A Solution for Private Cloud Security

Posted on January 22, 2012 by Dominik Zemp

And a next blog based on the recent announcements of Microsoft.

The A Solution for Private Cloud Security is a series of three papers on private cloud security. And is therefore a part of a collection of documents comprise the Reference Architecture for Private Cloud documentation set.

The current version of the A Solution for Private Cloud Security considers the security aspects of design and create robust and comprehensive private and hybrid cloud environments and consists of the following three papers:

  • Blueprint for A Solution for Private Cloud Security
  • Design Guide for A Solution for Private Cloud
  • Operations Guide for A Solution for Private Cloud

You can download all three documents in Word format as well, on http://gallery.technet.microsoft.com/A-Solution-for-Private-67209ab1.

Posted in Uncategorized | Tagged | Leave a comment

Free Microsoft Private Cloud Training

Posted on January 21, 2012 by Dominik Zemp

After Microsoft’s announcement of the new System Center 2012 wave, a true private cloud builder, Microsoft offers a free 2-day virtual training event to help the world learn about the upcoming enhancements with the Creating & Managing a Private Cloud with System Center 2012 Jump Start.

You can find more information about this free training on http://blogs.technet.com/b/server-cloud/archive/2012/01/20/free-microsoft-private-cloud-training.aspx

And information about System Center 2012 and the new capabilities to build a private cloud can be found on http://blogs.technet.com/b/server-cloud/archive/2012/01/17/system-center-2012-a-true-private-cloud-builder.aspx.

Posted in Uncategorized | Tagged | Leave a comment

FIM 2010 Community Resources

Posted on January 19, 2012 by Dominik Zemp

I thought it would be nice to blog about all the awesome community-related FIM activities/resources. So let’s kick off…

… and more with a next update!

Posted in Forefront, Forefront|Forefront Identity Manager | Tagged | Leave a comment

Rollup 1 for Forefront UAG 2010 Service Pack 1 Update 1

Posted on January 12, 2012 by Dominik Zemp

Today, Microsoft released a first rollup package for UAG 2010 SP1 Update 1. You can find a list of all fixes that are included in the rollup 1 on http://support.microsoft.com/kb/2647899.

Oh and yes, a rollup 1 for TMG 2010 SP2 has been published as well: http://support.microsoft.com/kb/2649961

Posted in Forefront, Forefront|TMG, Forefront|UAG | Tagged | Leave a comment

Update: FIM 2010 and Exchange 2010 Provisioning

Posted on December 23, 2011 by Dominik Zemp

Last year, I wrote a first blog (http://blog.gocloud-security.ch/2010/05/13/fim-2010-and-exchange-2010-provisioning) about Exchange 2010 provisioning with FIM 2010 (codeless or not). Now, I’m currently working on a project where one requirement is the quick’n’dirty provisioning of mail-enabled users (please do not mistake a mail-enabled user with a mailbox user!).

The link that I used in my past blog was the one pointing to the TechNet magazine (http://technet.microsoft.com/en-us/magazine/ff472471.aspx). And one point which really confused me was the following:

image

Based on another table, the following attributes are required for a mail-enabled user:image

Another interesting point is the following:image

Now, wait a second… does that mean that I have to set the msExchHomeServerName as well when using Exchange 2010?? And should I use the ExchangeUtils class (of the Microsoft.MetadirectoryServicesEx) and especially the overloaded CreateMailEnabledUser() method? The answer is simple NO – for both questions!

First of all, have a look at the source code of the ExchangeUtils.CreateMailEnabledUser() method (btw, I used the free dotPeek from JetBrains as decompiler):image

So no magic! What the CreateMailEnabledUser() method really does is set the two attributes – the mailNickname and targetAddress – that’s all! But there is another important part as well – the objectType = “user”; line. You are fine with that as long as you use the user class (default in Active Directory) when provisioning the user objects. But that’s not the case in the current project (where we use a custom class in the schema) and therefore anyway a no-go for the CreateMailEnabledUser() method!

Posted in Forefront, Forefront|Forefront Identity Manager | Tagged , | Leave a comment

A Guide to Claims-Based Identity and Access Control, Second Edition–Downloadable eBook

Posted on December 18, 2011 by Dominik Zemp

The phenomenal resource (book) ‘A Guide to Claims-Based Identity and Access Control’ has been renewed and published on MSDN a couple of weeks ago. This resource is the best I’ve ever seen for claims-based authentication and in particular AD FS 2.0! Every second invested in reading this book is more than worth the time!

You can find the online version of the 2nd edition on:

But now the reason of this post – in addition to the online version, there is now downloadable PDF version of the 2nd edition. You can download it from:

So the last thing that is missing is a printed version of the book… for those of you who want to read it under the Christmas tree. Smile

Posted in Active Directory Federation Services (AD FS) 2.0, Windows Azure, Windows Azure|Access Control Service, Windows Azure|Windows Azure Active Directory | Tagged , , , | Leave a comment

Windows Azure Active Directory

Posted on December 12, 2011 by Dominik Zemp

A really interesting “change” in the name of one of the Windows Azure components, not particular from a content point of view. Read the lines below:

Windows Azure Active Directory is a cloud service that provides identity and access capabilities for applications on Windows Azure and Microsoft Office 365. Windows Azure Active Directory is the multi-tenant cloud service on which Microsoft Office 365 relies on for its identity infrastructure.
 
Windows Azure Active Directory utilizes the enterprise-grade quality and proven capabilities of Active Directory, so you can bring your applications to the cloud easily.  You can enable single sign-on, security enhanced applications, and simple interoperability with existing Active Directory deployments using Access Control Service (ACS), a feature of Windows Azure Active Directory.

Maybe this indicates the direction of the journey… But anyway, at the moment the Windows Azure Active Directory is just the cloud implementation of AD FS 2.0 (with some custom capabilities).

Read the full article on  http://www.windowsazure.com/en-us/home/tour/access-control/

Posted in Office 365, Windows Azure, Windows Azure|Access Control Service, Windows Azure|Windows Azure Active Directory | Tagged , , | Leave a comment

Web-based Self-Service Password Reset with FIM 2010 R2

Posted on December 9, 2011 by Dominik Zemp

With this blog, I want to highlight some of the very interesting articles about one of the new features of FIM 2010 R2 – the web-based self-service password reset.

Articles from Anthony Ho:

Articles from Paul Williams:

Articles from Patrick Layani:

 

And finally, the Evaluation Guide on TechNet: http://technet.microsoft.com/en-us/library/hh322874(WS.10).aspx

Posted in Forefront, Forefront|Forefront Identity Manager | Tagged | Leave a comment

Forefront Identity Manager 2010 R2 Release Candidate Now Available

Posted on November 23, 2011 by Dominik Zemp

Mark Wahl, Principal Program Manager, announced the availability of the FIM 2010 R2 RC today!

(http://blogs.technet.com/b/server-cloud/archive/2011/11/23/forefront-identity-manager-2010-r2-release-candidate-now-available.aspx)
This release candidate includes new and updated features for FIM 2010 R2:

  • Historical reporting using integration to the System Center Service Manager data warehouse
  • Web-based Self-Service Password Reset
  • Scale and performance improvements
  • Outlook® 2010 support for the FIM add-ins and extensions and SharePoint® 2010 support for the FIM Portal

You can download the RC bits from this link: http://bit.ly/svx2XX

Posted in Forefront, Forefront|Forefront Identity Manager | Tagged | Leave a comment

Office 365 Directory Synchronization Tool now with 64-bit Support

Posted on November 23, 2011 by Dominik Zemp

Awesome news for (especially) all guys who had to install a dedicated 32-bit server just for the Directory Synchronization Tool (DST):

From John Speare (Senior Technical Writer) on http://community.office365.com/en-us/w/sso/555.aspx:

It’s arrived!

The 64-bit version of the directory synchronization tool is now available. The 64-bit version now uses Forefront Identity Manager (FIM) 2010 as the underlying synchronization engine. FIM is installed silently when you run Setup.

Instead of the old ILM binaries, FIM 2010 is now installed as part of the DST setup! The new FIM’ed version of the DST shares the exact functional parity with the old ILM’ed version, for example regarding the filtering of the objects. Please refer to http://onlinehelp.microsoft.com/en-us/Office365-enterprises/ff652543.aspx for the DST documentation.

Posted in Forefront|Forefront Identity Manager, Office 365 | Tagged , | Leave a comment