Posts Tagged cloud-computing
A screenshot started doing the rounds today of the launchpad for Office 15. It also included the new Office 15 logo which has had a Metro makeover. As mentioned a couple of weeks ago Microsoft now intends to release Office 15 with its soon to be launched Surface tablet, along with support for the RT or ARM based version of Windows 8.
Observing the screenshot above (which is not a lot to go on I know) you could come to the conclusion that Office 15 exists within a “sub menu” of metro. A nested app experience that in my opinion lends itself to iOS deployment. It makes sense, if Microsoft have re-designed Office from the ground up for Windows RT it makes sense that there is a version available for iOS as well. I have no doubt that the Windows 8 experience of Office 15 will be the best experience of any platform, but Microsoft must acknowledge that there are other hounds snapping at its heels thanks to Google’s recent purchase of Quick Office for iOS and some 400 Million Customers.
Tight integration with Microsoft’s expanding cloud services, Skydrive for consumers and Office 365 for business and education, is the name of the game. It’s in Microsoft’s best interest to break down the barriers to adopting its cloud services and it shouldn’t matter what device is used. Note the lack of Office 365 or Sharepoint tiles in the screenshot above, but I have no doubt this will be included in future “leaks”.
Microsoft needs to simplify the current 2010 experience, Metro is an excuse to do so, allowing for a completely different design language to be used when addressing one of their biggest revenue sources.
Cloud computing is initially seen as a way of reducing cost to a business. This is achieved, of course, by moving all “back office” services such as email servers, collaboration servers and communications servers into a shared platform. When we talk about Microsoft Office 365 in New Zealand, those services are hosted in a data center managed by Microsoft in Singapore (there is a “geo-redundant” data center in Hong Kong). That isn’t going to change, the “addressable market” is the important factor behind offering these services at such a low price. There just aren’t enough people in New Zealand for Microsoft to even consider building a data center here. Microsoft are very transparent as to where your data resides and how to get connected to it. Microsoft even go to the extent of making the IP addresses of their data center public information. They can be found here: http://onlinehelp.microsoft.com/en-us/Office365-enterprises/hh373144.aspx
In a previous post I talked about the isolation New Zealand faces when it comes to being connected to the internet. I’ve had customers who have decided to adopt cloud computing without considering their internet connection. This usually proved disastrous, seeing connectivity fail completely in some instances. It all comes down to the due care that the ISP (Internet Service Provides) gives to routing traffic once it leaves our shores. Despite efforts from the government to enhance the connectivity to the internet via the UFB (Ultra Fast Broadband) initiative, this is only going to affect traffic within the country, its what happens once the data leave New Zealand that is important, particularly when it comes to adopting cloud services.
Until recently there have only been “loose” relationships held by our telcos with overseas ISP’s. For instance Telstra clear have an agreement with the global consortium Reach Global Services to route international traffic for their customers, this is known as a peering agreement. This agreement sees various routes used depending on the time of day, or even the nature of the data being sent. In my time working with BPOS and then Office 365 customers I haven’t found an ISP that offered a tailored link to the Microsoft data centers in Singapore.
Then along came Kordia…
Kordia recently announced their intention to provide customers with a tailored connection to the internet, offering prioritized connectivity to the Microsoft Office 365 data centers in Singapore. This was to address the less than average connection provided by other telcos and assist IT companies deliver the best experience to their customers with an Office 365 solution. This was made possible by leveraging Kordia’s existing infrastructure in Sydney and the acquisition of a dedicated link to Singapore from the Sydney site. Where other telco’s may route your traffic via the USA to Singapore, Kordia offer the most direct route seeing ping times (latency) drop from the average 400ms to 150ms, making sharepoint online silky smooth. For the press release : http://www.kordia.co.nz/_blog/What%27s_new/post/link_to_Microsoft/
With any cloud solution the most critical thing to consider ahead of your deployment has to be your connection to the internet. For the best solution on the market today your first port of call has to be Kordia. Microsoft Online Services have been sold in New Zealand since April 2009 and to date there has been no telco other than Kordia offering an optimized connection to the data center in Singapore. Kordia also offer a certified SIP trunk for Microsoft Lync server (the only certified provider in New Zealand), this suited to an on-premise deployment only at this stage…. but we can hope this will integrate with Lync online at some stage in the future…. imagine, click to call land-lines from within Office 365 / Lync!
Simple maths really… Office 365 = Kordia
If you want to know more about the Kordia offerings please feel free to contact me firstname.lastname@example.org for more information.
The term Federation is something I am familiar with, thanks largely to may hours spent watching Star Trek as a kid. The United Federation of Planets in the TV series/movies referred to very different cultures having a common bond, in a political sense. Federation when it comes to cloud services has more than one meaning, and I want to use this blog to explain the term Federation and how it relates to various cloud services and how it improves the overall cloud experience.
We will talk about federation relating to cloud services hosted by Microsoft specifically Office 365, although Windows Intune and Azure also use the term Federation (ill save those for a future blog post). There are many other technologies that deliver similar results with other cloud services but I really want to focus on the term federation when it relates specifically to a Microsoft solution.
In the old days of Windows NT if you wanted to access information in another Domain you would need to setup a trust , a trust was setup either one way or two way and was generally quite unreliable. It did however address the issue of sharing information between business units or organizations (if you were brave). There needed to be a better more secure way of sharing information while limiting the access either party had to the other party’s security context.
Along came Active Directory Federation Services or ADFS, it has been around for some time and uses Microsoft’s version of the Security Assertion Markup Language or SAML claims based authentication model. It is now in its second generation and with version 2.0 comes the ability to federate your Active Directory with Office 365. ADFS 2.0 isn’t just restricted to Office 365 for its federation options, there are a number of cloud providers that support ADFS including IBM Tivoli, Novell Access manager, Sun Open SSO and CA (Site Minder and Federation Manager) using SAML, Microsoft is also a founding member of OpenID the organisation that is promoting standards in identity management.
ADFS 2.0 allows a customer to federate their identity to the cloud services contained within Office 365, creating what is known as a Single Sign On experience for end users. Single Sign On or SSO allows users to login to their PCs (assuming they are connected to an Active Directory service with ADFS installed) and seamlessly connect to any Online Service they are licensed for and have permission to access. SSO is the holy grail of any cloud service and removes one of the biggest barriers to cloud adoption in the enterprise.
ADFS is a pre-requisite when you want to configure Exchange or Lync (Lync will allow this in a future release) to run in a hybrid scenario (what used to be called co-existence). For more information on running a hybrid deployment of Exchange 2010 SP2 go here: http://technet.microsoft.com/en-us/library/gg577584.aspx
Due to its complexity and demand on resources (servers and administration) ADFS is only suited to larger organizations, thus ADFS implementations are only possible with the Enterprise offering of Office 365 (E and K plans). ADFS also requires an additional Windows Sever 2008 (or R2) and some thought into providing a resilient installation (read more than one ADFS server!), if the ADFS service fails… users will no longer be able to connect to their cloud services either from inside their network or externally.
To learn more about ADFS go here : http://technet.microsoft.com/en-us/library/cc736690(v=ws.10).aspx
For a tutorial video on identity and Office 365 go here: http://technet.microsoft.com/en-us/edge/office-365-jump-start-04-microsoft-office-365-identity-and-access-solutions
Virtual Labs on ADFS and Federation here: http://technet.microsoft.com/en-us/office365/hh744605
Given the complex nature of setting up a resilient ADFS service there needs to be another way to synchronize user accounts from an on-premise Active Directory to the cloud. The previous version of Microsoft Online Services (Business Productivity Online Services) or BPOS attempted to make life easier for administrators by providing a one-way sync from the on premise Active Directory Server to the cloud. This sync known as DirSync would create the user ID’s in the cloud (over writing whatever was there to begin with), the one major problem was that it didn’t synchronize the users Passwords. This option is still available to all users of Office 365 and doesn’t require the complexity associated with ADFS, it will however only synchronize objects from the on-premise AD to the cloud, including groups and users. The DirSync application has been updated to include a x64 version that in turn must be installed on a members server (non-domain controller). From the admin portal under users you are able to setup the DirSync function.
To learn more about DirSync go here: http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652543.aspx
Application Specific Federation
Now that we have covered the use of Federation when it relates to your user identity its nice to know that the word Federation is also used when describing the sharing of information between applications existing in separate organizations.
Lync Online delivers its Federation experience by putting you in touch with those who are not part of your organization. It has the ability to federate presence, instant messaging and voice/video calls with the following deployments:
- On-premise Office Communications Server 2007 R2
- On-premise Lync Server
- MSN (Live) Messenger
- Other Office 365 customers
Obviously the other organizations will need to have federation setup themselves. For your Office 365 deployment it is as easy as ensuring the SRV record is configured in your DNS settings as described previously here and the federation is enabled in your Office 365 administration portal / Lync Online Control Panel as pictured below.
There is a tool which searches you contacts for those who are available to federate via Lync here: http://gallery.technet.microsoft.com/Who-Can-Federate-Tool-a9e00d23 There is also a database maintained of the organizations with either OCS 2007 R2 or Lync on-premise / Online who are available for federation available here: http://www.lyncdirectory.com/
Federation relating to Microsoft Exchange is a one-to-one relationship between two federated Exchange organizations that allows recipients to share free/busy (calendar availability) information. It is also known by the term “federated delegation“. Both sides of the Federation need to be configured, for an on-premise Exchange 2010 deployment a connection must be made to the Microsoft Federation Gateway. The Microsoft Federation Gateway provides applications with a free, simple, standards-based method of establishing trust between separate organizations that uses SSL certificates to prove domain ownership. Because the organizations federate with the gateway instead of with each other, it is much easier for an organization to establish trust relationships with multiple partners than is possible when it uses conventional one-on-one federation or other trust relationships. The scope of the federation can be easily controlled by creating allow or deny lists of users and domains for licensing and by specifying the domains that can receive publishing licenses. This guarantees that only appropriate organizations are given access to protected information. More information for a local deployment of Exchange 2010 can be found here: http://technet.microsoft.com/en-us/library/dd335047.aspx or here http://technet.microsoft.com/en-us/library/dd638083.aspx .
With Office 365 the hard work is done for you. All of the detail described above is baked right in and it is up to the users to delegate the access to their own calendars individually. This is turned off by default and can be enabled to the following degree:
- No free/busy access
- Free/busy access with time only
- Free/busy access with time, plus subject and location
This access can be granted via the Outlook application and can be granted to users outside the organization if they are using a Federated Exchange Server or another Office 365 tenant. There is a tool that will tell which one of your contacts is available to view you calendar available to download here: http://gallery.technet.microsoft.com/Exchange-Federation-fdf8a324
Although not strictly Federation at the application level, it utilizes Federation between the Office 365 tenant and Windows Live ID’s. Within any deployment of Office 365 and Sharepoint Online you are able to invite external users to view or edit your documents by simply sharing the site/library and use their email address. If the recipient hasn’t done so already they will be prompted to create a Live ID when they attempt to access your site using their email address. This external access is included in Sharepoint Online within Office 365 and doesn’t consume any licenses. Keep in mind as I mentioned previously that the P plan of Sharepoint Online does NOT deliver the content over a secure channel (SSL) so you should ensure you choose the right plan for your intention.
Federation is a term that will be used hand in hand with any cloud conversation in the future. As with any technology it pays to understand it ahead of time and ensure your customers/users are using it in an appropriate manner.
I may have a better appreciation of the things I can do within my Office 365 environment due to my past life as an IT administrator, but I thought it would be good to point a few of those features out and describe why they may mean something to the average business user. The application that is most attractive out of the Office 365 suite has to be Exchange Online. This hosted email service is available as a base component of all of the suites on offer and is probably the “first cab off the rank” when a customer looks to a cloud offering.
Exchange Online launched in New Zealand back in April 2009 and it formed part of what was then known as BPOS or Business Productivity Online Suite. This product was based on a multi-tenanted version of Exchange 2007. In the middle of last year Office 365 launched and with it came a better Exchange Online experience, offering some of the great features you would get with an on premise installation of Exchange 2010. As with any hosted offering the products get better over time and since the release of Office 365 certain features have been added to the suite. These features are make it easier for non-technical employees to administer the functionality of what would be normally complex back-end systems all via a web portal.
Mobile device management
One of the biggest advances in email technology over the past few years has been the introduction of Mobile access. Microsoft set the standard in my opinion with ActiveSync, blowing away the previous market leader RIM (aka Blackberry). With the RIM offering you needed middleware to connect and manage the mobile handsets, furthermore they needed to be Blackberry handsets. ActiveSync on the other hand is now licensed by Microsoft to many handset providers including Apple’s iPhone and iPad, Google Android devices and obviously Windows Phone 7 devices. ActiveSync allows the management of devices from the Outlook Web App experience, remote wipe etc as well as push notification and contact/calendar/contact sync. As an administrator you are also able to restrict access to mailboxes by mobile devices as well.
While Office 365 supports Blackberry devices, the “native” support is for ActiveSync devices as shown above. There has also been an announcement recently to introduce the ability to connect mobile devices via ActiveSync to the Kiosk Worker plan at $3.06 per user per month for a 1Gb mailbox. The kiosk worker plan is great for a mobile worker who is rarely in the office and doesn’t use a desktop PC on a regular basis, it won’t let you connect Outlook to the mailbox but the Outlook Web App is more than enough for occasional users. For more information on Exchange Online Plans visit www.office365.com
Legal Hold and Archive
Legal hold is something that I believe should be part of any email solution. In the press you hear often how emails can get people, and more importantly businesses into and sometimes out of trouble. The legal hold functionality of Exchange Online is provided by the premium product in either the Exchange Online Plan 2 stand alone product or the E3 and E4 suites. Do not confuse legal hold with the personal archive capability.
Personal Archive – Provides the ability for users to manage the retention of mail in their mailboxes. Personal archive is available to all suites and product versions of Exchange Online with the exemption of the Kiosk Plans. (Kiosk Plans are able to add the archive product separately). For P1 plans of Exchange Online the Archive and Mailbox capacity is a combined total of 25Gb, Plan 2 is unlimited.
Legal Hold – Provides legal hold capabilities to preserve users’ deleted and edited mailbox items (including email messages, appointments, and tasks) from both their primary mailboxes and personal archives. Administrators can use the Exchange Control Panel or Remote Power Shell to set legal holds on individual mailboxes or across an organization. The administrator can then choose to notify the user of the legal hold or not.
Deleted Item Retention – Provides the end-user with the ability to recover a deleted item from any folder for up to 14 days. This timeframe can be changed using remote Power Shell commands or via a Service request.
Multi-mailbox search is available in Exchange Online. This comes in useful when investigation is undertaken by Human Resources or a legal investigation takes place. This is a very powerful feature and can be accessed via a web portal (under the Exchange Management Portal from your Admin Site) or via remote power shell cmdlets. The e-discovery power shell scripts can also be used to find and remove email items from multiple mailboxes that match a certain criteria. For more information see: http://www.microsoft.com/exchange/en-us/email-archiving-and-retention.aspx
Exchange Online is protected by The Microsoft Forefront Service for anti-spam and malware. This product can be tuned via the Exchange Management portal which is accessible to administrators through the Admin Portal. Most businesses I have dealt with have paid an additional cost to filter un-wanted email from their inboxes using a product hosted by a third-party (ISP or other hosted provider) or in some instances another product sitting on a separate server. This feature comes with all product versions of Exchange Online and in my experience hasn’t failed me yet. The administrator is able to configure the Forefront product to alert users if any spam has been filtered by way of email or indeed turn the feature off altogether and let the spam be dealt with by the Junk Mail folder within Outlook.
Role Based Access
Exchange Online uses a Role-Based Access Control (RBAC) model that allows organizations to finely control what users and administrators can do in the service. Using RBAC, administrators can delegate tasks to employees in the IT department as well as to non-IT employees. For example, if a compliance officer is responsible for mailbox search requests, the administrator can delegate this administrative feature to the officer. It is important to note that many of the features above need to be restricted to certain people within your organization.
These are but a few enterprise features delivered by Exchange Online that expands the value email has to a business. Anywhere access, reliability and security are components of what a robust email solution needs to provide. The pricing for Office 365 Exchange Online products are below (New Zealand $).
- Kiosk (deskless) Users – 1Gb Mailbox for Mobile device access using ActiveSync and Outlook Web App – NZD $3.06 per user per month
- Exchange Online Plan 1 – 25Gb Mailbox for users connecting via Outlook and Mobile devices, includes personal archive – NZD $6.11 per user per month
- Exchange Online Plan 2 – Unlimited mailbox for users connecting via Outlook and Mobile devices, includes personal archive and legal hold ability – NZD $12.25 per user per month.
I became a systems engineer for an IT firm back in the early 1990’s, back in the good old days when re-installing Windows was a regular piece of advice you would give to your customers in order to solve a software crash. Back in those days it was not uncommon to turn up to a customers site to find software that was installed incorrectly or misconfigured, worse still there was little or no documentation to assist you with restoring the server that had just crashed. Not to mention a tape “backup” that was of little or no value due to lost incremental backup tapes, cumbersome offsite storage or worse still a series of unsuccessful backup jobs leaving the customer with no restorable data.
Those kind of situations were of a regular occurrence and cost customers lots and lots of money. To prevent such catastrophes a customer would be asked to deploy resilient servers with redundant hardware and big capacity backup tapes. More often than not the customer would purchase part of the required solution but not be able to justify the “best practice” solution. Cutting corners was a recipe for disaster but at the end of the day it was what most small businesses in New Zealand could afford.
Technology didn’t come cheap back then, and today at the top end of the market it still isn’t cheap. Resilient server hardware still costs, even though I can buy a 2TB hard drive for under NZ$200 it’s not the same as a high performance RAID system that can cost 5 times as much for the same capacity. Lucky for us that cloud computing has started to take off, companies are now able to access a “best practice” deployment of their favorite software running on the resilient hardware we could only dream of in the 1990’s.
The software companies of today are very different to what they were in the 1990’s, they recognize the fact that their software may be installed incorrectly and cause a customer a great deal of pain. What used to be a few wizards used in the setup process has now become an entire suite of tools focused on management and monitoring. Microsoft is one of the players in the market that provides cloud solutions based on the software they have sold to their customers for many years, allowing them to not only provide the best experience of their software to their customers but also to their partners, IT firms, who also have the ability to run the software in a “best practice” environment. All of the tools Microsoft uses in their data centers in Singapore are now used by partners in New Zealand to run their hosted environments, providing a resilient and efficient service.
Microsoft’s hosted offering is price competitive and, as an economy of scale, it will only get cheaper. Recently Microsoft announced a 20% drop in the pricing of their Office 365 suite. So why would I chose to use a local partner to host my email, CRM or line of business software?
Local cloud providers matter, there are many reasons why you would choose a local cloud provider over a larger provider such as Microsoft or Google. It shouldn’t come down to cost of the subscription alone, there are other important factors to consider when working with a cloud provider.
New Zealand is a very small island in a big ocean and as a result our connectivity to the world is somewhat limited. This will change over time with other connections coming online soon however at this point in time there is only the Southern Cross Cable connecting New Zealand businesses to the internet. This will obviously result in some latency and moreover additional cost depending on the plan you have with your ISP. Local providers are usually connected into the local loop via high speed fiber: think latency of around 10 – 30ms compared to Singapore of around 180ms (what I have seen on a GOOD day). This isn’t a problem for 80% of most businesses and their requirements, such as email, however when you are dealing with applications such as CRM with integration into custom line of business applications the latency starts to have a negative impact on the end user experience. The advice I have is to run a trial of the software you intend to run before you purchase, something all cloud providers offer at no cost.
When you think of a local cloud provider don’t be surprised to know that there has been and will continue to be significant investment in large data centers in New Zealand. Over the past 3 years I know of more than three Class 3 data centers that have opened up in New Zealand, these data centers are bigger than a football field and are utilized by your local cloud providers. The photo above shows the inside of one of these data centers just north of Auckland’s CBD. They are built using the same guidelines that Microsoft and Google use and are usually helped along by the various hardware vendors; HP, EMC, Dell etc.
Most providers of cloud solutions are able to keep costs low because they do not provide any level of customization for the solution. To most small businesses this will not matter however when integration to an existing on premise solution is required or better yet that solution is to be pulled into a hosted environment a local cloud provider is the only sensible option to choose. Recently I worked with www.onenet.co.nz to host a customers CRM solution. The solution required a level of customization that OneNet was able to provide in-house allowing for tighter integration to their line of business applications. Furthermore the location of the OneNet servers gave the end users a snappy response when using CRM from within their Outlook client, this was a client requirement in a heavy use scenario.
Throat to choke
Local providers have one benefit as well that the likes of Microsoft and Google will never be able to provide, and that is a local “throat to choke”. Don’t get me wrong, the support I have had from Microsoft whenever I have had “challenges” with aspects of BPOS or Office 365 has been first class, however 100% of the time I am talking with someone in a call-center overseas. With local cloud providers, they are just that, LOCAL. If I have an issue with the cloud service or I want some customization I am able to visit local premises or have a representative visit me. As mentioned before this doesn’t matter to 80% of businesses but for those who seek comfort for knowing their service is coming from somewhere local its a deal maker.
Cloud isn’t just a product or a price point, to me it is a responsible way to provide computing capacity to businesses. Good riddance to the all night recovery processes to restore a crashed server and hello to reliable applications!