moment that you're working the helpdesk for your organization, and someone phones in saying he's a user and has forgotten his password. How might you try to confirm his identity?
http://www.wservernews.com/go/1360247624932

Newsflash!

Just wanted to mention that my free ebook Introducing Windows Server 2012 has now been downloaded over half a million times!! If you haven't downloaded it yet you can do so by clicking on the image below:

Image

Reader needs help!

A reader named Jim from Florida asked us to share the following with our community of newsletter readers:

I’ve been struggling with find a method or software to block IP address from hackers that are trying a dictionary attack on my 2007 MS Exchange server. I have several clients that also have this issue. The ideal method or software would see that there is more than X amount of connection attempts from the same IP address and then block the connection. If you could post this question out to the community I would appreciate it.

Do any readers of this newsletter have suggestions for how Jim can deal with this issue? Email us at [email protected]

Cloudy Thinking: Identity Management

You can read previous issues in our Cloudy Thinking series here:

Identity is a collection of information that uniquely defines a user or system. Identity management has to do with provisioning and managing user and system identities so they can be authenticated and authorized for securely accessing resources in a computing environment. Managing identity is also about protecting the information and computing resources of your organization by controlling and auditing who can access them.

The office is getting cloudy

Active Directory is the most commonly used identity management platform in corporate environments and is typically deployed on-premises. But what if some or all of your computing infrastructure is running in the cloud? How can you manage the identity of users who run cloud apps in pools of shared workstations? We'll get to that in a moment, but what if you don't even want your users to run any cloud apps on their machines? How can you prevent them from doing so? And how do you deal with the problem of business units or individual users who sidestep your on-premises identity management system and self-provision cloud apps using their own separately created identities?

That's a difficult problem, yet it's one that many companies currently face. Traditionally IT has tried to lock down the experience of users to prevent them from installing and using unauthorized apps. Technologies for implementing such control can include:

While technologies like these can effectively lock down many aspects of the Windows desktop environment, they generally fail in preventing users from accessing cloud apps like Google Docs on their computers or from running cloud apps on non-Windows devices such as iPads, Android tablets, or smartphones. What can you do to prevent your users from unauthorized running cloud apps on the computers and other devices they use to perform their work?

I would say that there are only two ways of doing this effectively. The first is simply policy--establish a clear company policy against such practices and make sure you communicate it clearly to explain both the why behind your policy and the what users might face in terms of consequences should they violate the policy. Effective policy should always answer the two questions: Why do we have this policy? and, What will happen if I don't follow it?

But if that doesn't work (people tend to break rules when they think they can get away with it or when they feel the need to do so is valid) then what else can you do? The second way of preventing your users from unauthorized running cloud apps on the computers and other devices might simply be to provide them with some authorized cloud apps that can meet their perceived needs. In other words, if you don't want your users to go to the cloud, you should bring the cloud to them instead. According to NetworkWorld that's the message that Microsoft has been trying to get out to their customers:
http://www.wservernews.com/go/1360247650479

Identity management and Office 365

Let's get back to managing identity in cloud computing environments. Let's say you've got a mix of on-premises Active Directory-based infrastructure and cloud apps such as Office 365 or some custom apps you've deployed to Windows Azure. Can you create a single identity for each user that will allow them to log on to their systems and run locally-installed apps as well as the cloud apps? And what if users already each have two identities, one account in Active Directory and another Office 365 account? Is there any way of merging their identities to make managing them simpler?

The key glue to making both of these scenarios possible is Active Directory Federation Services (AD FS), which can provide secured identity federation and Web single sign-on (SSO) capabilities that allow users to seamlessly access federated Web-based resources without requiring them to log on a second time to these resources. AD FS 2.0 is included in Windows Server 2008 R2 and has been enhanced in Windows Server 2012 with some new capabilities described here:
http://www.wservernews.com/go/1360247662494

A roadmap outlining the steps for implementing AD FS to enable users in your Active Directory environment to use SSO to access Office 365 cloud apps can be found here:
http://www.wservernews.com/go/1360247666479

If some of your users are already running Office 365 and have two identities (one in Active Directory and a second one in the cloud) then the following thread on the Office 365 Forums might help you understand how to integrate these separate identities for easier management:
http://www.wservernews.com/go/1360247671135

See the Tech Briefing section of this newsletter for links to additional information on implementing SSO with AD FS, Office 365 and Windows Azure.

Finally, you can now run Active Directory in the Windows Azure cloud. But that's a topic for a future issue of this newsletter...

Send us feedback

Have you deployed a federated identity (SSO) solution like AD FS in your organization? Got any tips you'd like to share with readers about the pros and cons of doing this? Let us know at [email protected]

Tip of the Week

Are some of your users experiencing slow logons? It could be because of how Group Policy is being applied to those users or their computers. See the following post by Ned Pyle on the Ask The Directory Services Team blog for more info:
http://www.wservernews.com/go/1360247712619

Contact me at [email protected] if you have a tip you'd like to share with our readers.

Recommended for Learning

If you've ever had to go through e-discovery as part of litigation or an audit, you'll know that the process is fraught with difficulties and dangers. The following title from CRC Press (Auerbach Publications) can help you prepare for what your company or organization might face:

Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval (CRC Press, 2013) is an up-to-date introduction to properly managing electronically in a way that meets legal and regulatory requirements. The book explains in layman's terms what electronic information is, how it's stored, who's responsible for managing it, how it should be preserved, and especially why you should care about these things. The legal side of this book focusses on the US legal system, and includes an explanation of the Federal Rules of Evidence and a discussion of some of the relevant case law. All in all, a highly readable book that should be required reading for MIS and business decision makers at mid-sized and large organizations.
http://www.wservernews.com/go/1360247719197

Here are some other great titles from Auerbach Publications:

The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules
http://www.wservernews.com/go/1360247723276

Business Analysis for Business Intelligence
http://www.wservernews.com/go/1360247727338

Cyberspace and Cybersecurity
http://www.wservernews.com/go/1360247731322

IT Best Practices: Management, Teams, Quality, Performance, and Projects
http://www.wservernews.com/go/1360247735479

Quote of the Week

"Don't spend a lot of effort acquiring customers and then just let them walk away."

--Gary Vaynerchuck, bestselling author, journalist, and speaker, as quoted in Ash Maurya's book Running Lean

You can find out more about Gary here:
http://www.wservernews.com/go/1360247741057

Until next week,
Mitch Tulloch

BTW feel free to:

Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Start discovering sensitive data in your file systems in the next 10 minutes with StealthSEEK – it's that simple – download now:
http://www.wservernews.com/go/1360249718500

Free Trial: NetWrix Change Reporter Suite, a simple IT infrastructure auditing tool that tracks changes made to all critical IT systems and reports on the "4W detail" – Who changed What, Where and When.
http://www.wservernews.com/go/1360249731547

Download a free trial of Remote Support from DameWare and instantly start providing support to thousands of end-users without leaving your desk!
http://www.wservernews.com/go/1360249737329

Free download: Altaro Hyper-V Backup. Easy to use, fast, has your back. Free for 2 VMs, forever.
http://www.wservernews.com/go/1360249743735

ManageEngine ServiceDesk Plus was selected the winner in the Help Desk category of the WindowsNetworking.com Readers' Choice Awards:
http://www.wservernews.com/go/1360249748438

 

Events Calendar

Americas

Africa

Add your event

Contact Michael Vella at [email protected] to get your conference or other event listed in our Events Calendar.

 

Webcast Calendar

Register for Webcasts

 Add your Webcast

PLANNING A WEBCAST you'd like to tell our 100,000 subscribers about? Contact [email protected]

 

Tech Briefing

We'll begin with links to some resources on identity management:

AD FS 2.0 Content Map

This TechNet wiki page provides a comprehensive content map for resources on AD FS 2.0:
http://www.wservernews.com/go/1360247782526

Office 365 SSO Content Map

This wiki page provides a complete roadmap for Single Sign-On (SSO) content relating to Office 365:
http://www.wservernews.com/go/1360247787322

Single-sign-on between on-premise apps, Windows Azure apps and Office 365 services

This post on the Plankytronixx blog on MSDN is a bit old but still provides a good explanation of how SSO is implemented:
http://www.wservernews.com/go/1360247791651

Identity (Management) Crisis

Deb Shinder examines how the concept of identity has evolved, why protecting it is important, what identity management solutions currently look like, and how you can choose the right identity management solution for your organization in this four-part series of articles (WindowSecurity.com):
http://www.wservernews.com/go/1360247796838

Claims Based Identity: What does it mean to you?

Deb Shinder looks at the concept of claims-based identity and examines solutions like Microsoft AD FS 2.0, Windows Azure, Windows Live ID, Office 365, and SharePoint (WindowsSecurity.com):
http://www.wservernews.com/go/1360247805760

 

Next, here's some general stuff on cloud computing:

A Technology Blueprint for the Enterprise of the Future

The Recovery Accountability and Transparency Board makes use of many different flavors of cloud computing (FedTech Magazine):
http://www.wservernews.com/go/1360247810260

Best practice for using cloud computing in Europe 2013 (Part 1)

Ricky Magalhaes begins by explaining four principles of good information handling (WindowSecurity.com):
http://www.wservernews.com/go/1360247814932

Best practice for using cloud computing in Europe 2013 (Part 2)

Ricky Magalhaes finishes by describes three additional principles of good information handling (WindowSecurity.com):
http://www.wservernews.com/go/1360247826057

Are Your Clients Ready To Move To The Cloud?

Robert Peretson demonstrates how managed service providers can help their clients decide whether to migrate their business into the cloud (MSPAnswers.com):
http://www.wservernews.com/go/1360247830369

What's New in Windows 8 for Hyper-V Based Cloud Computing

Also be sure to check out this eleven-part series of articles on what’s new in Windows 8 for Hyper-V based cloud computing by Janique Carbone (VirtualizationAdmin.com):
http://www.wservernews.com/go/1360247835744

 

Now on to some other stuff...

Windows Server 2012 home lab preparation

First of a series where we look at setting up a home lab on 2 spare machines in order to run through some Windows Server 2012 scenarios and Labs as part of the online IT Camp that we are putting together (Canadian IT Pro Connection blog on TechNet):
http://www.wservernews.com/go/1360247841182

Windows Server 2012 IT Camp – Lab #1

In this lab we look at the Hyper-v role of Windows Server 2012 and we explore "Shared Nothing Live Migration" (Canadian IT Pro Connection blog on TechNet):
http://www.wservernews.com/go/1360247845369

Microsoft Windows Server vs Chevy Camaro

Derek Melber discusses some of the good and bad changes happening in the latest versions of Microsoft Windows and Windows Server, and he includes some terrific photos of Chevy Camaros as well (WindowsNetworking.com):
http://www.wservernews.com/go/1360247849541

Mobile Printing: Workers Don't Have to Leave Printing Behind

A mobile workforce needs access to all the comforts of the workplace to be truly productive (BizTech Magazine):
http://www.wservernews.com/go/1360247873526

We need a good business reason for investing in IT

What is the good business reason behind changing the relationship and role of IT? (Gartner):
http://www.wservernews.com/go/1360247878572

What Government Employees Think About Consumer Technology at Work

MeriTalk reveals graying line between professional and personal use of technology (FedTech Magazine):
http://www.wservernews.com/go/1360247882822

IT Admins and Security Auditors

Derek Melber discusses the pitfalls of security audits when administrators and auditors do not work well together (WindowSecurity.com):
http://www.wservernews.com/go/1360247892822

 

Windows Server News

Building redundancy into your cloud outage strategy

When it comes to the cloud, it’s essential to have an effective strategy in place to prevent outages from impacting your organization. Inside this tip, learn how planned redundancy can help you ensure that your end-users experience little to no downtime in the event of a cloud outage.
http://www.wservernews.com/go/1360247898807

Q&A: How to troubleshoot common VDI problems

While VDI can deliver a wide range of benefits, it’s not without its challenges. In this expert Q&A, explore the top VDI problems your peers are experiencing and review essential tips and tricks for eliminating these common pain points.
http://www.wservernews.com/go/1360247903416

VM lifecycle management: Beware the immortal VM

While virtual machines do not have the wear and tear nature of physical computers, it doesn’t mean you should keep them around forever. As a result, it’s essential to have an effective VM lifecycle management strategy in place. Find out key tips that can help you avoid out-of-date immortal VMs.
http://www.wservernews.com/go/1360247908244

Ready for a vSphere 5.1 upgrade? Depends on your current version

Many IT pros are eager to take advantage of the new features and improvements in VMware vSphere 5.1. However, this upgrade may not be for every IT shop, so it’s important to do your research beforehand. Learn key factors that can help you determine whether or not you’re ready for vSphere 5.1.
http://www.wservernews.com/go/1360247912901

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

Image

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Driving in snow and ice provides many challenges. These drivers and pedestrians are incredibly lucky!
http://www.wservernews.com/go/1360247918354

Meanwhile in Japan: Train plowing through deep snow.
http://www.wservernews.com/go/1360247922822

The amazing Mozart Group combine superb musical skills with creative humor, joy and fun:
http://www.wservernews.com/go/1360247927463

 

WServerNews - Product of the Week

Sensitive Data Discovery just got a lot easier…and cheaper

STEALTHbits Technologies recently released a must-have tool for network and security administrators everywhere. After decades of managing file systems, everyone knows there’s sensitive data tucked away (many times unprotected) in virtually every corner of the network; buried deep within desktops, servers, and shared file systems. STEALTHbits’ StealthSEEK offers administrators a lightweight, agent-less, low-cost alternative to cumbersome, expensive DLP frameworks for data-at-rest, allowing near instantaneous discovery of sensitive data across networks large and small. If you’re subject to compliance regulations like PCI or HIPAA and want to discover a faster, easier way to stay secure and compliant, check out StealthSEEK.

Download Now

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.