Erstmals öffnete Facebook sein Berliner Löschzentrum – nach mehreren Medienberichten, in denen die Arbeitsbedingungen kritisiert wurden. Das Büro sieht aus wie viele andere auch. Doch brutale Bilder gehören für die Mitarbeiter hier zum Alltag.
Quelle: Heise Tech News
Wer mit den Vorabversionen des Fall Creators Update von Windows 10 arbeitet, kann neben Suse Linux nun auch Ubuntu direkt aus dem Windows Store installieren. Die Installation soll damit einfacher werden. (Windows 10, Server)
Quelle: Golem
Die Digital- und Elektrobranche reibt sich an zentralen Punkten in einem Vorschlag aus NRW zur "Plattformregulierung" wie einem weitgehenden Verbot von Ein- und Überblendungen beim Smart-TV und einer Anzeigepflicht für große Sender.
Quelle: Heise Tech News
Eigentlich sei alles, wie es sein soll, hieß es. Das mehr als fragwürdige Verhalten beim Systemstart von Linux sei völlig in Ordnung. Doch dann kam ein riesiger Shitstorm und selbst Linus Torvalds zeigte sich unzufrieden. Jetzt gibt es einen Patch.
Quelle: Heise Tech News
On June 27th I presented a webinar on “Docker for the SysAdmin”. The webinar was driven by a common scenario I’m seeing: A sysadmin is sitting at her desk minding her own business when a developer walks in and says “here’s the the new app, it’s in a Docker image. Please deploy it ASAP”. This session is designed to help provide some guidance on how sysadmins should think about managing Dockerized applications in production.
In any case, I was a bit long-winded (as usual), and didn’t have time to get to all the Q&A (and there was a lot).
So, as promised, here are all the questions from that session, along with my answers. If you need more info, hit me up on Twitter: @mikegcoleman
————
Q: I am planning an application deployment and want to use Docker. What cloud would you recommend at the moment? I have GCP, Azure, AWS under my belt. 1) TCO 2) Performance ?
A: Answering that would require me to understand your application on a pretty deep level, so I can’t really provide a specific response. I will say that if you choose one cloud provider today, and realize that you’d like to change course down the road, Docker makes that much simpler since your Dockerized workloads will move easily between different cloud providers. So, figure out what your technical and business drivers are, choose the best provider based on those, and if you need to adjust later you’ll be in good shape.
Q: What’s the max size of a container?
A: There is no maximum size per se. Containers can use all the resources of a given node (physical or virtual) if you want them to. However, if you don’t, you can set but minimum and maximum values for CPU and memory.
Q: Is it possible to run an Ubuntu container in a Windows host running Docker Engine?
A: Natively, no. You can always run a Linux VM on a Windows host to run Linux-based containers. At DockerCon Microsoft announced that they will be bringing native Linux containers to Windows in the future, so stay tuned for more information on that.
Q: Can DDC now run both Linux & Windows workloads? If not yet, then is this in the roadmap of the tool?
A: Docker swarm mode can manage Linux and Windows workloads in the same cluster today. This functionality will be coming to Docker Enterprise Edition / Docker Data Center in the very near future.
Q: Does Docker have a tool for scanning images similar to Black Duck?
A: Yes. Docker Enterprise Edition Advanced includes Docker Security Scanning. This features allows you to instruct Docker Trusted Registry to scan images for known vulnerabilities and exploits.
Q: Is the hypervisor still recommended, to allow the hosts to be clustered? Or is that not truly needed? (Can I cluster it using something more native to Docker? (Swarm perhaps)?
A: Whether or not you want to run containers on bare metal or in a VM is a decision you should make based on several factors. There is no cut and dried answer. You need to look at factors such as costs, performance, leveraging existing skillsets, disaster recovery, etc – and then decide what makes the most sense. Regardless, you can build swarm mode clusters that include both physical and virtual machines.
Q: Is the secure communication between the hosts TLS 1.2?
A: Yes, TLS 1.2.
Q: I have to start testing DDC. Is there a test version? Do Docker for Azure / AWS use DDC under the hood?
A: Yes, you can get a 30 day trial of Docker Enterprise Edition from the Docker Store. Docker for Azure and Docker for AWS can deploy DDC (it’s not really under the hood as DDC is installed onto the AWS or Azure infrastructure).
Q: Is the Visualizer, part of Docker Datacenter?
A: No, it’s a demo app that you can grab from our Docker Samples GitHub.
Q: When a node stops and a workload is moved, does the storage move with it?
A: At this time volumes do not follow containers when they are migrated. However, there are a number of 3rd party plug-ins that can help with this scenario.
Q: Is there way to update the base image, which is used to build the application?
A: You would need to rebuild those applications once the base image is updated.
Q: If the client wants the setup in their data center to have no connectivity, how should DDC be set up? How does DTR get the updates for the images? And how do we install DDC?
A: For an air gapped installation, follow these instructions. Additionally, you can load the security scanning database for Docker Trusted Registry from a file.
Q: How do you use Chef/Puppet with Docker to manage the images?
A: I would actually advocate for integrating Dockerfiles into your existing source code management practices vs. trying to use any config management tool to manage images.
Helpful links to get started
Learn more about Docker Enterprise Edition
Play with Docker or try a self-paced Hands-on Lab
Watch this session or other DockerCon 2017 sessions
Try Docker Enterprise Edition for free
@mikegcoleman answers some questions about #Docker form #sysadmins and IT prosClick To Tweet
The post Docker for the SysAdmin Webinar Q&A appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/
I am pleased to announce that Azure Government is commercially live in two additional datacenter regions in Arizona and Texas for U.S. government customers and their partners following my announcement late last year. With these expansions, Azure Government has capacity in proximity to government customers and partners on the East Coast, West Coast and Central United States.
With a total of six U.S. datacenter regions, including two dedicated regions with DoD Impact Level 5 Provisional Authorization (PA), Azure Government continues to deliver the most customer choice in the U.S. for locating government workloads and sensitive data. As part of offering the broadest geographic availability, these regions are over 500 miles apart for geo-redundancy and we offer data replication across regions for business continuity.
Customers and partners are clear in their feedback that compliance with U.S. government standards and requirements is a priority. To address the compliance needs for U.S. government, we’ve engineered our datacenters and services to meet or exceed critical compliance requirements. In fact, Microsoft provides the broadest coverage for compliance and regulatory standards with support for FedRAMP High, CJIS, ITAR, DFARS, and DoD L4 and L5.
Specific to the future of cloud computing in government, we continue to announce Azure Government services that enable cool new ways for U.S. government customers and their partners to achieve mission. Most recently, we’ve announced:
PowerBI and HDInsight for data analysis and visualization
Azure CosmosDB and hot/cool blob storage
Expanded Cognitive Services Preview and interesting uses for U.S. government
IoT services
Combining the most datacenter region choices with most comprehensive compliance coverage and innovative services, further extends customer confidence in Azure Government as they deliver mission workloads with the cloud now and into the future.
Explore Azure Government here or contact us to learn more.
Quelle: Azure
Today we are announcing a set of networking enhancements for Azure virtual machine scale sets. We are adding new ways to assign IP addresses, configure DNS, and assign network security.
Azure scale sets were built to provide a fast and easy way to deploy and manage a collection of virtual machines. The initial implementation of scale sets included a core set of network features most commonly associated with scalable compute clusters; for example, Azure Load Balancer and Application Gateway integration, support for load balancing and dynamic NAT pools routing to private IP addresses.
Since the initial release of scale sets in 2016, we've been working to support more advanced networking scenarios, and to attain network equivalency between scale set VMs, and standalone VMs in Availability Sets. Today's announcement opens up exciting new application scenarios for scale sets with more complex networking requirements, as well as allowing existing applications that were designed for standalone virtual machines to take advantage of scale set features such as easy dynamic scaling, autoscale and patching.
Here's a summary of the new features you can now use with scale sets, and where to find more information.
Public IPv4 addresses per VM
Previously you could only assign private IP addresses to scale set VMs. Typical scale set architectures would assign one or more public IP addresses to a load balancer, which would route incoming connections to the private scale set VM IP addresses, or assign a public IP address to a "jump box" VM in the same VNet which could connect directly to the VMs.
Though private IP addresses per VM is an optimal configuration for many applications which deploy at scale, in some cases it is useful for VMs to support direct external connections, and to connect to one another across regions. There are also cases where outbound network bandwidth requirements exceed that provided by a load balancer.
Now you can configure a scale set to allocate a public IPv4 address to every VM. Examples of where this can be useful include:
Distributed databases where stateful nodes communicate with one another, potentially across regions. Scale sets provide the elasticity and easy deployment at scale. Public IP per VM provides maximum network interoperability. E.g. Couchbase.
VM Scale Sets make it possible for Couchbase users to scale their cluster up simply by moving a slider in the Azure Portal. VMSS also provide improved reliability and ease of management over previous approaches of managing VMs. The new Public IP per VM feature allows the configuration of cross-datacenter replication leveraging the high bandwidth, low latency Azure backbone. With this architecture, cross region communication is limited only by a nodes bandwidth cap, which can be as high as many Gbps. As always, it’s been a pleasure working with the Microsoft team on testing preview versions of this feature. You can try the GA version yourself in Azure Marketplace or with the Azure 2.0 CLI.
– Ben Lackey – Director of Partner Solutions at Couchbase
Applications where outbound bandwidth exceeds load balancer capabilities. Public IP per VM increases this bandwidth by allowing each VM to use its NIC for outbound network traffic.
Applications which need a direct connection from client to server. One example is gaming, where a game console makes direct connections to VMs doing game physics for massive shared reality environments.
Large scale client simulations. E.g. stress testing a retail service by simulating a large number of independent clients.
Configurable DNS
Previously scale sets relied on the specific DNS settings of the VNet and subnet they were created in. With configurable DNS, you can now configure the DNS settings for a scale set directly. You can configure which DNS Servers the VMs in the scale set should reference, and specify a domain name label to apply to each VM.
Multiple IP addresses per NIC, multiple NICs per VM
Why stop at one public IP address per VM when you can have up to 400? The ability to define more than one IP address and NIC for a virtual machine is particularly useful for applications like Web Application Firewalls, which need to manage multiple networks and can optimize resources by being able to easily scale out VMs.
Now you can define up to 50 IP addresses per NIC, and up to 8 NICs per VM (depending on VM size) for all the VMs in your scale set.
Network Security Groups per scale set
A Network Security Group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks. NSGs enable you to customize your security requirements to your security needs.
Previously you could assign an NSG to a subnet, or to standalone virtual machine NICS, but not directly to a scale set. NSGs can now be applied directly to scale sets. Network traffic rules can be enforced and controlled through NSGs securing your scale sets in Azure, allowing finer grained control over your infrastructure.
IPv6 Load Balancer support – public preview
As IPv4 addresses become scarcer, more applications are leveraging the 128-bit address space provided by IPv6. Now with the public preview of IPv6 load balancer support, you can configure Azure Load Balancers with public IPv6 addresses, which can route requests to VM scale set VMs.
Accelerated Networking
The Azure Accelerated Networking feature, which dramatically improves network performance by enabling single root I/O virtualization (SR-IOV) to a VM, is now available for virtual machine scale sets. This feature is generally available for Windows, and in public preview for Linux.
To find out more about these networking features for scale sets and how to use them, refer to Azure Virtual Machine Scale Sets Networking.
Quelle: Azure
I'm pleased to announce the General Availability of StorSimple 8000 series management in the new Azure portal. Everything about the StorSimple Physical Device Series experience in the new Azure portal is designed to be easy. Our 8000 series customers can now use the new Azure portal and Azure Resource Manager to unlock the deep personalization, role-based access control, and a single portal to manage all your applications.
Get started
The new Azure portal supports devices running Update 3.0 or later. Using the Azure resource manager, you can now create StorSimple Cloud Appliances (8010/8020). The Azure Resource Manager (ARM) enables you to leverage your existing ARM-based VNET or storage accounts. To learn how to manage your 8000 series devices in the portal, please refer to the product documentation.
Automate operations
You can leverage Azure Resource Manager SDK for automating the 8000 series device management.
To automate 8000 series device management, you can now leverage Azure Resource Manager SDK. Refer the samples to create a volume, list backups, roll over the service encryption key, scan for updates, and generate a backup report.
Transition to the new Azure portal
In a single click, you can seamlessly transition from the classic portal to the new Azure portal. Once in the new Azure portal, you can explore all the ARM capabilities. To leverage the seamless transition experience, apply the latest update on your devices. Your existing StorSimple Physical Device Series resources in the classic portal can be transitioned to the new Azure Portal in the coming weeks. For more information, go to Transition to the new Azure portal.
We'll transition all the customers to the new Azure portal by September 30, 2017. The complete transition process is quick, easy, and non-disruptive. We will reach out to you with more details. Stay tuned!
During the transition:
You can’t manage your device from the portal.
You’re protected as tiering and scheduled backups continue to occur.
After the transition:
You can no longer manage your devices from the classic portal.
All device managers under the selected subscription will be transitioned.
The existing Azure Service Management (ASM) based PowerShell cmdlets are not supported. Update the scripts to manage your devices through the ARM.
All your service settings and device configuration are intact! This includes the volumes and backups created in the classic portal.
Your new home
The new Azure portal is easy to use. Search for your StorSimple Device Manager by clicking on More services > from the left jumpbar. Go to Quick start to learn how to set up a device.
Go to Overview for a quick peek of your service summary.
Click Devices to see all the devices registered. Click a specific device to view the device summary. To monitor the device consumption and performance charts, click Usage, Performance, or Capacity.
Visit StorSimple MSDN forum to find answers, ask questions, and connect with the StorSimple community. Your feedback is important to us, so send all your feedback or any feature requests using the StorSimple User Voice. And don’t worry – if you need any assistance, Microsoft Support is there to help you along the way!
Quelle: Azure
The IT industry is excited about the general availability of Windows Server 2016 with enhancements to Active Directory, Hyper-V failover clustering, remote desktop services, and file and storage services. Windows Server 2016 is being widely run on physical as well as virtual environments such as Hyper-V and VMware VM and is used for hosting server applications such as SQL, Exchange, and SharePoint. Protecting these workloads is amongst the top priorities for IT admins managing their datacenters.
Azure Backup has evolved into a first-class platform-as-a service (PaaS) in Microsoft Azure that integrates with the on-premises enterprise class backup products, System Center Data Protection Manager (DPM), and Microsoft Azure Backup Server (MABS) to provide a seamless Hybrid cloud backup solution. With its cloud first enterprise backup architecture, Azure Backup enables IT admins to be essentially free from infrastructure management tasks such as provisioning infrastructure for backup needs, security, and maintenance. Also, with Windows Server’s native backup solution, Windows Server Backup, you can backup system state and do bare metal recovery of Windows Server 2016 to local disk as well.
Whether you are running Windows Server 2016 on premises or in Azure and want to protect your files and folders, private cloud deployments, or server applications, we provide a comprehensive strategy for all your Windows Server 2016 deployments.
Backup Windows Server 2016 to local disk
With Windows Server Backup, you can backup a full server (all volumes or selected volumes), system state to local disk, and do a bare metal recovery to local disk in case of any disaster.
Backup Azure IaaS VMs running Windows Server 2016
If you are running Windows Server 2016 on Azure IaaS VMs, you can protect the VMs with the native IaaS VM backup. You get an application-consistent backup of Azure IaaS VMs, with no hassles of licensing backup software and provisioning compute and storage infrastructure, and with the ease of instantly restoring individual files and folders on the Azure IaaS VMs.
Backup files and folders on Windows Server 2016 directly to Azure
You can backup files and folders running on Windows Server 2016 with Microsoft Azure Backup, which provides seamless backup to the cloud without the hassles of having backup infrastructure. Also, with Azure Backup’s enhanced security features, you can protect your backed up data against security threats like ransomware.
Backup Private Cloud Deployments and server applications running on Windows Server 2016
If you are running private cloud deployments, such as Hyper-V and VMware VMs, or server applications like SQL, Exchange, SharePoint on Windows Server 2016, you can back them up to local disk and to Azure using Microsoft Azure Backup Server and System Center Data Protection Manager 2016.
Start exploring Windows Server 2016 and Azure Backup now to tailor the solution for your needs.
Related links and content
Want more details? Check out the Azure Backup documentation.
Learn more about Azure Backup.
Need help? Reach out to the Azure Backup forum for support.
Tell us how we can improve Azure Backup by contributing new ideas and voting up existing ones.
Follow us on Twitter @AzureBackup for the latest news and updates.
Quelle: Azure
We are excited to announce the public preview of Azure Managed Applications in Azure Marketplace.
Azure Managed Applications provides an ecosystem that enables Managed Service Providers (MSPs), Independent Software Vendors (ISVs), and corporate central IT teams to deliver turnkey solutions through the Azure Marketplace or Service Catalog. Although customers deploy these managed applications in their subscriptions, they don’t have to maintain, update, or service them as a key advantage of this service. The vendors will manage and support these applications. This means that the customers don’t have to invest in building the application specific domain knowledge, which would have been needed to service these applications. It enables customers to automatically acquire application updates without having to worry about troubleshooting and diagnosing issues with the application.
On the other side, it creates a channel to not only sell infrastructure and software through the marketplace, but also a way to attach services and operational support to Azure customers. It enables vendors to bill customers using Azure's billing system and use templates to manage the lifecycle of deployed applications. These are self-contained and sealed to the customer, allowing the vendors to provide a higher quality of service. Such an ecosystem in Azure not only benefits the PaaS and SaaS vendors, but also corporate central platform teams and System Integrators that wish to package and resell their solutions.
Azure Managed Applications comes in two flavors. One is called Service Catalog Managed Applications and the other is called Azure Marketplace Managed Applications.
Service Catalog
Service Catalog allows organizations to create a catalog of approved solutions for Azure. Maintaining such a catalog of solutions is helpful specially for central IT teams in enterprises as it enables them to ensure compliance with certain organizational standards while providing great solutions for their organization. They can control, update, and maintain these applications. It allows employees in the organization to easily discover the rich set of applications that are recommended and approved by the IT department. The customers will only see the Service Catalog Managed Applications created by themselves or those that have been shared with them by other people in the organization. The publisher can create these Service Catalog Managed Applications using Azure CLI. Customers can consume/create the published managed applications from the Azure portal today. However, the support for publishing Service Catalog Managed Applications is coming to the Azure portal soon!
Learn more about how to publish and consume Service Catalog Managed Applications.
Marketplace
The other option is the Azure Marketplace Managed Applications. These applications are available in the marketplace on the Azure portal. Once published by the vendor, these are available for everyone inside or outside of your organization to consume. This enables MSPs, ISVs, and System Integrators (SI’s) to offer their solutions to all Azure customers. The customers get the benefit of leveraging such complex solutions without having to gain a deep understanding and invest in maintaining these. At the time of publishing, the publisher gets the option of making their offer available as a Managed Application or as a Solution template which is the unmanaged equivalent.
The vendors can publish the Managed Applications to Azure Marketplace using the Cloud Partner Portal. The main components of publishing a managed application includes the template files, which describe the resources that will be provisioned, and the UI definition file, which describes how the required inputs for provisioning these resources will be displayed in the portal. The required files are packaged in a .zip file and uploaded through the publishing portal. Pleas note that the “SKU Type” property differentiates a Solution template from a Managed Application. Below is a image of the publishing portal.
Once the offer is published, it goes through some pre-requisite checks, validations, and other reviews. After all checks have passed, the offer goes live and is made available for public consumption. Learn more and get detailed instructions on how to publish a marketplace managed application.
After the offer goes live, it is visible in the Azure Marketplace and the customers can create an instance of the offer.
Authorizations
As mentioned above, the vendor manages the application which is provisioned by the customer. To enable the vendor to successfully manage the application, the vendor requires certain permissions to the resource group in the customer subscription where these resources will be provisioned. At the time of publishing the managed application, the vendor indicates the Azure AD user, user group, or application which will have certain permissions on the resource group. This is where the resources required by the managed application will be deployed. The permissions granted will typically be one of the Azure RBAC built-in roles.
It was also stated above that the managed applications are self-contained and sealed for the customer. This means that the resource group where the resources will be provisioned are “locked” for the customer. As a result, customers cannot delete or make changes to the resources in this resource group.
Summary
To recap, below is a quick summary explaining the key differences between the two flavors of Managed Applications.
Service Catalog Managed Application
Marketplace Managed Application
Publishing Tool
Azure CLI
Azure Portal (coming soon)
Azure PowerShell (coming soon)
Publishing portal
Artifacts Needed
mainTemplate.json
applianceMainTemplate.json
applianceCreateUIDefinition.json
mainTemplate.json
applianceMainTemplate.json
applianceCreateUIDefinition.json
Use Cases/Advantages
Deliver approved apps/services to developers and business units within the organization.
Central IT will provide management.
Gets a managed application on Azure, while ensuring governance.
Abstract the end users from any underlying complexity of Azure resources.
Capable of monetizing expertise and company-specific IP for the solution.
Get cost/time-to-market benefits by using managed applications vs. hiring/building specific talent on the team.
Direct customer contact and understanding of usage patterns with ability to drive innovation in its own product.
Vendors can use Azure billing system to bill their customers.
Additional resources
Publish a Marketplace Managed Application
Publish a Service Catalog Managed Application
How to create UIDefinition for the Managed Application
Managed Applications samples GitHub repository
Quelle: Azure
