Understanding StorSimple

StorSimple - @SeniorDBA

Microsoft is selling an appliance named StorSimple, that can be used for archiving files, a network backup target, or even as a file server. Microsoft bought the company named Xyratex, a former subsidiary of Seagate, to acquire this solution. This appliance was originally not very useful, because:

  • It shared storage via iSCSI only so it didn’t fit well into a virtualization stack, especially Hyper-V which has moved more to SMB 3.0.
  • The file storage engine that decided which files stayed local vs. were moved to the Azure cloud was almost useless.
  • The physical appliance required space in your server rack, when virtualization is the focus for most solutions.
  • While the box was free, it did require a purchase of an enterprise agreement and paying for moving files out of Azure as some files were accessed.

Microsoft has improved StorSimple over the years and now the product is much more useful.

Continue reading “Understanding StorSimple”


Microsoft Plans Office 365 Upgrades

Office 365 - @SeniorDBA

A few months ag0 Microsoft announced that Windows 10 would receive major updates just twice a year, scheduled for September and March. Based on feedback from enterprise customers wanting a more tolerable schedule, Microsoft moved to make their release schedule more predictable.

What some people missed is that they also announced an identical schedule for corporate subscribers to Office 365. They aligned the update schedule with Windows 10. Microsoft says they plan to deliver and support Office 365 ProPlus updates, starting in September.

Microsoft also extended support 50% from 12 months per update to 18 months. The additional six months means your IT team can choose to push updates just once or twice a year.

Office 365 update channels, showing the new update channel names and release cadence

The twice-a-year feature updates will be named Semi-annual Channel (Pilot) and Semi-annual Channel (Broad), each describing how Microsoft envisions them being deployed in the enterprise. Most people will probably just refer to them as simply “Pilot” and “Broad”.

You can get more information here.

Economics of the Cloud

Cloud Economics

For most companies, maintaining a large IT presence implies large capital expenditures and a non-trivial amount of accounting and record-keeping to track depreciation, tax considerations, and so forth. When you purchase the hardware and the software, they become yours (in every sense of the word) and your long-term responsibility.  The traditional model of enterprise computing is a capital-intensive function that requires expensive data centers (electricity, air conditioning, servers, networks, storage, etc.) and operations staff (hardware swaps, networks, backups, OS updates, upgrades, etc.) to keep it all running effectively. With an on-premises data center, you must plan and provision for maximum utilization, which is financially inefficient.

Data Center

The appeal of cloud computing includes the ability of enterprises to pay for only what they use. If demand decreases and you no longer need the assigned capacity, you can turn off systems and you are no longer charged for those systems. Since the cloud is a subscription-based model, it is an “operating expense” model. Computing becomes a service for which businesses are billed a monthly charge that is metered by actual usage. The more (compute, network, and storage resources) that you use the more expensive your monthly bill. The less you use, the less you will be charged.

Another way to save money is cloud operations frees your enterprises of the costly tasks of system backups, routine network maintenance, software patches, etc. because you cloud provider can handle these tasks.

Azure Spend

Most IT organizations find wide variations in system utilization. Some applications are seasonal and other applications run for a short period of time before being shut down. You might have other applications that are simply unpredictable and you can’t apply a cost saving model.

Building your server infrastructure in a cloud environment can save your business money and allow for greater innovations for less money.


AzureAD PowerShell V2.0 is now GA

Azure - SeniorDBA

Microsoft has announced that PowerShell Azure AD v2.0 cmdlets are now generally available. They updated the names of all cmdlets to conform with the Azure PowerShell naming conventions. Since they’re publishing a new module for these cmdlets, the name of the module has changed as well: the existing module’s name was “MSOL”, the new module is now called “AzureAD”.

Azure Active Directory V2 PowerShell Cmdlets
  • Add-AzureADAdministrativeUnitMember – Add an administrativeUnit member
  • Add-AzureADApplicationOwner – Add an owner to an application
  • Add-AzureADDeviceRegisteredOwner – Add an owner to a device
  • Add-AzureADDeviceRegisteredUser – Add a user to a device.
  • Add-AzureADDirectoryRoleMember – Add a member to a directory role
  • Add-AzureADGroupMember – Add a member to a group
  • Add-AzureADGroupOwner – Add an owner to a group
  • Add-AzureADScopedRoleMembership – Add a scoped role
  • Add-AzureADServicePrincipalOwner – Add an owner to a service principal
  • Confirm-AzureADDomain – Validate the ownership of the domain.
  • Connect-AzureAD – Connect with an authenticated account to use Azure Active Directory cmdlet requests.
  • Disconnect-AzureAD – Disconnects the current session from an Azure AD tenant
  • Enable-AzureADDirectoryRole – Activates an existing directory role in Azure Active Directory
  • Get-AzureADAdministrativeUnit – Get an Administrative Unit by objectId
  • Get-AzureADAdministrativeUnitMember – Get administrativeUnit members.
  • Get-AzureADApplication – Get an application by objectId
  • Get-AzureADApplicationExtensionProperty – Get group extension properties
  • Get-AzureADApplicationKeyCredential – Get an application’s key credentials
  • Get-AzureADApplicationOwner – Get owners of an application.
  • Get-AzureADApplicationPasswordCredential – Get and application’s password credentials
  • Get-AzureADApplicationPolicy
  • Get-AzureADContact – Retrieves a specific contact from Azure Active Directory
  • Get-AzureADContactDirectReport – Get the contact’s direct reports.
  • Get-AzureADContactManager – Retrieves the manager of a contact from Azure Active Directory
  • Get-AzureADContactMembership – Get contact memberships.
  • Get-AzureADContract – Retrieves a specific contract from Azure Active Directory
  • Get-AzureADDevice – Retrieves a specific device from Azure Active Directory
  • Get-AzureADDeviceRegisteredOwner – Get users that are registered as owner on the device.
  • Get-AzureADDeviceRegisteredUser – Get users that are marked as users on the device.
  • Get-AzureADDirectoryRole – Retrieves a specific directory role from Azure Active Directory
  • Get-AzureADDirectoryRoleMember – Get the members of a directory role.
  • Get-AzureADDirectoryRoleTemplate – Retrieves a list of directory role templates in Azure Active Directory
  • Get-AzureADDirectorySetting – Retrieves a directory setting from Azure Active Directory.
  • Get-AzureADDirectorySettingTemplate – Retrieves directory setting template from Azure Active Directory.
  • Get-AzureADDomain – Get an domain by objectId
  • Get-AzureADExtensionProperty – A collection that contains the extension properties registered with the directory.
  • Get-AzureADGroup – Get a group by objectId
  • Get-AzureADExtensionProperty – Gets extension properties registered with Azure AD.
  • Get-AzureADGroupAppRoleAssignment – Get group application role assignments.
  • Get-AzureADGroupMember – Get members of a group.
  • Get-AzureADGroupOwner – Get owners of a group.
  • Get-AzureADMSGroup – Retrieves a group from the directory
  • Get-AzureADMSGroup – Gets information about groups in Azure AD.
  • Get-AzureADOAuth2PermissionGrant – Get a list of all oAuth2PermissionGrants granted by users within the directory.
  • Get-AzureADObjectSetting – Retrieves a object setting from Azure Active Directory.
  • Get-AzureADPolicy
  • Get-AzureADPolicyAppliedObject
  • Get-AzureADScopedRoleMembership
  • Get-AzureADServiceAppRoleAssignment – Get service principal application role assignments.
  • Get-AzureADServiceConfigurationRecord – Get serviceConfigurationRecords
  • Get-AzureADServicePrincipal – Get a service principal by objectId
  • Get-AzureADServicePrincipalCreatedObject – Get objects created by the service principal.
  • Get-AzureADServicePrincipalKeyCredential – Get a service principal’s key credentials
  • Get-AzureADServicePrincipalMembership – Get service principal memberships.
  • Get-AzureADServicePrincipalOAuth2PermissionGrant – Get the list of the oAuth2PermissionGrants that a user granted this service principal.
  • Get-AzureADServicePrincipalOwnedObject – Get objects owned by the service principal.
  • Get-AzureADServicePrincipalOwner – Get owners of a service principal.
  • Get-AzureADServicePrincipalPasswordCredential – Get a service principal’s password credentials
  • Get-AzureADServicePrincipalPolicy
  • Get-AzureADSubscribedSku – Retrieves a list of subscribed SKUs (subscriptions) to Microsoft services.
  • Get-AzureADTenantDetail – Retrieves the details of a tenant in Azure Active Directory
  • Get-AzureADTrustedCertificateAuthority
  • Get-AzureADUser – Retrieves a specific user from Azure Active Directory
  • Get-AzureADUserAppRoleAssignment – Get user application role assignments.
  • Get-AzureADUserCreatedObject – Get objects created by the user.
  • Get-AzureADUserDirectReport – Get the user’s direct reports.
  • Get-AzureADUserExtension
  • Get-AzureADUserManager – Retrieves the manager of a user from Azure Active Directory
  • Get-AzureADUserMembership – Get user memberships.
  • Get-AzureADUserOAuth2PermissionGrant – Get the list of the oAuth2PermissionGrants that the user granted applications.
  • Get-AzureADUserOwnedDevice – Get registered devices owned by the user.
  • Get-AzureADUserOwnedObject – Get objects owned by the user.
  • Get-AzureADUserRegisteredDevice – Get registered devices registered by the user.
  • Get-AzureADVerificationDnsRecord – Get verificationDnsRecords
  • New-AzureADAdministrativeUnit – Create a new administrativeUnit in Azure Active Directory
  • New-AzureADApplication – Create a new application in Azure Active Directory
  • New-AzureADApplicationExtensionProperty – Create application extension property
  • New-AzureADApplicationKeyCredential – Create a new key credential for an application
  • New-AzureADApplicationPasswordCredential – Create a new password credential for an application
  • New-AzureADDevice – Create a new device in Azure Active Directory
  • New-AzureADDirectorySetting – Creates a directory settings object in Azure Active Directory.
  • New-AzureADDomain – Create a new domain in Azure Active Directory
  • New-AzureADGroup – Create a new group in Azure Active Directory
  • New-AzureADGroupAppRoleAssignment – Assign a group of users to an application role.
  • New-AzureADMSGroup
  • New-AzureADMSInvitation
  • New-AzureADMSGroup – Creates an Azure AD group.
  • New-AzureADObjectSetting – Creates a settings object in Azure Active Directory.
  • New-AzureADPolicy
  • New-AzureADServiceAppRoleAssignment – Assign a service principal to an application role.
  • New-AzureADServicePrincipal – Create a new application in Azure Active Directory
  • New-AzureADServicePrincipalKeyCredential – Create a new key credential for a service principal
  • New-AzureADServicePrincipalPasswordCredential – Create a new password credential for a service principal
  • New-AzureADTrustedCertificateAuthority
  • New-AzureADUser – Create a new user in Azure Active Directory
  • New-AzureADUserAppRoleAssignment – Assign a user to an application role.
  • Remove-AzureADAdministrativeUnit – Delete an administrativeUnit by objectId.
  • Remove-AzureADAdministrativeUnitMember – Removes an administrativeUnit member.
  • Remove-AzureADApplication – Delete an application by objectId.
  • Remove-AzureADApplicationExtensionProperty – Delete an application extension property.
  • Remove-AzureADApplicationKeyCredential – Remove a key credential from an application
  • Remove-AzureADApplicationOwner – Removes an owner from an application.
  • Remove-AzureADApplicationPasswordCredential – Remove a password credential from an application
  • Remove-AzureADContact – Deletes a specific contact in Azure Active Directory
  • Remove-AzureADContactManager – Deletes the contact’s manager in Azure Active Directory
  • Remove-AzureADDevice – Deletes a specific device in Azure Active Directory
  • Remove-AzureADDeviceRegisteredOwner – Removes an owner from a device.
  • Remove-AzureADDeviceRegisteredUser – Removes a user from a device.
  • Remove-AzureADDirectoryRoleMember – Removes a specific member from a directory role.
  • Remove-AzureADDirectorySetting – Deletes a directory setting in Azure Active Directory.
  • Remove-AzureADDomain – Delete an domain by objectId.
  • Remove-AzureADGroup – Delete a group by objectId.
  • Remove-AzureADGroupAppRoleAssignment – Delete a group application role assignment.
  • Remove-AzureADGroupMember – Removes a member from a group.
  • Remove-AzureADGroupOwner – Removes an owner from a group.
  • Remove-AzureADMSGroup – This cmdlet removes a group from the directory
  • Remove-AzureADMSGroup – Removes an Azure AD group.
  • Remove-AzureADOAuth2PermissionGrant – Delete an oAuth2PermissionGrant.
  • Remove-AzureADObjectSetting – Deletes settings in Azure Active Directory.
  • Remove-AzureADPolicy
  • Remove-AzureADScopedRoleMembership
  • Remove-AzureADServiceAppRoleAssignment – Delete a service principal application role assignment.
  • Remove-AzureADServicePrincipal – Delete an application by objectId.
  • Remove-AzureADServicePrincipalKeyCredential – Remove a key credential from a service principal
  • Remove-AzureADServicePrincipalOwner – Removes an owner from a service principal.
  • Remove-AzureADServicePrincipalPasswordCredential – Remove a password from a service principal
  • Remove-AzureADTrustedCertificateAuthority
  • Remove-AzureADUser – Deletes a specific user in Azure Active Directory
  • Remove-AzureADUserAppRoleAssignment – Delete a user application role assignment.
  • Remove-AzureADUserExtension
  • Remove-AzureADUserManager – Deletes the user’s manager in Azure Active Directory
  • Revoke-AzureADSignedInUserAllRefreshToken – Invalidates all of the currently signed in user’s refresh tokens issued to applications (as well as session cookies in a user’s browser), by resetting the refreshTokensValidFromDateTime user property to the current date-time.
  • Revoke-AzureADUserAllRefreshToken – Invalidates all of the user’s refresh tokens issued to applications (as well as session cookies in a user’s browser), by resetting the refreshTokensValidFromDateTime user property to the current date-time.
  • Revoke-AzureADSignedInUserAllRefreshToken – Invalidates the refresh tokens issued to applications for the current user.
  • Revoke-AzureADUserAllRefreshToken – Invalidates the refresh tokens issued to applications for a user.
  • Select-AzureADGroupIdsContactIsMemberOf – From a list of groups Ids select those that the contact is a member of.
  • Select-AzureADGroupIdsGroupIsMemberOf – From a list of groups Ids select those that the group is a member of.
  • Select-AzureADGroupIdsServicePrincipalIsMemberOf – From a list of groups Ids select those that the service principal is a member of.
  • Select-AzureADGroupIdsUserIsMemberOf – From a list of groups Ids select those that the user is a member of.
  • Set-AzureADAdministrativeUnit – Updates a specific administrativeUnit in Azure Active Directory
  • Set-AzureADApplication – Updates a specific application in Azure Active Directory
  • Set-AzureADContact – Updates a specific contact in Azure Active Directory
  • Set-AzureADContactManager – Updates the contact’s manager in Azure Active Directory
  • Set-AzureADDevice – Updates a specific device in Azure Active Directory
  • Set-AzureADDirectorySetting – Updates a directory setting in Azure Active Directory.
  • Set-AzureADDomain – Updates a specific domain in Azure Active Directory
  • Set-AzureADGroup – Updates a specific group in Azure Active Directory
  • Set-AzureADMSGroup – Set a group’s attributes
  • Set-AzureADMSGroup – Changes attribute values on an Azure AD group.
  • Set-AzureADObjectSetting – Updates settings in Azure Active Directory.
  • Set-AzureADPolicy
  • Set-AzureADServicePrincipal – Updates a service principal in Azure Active Directory
  • Set-AzureADTrustedCertificateAuthority
  • Set-AzureADUser – Updates a specific user in Azure Active Directory
  • Set-AzureADUserExtension
  • Set-AzureADUserLicense – Add and remove one or more licenses for a Microsoft online service to the list of assigned licenses for the user.
  • Set-AzureADUserManager – Updates the user’s manager in Azure Active Directory
  • Set-AzureADUserPassword – Sets the password of a user in Azure AD
  • Update-AzureADSignedInUserPassword – Updates the password for the signed in user in Azure AD

Update-AzureADSignedInUserPassword – Update a password

PS C:\>Update-AzureADSignedInUserPassword -CurrentPassword $CurrentPassword -NewPassword $NewPassword

This command updates the password for the signed-in user.

Best Practices Checklist for SQL Server on Azure Virtual Machines

Microsoft Azure - SeniorDBA

Just some quick tips for building a SQL Server instance on Azure virtual servers.

Area Optimizations
VM size DS3 or higher for SQL Enterprise edition.

DS2 or higher for SQL Standard and Web editions.

Storage Use Premium Storage. Standard storage is only recommended for dev/test.

Keep the storage account and SQL Server VM in the same region.

Disable Azure geo-redundant storage (geo-replication) on the storage account.

Disks Use a minimum of 2 P30 disks (1 for log files; 1 for data files and TempDB).

Avoid using operating system or temporary disks for database storage or logging.

Enable read caching on the disk(s) hosting the data files and TempDB.

Do not enable caching on disk(s) hosting the log file.

Important: Stop the SQL Server service when changing the cache settings for an Azure VM disk.

Stripe multiple Azure data disks to get increased IO throughput.

Format with documented allocation sizes.

I/O Enable database page compression.

Enable instant file initialization for data files.

Limit or disable autogrow on the database.

Disable autoshrink on the database.

Move all databases to data disks, including system databases.

Move SQL Server error log and trace file directories to data disks.

Setup default backup and database file locations.

Enable locked pages.

Apply SQL Server performance fixes.

Feature specific Back up directly to blob storage.

You can get more information about performing Azure database backups here.

5 Announcements from PASS Summit 2016

Pass Summit 2016 - SeniorDBA

The annual Professional Association for SQL Server (PASS) conference was held recently, and Microsoft has disclosed some of the important announcements from that event.

  1. Public Preview of Azure Analysis Services – Azure Analysis Services enables developers and BI professionals to create BI Semantic Models.
  2. SQL Server 2016 DW Fast Track Reference Architecture, 145TB – The Data Warehouse Fast Track (DWFT) reference architectures that certify that a SQL Server 2016 SMP unit can support active data sets of up to 145TB and maximum user size of 1.2 Petabytes of SQL Data in an all flash system.
  3. Data Migration Assistant and Database Experimentation Assistant – Microsoft released the Data Migration Assistant (DMA) v2.0 that helps you upgrade to the latest version of SQL Server 2016 from legacy SQL Servers.
  4. Azure SQL Data Warehouse Expanded Free Trial – The exclusive Azure SQL Data Warehouse free trial. Customers can request a one-month free trial for Azure SQL Data Warehouse.
  5. Cognitive Toolkit (formerly known as CNTK) – The availability of a beta for Microsoft Cognitive Toolkit (formerly CNTK), which is a free open-source commercial-grade toolkit that uses deep learning algorithms to learn like the human brain.

You can read more here.

Microsoft Azure obtains ISO 27017

Security is probably one of the first things people ask about when looking at a cloud provider. How do you know the cloud provider is performing their required security functions correctly to keep your systems and data secure? Microsoft is continuously adding and improving security to it’s Azure offerings, and now they have achieved ISO certification. ISO is an international organization that establishes standards in a variety of areas, and has over 21,000 different standards. Customers look to a ISO standard to help them measure and compare competitors.

This certification provides guidance on 37 controls in ISO/IEC 27002 and features seven new controls not addressed in ISO/IEC 27002. Both cloud service providers and cloud service customers can leverage this guidance to effectively design and implement cloud computing information security controls. Customers can download the ISO/IEC 27017 certificate which demonstrates Microsoft’s continuous commitment to providing a secure and compliant cloud environment for our customers.