Started today with a Jeffry Snover (@jsnover) presentation on Just Enough Admin (JEA) which I had seen in passing but hadn’t really delved into too. Once the explanation got going, I realized the name really was a good identifier of what JEA is. JEA is, basically, not so much taking away admin privileges, but more about only giving the admins what they need to fulfill their role. Just because someone should be able to patch a system or reboot or change an IP doesn’t mean they should be able to read all the (potentially confidential) files on that system. So the “Super-User” should probably go away in favor of the role based administration and JEA is used to make that kind of configuration easily available.
The JEA makes creating a server role for patching, or setting up SMB shares easier to setup the same way Desired State Configuration (DSC) makes it easy to setup a farm of IIS servers with a specific configuration. In fact, JEA uses DSC for it’s implementation. Jeffry was quick to point out that the JEA toolkit is in an Experimental stage (denoted by the ‘x’ in the front of the module name ‘xJEA’) so it may not be 100% for production environments but the concept is solid and, I think, one that should at least be investigated.
The second half of the presentation was a 400 level breakdown of some of the pieces and parts that I’ll need to go over and experiment with before I really have it down. As a bonus, there were some Segways into some of the new features of PowerShell v5. Again, most stuff to learn.
All in all, a great presentation. Just the time with Jeffrey is worth the money for the convention. I dare you to walk away from a Snover presentation on PowerShell and not get excited about it!
After the JEA presentation I went into Rick Claus (@RicksterCDN, http://RegularITGuy.com) on Storage Spaces, Scale Out File Server and SMB 3.0 (the “Fire-breathing Dragon”). Lots of great insights here on the state of things. Also, found out that according to Rick, Amazon and Microsoft don’t use any SANs in their cloud solutions because they are cost prohibitive at that scale. It is much easier, and easier on the wallet to have these large JBODs (Just a Bunch Of Disks) and utilized the storage capabilities of Windows Server 2012.
Rick’s presentation had side by side feature comparisons for SANs and Windows Server 2012 also a good discussion on disk tiering which is using SSDs for busy I/Os (Hot disk) and standard spinals for less busy I/O (Cold disk). The system can move data from one set of disks to the other without the accessing system having any idea of what was going on. Best part, he gave us the scripts and requirements to set these environments up with a USB SSD on a regular ol’ laptop. I love takeaways like that!
Next, I went to this “Mary-Jo Foley and Paul Thurrott on the State of Microsoft” presentation. Now, I’m not really familiar with Mary-Jo or Paul and I may have had preconceived notions of what their presentation was going to be but I found that in the first 10 minutes or so and more “We don’t know but…” statements than I wanted to. “We don’t know if Windows 9 is going to have feature X or not but we have a screen shot from the [always trustworthy] Internet” or “We’re looking forward to a Microsoft presentation on [datetime]. We don’t know what they’ll say but…” So, I was less than interested in what they didn’t know so I left early.
As a result I found out where I should have been from the beginning, and that’s in Tim McMichael’s “Exchange 2013 Site Resilience” presentation. Boy if you wanted to know about Exchange DAGs and Clustering, Tim is the guy to follow (http://blogs.technet.com/b/timmcmic/). Unfortunately for me, I haven’t looked into Exchange 2013 very much, because there isn’t a plan at my company to move to it at this time so I haven’t spent the cycles. Tim went through a whole host of scenarios for Exchange 2013 DAG and cluster failures including the option for a third site <shock>.
I ended my day with Brian Desmond (AD MVP, http://briandesmond.com, @BrianDesmond) talking about all things ADFS and Federation and Microsoft’s new tool which will replace DirSync AADST (Azure Active Directory Sync Tool). It was good to go over this stuff and to know about where AADST isn’t as mature as DirSync and what kinds of things to expect.
Brian made a good point during his presentation, He said ADFS servers should be treated with the same level of security as domain controllers. After all they are holding on to potentially important information which, just like a DC shouldn’t be available on the Internet.
Another great day and I still feel like I’ve gotten my money’s worth. One more day for me. I’ll have to try and get everything I can out of it.