Software Resources & News

  • Newest Office 2019 and Office 365 Editions Announced

    office 2019 devices

    Microsoft recently announced the new release of Office 2019 as well as its continued commitment for on-premise versions beyond this latest release in recognition that its customers are in different places regarding cloud service adoption. New features have been adapted to the on-premise version of Office 2019 including some offered in Office 365 through the on-premise version will not be eligible for monthly updates.

    Office 2019 will include a wide range of new features for content development, project development, task management, and other common uses. Primary applications such as PowerPoint, Excel, Word, and Outlook have all received improvements which users will find highly beneficial. Microsoft Office 2019 also included improved inking features across all apps such as roaming pencil case, pressure sensitivity, and tilt effects for a natural feel within document development.

    Presentations have become an important feature of business activity and PowerPoint remains at the forefront of this type of content development. New cinematic presentation features have been added to PowerPoint named Morph and Zoom. Morph is a transition feature while Zoom delivers greater organizing control for presentation slides. The roaming pencil case is also an important new feature for PowerPoint.

    Meanwhile, Excel now boasts powerful new data analysis with new formulas and charts as well as new connectors. Additionally, this latest version of Excel provides funnel charts, 2D maps, and timelines along with the ability to publish to PowerBI, the power Microsoft business analytics solution for data visualization and connection to hundreds of data sources. There are enhancements to PowerQuery as well as improvements to PowerPivot.

    Content management and development in Word and Outlook now include new learning tools like read aloud and text spacing. Within Word, focus mode brings content forward and reduces distraction so documents can be created, edited and completed without delay. Additionally, Word also features:

    • Text-to-Speech
    • Learning tools for captions and audio features
    • The inking improvements previously mentioned
    • Accessibility improvements

    Outlook's focused inbox moves less important messages out of the way and brings priority email to the forefront for faster response. Outlook with Office 365 now includes a Groups feature while updated contact cards are available in both versions.

    For users of OneNote, Microsoft now includes this application with Windows 10 rather than Office so the latest version is available already. For anyone preferring OneNote 2016, it remains as part of a volume installation with the Office Deployment Tool. Mac users will experience no difference with OneNote which is offered with the Office 2019 version for the OS or can be downloaded for free from the Apple App Store.

    Click-to-run (C2R) was first used with Office 2013 as a modernized deployment technology which has been used to update office across millions of worldwide devices. However, Click-to-run (C2R) is now available in all client application formats. With C2R, customers will experience all the advantages which other office versions provide including:

    • Consistent security updates
    • Currently updated apps when installed
    • Reduced network latency with the Windows 10 download optimization technology

    Customers interested in an upgrade path to Office 365 ProPlus will now find the option easier to achieve. Older MSI-based formats will no longer be supported with C2R but other features remain available:

    • Volume activation
    • Group Policy management,
    • Control over updates
    • Support for System Center Configuration Manager

    Related updates to server technologies as pertains to Office such as Exchange Server 2019, Skype for Business Server 2019, SharePoint Server 2019, and Project Server 2019 will soon be available.

    Customers not yet ready for the cloud will find Office 2019 to be a valuable asset to which Microsoft is committed. Since various customers are at different points in the adoption of cloud services, Office will remain an important part of on-premise application products offered.

    Also, there are some feature differences between Office 365 and Office 2019, including creativity features such as Editor in Word, tap in Word, PowerPoint, and Outlook. Additional creativity features in Office 365 are Designer in PowerPoint, Researcher in Word along with Ideas and Data Types in Excel.

    Additionally, Office 365 powers real-time collaboration across the ever-important Word, Excel and PowerPoint applications for faster creation, editing, and publication of critical content. It must be noted that real-time collaboration is also available in Word 2019 but only with the use of SharePoint Online.

    Remember these points and considerations about new Office application developments:

    • Commercial volume licenses for customers are available for Office 2019 immediately.
    • Office 2019 is also available for consumer and commercial use immediately within the US with releases to some countries pending.
    • Certain features, such as OneNote, are only available in Mac while it is already available Windows 10.
    • Other features may only be in use for Windows versions of Office 2019.
    • Additional security features such as Advanced Threat Protection (ATP), message encryption, Office Enterprise Protection and sensitivity labels for Office Apps are included in Office 365 (in some cases, access to additional subscriptions like Exchange Online and ATP may be necessary while others may not yet be available in the Office 365 ProPlus edition).

    To learn more about the newest developments in Office 2019 and Office 365, contact our experts at RoyalDiscount.com- Your online source for cheap OEM, Retail & Cloud products.


  • The Latest Improvements and Changes with Windows Server 2019

    licensing for windows server 2016

    Windows Server 2019 was released earlier this year and, with it, there are a number of new features to be considered. This new server OS provides the latest benefits from Microsoft for companies in need of upgrading physical servers as well as taking advantage of improvements for security, application environments and more. Here's a look at what is new and improved.

    The desktop experience is available again in the 2019 version whereas it was not in the server versions 1709, 1803 or 1809. Similar to the 2016 version, the 2019 version offers an option during setup between Server Core and Desktop Experience installation.

    Microsoft has developed a new feature for predictive analytics named System Insights in Windows Server 2019. This new function provides machine-learning for local analysis of system data in order to offer fine-tuning of a server with predictive analysis based on performance counters and events. These insights create an opportunity to reduce expenses from issues surrounding server deployments.

    Hybrid Cloud optional features are now included in Server Core installations for improved application compatibility. Using Server Core App Compatibility feature on demand (FOD) creates a subset of binaries from Desktop Experience for improved functional compatibility for the leaner installation option and is available on a separate ISO which can be added to the Server Core installation.

    Microsoft included a number of security improvements:  

    • Windows Defender Advanced Threat Protection (ATP) & ATP Exploit Guard with improved Application Control are new developments which protect against memory and kernel level attacks. Advanced Threat Protection can both suppress and terminate malicious files and processes. Meanwhile, Exploit Guard uses its components to lock down a device from numerous attacks while blocking common malware intrusion attacks. Four components of the Exploit Guard work cohesively for best use of resources between security and productivity.
    1. Attack Surface Reduction (ASR) is a set of controls which block lateral movement of suspicious code including ransomware.
    2. Network protection uses Windows Defender SmartScreen and negates exposure to untrusted hosts and IP addresses used in web-based attacks.
    3. Controlled folder access cordons off important data from ransomware attacks by blocking suspicious processes.
    4. Exploit protection provides Microsoft customers with the ability to enable at a set of mitigations against exploits for increased protection.

    Microsoft also added default Code Integrity (CI) policies to the Windows Defender Application Control for improved ease of use over the original version released with Windows Server 2016.

    • Security improvements also arrived with Software Defined Networking (SDN). This enhanced group of features improves running workloads on both cloud-based services and on-premise environments. SDN arrived with Windows Server 2016 but now includes encrypted networks for virtual machines, firewall auditing, virtual network peering and egress metering (for monitoring data transfers outside of secure networks)
    • Shielded VM'S with branch office improvements, troubleshooting improvements & Linux support.
    1. Branch office improvements now provide shielded VM's with options for intermittent connectivity with fallback HGS and offline mode. The fallback includes options for alternate sets of URLs for Hyper-V connectivity while offline mode provides the ability to start shielded VMs even if HGS is unavailable (the VM must already have previously started and experienced no configuration changes).
    2. Additionally, troubleshooting for shielded virtual machines is improved with VMConnect Enhanced Session Mode and PowerShell Direct, both of which assist with lost network connectivity of VMs. Once enabled, these support features require no configuration when in use on a Hyper-V host running Windows Server version 1803 or later.
    3. For customers running in mixed-OS environments, Windows Server 2019 now supports an operation of a variety of popular Linux versions inside shielded VMs.
    • HTTP/2 has been introduced for more web security and includes the following:
    1. Connection improvements for uninterrupted encrypted browsing over coalesced connections.
    2. Upgrades to cipher suite negotiation which provides ease of deployment and corrections to connection failures.
    3. More throughput with a new TCP congestion provider using Cubic.

    Storage improvements were not overlooked by Microsoft with Windows Server 2019:

    • Storage Migration Service is a new feature which migrates servers to newer versions of Windows Server with ease. A graphical tool enables easy management of migrations through inventories which can then be shifted to newer server versions, even optionally migrating server names for the transition of apps that do not interrupt user experience.
    • Storage Spaces Direct includes improvements to deduplication and compression of ReFS volumes, native support for persistent memory, nested resiliency for dual-node, hyper-converged infrastructures, Windows Admin Center support, scaling for up to 4 PB in a cluster and much more.
    • Storage Replica is now available on Windows Server 2019 Standard Edition while a new feature named Test Failover can mount destination storage for validation of replicas. There are also improvements to replica log performance and additional Windows Admin Center support.
    • Failover Clustering improvements have been made to cluster sets, Azure-aware clusters, migrations of cross-domain clusters, cluster infrastructure with support for Storage Spaces Direct, cluster hardening. Additionally, failover cluster dropped usage of NTLM authentication.

    Microsoft included application platform improvements with an eye toward the following:

    • Windows server 2019 now provides support for running Linux-based containers which will provide both flexibility to application developers and consistency to the host container environment.
    • Now included on Windows server 2019 are computing, networking and storage improvements to support Kubernetes. With other improvements to container networking, Windows Server 2019 creates a resilient, enhanced platform performance with the latest networking plugins. New workload deployments via Kubernetes includes network security support that protects Linux and Windows containers.
    • Other container improvements include:
    1. Microsoft addressed numerous limitations of prior Windows server editions with an improved integrated identity which provides a more reliable authentication experience
    2. Application compatibility where applications based in Windows are easier than ever to organize into containers, especially when considering the core server installation. Additionally, API dependent applications now have a third image available.
    3. Issues with startup times, size on disk and download sizes for base container images have also been improved for speedier workflows.
    4. Accessing the containers extension in the Windows admin center public feed provides experience improvements to container management and performance.
    • Encrypted networks also experienced changes for the better. Now virtual network traffic between VMs will communicate when designated as encryption enabled using Datagram Transport Layer Security (DTLS) which will prevent security breaches by anyone with access to a physical network.
    • Performance for VM workloads has always been a concern and Microsoft has addressed these for improved network performance. New features such as Receive Segment Coalescing in vSwitch and Dynamic Virtual Machine Multi-Queue allow for vastly improved provisioning of VM hosts while decreasing operation and maintenance costs even with an increase of host density.
    • A new network congestion control provider was designed which will yield automatic improvements to applications and users. Low extra delay background transport (LEDBAT) addresses bandwidth concerns especially for use in deploying large updates to avoid impact on customer services.
    • Windows time service got an update in the latest version of Windows Server with the inclusion of a true UTC-compliant leap second support via a newly designed time protocol entitled Precision Time Protocol.
    • The aforementioned Software Defined Networking (SDN) received a boost with high-performance SDN gateways. UI deployments using the Windows Admin Center extension provides deployment and management capability
    • Microsoft also took a step forward by harnessing the power of Hyper-V with improvements to throughput as well as the low latency of persistent memory in VM's. The new persistent memory support for Hyper-V VMs jolts performance with drastic reductions of memory latency issues in database transactions.

    Microsoft stepped forward once again with the release of Windows Server 2019 by addressing a wide range of issues and amid fast-changing technology developments. The changes, improvements and new features over Windows Server 2016 make this latest server version a tantalizing wealth of reasons for upgrading.

    To learn more about Windows Server 2019, contact our experts at RoyalDiscount.com- Your online source for cheap OEM, Retail & Cloud products.


  • Windows Server 2016 VM Licensing Considerations

    remote desktop licensing

    As recently as the releases of Windows Server 2012, Windows Server 2012 R2, Windows Server 2014 and Windows Server 2014 R2, the Standard and Enterprise editions have been licensed much the same way by Microsoft by counting CPU's. However, with Windows Server 2016, while there is no difference with these previous versions in regard to editions, licensing changed.

    With regard to licensing, the change with Windows Server 2016, as with a number of other products, Microsoft has shifted from licensing based on the number of processors to the number of cores for a more accurate accounting. This is a big shift from the previous editions of Windows Server and applies to both Standard and Datacenter versions.

    Additionally, with the arrival of Windows Server 2016 previous feature parity is no longer available. Earlier versions of Windows Server operating systems basically included the same available features with the exclusion of VM licensing. Below is a quick list of categories and further information regarding availability between these two main editions.

    Windows Server 2016 edition Licensing model CAL requirements Pricing Open NL ERP (USD)
    Datacenter Core-based Windows Server CAL $6,155
    Standard Core-based Windows Server CAL $882

    With this newer licensing model, Microsoft has also changed somewhat with regard to licensing VM's. Again, the cores must be licensed but the number of VM's will vary based on the edition and cores to be licensed. Licensing rights for Windows Server 2016 Standard Edition only provides for all physical cores in the server to be licensed and includes only 2 OSE's or Hyper-V containers. In the instance of additional OSE's or Hyper-V containers, Microsoft allows for multiple licenses to be assigned to the same cores.

    And here's a summary of features for the affected levels of VM support:

    Feature Datacenter Standard
    OSEs / Windows Server containers with Hyper-V isolation Unlimited 2
    Windows Server containers without Hyper-V isolation Unlimited Unlimited
    Shielded Virtual Machines

    That table gives you a thumbnail of how the new licensing model affects VM's and their licensing. Standard has minimum limits and shielded VMs cannot be used. Here's a full explanation:

    • When all physical cores on a server are licensed, with a minimum of 8 cores per physical processor and a minimum of 16 core licenses per server.
    • Datacenter provides rights to use unlimited Operating System Environments (OSEs) or Hyper-V containers and Windows Server containers on the licensed server.
    • Standard provides rights to use up to two Operating System Environments (OSEs) or Hyper-V containers and unlimited Windows Server containers on the licensed server.
    • For each additional 1 or 2 VM's in a Standard OS edition, all the physical cores in the server must be licensed again.

    When considering core-based licensing, Windows Server and System Center 2016 are licensed by physical cores, not virtual cores. Therefore, customers need only to inventory and license the physical cores on their processors.

    Windows Server 2016 will support nested virtualization where a VM runs inside a VM.

    Windows Server 2016 Datacenter licensing allows for unlimited virtualization and so would easily cover this scenario. Windows Server 2016 Standard Edition licensing is designed for no-to-low-virtualization scenarios and supports up to two virtual machines. A virtual machine running inside a virtual machine counts as two virtual machines from a licensing perspective so any additionally nested VMs would require additional licensing of all cores on the physical server.  

    What does it all mean? Microsoft licensing for the Standard edition provides for two VM's to be licensed at a minimum. For more VM's to be hosted, additional licenses must be purchased. With the Datacenter edition of Windows Server 2016, an unlimited number of VM's are licensed. This means you should be prepared to license additional VM's on standard if you need more than two of them but that may still be cheaper than a licensed server for Datacenter. In fact, you may be able to add more than a few depending on the capacity of the server. However, remember the licensing is by cores so a high-end server will be licensed accordingly and Datacenter may end up being the best choice, especially for those servers used for VM farms.

    To understand licensing for Standard even more, here's a description of what you'll need when adding additional VM's on server with a Standard server OS. Even if you have as few as eight cores on the physical server, you must license for the minimum of sixteen. That means if you want an additional VM on the server beyond the 2 allowed, you must license for the minimum of sixteen cores again on that server, but you get rights to 2 more VM's. Also, when considering core licensing and VM's with the Standard Edition, if you have 4 processors on the server, the same conditions apply. You will be licensing the minimum of 32 cores for each 2 VM's you want to run on Standard edition. This can be cheaper but it bears checking the pricing and considering the growth of your VM environment over time since the Datacenter Edition may be the better option over time.

    Licensing for Windows Server 2016 and hosted VM's requires extra considerations. It's well worth gaining a thorough understanding of requirements for core licensing, especially with the Standard edition of Windows Server 2016. To learn more about Microsoft Windows Server 2016 licensing, contact our experts at RoyalDiscount.com - Your online source for cheap OEM, Retail & Cloud products


  • What's the Difference Between Azure AD Premium P1 vs P2?

    Azure Active Directory

    Microsoft offers its domain management software, Active Directory, as a product in Azure services which provides all the same security features as an on-premise implementation. The Azure product can be used on its own or as a hybrid implementation with an on-premise AD structure, making it a highly valuable feature of Azure.

    Azure AD is present with all kinds of virtual and cloud services since security is an important feature in Azure. Since AAD is already functional in Azure and can be extended into an existing Active Directory structure, it's important to understand the compatibility of additional versions which may already be in use. Either as a stand-alone product or an extension to the cloud, AAD is very important for organizational security, especially with integration into Office 365 and remote user sign-on.

    The variation of tools in Azure AD replaced Dirsync and Azure AD Sync so that cloud and on-premise implementations mesh with each other seamlessly. Synchronization between the two is a key component for security as is AD Connect which is another integration tool that provides development and management of services for the use of single-user identities and single sign-on access including on-premise applications, cloud-based applications and Office 365.

    With the Azure AD services, items in Active Directory are kept synchronized so that information about resource and identity security is up-to-date. Additionally, authentication methods in a wide variation are equally available in AAD including cloud authentication with Hash Synchronization, pass-through authentication and ADFS (federated authentication). Azure AD Connect Health monitors AD resources from the Azure portal for centralized management.

    The premium additions of Azure AD are important to understand as these provide enterprise level tools for organizations in need of higher security measures, especially in Azure. While subscription services like Office 365 and Azure are automatically provided in Azure AD, these premium editions include important additional features for security and resource management. The premium versions are P1 and P2 and include these additional features to those basic in Azure AD.

    • Azure AD Premium P1 - is an enterprise level edition which provides identity management for on-premise users, remote users and hybrid users accessing applications both locally and over the cloud. This edition includes support for self-service identity, access management, administration of dynamic groups including self-service group management, as well as Microsoft Identity Manager which is a suite of on-premise identity and access management tools.
    • Azure AD Premium P2 - is an edition includes all of the features of Azure AD Premium P1 with the addition of Identity Protection and Privileged Identity Management (PIM). Identity Protection provided management of conditional access to apps and critical data. PIM enhances management of privileged accounts tied to administrative access to resources.

    A deeper dive into these editions is necessary for better understanding of available features offered in each one.

    One of the important factors in using a premium edition of AAD is dynamic group administration. IT administrators can receive many security group membership requests but the use of dynamic groups in premium editions provides for management with policies. Assigning policies to user ID's means that group memberships are included based on assigned criteria and no additional requests are necessary.

    The Premium P2 tier differs from the alternate P1 tier with added Identity Protection and Privileged Identity Management (PIM) which increase security measures to meet the toughest of expectations. Azure AD Identity Protection adds improved reporting of risk events so organizations can further assess potential vulnerabilities for all identities with the function of blocking or remediating these security risks with adaptive actions. PIM provides additional information about administrative accounts which allows for higher protection and lower risk of security breaches with this level of accounts. The Privileged Identity Management package clearly identifies Azure AD Administrators, adds a just-in-time administrative access for Office 365, provides reports about administrative access history and changes to admin assignments and sends alerts about access to privileged accounts.

    Azure AD Premium P2 is especially important in environments where a shift has occurred to mobile-based applications. In these computing environments, traditional security measures such as firewalls are ineffective for the protection of a cloud domain since there is no perimeter.

    azure AD active directory p1 vs p2

    Considering the roles individuals possess in organizations coupled with mobile factors, higher levels of security for identities becomes paramount. Regular users often access data from multiple devices on a variety of networks while making decisions about storage and sharing. Organizational IT retains less and less control of how data is protected. Additionally, privileged access can be assigned based on job title and little else while working outside specific network boundaries so that security audits are much harder to achieve with SaaS-based applications and systems. Access often is retained by users even after job changes occur.

    Both of the additional functions of Privileged Identity Management and Identity Protection included in Azure AD Premium P2 perform the necessary functions to manage the changing roles present in cloud-based environments. Identity Protection alone gathers information from the internet which offers trend material for security concerns regarding vulnerabilities and role history. Based on this information remediation recommendations are provided based on user trends which can be assessed for adjustments. Risk severity calculations are obtained for determining events such as:

    • Leaked credentials
    • Sign-ons from infected devices or suspicious activity via unknown IP addresses and unfamiliar locations
    • The nature of user lock-out events

    Suspicious log-ons can be assessed and risk-based policies applied in reaction to security breaches of credentials in addition to changing bad credentials or blocking identified attacks.

    PIM creates a workflow automated for user requests for elevated access. MFA (multi-factor authentication) is required for additional privileges after which the new access will time-out within a pre-determined time. Microsoft uses the same method with customer Office 365 subscriptions.

    PIM and Identity Protection provide additional security for IT teams to manage and account for risks with improved effectiveness, making it a step up for enterprise-class customers in need of these features. The additional protection keeps Azure customers ahead of the curve for avoiding costly, damaging intrusions while managing access with less overhead.

    To learn more about Azure Active Directory Premium editions, contact our experts at RoyalDiscount.com - Your online source for Microsoft Azure Cloud products.


  • SQL Server 2019 - What’s New?

    sql server 2019 performance

    During the 2018 Ignite conference, Microsoft released the public preview for SQL Server 2019. There are several enhancements that have been made to SQL Server release to help transform the Microsoft data platform, and more importantly, to improve the user experience.

    Most of the improvements are linked to the relational database engine, especially since the BI stack development is no longer directly connected to the database engine release. This is more or less the same thing that happened with SQL Server 2017. In fact, there’s only one major feature being introduced, among a host of minor enhancements.

    Database Performance Enhancements

    Over the years, Microsoft has made a tradition of tweaking each release to improve performance. More often, these are seen either as updates that assist all users, while in some cases these only edge case features.

    One of the notable optimizations was introduced in SQL Server 2017. As soon as a query is executed in a database, there’s a memory threshold that’s required for operations like data sorting to be done, hence delivering the required results to the user. The engine allocates a specific amount of memory to each query depending on the statistics that the data maintains.

    For example, a query that will require 5 billion rows to be joined will certainly require more memory allocation than one that needs to join only 50 rows. There are instances where the statistics might not be correct, and as a result, this ends up in performance concerns or concurrency.

    In SQL Server 2017, Microsoft found a fix for this problem, situations where continued execution of a query automatically adjusts the processing memory required to execute the query, depending on the runtime statistics of the execution before it. While this was a good idea, there was one challenge – this would only work for queries in batch execution mode. These are queries that must use a columnscore index.

    The problem with columnscore index queries is that they are only ideal for an analytical workload, instead of transaction processing. Fast forward to SQL Server 2019, and Microsoft has made dynamic memory grants accessible for all queries.

    Moving along with batch execution mode, the feature that can process huge chunks of data, in almost 1,000 rows and allows a speedy execution of aggregate functions like standard deviation, sums and averages were only available for columnscore indexes.

    In SQL Server 2019, Microsoft has introduced batch mode over row store. Limited testing results for the early releases have been impressive, especially with test results for aggregation queries.

    One common data warehouse performance concern arises connected to distinct counts for a single item. In a database, generating a distinct list is typically very expensive, especially when dealing with values on a very large table. You can see the cost replicated in BI operations because of the need to present a report for things like the number of products that each customer buys, or the sales records for each product. In SQL Server 2019, Microsoft has added a unique feature, “approximate count distinct.” This feature makes use of statistical functions to provide near-accurate data when in use and delivers results faster.

    The adoption of persistent memory is one of the other hardware and performance benefits that Microsoft has introduced. This is an effective storage feature at the block level. It’s effective because it writes at the RAM speed.

    In the database realm, this is a special feature. This is because more often database management software is hindered based on the underlying storage speed. In SQL Server 2016, Microsoft started offering support for persistent memory (NV-DIMM) as it’s referred to at the end of the transaction log. Building on this, any writings to a database should be handled faster in subsequent releases.

    Microsoft has since extended support for these devices in the release of SQL Server 2019, especially for Optane DC NV-DIMMs and on the Windows Server 2019. With this extension, any database project can now be stored on persistent memory like normal block-based storage.

    Microsoft didn’t leave out Linux users when rolling out SQL Server. For Linux, Microsoft created a unique enhancement that allows you to map database files to the memory directly. With this, there’s no need for kernel calls to the storage stack, which is memory intensive.

    The storage engines on Linux and Microsoft might not be the same, but it’s increasingly evident that Microsoft is working towards the creation of databases that offer the best performance, by living fully in persisted RAM.

    Security

    • Always Encrypted Using Secure Enclaves

    Always Encrypted offers protection for all sensitive data both in memory and over the wire through decryption and encryption at each endpoint. This, however, creates processing challenges from time to time, including the inability to filter or perform computations. For this reason, the entire data set must be sent across before a range search, for example, can be performed.

    What is an enclave? This is a protected memory segment that handles the delegation of filtering and computations. In a Windows database, enclave security is based on virtualization. In this case, the data is encrypted in the engine and remains encrypted. However, when it’s within the enclave, it can still be decrypted or encrypted. All you need to do is add ENCLAVE_COMPUTATIONS to the master key. You can simply check the “allow enclave computations” checkbox in SSMS to make this happen.

    This allows you to encrypt data almost immediately. This is faster and more efficient than the former way of encryption which used an application or the Set-SqlColumnEncryption cmdlet, to move all the data from the database, encrypt the database and then send back all the data.

    Given this update, you can perform range searches, wildcard searches, orders and so forth. You can also perform in-place encryption within the queries without worrying about security. This is because the enclave is designed to allow decryption and encryption on the same server. Within the enclave, you can also execute an encryption key rotation.

    For many organizations that have been struggling with encryption and other data management concerns, this is a game changer. There’s still some work going on to perfect all the optimizations, especially those that are not enabled by default. To learn how to turn them on, navigate to the topic and enable rich computations.

    • Certificate Management in Configuration Manager

    Managing TLS and SSL certificates has always been a challenge for a lot of database managers. Usually, they end up performing lots of tedious work and running unique scripts simply to maintain or deploy certificates across the entire enterprise.

    In SQL Server 2019, updates have been made to SQL Server Configuration Manager. This allows you to validate and view any of the certificates of interest easily, find those that are almost expiring and synchronize the deployment of certificates in all the replicas of an Availability Group (from the primary), or all the nodes in a Failover Cluster Instance (from the active node).

    These operations should work just fine for anyone using an older version of SQL Server, especially if you run them from a SQL Server 2019 version of your SQL Server Configuration Manager.

    • Built-In Data Classification and Auditing

    For SSMS 17.5, SQL Server added the functionality for data classification within the SSMS. This enables users to identify columns that have sensitive information or those that might not conform to the compliance standards in use such as GDPR, PCI, SOC, and HIPAA.

    This wizard will then run an algorithm that identifies and reports columns that might have such challenges, but you’re still free to add some on your own. From here you can make adjustments to the suggestions, or remove some of the columns you are uncomfortable with from your list. The classifications created are then stored through extended properties. This is an SSMS report that uses similar information to show columns that have already been identified. Keep in mind that the properties might not be visible outside this report.

    A new command was created for this metadata in SQL Server 2019. The command, ADD SENSITIVITY CLASSIFICATION is also available in the Azure SQL Database. What this does is that it confers the ability to perform the same procedure as you would with the SSMS wizard. However, the information will not be stored as an extended property. Other than that, the data is audited in an XML column, data_sensitivity_information. All the information that would have been accessed during the audited event is contained here.

    Troubleshooting

    • Lightweight Profiling on by Default

    This enhancement has been around for a while and experienced several tweaks down the line. It was first introduced with SQL Server 2014 as DMV sys.dm_exec_query_profiles. Their role is to help users who are running queries to collect diagnostic information on all operators involved in the query. With this information, it’s possible to determine the operators who performed the most tasks, and why. This is ideal for auditing.

    Even if a user is not using this query, they would still be able to get a glimpse into the data for whichever session they are interested in, as long as STATISTICS PROFILE or STATISTICS XML was enabled. Alternatively, this is also possible through the extended event, query_post_execution_showplan. However, the problem with this event is that it usually strains performance.

    In Management Studio 2016, functionality was added, enabling it to show real-time data movement in an execution plan according to the information from the DMV. Therefore, regarding troubleshooting, this was a very powerful tool. Plan Explorer is another option that comes in handy for replay and live capabilities when visualizing data through query duration.

    In SQL Server 2016 SP1, it was possible to allow a lightweight version of the data collection process for all the sessions. To do this, execute the extended event query_thread_profile or use the trace flag 7412. This allows you to access important information about a session of interest without necessarily having to explicitly enable anything in the session. This applies more so for anything that has a negative effect on performance.

    For SQL Server 2019, the thread profile is already enabled by design. You don’t need, therefore, to have an extended session or trace flag running in an individual query. For all concurrent sessions, you can easily look at the DMV data at any given time. This can also be turned off using the LIGHTWEIGHT_QUERY_PROFILING database scoped configuration. However, the syntax cannot work with CTP 2.0, but there are plans to have it fixed in the new release.

    • Clustered Columnstore Index Statistics Available in Clone Databases

    To clone a database in the current SQL Server models, you will only get the original statistical object from the clustered columnstore index. If there were updates made to the table after creation, these will not be affected.

    In case you use the clone to tune queries or any other performance tests that need cardinality estimates, the use cases will not be valid. The workarounds for this limitation are not very easy to remember, and they might also be very expensive.

    The updated stats are available automatically in the clone in SQL Server 2019. Therefore, you are able to test any query scenarios and find a workable plan depending on the actual statistics, without having to manually run STATS_STREAM on each table.

    • New Function to Retrieve Page Info

    For a very long time, DBCC PAGE and DBCC IND have been used to collect information on pages that make up a table, index or partition. However, these are unsupported and undocumented commands. Automating solutions on problems which need more than one page or index might be a very tedious process.

    After that, sys.dm_db_database_page_allocations was introduced. This is a dynamic management function (DMF) which returns a set that represents all pages in the object in question. The function creates a predicate pushdown issue that might prove to be a concern with larger tables. For this to collect information on one page, it will have to read the whole structure, and this can be very prohibitive.

    SQL Server has also brought a new DMF, sys.dm_db_page_info. This DMF returns all information on a given page without unnecessary overheads to the function. To use this function in the current builds, you will have to know the page number that you are looking for beforehand. This might be intentional, but it’s a performance guarantee.

    For more information on Microsoft SQL Server, or to speak to a SQL licensing expert, contact Royal Discount at 1-877-292-7712 for a free consultation.


  • How to Enable (and use) Remote Desktop on Windows 10

    remote desktop on windows 10

    Windows 10 can be configured to access your computer using Remote Desktop from a number of different devices. Allowing Remote Desktop sessions to your computer from your remote devices gives you access to files and resources from anywhere you are when away from home or the office.

    To take advantage of RD, your host computer must be connected to the Internet, turned on and configured to allow connections from other devices. Access to the computer via Remote Desktop must be granted by permission and the connections allowed through the computer's local firewall.

    Why Use RD on Your Windows 10 Computer?

    If you are physically sitting at your computer, then you do not need Remote Desktop. Accessing your computer with RD is a convenience which allows you to work on your computer from a remote location without taking your computer with you. However, there are a number of considerations in regard to using RD on your computer.

    Security is of the utmost concern when using Remote Desktop so you need to be well aware of how you are configuring access to your computer. When RD is enabled a port is opened on the local network which makes your computer accessible with specific logon and permissions rights granted. Given the security concerns, it is important to understand that RD access can rights provide permission onto your computer with full administrative power as well as other user accounts from groups given access to the computer. It is important to use strong passwords when granting access rights to your computer over Remote Desktop.

    Over a network or domain, Remote Desktop should be used in conjunction with the option for Network Level Authentication (NLA). Using NLA means that only accounts with specific Remote Desktop access within the network will be allowed to logon to computers via RD. If you are using Remote Desktop in a home environment, NLA should not be enabled.

    Allowing Access in Windows 10 from Home

    Enabling Remote Desktop means that you are allowing a direct connection to your computer which is a peer-to-peer connection. A wide range of devices can be used when making a connection with RD to your Windows 10 computer. There are two options for connecting to your computer using Remote Desktop, port forwarding and VPN (Virtual Private Network).

    Port forwarding is a process which maps the public address of your router to the address of your computer on your network. In order to implement port forwarding from your router, you will need specific instructions from your router's manufacturer.

    Using VPN, you can connect to your computer with RDS as if it is part of the virtual private network. With this method you will not use a public IP address to connect to your computer, instead you will use the VPN to establish the secure connection. Once connected to the VPN, RD can then be used to connect to your computer. There are a number of different VPN services available which you can investigate based on your specific needs.

    Remote Desktop Configuration on Your Computer

    Accessing your computer at work may be controlled by security policies established on the network. Specific groups and users may be the only ones allowed to use RD so you should check with your IT support regarding what is allowed.

    Configuring your PC for remote access requires just a few simple steps (Home editions do not include support for Remote Desktop):

    1. On the host device (the one you want to connect to), select Start and then click the Settings icon that looks like a gear.
    2. Select the System group icon and then the Remote Desktop item from the menu on the left.
    3. Use the slider switch to enable Remote Desktop. (To keep a PC awake and discoverable for connection availability you might consider turning off sleep/power-save modes.)
    4. Click Show settings to view and configure a list of other settings as necessary (most may not have direct relevance).
    5. As needed, click Select users that can remotely access this PC to add a specific user who will have access (members of the Administrators group automatically have access).
    6. Make note of the name of your PC under How to connect to this PC. You'll need this to configure the client access.

    Using the Windows Client

    1. If your remote computer or device does not have the Remote Desktop client already it can be downloaded with a quick search of the Microsoft Store.
    2. Add a computer connection to the RD client by choosing Add + and then Desktop.
    3. Enter the computer name and the account information which will be used to make the connection.
    4. Additional options are available by clicking on Show more. These options allow for specific configurations for the remote session, all of which can be saved for future use.
    5. You can also add remote resources such as Remoteapp programs, session-based desktops and virtual desktops which have been published in RDSH. Click Add + and then choose Remote resources from the Connection Center window to add these resources.
    6. Enter the feed URL already provided by an administrator and then click Find feeds.
    7. Enter the necessary credentials to subscribe to the feed.

    To edit or remove a connection, click on the overflow menu (…) for the specific desktop and choose Edit or Remove as appropriate. To remove a remote resource, also click on the overflow menu (…) for the specific desktop and choose Remove. Specific connections can also be pinned to the Start menu by using the overflow menu (…) and clicking on Pin to Start.

    Add a Remote Desktop Gateway

    In order to connect to a host computer on the network from anywhere on the Internet you can set up a Remote Desktop Gateway:

    1. In the Connection Center click on Settings.
    2. At Gateway click on + to add the gateway (a gateway can also be added when adding a connection).
    3. Enter the server name which can be an IP address, computer name or Internet domain name (port numbers can be added as well using this format Name:443, where name is the computer name, domain or address).
    4. Enter the user account information or choose "Use desktop user account" to use the same account as that for RD connections.
    5. Save the configuration.

    Conclusion

    Remote Desktop is a convenient tool for accessing remote resources within a network or over the Internet. A Remote Desktop environment already setup on a network will provide users fast access to apps and resources important to them. Use from a home computer with the correct edition and configuration of firewall and network equipment is readily available and easy to achieve.

    To learn more about Remove Desktop usage and implementation, contact our experts at RoyalDiscount.com - your online source for cheap OEM, Retail & Cloud products.


  • What is Azure Active Directory?

    azure active directory

    What is Azure AD

    Active Directory is Microsoft's domain management software which controls all security functions within an organization affecting log-ins, password, accounts and security permissions to apps and data resources. Azure Active Directory is an extension for on-premises Active Directory implementations or can stand alone as a security product for Azure implementations that are not already part of a domain.

    When using any kind of virtual or cloud resources, security controls are extremely important and AAD is the foundation for providing access controls even in hybrid implementations so that an on-premise presence and a cloud presence will work together on the same AD infrastructure. This is even more important when considering use for application development and integration with Office 365 especially when used remotely.

    Microsoft provides a wide range of tools in Azure AD Connect which replaces older versions of identity integration tools such as DirSync and Azure AD Sync. With this latest version of Azure AD security and identity are synchronized when used together between the cloud and on-premise implementations. AD Connect is also an integration tool that allows for the use of single-user identities and single sign-on access (SSO) whether it's in the office, on the cloud, or using Office 365.

    Azure AD provides synchronization of user IDs, groups and other Active Directory objects so that all of these elements are present and up-to-date between the cloud and physical locations used by organizations. There are a variety of authentication methods which can be used especially in hybrid solutions. Choices can be made between such cloud authentication methods as Password Hash Synchronization or pass-through authentication and even federated authentication (AD FS). Additionally, Azure AD Connect Health allows for monitoring of Active Directory resources from a centralized location within the Azure portal.

    Editions

    As with all Microsoft products, there are a variety of editions for Azure Active Directory which provide sign-on and other security and identity needs. Subscription services to Microsoft Products like Office 365 and Microsoft Azure automatically provide for Azure Active Directory ase. This free edition of Azure Active Directory allows for management of user IDs, groups and synchronization with on-premise Active Directory implementations with all available sign-on capabilities for Azure, Office 365 and a wide range of SaaS applications including Google Apps and Dropbox among a few examples.

    There are a few different addition levels of which an organization should be aware. These are Azure Active Directory Basic, Azure Active Directory Premium P1, and Azure Active Directory Premium P2

    • Azure AD Basic - This edition is centered around cloud-based implementations for application access and self-service identity management which includes group-based access management, self-service password reset and Azure AD Application Proxy.
    • Azure AD Premium P1 - this is an enterprise level edition which provides identity management for on-premise users, remote users and hybrid users accessing applications both locally and over the cloud. This edition includes support for self-service identity, access management, administration of dynamic groups including self-service group management, as well as Microsoft Identity Manager which is a suite of on-premise identity and access management tools.
    • Azure AD Premium P2 - this edition includes all of the features of Azure AD Premium P1 with the addition of Identity Protection and Privileged Identity Management (PIM). Identity Protection provides management of conditional access to apps and critical data. PIM enhances management of privileged accounts tied to administrative access and other resources.
    • Additional versions are available in a pay-as-you-go editions such as Azure AD B2C for ID and access control of public apps. Also, Azure Multi-Factor Authentication can be implemented on a per-user or per-authentication basis.

    Benefits of Azure AD

    Azure AD provides a wide range of benefits when used in both cloud-based and hybrid implementations (where on-premise and cloud resources are used together), assisting with:

    1. Single identity creation and management of all users within an entire organization while providing synchronization of users, groups and devices via Azure AD Connect.
    2. Leverage of Azure AD's reliable HA for enterprise-class cloud presence with access management solutions.
    3. Control application security access with enforced rules-based policies that stretch across cloud-based applications and on-premise resources using Multi-Factor Authentication.
    4. Reduce support interaction and increase user productivity with the Azure AD MyApps portal to engage self-service password reset as well as manage group and application access requests.
    5. With Azure AD Application Proxy, a host of pre-integrated SaaS apps allow single sign-on access to a wide range of deployed apps within an organization.

    Additional considerations regarding synchronization, authentication and health monitoring in relation to Azure AD Connect enhance the overall benefits for organizations. Synchronization links on-premise and cloud-based resources and, in conjunction with password write-back, keeps user IDs, groups and other objects, including passwords, seamlessly up-to-date. Authentication methods with hybrid identity solutions in mind, including cloud authentication features such as Password Hash Synchronization / Pass-through Authentication or federated authentication (AD FS), provide effective security solutions. Health monitoring is available in a centralized location within the Azure portal where Azure AD Connect provides viewing of all activity.

    Intended Users

    Azure AD is a cloud-based integrated Active Directory implementation which can be used at all levels within an organization just like an on-premise AD forest structure. User-classes include the following:

    • IT administrators - with Azure AD Connect, admins can provide integration to existing Windows Server AD environments so that current on-premise resources and apps can be synchronized and managed with SaaS apps provided from the cloud. With increased security solutions, an organization can provide greater single sign on access and identity management for numerous apps hosted in cloud-based SaaS environments as well as those hosted on-premise. IT admins will find improved security over cloud-hosted resources with strengthened security, managed access control, collaborative enhancements and automated user identity lifecycle for assurance that compliance and security requirements are met.
    • App Developers - key app and SQL developers will find Azure Active Directory, no matter the edition in use, includes a wide array of tools for integration with the latest identity management solutions. SSO self-service and access control management features allow developers a wider range of options for delivery of important apps.
    • Office 365, Azure, or Dynamics CRM Online customers - tenants for these cloud-based products already use Azure AD so it can be put to use immediately with user access to cloud-base apps.

    Getting Started with Azure AD

    Administrators and developers can sign-up for 30-day trials of Azure AD to learn more about usage and implementation of the product.

    For a quick start, sign onto the Azure Portal where you can access Azure AD and create a new basic-tenant. To begin, you'll need a valid license and Global Administrator access in your portal account.

    Creation of a new tenant for Azure Active Directory can be easily and quickly achieved. Here are some instructions for a fast start at building your Azure AD environment:

    1. Sign into the Azure portal using a Global administrator account as noted above in the requirements.
    2. Select Azure Active Directory from the portal dashboard.
    3. Choose create resources.
    4. Then select identity and Azure Active Directory. At this point, the create directory page will appear.
    5. Next, enter your organizational name.
    6. Then enter the organizational domain name.
    7. Lastly, choose the country or region which should already be set to United States and then select create.

    The tenant will now be created with the domain matching the entries from the organizational and domain names.

    To further manage the tenant, especially if this is for testing purposes, deletion can be completed very easily. Simply log onto the Azure portal and select Azure Active Directory and then the name of the tenant you have created where you can select to delete the directory on the tenant page. The tenant and all associated information will be deleted if you make this choice so make sure this action is taken with care.

    Conclusion

    Azure Active Directory provides an entire organization with an impressive range of tools for internal support well as user productivity. With SSO and a variety of self-service tasks available to users, password resets and security access requests to applications and resources all can be completed without interaction with a helpdesk. Azure Active Directory also provides an extended, consistent, synchronized management apparatus into cloud-hosted resources and apps for strengthened security and delivery at improved cost.

    To learn more about Azure Active Directory, contact our experts at RoyalDiscount.com - your online source for cheap OEM, Retail & Cloud products.


  • How Much Does Windows Server 2016 Cost?

    windows server 2016

    Windows Server 2016 is the newest version of Microsoft's server operating system available on the market. Costs and pricing for this latest OS version has changed in some ways versus earlier versions. Let's take a look at what those changes included along with what is the same. Here are the categories of editions available:

    • Datacenter Edition for highly virtualized private and hybrid cloud environments.
    • Standard Edition for non-virtualized or lightly virtualized environments.
    • Essential for small businesses with up to 25 users and 50 devices.

    Microsoft previously released Windows Server 2012 and Windows Server 2012 R2 as well as the Windows Server 2014 and Windows Server 2014 R2 with Standard and Datacenter (Enterprise) editions. Windows Server 2016 is no different than these previous versions in regard to editions so you can expect to have two basic types of pricing.

    However, in regard to licensing there are some changes with Windows Server 2016. As with a number of other products, Microsoft has shifted from licensing based on number of processors to the number of cores for a more accurate accounting. This is a big shift from the previous editions of Windows Server and applies to both Standard and Enterprise versions.

    Additionally, with the arrival of Windows Server 2016 previous feature parity is no longer available. Earlier versions of Windows Server OS's basically included the same available features with the exclusion of VM licensing. Below is quick list of categories and further information regarding availability between the versions.

    Windows Server 2016 edition Ideal for Licensing model CAL requirements [see below] Pricing Open NL ERP (USD) [See Below]
    Datacenter [see below] Highly virtualized and software-defined datacenter environments Core-based Windows Server CAL $6,155
    Standard [see below] Low density or non-virtualized environments Core-based Windows Server CAL $882
    Essentials Small businesses with up to 25 users and 50 devices Specialty servers (server license) No CAL required $501

    The new licensing model of physical servers requires all physical cores on the server to be licensed. Microsoft requires that a minimum of eight core licenses with every physical processor loaded in the server. A minimum of 16 cores will be licensed for servers with only one processor.

    Here are some further notes of interest between Windows Server 2016 Datacenter and

    Standard editions:

    • Pricing for 16 core licenses of Windows Server 2016 for both Datacenter (Enterprise) and Standard editions will have the same price as the license which corresponded to the same editions of the Windows Server 2012 R2 version for 2 processors.
    • Licensing rights for Windows Server 2016 Standard edition only provides for all physical cores in the server to be licensed for only 2 OSE's or Hyper-V containers. In the instance of additional OSE's or Hyper-V containers, Microsoft allows for multiple licenses to be assigned to the same cores.
    • Access by users or devices to Windows Server Standard or Datacenter editions requires a Windows Server CAL. However, access to multiple licensed Windows servers is allowed for each Windows Server CAL.
    • A Windows Server CAL is retroactive to earlier Windows Server versions with regard to right to access by users or devices.
    • Additional CAL's are required for such functions as Remote Desktop services or Active Directory Rights Management services as has been the previous case with earlier Windows Server versions.

    Windows Server 2016 also has some feature differentiation:

    Feature Datacenter Standard
    Core functionality of Windows Server · ·
    OSEs / Windows Server containers with Hyper-V isolation Unlimited 2
    Windows Server containers without Hyper-V isolation Unlimited Unlimited
    Host Guardian Service · ·
    Storage features including Storage Spaces · o
    Shielded Virtual Machines · o
    Networking stack · o

    FAQs

    Why has Microsoft instituted its licensing changes?

    The new licensing model assists Microsoft with delivering consistency between on-premise and cloud environments for improved licensing benefits within hybrid implementations or for transitions to cloud-based computing. Customers with Software Assurance will find that the Azure Hybrid Use Benefit (AHUB) is now available to leverage for cost savings, especially when shifting Windows Server virtual machines to Azure with base compute rates.

    How are virtualization rights different with Windows Server 2016?

    Datacenter provides unlimited rights for OSE's or Hyper-V containers with minimum physical core licensing (8 cores/physical processor with a minimum of 16 cores licensed per server). Standard edition is limited to up to 2 OSE's or Hyper-V containers (unlimited Windows Server containers are included on the licensed server and additional VMs will require additional licensing for all physical cores).

    Are existing customers with Software Assurance affected by changes to the licensing model when deploying Windows Server 2016 or System Center 2016?

    Software Assurance customers can deploy Windows Server 2016 or System Center 2016 at any time.

    How does the new licensing model affect hyper-threading?

    Only physical cores on processors are considered and inventoried with consideration to core-based licensing for Windows Server 2016 or System Center 2016. Virtual cores are not considered in the licensing parameters.

    Can Windows Server 2016 support VMs running inside a VM and how are these nested virtualizations licensed?

    Unlimited virtualization is covered in the licensing model for Windows Server 2016 Datacenter. However, the Standard Edition covers no-to-low-virtualization so only two VMs are allowed in this scenario where a VM nested inside a VM would count as two VMs in the licensing model.

    When continuing a subscription for System Center Software Assurance with Azure rights to manage instances as well as for third-party cloud providers, how many cores should be licensed with this benefit if no on-premise OSE's are being managed using System Center?

    A minimum of 16 cores, which is the equivalent of System Center 2012 R2 2-processor licensing, is needed for continued Software Assurance benefits for Azure and other cloud providers.

    To learn more about Microsoft Windows Server 2016 licensing, contact our experts at RoyalDiscount.com - your online source for cheap OEM, Retail & Cloud products.


  • How to Connect to Azure VM to RDP (Remote Desktop Protocols)

    azure vm rdp connection

    Azure cloud services are perfect for hosting VM's and offer ways for businesses to drive IT costs lower. The advantages of VM's cannot be minimized so creating and accessing them are very important to get up and running as soon as possible as well as gaining access to them with Remote Desktop. If you are getting started with Azure here are instructions to accomplish creation of a VM and then connect to your virtual environment.

    For anyone in need of testing VM's, Remote Desktop is part of the mix of helpful tools for using Azure hosting services or even developing a virtual footprint.

    • Everything begins with accessing the Azure Portal and creating a virtual machine. Once an account is established on Azure, it is then time to lay some foundations with testing over a remote connection.
    • Within the dashboard, build a VM by clicking on New from the menu.
    • This action will bring you to a choice of operating systems. After clicking your choice, you are then presented with a form where you will name and configure your VM.
    • Among the other settings you will choose are type of disk (SSD or HDD), the login credentials, the type of subscription, a resource group type and name, as well as the region where the VM will reside. Be aware that SSD is costlier than HDD if budget is a concern. If this is a test configuration, it may be best to stay with a HDD configuration and put your money into SSD-based VM's for your high-end server needs.
    • The next step in the process is choosing your machine type. There will be several choices based on subscription and your choice of disk types. Once you have chosen the type and the amount of vCPU and memory, you're ready to move to the next step.
    • Networking is the third step, where you will be presented with options to define your virtual network, subnet and other settings. The Auto-Shutdown feature is helpful because up-time is part of you cost in Azure. If the VM is not needed at all times, then this choice can cut costs, especially in a developmental environment. If you choose this setting you can define when the VM will be shutdown.
    • Once you complete all these steps, you are presented with a summary at which point you confirm and launch the VM creation process. After the VM build is completed, you are ready to begin working in your Azure environment. Once the VM is running, RDP (Remote Desktop) is now a primary tool to manage your virtual machine.

    However, if you first try to use the connect button, you may find that it will be grayed out. In this case, you need to configure a Network Inbound Rule which will allow connectivity to the machine (via the firewall created with the VM). Creating these rules can be very important since you may have a variety of security configurations and concerns. The main idea is to create a rule that you will be able to use for a number of different VM's. Also, regarding security, consider how many different IP addresses will be allowed to connect to your VM environment. For security purposes, the fewer addresses you allow the better, so plan appropriately.

    To access Network Inbound Rules, find Network Security Group in your Azure Portal dashboard. You may well find that applying some basic rules to your future VM's will be helpful. To complete creating the rule, you will need the port number used by RDP which is 3389. With this inbound rule now defined, you can use RDP to connect to your VM.

    When using RDP be aware that there are a number of options available. These can range from local accounts to domain logons. It will be up to you to use Azure's security to manage what accounts will have access over RDP to your VM's. Policies can be set in place which allow regular users frequent access via domain accounts over the RDP client. Accounts used for support and management can be placed in a separate policy since these may have administrative access. Other account level access can also be managed through security policies which you can create.

    Here are some quick instructions to connect with the RDP client:

    • From your Azure dashboard, click into Virtual Machines.
    • Select a VM to log onto with RDP.
    • There will be a connect symbol to click at the top of the VM page.
    • Clicking the symbol will trigger the "Connect to Virtual Machine" page from which you choose options and then click to "Download RDP file".
    • Once downloaded, click to open the file and connect (there may be a notice that the file is from unknown publisher but this is not unusual).
    • The Windows security page will appear where you will enter login credentials for the local VM or domain account you intend to use.

    Note that, unless the VM is a domain controller you will either use a local VM account or a domain user account. This means that if you are using a local account, you will enter the name of your VM as the domain name (vmname\username). Otherwise, if the VM is a domain member, you will enter the domain name and account (domain\username). In both cases there should be a password for the account being use which you already have. If your VM is a domain controller you must login with the credentials for a domain administrator account. Click "Yes" to verify connectivity and you should be logged onto your VM.

    VM's are extremely handy tools for creating virtual desktops and servers, so when you begin your Azure experience make sure you understand how to create and access them. Using security best practices will help you manage users accessing the virtual network appropriately while keeping intrusions to a minimum. Because of the nature of the VM's, RDP becomes an essential way to access them, so managing inbound rules with security groups and appropriately assigning user account security policies is most important. However, you can create and run VM's very quickly in your environment with little trouble and begin building your virtual network.

    To learn more about Azure products, RDP or RDS, contact the cloud experts at RoyalDiscount.com.


  • RDS Licensing

    remote desktop licensing (rds)

    Accessing your remote server implementations is highly important. With Microsoft server 2016, this is accomplished with Remote Desktop Services so that administrators can access and manage servers. This management is especially vital when servers exist in the cloud as virtual deployments. However, RDS is subject to licensing so let's take a look at how this process works as well as how you can implement license access to your virtual server environment. Before we get into how to setup the license server, let's discuss the types of licensing and other requirements.

    Licensing Modes and Other Concerns

    Every server comes with two Client Access Licenses (CAL) for accessing the operating system which is useful depending on the number of people who will log on your VM's. To start your RDS licensing, make sure you install the RDS role on all your servers. Next you need to make sure you have a license server installed on your network within 120 days of implementation or RDS will stop functioning. Once you have your license server installed then you must activate it and add your purchased CALs.

    With RDS licensing, there are two different modes which you can use. First is per user mode which means you must purchase a CAL for each and every person who will be using RDS to access your VM's. In this mode it does not matter how many devices are being used, but rather the number of users that are licensed. You must make sure that your CALs are added so that affected users can all log on and manage servers remotely. Using this mode, a licensed user can even use more than one device at a time since the licenses are associated with specific accounts. A server will accept any and all connections in this mode, however it is important to remember to buy the correct number of licenses and that they remain current with the agreement.

    The second mode of licensing is per device. Since licenses can be expensive, if you have a large number of people who will be accessing VM's but not constantly, then you may want to consider CALs per device. Licensing on a per device basis means that only a certain number of devices will be allowed connection via RDS at any given time. Your pool of CALs will provide the access until they are all used up, then other users will not be able to logon and will have to wait for an available CAL. But multiple users can still login from the same device if you wanted to purchase one license for a specific computer to be used for the purposes of RDS access.

    Other details to keep in mind for your Remote Desktop Services licensing are as follows:

    • CALs must be the same Windows server version as that to which the user or device will be connecting.
    • Your chosen RDS licensing server must be version 2016. Licenses for any previous versions can be hosted on Windows server 2016. The compatibility runs backward but not forward, meaning that a licensing server using Windows server 2012 could not host licenses for Windows server 2016.
    • There is no way to convert old licenses to 2016.
    • Upgrading the license server requires the need to delete the license database and then upgrade the server. This means it's better to create a new server and install the licensing role with the newest CAL version.

    Installing Remote Desktop License Manager

    Installing the Remote Desktop licensing role is a straightforward process, especially if you have installed roles on servers previously. A best practice is to install the license server on your domain, commonly done on domain controllers. Here are the instructions to follow:

    1. From Server Manager, click on the RDS node.
    2. Then click on RD licensing.
    3. Where you are logged on, click Next and Add RDS Manager
    4. Soon after you have added the role it will complete installation.
    5. Activate RD licensing by opening the Remote Desktop Licensing Manager (open Server Manager, click Tools, click Remote Desktop Services, click RD Licensing Manager).
    6. Right-click on the name of your RD license server and then left click on activate server.
    7. A wizard will appear and you will click next, then leave the next setting on "Automatic connection if the license server is connected to the Internet".
    8. Enter all the required information and any optional information that you wish to include, then click Next.
    9. Note that Start Install Licenses Wizard now will be checked by default so you can just click Next.
    10. Another welcome page will appear on which you can click Next to view the license program page where you will pick the type of license to be installed. Here you must choose the type of license which has been purchased, then click Next.
    11. Now you will be given the opportunity to enter all of the license codes which have been purchased. Once complete click Next.
    12. At this point, you will see all of the licenses by description in the right window pane when you click on the license server on the list in the left pane.

    License Management

    There are several considerations of which you should be aware for managing your licenses:

    • Any new licenses purchased must be added to the RDS license server from the Remote Desktop Licensing Manager where you will use much the same process to add them.
    • Once you have installed your license manager, if you see a yellow triangle warning beside your server you may need to add the licensing server to your active directory domain (if you have not done so already, which is a good reason to install it on a domain controller). To add the licensing server, simply right-click on your server list and select review configuration where you will have the option to add it to an Active Directory group. This action should resolve your problem. You can also confirm that your license server is correctly added to the proper AD group by using Active Directory Users and Computers (ADUC) to navigate to built-in groups and checking the subgroup for Terminal Server License Servers.
    • Otherwise there may be times when you need to migrate your CALs to another server. This is done from the Licensing Manager where you will right-click on the name of the licensing server and then select manage licenses. This action will open a wizard and you will click Next on the welcome page and then choose the first option on the Action Selection page. You can then choose that you are replacing your license server and, after clicking Next, you will enter the name or IP address of the replacement server. At this point you will be required to enter in your server key or agreement number, then confirm all the licenses you are migrating by adding all of them, then click Next. The licenses will be transferred to the new license server. If the new license server is offline, you will have to obtain the license server ID by logging onto the new server and obtaining it from the license server properties and entering the information into the wizard on your original license server.
    • You may also need to remove specific license packs from your license server. This is done by accessing the license server database with PowerShell (use the command: Get-WmiObject Win32_TSLicenseKeyPack, to see the list of license packs, then use the number of the license pack, or PackKeyID, with the command: wmic /namespace:\root\CIMV2 PATH Win32_TSLicenseKeyPack CALL UninstallLicenseKeyPackWithId [PackKeyID]). Once these series of commands are completed, you will need to rebuild the database either manually or automatically using the wizard from right clicking on the server name in the license manager. Choose manage licenses and this time in the action selection page choose the second choice for rebuild database. After you click next you will confirm that the database will be deleted after which you have the opportunity to reinstall your licenses with the wizard. Rebuilding manually means that you must stop the licensing services and rename the database file from TLSlic.edb to something like TLSlic.old, then restart the service.

    Those are the basics for understanding CALs for RDS, installing the Remote Desktop license manager and managing your CALs. To learn more about Azure Services, VM's and Remote Desktop Client access, contact our experts at RoyalDiscount.com- Your online source for cheap OEM, Retail & Cloud products.