Optimize cloud-managed downloads with Delivery Optimization and Configuration Manager

by Contributed | Mar 2, 2021 | Technology

This article is contributed. See the original author and article here.

Pairing Delivery Optimization with Microsoft Connected Cache can minimize internet bandwidth usage as your cloud-managed devices come back to the office.

With the surge of people working from home, IT admins are increasingly using cloud management for their devices, pulling updates directly from the Microsoft cloud. In doing so, however, they also face concerns around minimizing internet bandwidth usage and supporting a hybrid model to manage devices from on-premises to cloud management. Fortunately, Delivery Optimization is here to help you alleviate these concerns. Today’s post focuses on helping you understand how.

Delivery Optimization: a distributed solution

Before jumping into the specifics of Delivery Optimization and Microsoft Connected Cache, here’s a refresher on the Delivery Optimization technology.

Delivery Optimization is used in most Microsoft cloud-managed content downloads today. It’s a built-in Windows component that leverages a cloud service designed to reduce the download bandwidth impact for Microsoft content or your content.

Delivery Optimization is mostly known for being a peer-to-peer (P2P) distributed cache technology, but it is also used as a downloader to pull most Microsoft content from the cloud, providing you with tools to control bandwidth traffic and throttling capabilities, to name a few.

Microsoft Connected Cache complements Delivery Optimization by serving as a dedicated cache on your organization’s network. This is a server-based solution that transparently and dynamically caches content that your devices need to download. The Microsoft Connected Cache efficiently caches content locally from what Delivery Optimization pulls down from the cloud.

Delivery Optimization is integrated with most Microsoft platforms and continually adds support for new content. Some of the most recent examples include Windows Dynamic Updates, MSIX apps, and the new Edge browser. Some of the most recent examples include Windows Dynamic Updates, MSIX apps, and the new Edge browser. Down the road, Delivery Optimization will be used for downloads when using an MDM tool like Microsoft Intune to push a new policy.

Delivery Optimization umbrella: P2P and Microsoft Connected Cache

Delivery Optimization is a sophisticated downloader. Building on top of it, we can find a hybrid P2P communication capability. In P2P, content must be published, generating metadata about that content.

When content is requested by Delivery Optimization, this metadata helps guarantee that content has not been tampered with, determines which content is available within the peer network, and ensures the content is reliably downloaded.

By default, Delivery Optimization is enabled out-of-the-box with P2P enabled for seeking peers in the same local network. This means the Delivery Optimization service identifies peers behind the same Network Address Translation (NAT), breaking out to the internet using the same public IP address and returns the private IP address of those peers to connect to. To extend P2P beyond the same NAT, Delivery Optimization can be enabled with group download mode.

Delivery Optimization with peer-to-peer cache

Delivery Optimization is integrated with boundary groups within the Configuration Manager where it can select peers from a specific boundary group. By default, Delivery Optimization will use the information it gathers about the LAN to create a strong P2P network. For example, when a co-managed endpoint downloads the app provisioned by Intune, Delivery Optimization can use boundary group information to find a peer within that device group.

Check out the Delivery Optimization: Scenarios and configuration options blog post for more information on the options you have for different scenarios to help manage bandwidth with Delivery Optimization.

There are cases where P2P technologies aren’t a viable option, for example, environments with network limitations like an all VPN Wi-Fi network, or environments where there aren’t enough devices in the network or group to warrant P2P (fewer than 10 devices).

Enter Microsoft Connected Cache, a solution that can work as a complement to P2P. Microsoft Connected Cache dynamically caches content based on the client requesting the content the device needs.

The Microsoft Connected Cache solution is easily configured within Configuration Manager. It doesn’t require massive amounts of hardware because it caches content at the requested byte range level vs the entire file, reducing the space requirement on your distribution points. For example, if a device downloads an update and only 5MBs are needed out of a 1GB file, Microsoft Connected Cache would only cache the 5MBs. Otherwise, the Configuration Manager would push content to be cached to a distribution point and require the device to download the 1GB file.

You can use Microsoft Connected Cache with Configuration Manager or Intune by setting the DOCacheHost or the Cache Server Hostname policy set to a comma-separated list of fully qualified domain names (FQDNs) or IPs of the distribution point can be set as a Configuration Manager group policy or an MDM policy in Intune. Visit the Delivery Optimization reference for a complete list of policies.

Microsoft Connected Cache is pre-provisioned to cache Microsoft content. During the download, the Microsoft Connected Cache policy will tell the Delivery Optimization client to use Microsoft Connected Cache for content. If there’s an issue accessing Microsoft Connected Cache, the Content Delivery Network (CDN) will be used as the fallback to retrieve content.

Delivery Optimization with Microsoft Connected Cache

Still wondering about how powerful the Delivery Optimization umbrella of offerings is? When adding P2P to downloads from the cloud, we see up to 70% of bandwidth savings. By adding Microsoft Connected Cache to P2P, we almost close the gap with up to 98% caching efficiency for delivering content to a device.

Bandwidth savings with Delivery Optimization

Microsoft Connected Cache use cases

Use case 1

Your devices may be managed via Configuration Manager or co-managed. You have boundary groups defined to reflect your network topology.

Recommendations:

• Install Microsoft Connected Cache on your distribution point with just a few clicks to set the drive you want to use or the amount of storage you will need.


• Configure Delivery Optimization to pull content from Microsoft Connected Cache on your distribution point in line with your boundary group definitions.
  You can do so by following this path: Default Settings > Delivery Optimization > Device Settings > Enable devices managed by Configuration Manager to use Microsoft Connected Cache servers for content download > Yes.

Use case 2

Your devices may be managed via Configuration Manager or co-managed. You have not defined any boundary groups in Configuration Manager.

Recommendations:

• Same as use case 1, install Microsoft Connected Cache on your distribution point.


• Configure Delivery Optimization by setting up a Group Policy that points to Microsoft Connected Cache via the server FQDN or IP.

Use case 3

Some of your devices are managed via Intune. Boundary groups are not applicable.

Recommendations:

• Same as use case 1, install Microsoft Connected Cache on your distribution point.


• Set an MDM policy to point Delivery Optimization to Microsoft Connected Cache by using FQDNs or an IP address.

With Microsoft Connected Cache installed on your Configuration Manager distribution points, you can extend your existing on-prem infrastructure to support your cloud-managed devices that would otherwise pull content from the cloud. You do not need to manage the devices via Configuration Manager to take advantage of Microsoft Connected Cache in Configuration Manager!

Visit Microsoft Connected Cache in Configuration Manager for more information on setting up Microsoft Connected Cache in Configuration Manager.

Microsoft Connected Cache: client configuration in Windows 10, version 2004

In the Windows 10 version 2004 release, we added a few more configuration options to help you leverage Microsoft Connected Cache on your Intune-managed devices.

The Cache Server Hostname Source allows you to specify how your devices can discover Microsoft Connected Cache servers dynamically using a DHCP server. You can set the desired FQDN or IP Address using DHCP Scope 235.

We’ve also introduced policies to delay the fallback from Microsoft Connected Cache to the HTTP Source, which can be set separately for foreground and background activities. By default, if a Microsoft Connected Cache server returns a failure, the download will switch back to the HTTP source or the CDN. With these policies set, you can ensure that Microsoft Connected Cache will be used even in a network where the connectivity between the client device and Microsoft Connected Cache is flaky.

Another update is the activity monitor inside the Delivery Optimization settings so you can quickly see if a Microsoft Connected Cache server is being used and how much data is coming from that server.

Activity monitor within Delivery Optimization

Delivery Optimization and VPN

With people around the world working from home, we’ve received many questions on the topic of VPN and how Delivery Optimization handles a VPN connection. It’s important to remember that VPNs try to hide themselves, and even though Delivery Optimization tries to detect a VPN, it may not always be able to do so.

Once Delivery Optimization detects a VPN connection, it will suspend all P2P activity. However, if you notice unexpected traffic over port 7680, you can apply a policy to all devices connecting over VPN to disable P2P by setting the Download Mode policy to 0.

For devices that connect over VPN, you can configure split tunneling and FQDN-based safelists to enable devices to connect freely to your network and avoid the burden to your VPN infrastructure by sending all cloud traffic directly. This also allows P2P to be used in the home environment.

Microsoft Connected Cache: what’s coming next

We are working on a version of Microsoft Connected Cache that doesn’t require a Configuration Manager distribution point. In addition, we are working towards bringing you a containerized solution that will be managed via the Azure portal to offer greater flexibility in installation requirements. Stay tuned for more details on this one in a future blog post.

In the meantime, visit the Introducing Microsoft Connected Cache: Microsoft’s cloud-managed cache solution blog post to learn more about the capabilities of Microsoft Connected Cache and let us know that you are interested in participating in our preview program.

Leave a comment below to let us know what you think about using Delivery Optimization with Configuration Manager to make your cloud content downloads easier!

Learn more about the future of SharePoint Syntex at Microsoft Ignite

by Contributed | Mar 2, 2021 | Technology

This article is contributed. See the original author and article here.

Last month, we released Microsoft Viva Topics as part of the introduction of Microsoft Viva, the first Employee Experience Platform built for the digital era.   SharePoint Syntex and Viva Topics are developed and delivered together to help you enrich your content and turn it into action and knowledge.

This week at Microsoft Ignite we highlighted our continuing enhancements to Microsoft Viva Topics and announced our latest expansion of the Microsoft Content Services Partner Program.  And we’ve also rolled out new capabilities for SharePoint Syntex to help you get even more from your content in Microsoft 365.

Document understanding model improvements

Document understanding helps you scale your expertise and build no-code AI models to recognize and tag unstructured content. When working with your example files, we’ve added a new find function to make it easier to locate the terms you wish to extract.

Search inside model training files

This feature is available now.

When you create an explanation, by default the entire document is searched for the phrase you are trying to extract. However, you can use the Where these phrases occur setting to isolate a specific location in the document for that phrase.

 Use regions in document for more precise modeling

This feature is available now.

We’re providing three new explanation templates to aid with creating explanations for your models. These new explanations automatically enumerate the words or characters that occur before or after your labels – or the labels themselves to create a contextual explanation.

This feature is available now.

Compliance updates

Retention labels are now available for form processing models. When creating a form processing model, you can now apply a published retention label to use by default when that content type is recognized.

Apply retention label to form processing models

This feature is available now.

Content center analytics

If you have multiple content centers, you can now see activity across all content centers rolled up to you default content center. This includes both document understanding models from the different content centers, in addition to form processing models created across the tenant. You’ll need to be a SharePoint Syntex content manager or a SharePoint admin to use these analytics. This gives content managers and other stakeholders a centralized portal to manage and oversee the content centers and models across the company. 

VIew models from multiple content centers

Other content centers will only show model usage analytics for their “local” models. This gives “local” content managers usage data without the clutter of activity from across the organization.

SharePoint Syntex model analytics

This feature is available now.

Content type publishing to hub sites

A content type is a reusable collection of details about a category of content in Microsoft 365. A content type associates this item with key metadata or other information such as a template or a set of extended metadata columns. For example, you can define a Sales Contract content type and add it to the library that your team uses. Then, any time someone wants to create a sales proposal, they just choose Sales Contract from the New Document menu. Their document will use the default template and have placeholders for custom columns, such as “Customer” or “Product”.

SharePoint Syntex builds document understanding models as a superset of content type properties, so the processing rules for identifying content and extracting metadata, along with default retention policies can be automatically invoked. SharePoint itself has an existing process for synchronizing changes to content types among multiple sites – syndication – that requires manual subscriptions from target sites to a master set of content types. But this process can be cumbersome in large, distributed information architectures.

To make important content types more consistently available to document libraries, you can push them to the SharePoint hub sites that you select. Pushing the content types automatically adds them to any new lists and libraries created on the sites associated with the hub – and to any new sites added to the hub. This feature requires a SharePoint Syntex license for administrators and users. After the initial push, changes to content types will be distributed in minutes from the hub site to connected sites.

This feature will begin rollout in April 2021.

Roadmap

Our team is working with our customers as we deliver additional updates to Microsoft Viva Topics and SharePoint Syntex. We’ll continue to drive user experiences, foundational services and APIs, expanded language support, and government cloud coverage (GCC) as our top priorities for 2021.

We’ll share more detail on all of these and more on the Microsoft 365 roadmap.

SharePoint Syntex at Ignite

You can learn more about SharePoint Syntex at Microsoft Ignite this week, including:

Ask the Experts

ATE-FS193 | Ask the Experts: Meet Microsoft Viva: a new kind of employee experience
Now that you have the basics covered, we invite you to ask the questions that may not have been answered in sessions already. There will be a team of Subject Matter Experts available to answer questions both on camera and in chat and point you in the right direction to get started on your own Microsoft Viva journey. Come with questions about SharePoint Syntex, Viva Connections, Viva Topics, Viva Learning, and Viva Insights.

Wednesday, March 3 | 2:00 PM – 2:30 PM PST

On-Demand Sessions

OD372 | Microsoft Viva Topics: Put knowledge to work with content and AI by Chris McNulty and Naomi Moneypenny
Viva Topics frees up time by making it easy for people to find information and put knowledge to work. And SharePoint Syntex uses advanced AI and machine teaching to amplify human expertise, automate content processing, and transform content into knowledge.

For details on all the sessions at Microsoft Ignite, please read the Viva Guide to Ignite blog post. 

Thanks again, and we look forward to seeing you at Microsoft Ignite and here on the Tech Community.

Azure Automanage for virtual machines – Public Preview update

by Contributed | Mar 2, 2021 | Technology

This article is contributed. See the original author and article here.

In September 2020, we introduced Azure Automanage for virtual machines (VMs) in public preview, a service that helps customers reduce day-to-day management tasks in various areas across the entire lifecycle of their VMs by automatically implementing VM management best practices as defined in the Microsoft Cloud Adoption Framework for Azure. With a few simple clicks, Azure Automanage automates management of key best practices services such as backup, update management, monitoring, security, OS baselines, and more. Today, we’re excited to share some updates for Azure Automanage to further simplify your IT operations.

Azure Automanage now supports Linux

We are excited to share that Azure Automanage, previously only available on Windows Server, is now in public preview for Linux VMs. Azure Automanage now supports CentOS, RHEL, Ubuntu and SLES, with more distributions and versions planned to be supported in the future. More details on Linux distribution and version support are available in our public documentation.

There are three differences to note for Automanage on Linux VMs:

1. Microsoft Antimalware is not supported on Linux VMs so you will have to bring your own antimalware solution. We are working to add this support in the future.


2. Guest Configuration and the Azure baseline behavior are different for Linux VMs. Automanage will enable Guest Configuration and onboard your Linux VMs to the Azure Linux OS Baseline, but the baseline will be enabled in audit mode only. Noncompliance will not be automatically remediated, but instead is able to be reviewed within Guest Assignments in the Azure portal. More details on Guest Configuration and the Azure Linux OS Baseline are available in our public documentation.


3. The hotpatch feature is not available for Linux VMs. More details in the Windows Server section below.

You can deploy Automanage on your Linux and Window Server VMs using the Azure portal, the existing , or using an Azure Resource Manager (ARM) template. Our various deployment options allow for easy deployment at the scale and scope that works for you. Get started today with Automanage in the Azure portal.

Azure Automanage for Windows Server

We are also excited to introduce a brand-new hotpatch capability unique to Azure Automanage for Windows Server. This new Automanage capability allows updates to be installed on your new without needing to reboot, helping keep your VM up to date and secure while minimizing workload impact.

With Azure Automanage for Windows Server, you receive all the base management benefits – automatic onboarding, configuration, and management of services such as Azure Backup, Azure Security Center, Azure VM Insights Monitoring, Azure Update Management, and more – as well as the uptime benefits of hotpatching, all bundled into one simple user experience.

Azure Automanage for Windows Server is available when you create a new Windows Server VM in the Azure portal. Use the “Microsoft Server Operating Systems Preview” offer in the marketplace.

Within the Microsoft Server Operating Systems Preview offer, select the “Windows Server 2019 Datacenter: Azure Edition” image, and Automanage will be automatically enabled for you when you create the VM.

Get started with Azure Automanage for Windows Server in the Azure portal.

New Azure Automanage portal experiences

VM Create portal experience

Up until now, you could only enable Automanage on an existing VM, either through the Automanage blade in the portal, or through Azure Policy, or an ARM template. We’re excited to share that Automanage is now available as an option within the VM Create workflow, meaning that now you can create a VM with Automanage automatically enabled. Now you can truly point-click-set-and-forget about the overhead of VM management for your VM’s entire lifecycle, from the very beginning when it is created to when you no longer need it.

You can find Automanage under the Management tab in the VM Create flow:

Note that this experience is currently not enabled by default. To access this experience, use the link at the end of this blog post.

VM Management portal experience

You can now also access Automanage directly from your VM’s table of contents on the left. Simply scroll down to the Operations section and you will be able to view Automanage details of your VM if Automanage is enabled.

If Automanage is not enabled, you will be given an option to enable Automanage directly in the portal, or visit the Automanage blade for more details.

Enable Automanage updated portal experience

We have updated the experience of enabling Automanage on an existing VM to make it easier for you to understand what choices you have to choose from. The Machines selection remains unchanged, and you may select either Windows Server or Linux VMs from the pane that pops up when you click Select machines. You may also view eligibility information at that time for your VMs.

The Configuration selection has been streamlined to better reflect the environment in which you may be running your VMs. Click on Compare environments if you want to compare the services offered in Dev/Test and Production.

We have moved Configuration preferences to the main enable workflow, allowing you to easily tweak the Dev/Test or Prod Configurations to meet your requirements. The list of adjustable configuration preferences has also increased: you may now disable Antimalware and save that as a new Configuration preference if that better suits your needs.

To see the portal updates for yourself, visit the Azure portal.

Get started

Get started with Azure Automanage in the Azure portal here.

Learn More

General documentation

https://aka.ms/automanage-docs

Linux preview documentation

https://aka.ms/amvmlinuxpreview

Automanage onboarding using the portal

https://aka.ms/AutomanagePortal

Automanage onboarding using Azure Policy

https://aka.ms/AutomanagePolicy

Automanage FAQ

https://aka.ms/AutomanageFAQ

Windows Admin Center version 2103 is now generally available!

by Contributed | Mar 2, 2021 | Technology

This article is contributed. See the original author and article here.

Today we are excited to announce the general availability of Windows Admin Center version 2103! A big THANK YOU to the Windows Admin Center community, customers, partners and fans! We have continued to listen to your feedback and, as a result, developed Windows Admin Center into a unique, multi-purpose management tool that just keeps getting better.  

We have several new features in this release, including in-app updates for both the Windows Admin Center platform and extensions. We expect this update feature to deliver continuous functionality updates and an improved user experience. Additionally, we’ve made improvements to both accessibility and to core tools like the Events tool, the Virtual Machine tool, and to Azure hybrid center. Our partners have also begun releasing their integrated snap-in experiences for Azure Stack HCI workflows, providing a seamless driver and firmware update mechanism. This ensures that IT Administrators keep their Azure Stack HCI systems up to date. 

Here’s a video demoing the new features in Windows Admin Center version 2103. 

Download Windows Admin Center v2103 today! 

New features and updates

Windows Admin Center supports Azure IoT Edge for Linux on Windows

Early this year, the Azure IoT Edge team announced the public preview of Azure IoT Edge for Linux on Windows. IoT Edge for Linux on Windows works by running a Linux virtual machine on a Windows host. The Linux virtual machine comes pre-installed with the IoT Edge runtime. The IoT Edge extension for Windows Admin Center facilitates installation, configuration, and diagnostics of IoT Edge on the Linux virtual machine. By using Windows Admin Center, you can deploy IoT Edge for Linux on Windows on the local device or can connect to target devices and manage them remotely.

For more information about IoT Edge for Linux and how to get started, check out this video and see this documentation. 

Windows Admin Center in the Azure Portal is now in public preview

In addition to the general availability announcement of Windows Admin Center v2103, today we also announced the public preview of Windows Admin Center in the Azure Portal. This new capability enables seamless and granular management of your Windows Server Azure IaaS virtual machines (VMs) from within the Azure Portal. The user interface in this experience is the same as the Windows Admin Center you know and love, which allows you to configure, troubleshoot, and perform maintenance tasks in a familiar way, all while providing cloud capabilities that were once only available to on-premises users.

To read more about Windows Admin Center in the Azure Portal, see this documentation or visit the Azure Portal to start using it today.

What’s new in Windows Admin Center v2103

Platform updates

Automatic in-app updates

We are happy to share that we are addressing one of our oldest User Voice requests! Windows Admin Center is introducing in-app and automatic updates. Your Windows Admin Center instances are always going to be up to date with seamless auto-updating for both your gateway and extensions. This will not only allow you to get updates faster, but also reduce the bi-yearly struggle of filling out our evaluation form to get the latest updates. 

Please note that this feature is currently in preview and will be improving over our next few releases. 

Automatic platform updates: 

1. Navigate to the Settings menu using the gear on the top right corner 


2. Select Updates 

Automatic extension updates 

This new feature allows you to keep all your extensions up-to-date, even between releases of the Windows Admin Center platform, all by using a toggle. Manage your automatic extension updates by following these steps: 

1. Navigate to the Settings menu using the gear on the top right corner 


2. Select Extensions 


3. Select the toggle near the top of the page to enable or disable automatic extension updates 

Gateway proxy support

Windows Admin Center can now redirect your outbound traffic through a proxy. This means you can access Azure services, extensions, and internet communication through your custom proxy. This has been a widely requested feature for many years so we’re glad to bring this to you. Set a proxy server by navigating to the Proxy tab in settings: 

Pop-out tools

Each of the tools in Windows Admin Center can now be managed in a pop-up window. You can “pop out” the tool by hovering on the tool name in the tools list.  

Privacy

We’re bringing your Windows Admin Center privacy settings front and center. We know that your privacy is very important. To help you manage these settings, we have a new page for you to toggle the amount of data your Windows Admin Center instance sends to Microsoft. In this release, you will see two new screens for privacy management: one in your gateway settings (Diagnostics & feedback) and one in the installer itself.

Core management tools

Events tool redesign

We know the Event Viewer is a staple for IT Administrators and is regularly used by customers to better understand what is going on with their systems. When you need to investigate or troubleshoot, there’s no better place to turn to than Event Viewer. The classic Event Viewer interface was introduced in 1993 and hasn’t changed much since. We, on the Windows Admin Center team, believed it was about time you got an upgrade. That’s why in this release, we’ve enhanced the way in which you understand how features, apps, and devices are working. You can access our new and improved Event Viewer by enabling the preview toggle in the top right corner of the tool. 

With this look and feel, you can tailor your experience to the specific events and severity levels you’re interested in and display the data over a period in the form of both a list and a new stacked bar format. Like our Performance Monitor tool, you can create and save workspaces, allowing you to bring up all your desired data quickly and easily. You are no longer restricted to viewing events one at a time, which was the case in the previous Events tool. Now you can easily group events from different channels. 

This tool is under active development and is still missing some crucial features. The original event viewer will remain accessible.

Virtual Machine tool

Virtual Machine management continues to be a large area of investment for the team. We are working to continuously improve the experience and bring you new features. In this release, new and improved features include:

• Integration services settings – There is now an Integration Services tab in the VM settings menu. You can use this tab to configure settings like time synchronization, heartbeat, and shutdown. 


• Editable columns and groupings – The ability to edit your columns and groupings is here. As an IT admin, you now have full control of which information about our virtual machines you are interested in and what your view looks like, whether in the server or cluster view. Just like in some of the other tools, the button is on the top right corner of the tool. 

• Edit virtual switches during VM move – In the past, your virtual machine migration would fail if the name of the virtual switches between the source and destination were not the same. Not anymore! When migrating a VM with a virtual switch configured between nodes or clusters, you now have the option to reassign your virtual switches using a simple drop down. 

• Bug fixes – We’ve fixed several bugs in this tool, including an error that would result when you attempted to load a cluster with a large number of nodes and a large number of clustered VMs. 

Azure hybrid center

We’re investing in improving Windows Admin Center’s Azure services, and we’re starting off with the main tool—Azure hybrid center. In this release, you’ll notice we modified the UI to make your experience of setting up Azure services more streamlined. We now recommend you onboard to Azure Arc prior to onboarding to other Azure services for the best user experience. 

Azure Stack HCI

Cluster deployment

We’ve also made improvements to networking in the deployment wizard of Windows Admin Center. Some of these improvements include addressing issues with adapter detection, management adapter teaming, detection of RDMA supportability and storage spaces configuration.  

The announcement that we are most excited about in this space is the release of integrated snap-in experiences by some of our Original Equipment Manufacturing (OEM) partners. These extensions provide a seamless integrated experience in the deployment wizard. If you are running HCI clusters on a validated OEM partner hardware, the WAC partner snap–in will bring in the latest firmware and drivers to keep your cluster nodes up to date. 

These snap-in integrations are also available as part of Cluster-Aware Updating (CAU). If you’re planning on trying out a snap-in experience, make sure you have the latest version of the Cluster Manager extension. 

Partner Ecosystem

Windows Admin Center is built to be an extensible platform, and we value the contributions of our partners to the Windows Admin Center ecosystem. Our partners have been hard at work developing their integrated snap-ins for Azure Stack HCI workflows. As of today, four partners have released extensions containing snap-ins. 

Dell EMC OpenManage

The Dell EMC OpenManage extension has been updated with an integrated snap-in for both the Azure Stack HCI cluster deployment flow and Cluster-Aware Updates, as well as performance improvements. The Dell EMC OpenManage extension for Windows Admin Center enables IT administrators to manage Dell EMC PowerEdge servers as hosts, Microsoft failover clusters created with PowerEdge servers, Dell EMC Integrated System for Microsoft Azure Stack HCI, and Dell EMC HCI Solutions for Microsoft Windows Server with Dell EMC Microsoft Storage Spaces Direct Ready Nodes or AX Nodes. This simplifies the tasks of IT administrators by remotely managing PowerEdge servers, clusters, HCI and Dell EMC Solutions for Microsoft Azure Stack HCI throughout their life cycle. 

Version 2.0.0 of the Dell EMC OpenManage extension contains several major updates and feature improvements, including:  

• Support for the management and monitoring of Azure Stack HCI version 20H2 OS 


• Hardware, firmware, and BIOS updates in the Windows Admin Center Azure Stack HCI cluster create wizard through snap-in integration 


• Full stack Cluster-Aware Updating through the integration of a snap-in, which provides hardware, BIOS, and firmware updates in addition to the operating system updates available in Windows Admin Center 


• Schedule Cluster-Aware Updating for hardware updates 


• Numerous enhancements, including support for target nodes running Windows Server Core, an improved Update Source catalog selection view, improvements in compliance generation, and a new way to view license details 

For a complete list of new features and updates, check out the Dell EMC OpenManage version 2.0.0 release notes.  

Lenovo XClarity Integrator

The Lenovo XClarity Integrator extension has been updated with an integrated snap-in for the Azure Stack HCI Cluster create wizard and several new features. The Lenovo XClarity Integrator for Windows Admin Center provides IT administrators a smooth and seamless management experience across Windows Server hyper-converged and physical infrastructure. This standalone Windows Admin Center solution extends Server Manager, Failover Cluster Manager, Firmware Update, and Hyper-Converged Cluster Manager in a single unified UI to enable simple server management. 

Version 3.0.5 of the Lenovo XClarity Integrator extension includes the following improvements and updates: 

• Firmware/driver update snap-in for Azure Stack HCI cluster creation 


• Firmware/driver updates without the need for Lenovo XClarity Administrator installation 


• Firmware/driver update package repository management 


• HTTP proxy settings 


• Log settings 


• Native OS management settings 


• Support for previous versions of Windows Admin Center and XClarity Integrator 

DataON MUST Pro

The DataON MUST Pro extension is now generally available. DataON MUST Pro integrates with the Windows Admin Center cluster deployment flow and cluster-aware updating functionality to simplify deployment and updates to Microsoft Azure Stack HCI, with minimal disruptions to your infrastructure. MUST Pro automatically compares your DataON Integrated Systems for Azure Stack HCI against DataON’s latest quarterly validated server component image baseline. It also ensures that servers have the same OS version, drivers, firmware, BIOS, and BMC, and checks the drivers and firmware for network cards, host bus adapters, and SSD and HDD drives. 

This extension release includes the following features:

• Support initial HCI Cluster creation flow via full integration WAC   


• Support maintenance update flow via Microsoft cluster aware update features for bios, firmware, drivers and BMC 


• Support both Online and Offline mode 


• Update MUST Inventory Page to support bios, firmware, drivers and BMC comparison between existing cluster hardware to latest golden image built  


• Support DataON Integrated Systems for Microsoft Azure Stack HCI 

SecureGUARD Blazics Updates

The SecureGUARD Blazics Updates extension is now generally available. The SecureGUARD Blazics Update extension for Windows Admin Center provides an easy-to-use interface to select and install SecureGUARD-approved updates for SecureGUARD Blazics servers. The mechanisms for driver and firmware updates are directly integrated into the workflow when creating a hyperconverged cluster based on Azure Stack HCI OS 20H2 as well as the workflow for cluster-aware updates (CAU). 

This extension is a snap-in and will appear when using the cluster create wizard or cluster-aware updating (CAU) flows.

Other partner extension updates

• QCT Management Suite – The new version of this extension includes an added firmer/driver download list. 


• DataON MUST – The new version of this extension includes bug fixes.

Download today!

We hope you enjoy this latest update of Windows Admin Center, the various new functionality in preview, and all the extensions now available. Learn more and download today! 

As always, thanks for your ongoing support, adoption, and feedback. Your contributions through user feedback continue to be very important and valuable to us, helping us prioritize and sequence our investments. 

<3,  

Windows Admin Center Team (@servermgmt) 

AKS on Azure Stack HCI + Azure Arc = Better together!

by Contributed | Mar 2, 2021 | Technology

This article is contributed. See the original author and article here.

Azure Kubernetes Service on Azure Stack HCI (AKS-HCI) with Azure Arc enabled Kubernetes provides you with an environment that makes it easy to deploy, secure and monitor containerized applications at scale. By natively integrating AKS on Azure Stack HCI with Azure Arc, we make managing applications easy for you every step of the way, so you can focus on developing amazing applications.

In this blog, I will cover how AKS-HCI and Azure Arc complement one another. Before we get started, a quick, brief introduction to AKS-HCI.

Last year at Ignite 2020 we launched Azure Kubernetes Service on Azure Stack HCI (AKS-HCI) – an on-premises implementation of AKS that enables you to run containerized applications on Azure Stack HCI or Windows Server 2019 Datacenter the same way you would on AKS in Azure.

This gives you the flexibility to put your business needs first and choose a deployment model that works for you. AKS on Azure Stack HCI is built on 4 value pillars:

• Easy to deploy and easy to use


• Support for Linux and Windows containers


• Secure out-of-the-box


• Azure connected through Azure Arc

Running AKS in your datacenter does not mean you cannot enjoy Azure services like Azure Policy and Azure Monitor. Through Azure Arc, you can connect to Azure services for on-premises applications just like you would with AKS on Azure.

Furthermore, you can automate deployment of your applications and baseline configurations as Azure Arc makes it easy to implement GitOps. Connect your repository containing Kubernetes Helm charts and YAML manifests to an Azure Arc connected AKS-HCI cluster and Arc agents automatically deploy applications for you. If you want to deploy the same application at scale across multiple new and existing AKS-HCI clusters, you can use Azure Policy with a baked-in GitOps configuration.

When it comes to the security and compliance of your containerized applications and AKS-HCI clusters, Azure Policy provides a set of curated, built-in policy definitions that apply safeguards across all your AKS-HCI clusters in a consistent manner. Once you have successfully deployed and secured your application, you can use Azure Monitor for containers to monitor the health of your application and AKS-HCI clusters.

We have made it as easy as possible for you to connect your AKS-HCI clusters to Azure Arc. Windows Admin Center (WAC) natively integrates AKS-HCI with Azure Arc. All you need to do is provide us with your Azure subscription and resource group details and you are good to go! AKS-HCI manages the entire Azure Arc onboarding experience for you so you can focus on your applications and business needs.

Getting started

To get started with AKS on Azure Stack HCI and Azure Arc enabled Kubernetes, we have created a couple of great guides –

1. If you have an Azure Stack HCI cluster or a Windows Server 2019 failover cluster, head over to AKS-HCI documentation for a complete list of features and how-to guides. We would love to hear from you via our GitHub project.
   
   


2. If you do not have an Azure Stack HCI cluster lying around but are curious about AKS-HCI, you can evaluate using an Azure VM. Visit evaluate AKS-HCI and give the provided guide a go. We would love to hear from you via our GitHub project.
   
   


3. Head over to Azure Arc enabled Kubernetes documentation to learn more about the product and its features. The Azure Arc Jumpstart team has also created a dedicated automated scenario for AKS-HCI with Azure Arc enabled Kubernetes. Give it a spin and let us know what you think!

How to build a resilient over-the-air update solution

by Contributed | Mar 2, 2021 | Technology

This article is contributed. See the original author and article here.

With the growing presence of intelligence at the edge, it is critical to support a high-level of security to prevent malicious attacks on edge devices. Therefore, it is essential to build a robust and resilient update story to enable devices to be easily patched. Microsoft Azure Percept delivers a leading over-the-air update experience using services and tools native to Azure.

For Azure customers and partners, secure update is one of the first device management functionalities they want to adopt. In Azure Percept, the update stack is core to the devices and experiences. In this article, find out how to build a robust and resilient update story for your IoT and edge AI devices by harnessing the power of Azure and the recently announced Device Update for IoT Hub.

Understanding the Azure Percept update architecture

Azure Percept uses an atomic A/B image update to update the host operating system (OS) and firmware (FW) using Device Update for IoT Hub, which is a comprehensive platform to operate, maintain, and update IoT devices at scale. The business logic and AI models run as containers on the device and are updated using Azure IoT Edge.

Azure IoT Edge moves cloud analytics and custom business logic to devices so that your organization can focus on business insights instead of data management. Scale out your IoT solution by packaging your business logic into standard containers, which can be deployed to any of your devices and monitored from the cloud.

Device Update for IoT Hub empowers users to rapidly respond to security threats and to deploy new features to meet business objectives without incurring the additional development and maintenance costs of building their own update platform. Device Update for IoT Hub implements robust security measures, as well as rich management controls and reporting to help ensure customers stay in control of the update process. Device Update for IoT Hub is now available in preview in the Western U.S., Asia, and Europe.

Figure 1: Azure Percept update architecture

Exploring the Azure Percept infrastructure

The Azure Percept engineering team used the power of Azure to develop the ideal infrastructure to build, test, and publish updates.

Azure DevOps and Build Pipeline

Azure Percept update artifacts are created through Azure Pipelines in Azure DevOps. Pipelines enable the engineering team to continuously build, test, and deploy to any platform and cloud. With Pipelines, we have automated the Azure Percept builds and deployments, empowering the engineering team to spend less time on manual tasks and more time being creative. The pipeline has ARM64 and X64 servers running the corresponding flavors of the Ubuntu Operating System. Azure DevOps Pipeline supplies key tasks, including the authoring of the Bash script to carry out the build task. The output artifact of the Azure DevOps pipeline includes the base image file (RAW.XZ), update image file (SWU), and the import manifest file (JSON).

Automated VM testing

An update issue can lead to a loss of devices, which increases the maintenance cost of recovering bricked units and significantly impacts end-to-end operations. Which is why Azure Percept integrates automated VM testing using Azure Pipelines. Daily automated tests validate the update stack end to end. High-level steps include:

1. A dedicated Windows Server Machine has a base version of Azure Percept VM Image. The Azure DevOps Pipeline automatically provisions this VM Image


2. The build pipeline creates the images and update artifacts


3. Azure DevOps Pipeline is used to automate the following steps of import, deployment, and validation:
   
   
   
   1. The Device Update Import API imports the update file (SWU file) and import manifest file
   
   
   2. Upon completion, the Device Update Deployment API schedules a deployment to the VM device
   
   
   3. The VM device runs the Device Update Agent as a service. Once the deployment is scheduled, the device receives notification of the update, downloads and installs the update, and reboots to complete the update flow
   
   
   4. The Device Update Deployment API tracks the status of deployment
   
   
   
   

Signing image

To help improve the security of the update process, the SWU manifest file is signed with a dedicated key for Azure Percept update images. Manifest file creation and key signing are managed through an Azure DevOps Pipeline task.

Understanding device-side integrations

Device-side integrations, including partition layouts, agent integrations, and installer setups, are essential for enabling a resilient and robust update stack for IoT and edge AI devices.

Atomic image update

Unlike laptops or smartphones, IoT devices typically don’t have a user present to support the update process. Updates that break devices or cause operational failures can cause device downtime or other failures, leading to operational disruptions, data loss, and high replacement costs. To reduce these risks, the Azure Percept team implemented atomic image updates. Atomic updates are full image updates that target an entire device across its firmware and operating system. Instead of updating a singular component, atomic updates target all device components. The atomicity of the update minimizes the risk of an update breaking a device. Atomic updates are ideal for smaller edge devices in environments where bandwidth is not limited. To reduce the update size and accommodate larger edge devices and those in bandwidth-constrained environments, the Azure Percept team is engaging with partners and investigating feature developments.

Dual A/B partition

To deliver image updates, Azure Percept uses a dual-image partition, which supports rollback functionality and minimizes the risk of impacts to devices in operation. If an update fails on a device, rollback allows the device to return to its pre-update state.

Figure 2: Reference partition layout for the Azure Percept device

Each update is downloaded to the data partition, where it is processed and applied to the secondary partition. The device reboots into the secondary partition after the update. If the update fails, it has the capability to rollback into the primary partition.

Running update agent as an auto-start service

Azure Percept devices have integrated the Device Update for IoT Hub agent to run as an auto-start service (adu-agent.service). The service reads the connection string information from the Azure IoT Edge configuration file (/etc/iotedge/config.yaml). The Azure Percept device is initialized via automatic device provisioning or the Onboarding Experience. This initialization phase sets the Device Provisioning Service (DPS) scope ID or the Azure IoT Hub connection string in the Azure IoT Edge config.yaml file, depending on the initialization mechanism. The service uses the information in /etc/iotedge/config.yaml to connect the digital instance of the device. The Device Update for IoT Hub agent communicates with the Device Update for IoT Hub service over the IoT Hub device twin.

SWUpdate

To process and install the update artifacts, Azure Percept uses SWUpdate, which is an installer implementation supported by leading Linux developers. This project is open source on GitHub and is actively maintained by the community. SWUpdate is a manifest-driven update architecture; the manifest declares the update payload and the install method. SWUpdate provides options to overwrite an entire partition with a raw disk and write a binary file to a specific disk offset. While SWUpdate has proven itself to be the best choice for Azure Percept, other installers may be used, depending on the specific scenario requirements.

Figure 3: Sample manifest file showing all metadata associated with a device update for Azure Percept

Import phase

The import phase allows the device builder to import the update artifacts (update file and import manifest) to the Device Update for IoT Hub service. Once the device builder schedules a release build, Azure Pipelines creates the image file (RAW.XZ), update file (SWU), and import manifest (JSON). The image file (RAW.XZ) can be flashed to reset a device or to perform an offline USB-driven update. The device builder can use the Device Update for IoT Hub UX or API to import the update file and import manifest into the Device Update for IoT Hub service.

Figure 4: Import phase showing how the Azure Percept team builds and imports the latest update artifacts

Deployment phase

The deployment phase allows the device builder and solution operator to deploy updates to a group of Azure Percept devices. To deploy an update to an Azure Percept device, a user must:

1. Create device groups using the UX or APIs.


2. Add devices to the appropriate device groups.


3. Set a deployment start time (UTC) for each device group.

Once the user actions are completed, the Device Update for IoT Hub service communicates with the Azure Percept device via IoT Hub device twin messages. The Delivery Optimization Agent downloads the payload and the SWUpdate Agent installs the update. The Device Update for IoT Hub agent reboots the device to finalize the install. To complete the feedback loop, the device reports the update status back to Azure IoT Hub.

Figure 5: Deployment phase showing how an IoT solution operator can deploy the latest Azure Percept updates to their devices

What’s next?

Microsoft and Azure equip you with the right tools and technology to build a resilient update stack with added security to help safeguard your edge AI devices. To use an Azure Percept device and see the update stack in action, join the Public Preview. For more information on the Azure Percept program and for developer resources, check out the community GitHub.