Tuesday, October 4, 2016

How to Deploy Microsoft Nano Server

Posted by at No comments:

What is the Microsoft Nano Server and What are the Benefits of use

This will be the Future Operating System which we are installing in our Datacenter. As of right now, it is targeted as an OS for born-in-the-cloud applications and cloud OS. The majority of Company corporate strategy is a concerted push toward the cloud, whether it's public, private, or a hybrid cloud environment. Nano Server is another key component of Microsoft's strategy to be highly competitive in the private cloud market. Nano Server, a stripped down version of Windows Server 2016 that's designed specifically for cloud environments.
Unlike Server Core, Nano Server is intended to be a completely headless installation (no local UI and no local console). Also, where the Windows UI can be installed on top of Server Core, Nano Server has no such capability.
What are the Benefits Of Microsoft Nano Server

1. Secure Server
The attack surface is much smaller now. There is no Internet Explorer, no Windows Explorer, and no GUI to exploit. Also, the default ports open with a base install is 12 as opposed to 34 ports open by default with a full Windows GUI Server install. This makes Nano Server a much more secure OS than its predecessors.
2. Costs
Because this server creates such little overhead, the amount of resources needed to run Nano Server VMs on a Hyper-V host will be miniscule. With its potential to lower costs and increase margins, this will be one of the biggest reasons for companies to use Nano Server VMs whenever appropriate. Allowing companies to get the most out of every dollar spent on hardware is huge.
3. Faster boot times
Nano Server is only installed with the components that are going to be used, so the startup time is significantly faster. The boot IO is around 150MB. In fact, at Microsoft Ignite when Snover presented a demo of a Hyper-V Nano Server cluster, the servers were powering up faster than the switch was!
4. Fewer reboots required
IT Admins will no longer be frustrated by unnecessary reboots caused by patching windows components that aren’t even used on their servers. Since only the components needed are installed, the amount of patches and updates that are pushed out to Nano Server will be much less. With the current Nano Server build, the estimated amount of reboots a year are 3, and Microsoft is working diligently to try to get this down to 2. Fewer reboots on Hyper-V hosts and their VMs means less interruptions, which also means less “after hours” work for some environments.
5. Easier remote management
With Nano Server there is no local logon, it will be managed entirely remotely. This direction on Microsoft’s part requires them to focus on improving the remote administration capabilities of Windows Server. They have recently been working on improving some of the remote management aspects that were previously lacking. For example, as part of the Azure stack, there is now a remote task manager that allows admins to connect to VMs and view performance and processes running. This will benefit IT Admins by improving the remote administration experience when managing Hyper-V hosts and VMs.
6. Smaller server image
Nano Server is 20x smaller than the full Windows Server with a GUI. Because of this, storing Nano Server VMs on a SAN or Hyper-V local storage will not consume large amounts of space.  Mass deployments of Nano Server VMs will not take as long to install and configure; and copying server images over to Hyper-V nodes will take less time. The small footprint of this OS is what really makes it shine.


Here is the benefits comparisons for all three server version which available in market 











Nano Server Use Cases
The obvious downside of having a stripped-down version of Windows Server is that it has limited capabilities. At this time, Nano Server supportability and compatibility we can listed as below.

Role/Feature
  1. Hyper-v
  2. Failover Clustering
  3. File Server and Storage
  4. Internet Information Server (IIS)
  5. Desired State Configuration (DSC)
  6. System center Agent
  7. DNS Server
  8. Secure Startup
  9. Shielded VM
  10. RAM Disk supportability


Nano Server Management
The big news in regards to Nano Server is on the management front. Clearly, as a completely headless version of Windows Server, all management of Nano Server is accomplished remotely. A variety of Microsoft management tools are available to use, including MMC (Microsoft Management Console) Snap-Ins like Hyper-V Manager or Services, Windows PowerShell, Desired State Configuration (DSC), Server Manager, and Microsoft System Center. Microsoft also states that third party management tools, such as Puppet and Chef, Nano will be supported.
Microsoft has designed Nano Server to be fully manageable through automated means in keeping with their cloud strategy, but fully realizes that some organizations will prefer to perform some administration with GUI tools. It's important to recognize the distinction between the headless nature of Nano Server and a system that is only manageable through a command line. Nano Server does offer support for management through GUI tools using remote management.

MORE DETAILS FOR :- How to Deploy Microsoft Nano Server
Posted by at No comments:

Sunday, August 7, 2016

How to Setup Disaster Recovery as A Service (DRaaS) for your Organization

Disaster recovery (DR) planning has a reputation for being difficult and time consuming. Setting up alternate processing sites, procuring hardware, establishing data replication, and failover testing have been incredibly expensive undertakings. To top it all off, the need for 24x7x365 business application availability threatens to make disaster recovery planning an exercise in futility.
Disaster Recovery as a Service, will help you to setup your DR site with below listed benefits
1.       low cost with – Pay as you go
2.       High availability -
3.       Simplicity and Easy Setup
4.       Scalability
5.       Flexibility
6.       Compliance
7.       Easier Testing

Step to Setup your DRaaS
·         Understanding your Disaster Recovery Requirement and Needs
o   Understand today DR Practices – Hot, Cold and Warm Sites  
o   Public / Private
·         Defining Your Requirements for a DRaaS Solution
o   Perform a Business, Impact Assessment
o   Setting Recovery Targets (RTO and RPO)
o   Backup and Replication with bandwidth limit
o   Understanding how DRaaS untangles network complexities (Latency and Bandwidth)
o   Working through the legal and compliance issues associated with DRaaS
o   Data Protection and Geography and the Law
o   Data Ownership, access and Use
o   Data Custodian,
o   Data Retention,
o   Data Location,
o   Bootstrapping Recovery Site,
·         Defining your correct Backup Technology
o   3-2-1 Rule
·         Implementing DRaaS
o   Build a successful DR Plan with Clear Scope
·         DRaaS Operations and Maintain with Testing    
o   Operational aspects of a DRaaS system, including network monitoring, conducting failovers and failbacks, and testing a DR plan.
o   Cutover test, Paralle test, Simulation, and Document
·         Building an Exit Strategy
o   Monitor and analyze, Periodic business reviews


Find the right resources to help you to plan and deploy Core infrastructure solutions. Join with us we will provide support and service to setup your DRaaS for your organization.
Posted by at No comments:

Sunday, July 31, 2016

How to do the More than 95% Windows Client Patch Compliance

As I know this is very critical task all the IT admin and IT managers. And this must be in place as per the security compliance.
If you’re not in up to date patch level, definitely your environment in high vulnerable situation.
This article will explain to you how you can do more than 95% Windows client patch compliance in the security reports.
Solution – Implement System Center Configuration Manager (SCCM)

KEY FACTS
                Correctly Design your SCCM Architecture - Consideration for the correct Architecture   
Numbers of Connecting Devises,
Numbers of Remote Site,
Remote Site Bandwidth,
Numbers of Application and Image and capacity of them,
Integrate Intune – If you want to manage devices which are non-join domain and non-Windows Operating System,
Integrate WSUS,
               
                Correctly Assign Job Role what your expecting with SLAs
                                    Patch Admin – Manage and Distribute all the patches
                                    Image Admin – Test and Deploy correct image to required devises
                                    App Admin – Test and deploy correct Apps to correct user or devise groups

KEY BENEFITS
                Patch Management and Reporting
                Application Management and Reporting
                Assets Reporting and Inventory – Asset Intelligent
                Operating System Deployment (OSD)
                Settings Management (DCM)
                End Point Protection

In this Article we are considering only How to do the More than 95% Windows Client Patch Compliance
Guidelines for How to do the More than 95% Windows Client Patch Compliance
Purpose –                      
Ensure timely delivery of Security updates, help make environment secure and provide consistent user experience.
Target Compliance –   
Deploy active exploit update to 95% of computers with three business days.
Deploy critical update to 95% of computers within seven business days.

Compliance period –        Comply within 3 or 7 business days, as appropriate.  

Recommended Patching Process –
Pre-Update Deployment –  
Silent, Interactive or on-demand patching you can choose for this.
                Create Patch testing Groups with covering all the Operating Systems & application,
                Provide better awareness session about patch testing collection devices users,
                Prior notice them, before start deployment,
                Deploy, Monitor, Create Risk Mitigation plan, Request Feedback.
                Patching testing period define as 7 days with starting patch Tuesday.

Update Deployment –
                Production deployment with Silent Patching.
                Enforce Restart if it required,
                            User Receives Initial restart notification at the 120th minute, and 
                            Final restart notification at the 60th minute.
The user continues to receive a restart notification until the system has been restarted.


Post-update Deployment
                Confirm deployment using reports statics
                Cleanup process
                Document
                Publish Final report to all stakeholders
               
Best Practices
People – Make sure that security of the environment is the TOP PRIORITY
Process –
                Communicate to users every month about patch Tuesday
                Deploy update consistently after the validation phase is complete
                Preform quality control on the test deployment before release to production
                Monitor and remediation any issues if you face quickly
                Remove expired update periodically

Technology –
                Maintain 98% client heath all the time
                Defined correct boundaries and boundary group with including correct site servers
                Deploy Automatic Patch Deployment rules for each device collections
                Use WSUS to install the configuration manager client
                Verify SCCM Client settings

                Weekly or at least Monthly Client PC restart schedule 
Posted by at No comments:
Subscribe to: Posts (Atom)