Microsoft has bumped up security for its Azure cloud platform by adding support for X.509 certificates for device-level authentication, and bagging an ISO integrity ticket.

Adding X.509 means Microsoft thinks its cloud will be better at handling internet-of-things traffic to the Azure IoT Hub, according to Azure partner director Sam George.

“With Azure IoT support for X.509 certificates, an IoT device can now store a private key locally, and an associated device X.509 certificate generated to identify the device to Azure IoT Hub before the information is transmitted,” George says.

“The benefit to customers in industries such as manufacturing, healthcare and smart cities is that device identity can be transmitted safely and securely from the edge to the cloud while maintaining integrity.”

Redmond has also released reading material including an IoT security guide.

Azure senior director Alice Rison is singing praises over Microsoft’s scoring of the ISO 27017:2015 cloud security certificate.

She says it is awarded thanks to Redmond’s compliance with 44 cloud risk and threat model controls.

“Both cloud service providers and cloud service customers can leverage this guidance to effectively design and implement cloud computing information security controls,” Rison says.

“Customers can download the ISO/IEC 27017 certificate which demonstrates Microsoft’s continuous commitment to providing a secure and compliant cloud environment for our customers.” ®

Sponsored:
2016 Cyberthreat defense report

CIOs no longer ask whether they should use cloud, but rather how. According to IDC, seventy percent of CIOs will embrace a cloud-first strategy in 2016. By partnering closely with customers around the world, we see the natural path to enterprise cloud adoption — starting with software services like email and collaboration, then moving to infrastructure for storage, compute and networking and finally embracing platform services to transform business agility and customer engagements. In this journey to adopt the cloud, customers are looking for a vendor who understands and leads in meeting the broad spectrum of their cloud needs.

Today, Gartner has named Microsoft Azure as a leader in its Magic Quadrant for Cloud Infrastructure as a Service for the third year in a row based on completeness of our vision and ability to execute. We are honored by this continued recognition as we are relentless about our commitment and rapid pace of innovation for infrastructure services. With the G series, Azure led with the largest VMs in the cloud and we continue to deliver market leading performance with our recent announcement supporting SAP HANA workloads up to 32 TB. And while Azure is a world class cloud platform for Windows, it’s also recognized for industry-leading support for Linux and other open source technologies. Today, nearly one in three VMs deployed on Azure are Linux. Strong momentum for Linux and open source is driven by customers using Azure for business applications and modern application architectures, including containers and big data solutions. With over sixty percent of the 3,800 solutions in Azure Marketplace built on Linux, including popular open source images by Ubuntu, CoreOS, Bitnami, Oracle, DataStax, Red Hat and others, it’s exciting that many open source vendors considered Microsoft one of the best cloud partners.

While we are proud of our continued leadership in cloud infrastructure, we are committed to delivering the breadth and depth of cloud solutions to support our customers’ natural path to cloud adoption. Microsoft is the only vendor recognized as a leader across Gartner’s Magic Quadrants for IaaS, PaaS and SaaS solutions for enterprise cloud workloads. We are in a unique position with our extensive portfolio of cloud offerings designed for the needs of enterprises, including Software as a Service (SaaS) offerings like Office 365, CRM Online and Power BI and Azure Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). And Microsoft’s cloud vision is a unified story that we’re executing on with the same datacenter regions, compliance commitments, operational model, billing, support and more. The ability to deploy and use applications close to data with consistent identity and a shared ecosystem, means greater efficiency, less complexity, and cost savings.

Many of our customers embrace Identity as a first step in moving to the cloud. Office 365 and Azure share the same identity system with Azure Active Directory therefore providing a simple, friction free experience for our customers. And with Office 365 commercial customers surpassing 70 million monthly active users, Azure adoption is quickly following suit. Once in Azure, customers tend to start with IaaS and then quickly extend to using both IaaS and PaaS models to optimize productivity and embrace new opportunities for business differentiation. Today fifty-five percent of Azure IaaS customers are also deploying PaaS.

The following table summarizes vendors in the leader quadrant across Gartner MQs for IaaS, PaaS and SaaS solutions for key enterprise cloud workloads.

The true power of Azure is enabling our customers and partners on their cloud journey to realize their unique business goals. Customers and partners like Fruit of the Loom and Boomerang demonstrate this common need and cloud adoption path from Software as a Service (SaaS) to Infrastructure as a Service (IaaS) to Platform as a Service (PaaS).

• Fruit of the Loom: Office 365 was their “runway” to Azure. Success with Office 365 deployment has led to use of Azure infrastructure and its platform services as they moved their consumer-facing website fruit.com to Azure. To gain insight into how they should market and package their products, Fruit of the Loom is also leveraging platform services such as Azure Machine Learning.
• Boomerang: An Office 365 ISV takes advantage of Azure to create productivity solutions within Outlook. A key feature for Boomerang is its ability to generate real-time calendar images that are shareable with people outside of the user’s organization. Boomerang relies on Azure’s enterprise-proven infrastructure to support this computationally demanding workload. Their experience with Office 365 led them to look more closely at Azure, and they have started to migrate services from AWS to Azure to leverage Azure’s platform services and Machine Learning capabilities.

We look forward to delivering more on this vision across our portfolio of cloud offerings to our customers and partners. If you’d like to read the full report, “Gartner: Magic Quadrant for Infrastructure as a Service,” you can request it here.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

When I began to work with Windows 10, I was able to shut the laptop down without Googling to find the power button icon; a great improvement over Windows 8. My next interest was determining what to do when the OS falls over, generating a Blue Screen of Death. This article will describe how to set your system up so that, when it does, you’ll be able to find the cause of most crashes in less than a minute for no cost.

In Windows 10, the Blue Screen looks the same as in Windows 8/8.1. It’s that screen with the frown emoticon and the message “Your PC ran into a problem . . .” This screen appears more friendly than the original Blue Screens, but a truly friendly screen would tell you what caused the problem and how to fix it; something that would not be difficult since most BSODs are caused by misbehaved third party drivers that are often easily identified by the MS Windows debugger.

+ For earlier versions of the OS, refer to the following:            

Windows 8: (Article) How to solve Windows 8 crashes in less than a minute         
(Slide show) How to solve Windows 8 crashes
Windows 7:   Solve Windows 7 crashes in minutes
Windows XP/2000: How to solve Windows crashes in minutes

Just to be clear, this article deals with system crashes, not application crashes or system hangs. In a full system crash, the operating system has concluded that something has gone so wrong (such as memory corruption) that continued operation could cause serious or catastrophic results. Therefore, the OS attempts to shut down as cleanly as possible – saving system state information in the process – then restarts (if set to do so) as a refreshed environment and with debug information ready to be analyzed.

Why Windows 10 crashes

To be sure, Windows has grown in features and size since its introduction in 1985 and has become more stable along the way. Nevertheless, and in spite of the protection mechanisms built in to the OS, crashes still happen.

Once known as the Ring Protection Scheme, Windows 10 operates in both User Mode (Ring 3) and Kernel Mode (Ring 0). The idea is simple; run core operating system code and device drivers in Kernel Mode and software applications and user mode drivers in User Mode. For applications to access the services of the OS and the hardware, they must call upon Windows services that act as proxies. Thus, by blocking User Mode code from having direct access to Kernel Mode, OS operations are generally well protected.

The problem is when Kernel Mode code goes awry. In most cases, it is third-party drivers living in Kernel Mode that make erroneous calls, such as to non-existent memory or to overwrite OS code, that result in system failures. And, yes, it is true that Window itself is seldom at fault.

Where to get help with Windows 10 crashes

There are plenty of places to turn to for help with BSODs, a few of which are listed below. For example, ConfigSafe tells you what drivers have changed and AutorunCheck tells you what Windows Autorun settings have changed. Both help nail the culprit in a system failure. And everyone should have the book Windows Internals; it is the bible that every network admin and CIO should turn to, especially Chapter 14 “Crash Dump Analysis,” which is in Part 2 of the book.

When I asked Mark Russinovich, one of the authors, why a network admin or CIO – as opposed to a programmer – should read it, he said, “If you’re managing Windows systems and don’t know the difference between a process and a thread, how Windows manages virtual and physical memory, or how kernel-mode drivers can crash a system, you’re handicapping yourself. Understanding these concepts is critical to fully understanding crash dumps and being able to decipher their clues.”

So, while WinDbg provides the data about the state of a system when it fell over, Windows Internals turns that cryptic data into actionable information that helps you resolve the cause.

What is a memory dump?

A memory dump is a copy or a snapshot of the contents of a system’s memory at the point of a system crash. Dump files are important because they can show who was doing what at the point the system fell over. Dump files are, by the nature of their contents, difficult to decipher unless you know what to look for.

Windows 10 can produce five types of memory dump files, each of which are described below.

1.     Automatic Memory Dump

Location:%SystemRoot%\Memory.dmp
Size: Size of OS kernel

The Automatic memory dump is the default option selected when you install Windows 10. It was created to support the “System Managed” page file configuration which has been updated to reduce the page file size on disk, primarily for small SSDs, but will also benefit servers with large amounts of RAM. The Automatic memory dump option produces a Kernel memory dump; the difference is when you select Automatic it allows the SMSS process to reduce the page file smaller than the size of RAM.

To check or edit the system paging file size, go to the following:

Windows 10 button | Control Panel | System and Security | System | Advanced system settings | Performance | Settings | Advanced | Change

2. Active Memory Dump

Location: %SystemRoot%\Memory.dmp
Size: Triple the size of a kernel or automatic dump file

The Active memory dump is a recent feature from Microsoft. While much smaller than a complete memory dump, it is probably three times the size of a kernel dump. This is because it includes both the kernel and the user space. On my test system with 4GB RAM running Windows 10 on an Intel Core i7 64-bit processor the Active dump was about 1.5GB. Since, on occasion, dump files have to be transported I compressed it, which brought it down to about 500MB.

3. Complete Memory Dump

Location: %SystemRoot%\Memory.dmp
Size: Installed RAM plus 1MB

A complete (or full) memory dump is the largest dump file because it includes all of the physical memory that is used by the Windows OS. You can assume that the file will be about equal to the installed RAM. With many systems having multiple GBs, this can quickly become a storage issue, especially if you are having more than the occasional crash. Generally speaking, stick to the automatic dump file.

4. Kernel Memory Dump

Location:   %SystemRoot%\Memory.dmp
Size: ≈size of physical memory “owned” by kernel-mode components

Kernel dumps are roughly equal in size to the RAM occupied by the Windows 10 kernel, about 700MB on my test system. Compression brought it down nearly 80% to 150MB. One advantage of a kernel dump is that it contains the binaries which are needed for analysis. The Automatic dump setting creates a kernel dump file by default, saving only the most recent, as well as a minidump for each event.

5. Small Memory Dump (a.k.a. a mini dump)

Location: %SystemRoot%\Minidump
Size: At least 64K on x86 and 128k on x64 (279K on my W10 test PC)

Minidumps include memory pages pointed to them by registers given their values at the point of the fault, as well as the stack of the faulting thread. What makes them small is that they do not contain any of the binary or executable files that were in memory at the time of the failure. However, those files are critically important for subsequent analysis by the debugger.

As long as you are debugging on the machine that created the dump file, WinDbg can find them in the System Root folders (unless the binaries were changed by a system update after the dump file was created). Alternatively, the debugger should be able to locate them automatically through SymServ, Microsoft’s online store of symbol files. Unless changed by a user, Windows 10 is normally set to create the automatic dump file for the most recent event and a minidump for every crash event, providing an historic record of all system crash events for the life of the system.

On-Call Welcome again to On-Call, our festive Friday frolic through readers’ recollections of jobs gone bad.

This week, something a little different from reader “DB” who says “I do server hardware warranty support for a known enterprise server vendor.”

DB’s been at it for 20 years and says he’s spent his career working on PCs, handhelds, networks and servers.

“I fix things,” says DB. “That’s what I do.”

Over 20 years DB has seen plenty. A particular low light came in the 1990s, when he had to deal with newly-minted Microsoft Certified Support Engineers “who hadn’t ever touched a piece of hardware, solved a real problem, or provided a real solution to any problem.”

DB labels those folks “Memorization geeks who’d passed tests, and gave the appearance of being experts when in fact, they didn’t know how to do anything.”

These days he thinks hell desk enemy number one is “useless System Administrators who create config problems when they make config mistakes and try to cover it by claiming hardware failure.”

“They resist sending logs but the diagnostic logs always reveal that no hardware has failed and that it is in fact, config.”

DB says the company he works for now has a whole department who handles calls like that. ¸ “A lot of useless sysadmins get transferred to the ‘How To’ team that I don’t work on,” he says, insisting he would need “a significant bump up in pay to add that to my current duties.”

He’s also reserving a place on an ice moon prison for callers who appear to work for third party support providers and just won’t do anything other than insist on a visit from a tech. He suspects that’s because those support providers don’t actually have feet on the street everywhere they promise to do so and aren’t capable of doing any meaningful support remotely.

DB’s tale makes for a rather different On-Call that we’re keen to explore. So if you work on a hell desk, or at a vendor in another capacity, or just have other tales of jobs gone pear-shaped, write to me and you could find yourself in a future edition of this crazy continuing column. ®

Sponsored:
Accelerated Computing and the Democratization of Supercomputing

White box switches have been around for years, but adoption has been limited to niche companies that have large engineering departments. The rise of software-defined networking (SDN) has brought them into the public eye, though, as a lower-cost alternative to traditional network hardware. In fact, some of the early messaging around SDN revolved around using white boxes as a complete replacement for all network hardware.

Despite the promise that SDN brought, the use of white boxes has been limited for a couple of reasons. The first is that historically, any organization that wanted to leverage a white box switch needed to have a number of technical specialists that many enterprises do not have. This would include network programmers and engineers fluent in Linux. These skills are commonly found in companies such as Facebook, Google and Amazon, but not so much in your average enterprise.

The other reason is that the operational costs of running a white box could be high. While the price point of the individual boxes is low, the cost of hiring programmers, support people and other staff drives the operational costs up. It’s hard to justify lower hardware costs at the expense of an increase in operational costs.

However, much has changed in the past few years, and white boxes have come a long way from where they were. I believe they are now ready for a broader range of companies to use.  I’m sure many of you reading this will be skeptical, as you may have taken a look at white boxes in the past and decided they weren’t for you. But if you do a little bit of due diligence, you can see the white boxes have improved significantly in the following areas:

• Cost and reliability. It may seem odd to put cost and reliability in the same bucket, but they do go together because we generally believe things that cost more are also more reliable.

  The reality is that the silicon and other hardware are often sourced from the same companies that mainstream hardware vendors use. What the customer is often paying for is the software that rides on top of the hardware and the logo. From a reliability standpoint, white boxes are on par with brand-name systems because they are actually the same hardware. 

• Features and capabilities. The question for buyers with respect to white box features is, “Are you compromising the features you need to run a network?” To answer that, one must understand the features required for the role white boxes play. There’s no question that white boxes are not at feature parity with layer 2/3 switches for uses such as campus switching or aggregation.

  However, that doesn’t really matter because no one would buy a white box for that. White boxes typically are used as a top-of-rack switch and/or as part of an SDN deployment, and white boxes are at feature parity for those use cases. They support industry standards such as OpenFlow, are highly programmable and work with orchestration tools such as Ansible, Chef and Puppet. 

  Also, white boxes tend to have strong telemetry capabilities and are more open so network administrators can get whatever information they need, when they require it for whatever purpose. In fact, in this area, it’s fair to say white boxes are often superior to traditional layer 2/3 switches. 

  Think of a traditional switch as a Swiss Army knife with a number of features that you may or may not use. A white box is more like a hunting knife where it has no spoon and fork but is optimized for one specific task. A white box is the SDN equivalent of that and has capabilities that are geared towards new workflows and where the SDN industry is headed.

• Network operations. Here is where white boxes have taken a hit mostly because there’s a fear of the unknown. Most engineers, even novice ones, understand the process of pulling a Cisco switch out of the box and getting it up and running. With white boxes, there’s much more uncertainty, and questions pop into network managers’ heads that make them skittish—things like “Do I have to write my own operating system?” “How do I install a network operating system” “What do I buy?” “What are all the steps involved?” “Who will provide me support?”

Those are all valid concerns, and I understand why it would give someone the heebie-jeebies. The lower cost and flexibility is great, but if it’s harder to get up and running and manage, then all the benefit you hoped to get would be wiped out because of the complexity.

But times have changed, and network engineers should no longer despair because white boxes can now be purchased from mainstream networks vendors such as Dell and HP. Also, these will come shipped with tried-and-true network operating systems from vendors such as Pica8 and Cumulus.

Also, when one purchases a white box from a vendor like HP and Dell, those suppliers will offer the kind of technical support most engineers need. So, if the organization is used to procuring a solution from a traditional supplier that includes hardware, software and support, the experience for a white box will be almost identical. Lastly, technical expertise around white box has grown. The number of operators that are familiar with ONIE and ODM white box vendors is much greater. This has increased the learning and best practices, making the white box universe much larger—and it’s growing daily.

From the interviews I have done with mainstream companies, I know there is tremendous interest in white boxes. Despite the maturity of the products, there is a fair amount of trepidation around these products. It’s my opinion that white boxes are certainly ready for mainstream adoption. Obviously they aren’t for every use case, but in the right situation, like an SDN deployment, they can be as good or better than traditional switches with a much lower price point and equivalent operational costs.

My recommendation is that instead of fearing the unknown, take one out of a test drive and see for yourself whether it meets your needs.

Microsoft has announced a number of features to be added to Office 365 users as part of the July 2016 update that are a group of “cloud-powered intelligent services” designed to save time and improve productivity for users of Word, PowerPoint and Outlook. The news came in an Office blog post by Kirk Koenigsbauer, corporate vice president for the Office team.

New to Word

Word is getting two significant new features, called Researcher and Editor. As its name implies, Researcher is designed to help the user find reliable sources of information by using the Bing Knowledge Graph to search for sources, and it will properly cite them in the Word document.

Microsoft will expand Researcher’s body of reference materials to also include sources such as national science and health centers, well-known encyclopedias, history databases and more. It will also bring Researcher to mobile devices so you are not limited to just your PC. 

+ Also on Network World: How to get and set up all the Office 365 components +

If Researcher helps you start your paper, Editor helps you to finish it. This new feature builds on the already-existing spellchecker and thesaurus to offer suggestions on how to improve your overall writing. In addition to the wavy red line under a misspelled word and the wavy blue line under bad grammar, there will be a gold line for writing style. The initial writing style covered will be for clarity, but Microsoft promises that Editor will get better over time.

PowerPoint Features

As for PowerPoint, Microsoft already launched two new features, Designer and Morph, last November that allowed users to add some flair to their presentations. Now the company is offering Zoom, a feature that lets you easily create “interactive, non-linear presentations. 

Instead of the 1-2-3-4 linear method of presenting slides, forcing you to place them all in the order you wish to display, presenters will be able to show their slides in any order they want at any time. This way you can change your presentation order as needed without having to stop PowerPoint or interrupt the display.

Outlook updates

Finally, there are some updates to Outlook. Office 365 is finally getting Focused Inbox, which has been available on Outlook for iOS and Android for some time. Focused Inbox separates your inbox into two tabs: one for the email that matter most to you and one for everything else. High-priority emails are in the “Focused” tab, while the rest are in the “Other” tab. As you move email in or out of the Focused tab, Outlook learns from your behavior to adjust to your priorities. 

Outlook 365 and Outlook for PC and Mac are all getting @mentions, making it easy to identify emails that need your attention, as well as flag actions for others. To flag someone, just type the @ symbol in the body of the email and pick the desired person. Their name will automatically be highlighted in the email and their email address automatically added to the To: line. If you are mentioned, the @ symbol will show up in Outlook, and you can filter to quickly find all emails where you are mentioned.

Microsoft didn’t get a release schedule for these features, but count on them coming shortly.