VPN, DirectAccess or Windows 10 auto-trigger VPN profile?

On a recent consulting gig, I found myself advising a customer who was keen to deploy Microsoft DirectAccess (DA) in place of their legacy virtual private network (VPN) solution. As a DirectAccess user (who used Cisco AnyConnect VPN at my last place of work), I have to say the convenience of being always connected to the company network without any interaction on my part is awesome. I’m sure the IT guys like that they can always access my PC for management purposes too…

The trouble with DirectAccess is that it doesn’t seem to have a published roadmap. So, should I really be advising my customers to use a technology that doesn’t seem to be being developed? First of all, I should add that it’s not been deprecated. DirectAccess is still a supported feature in Windows Server 2016 (it’s part of the Remote Access server role) – so it’s still got a future. Annoyingly, it’s not a supported workload on Azure (leading to on-premises deployments) but we can’t have everything…

Now for the question of whether to use DA or a traditional VPN. Well, Microsoft MVP Richard Hicks (@RichardHicks) has written a fantastic blog post that goes through this in detail. Rather than paraphrasing, I’ll suggest that you go and read Richard’s post on DirectAccess vs. VPN.

But that’s not the whole picture… you see Windows 10 has a new auto-triggered VPN profile capability that I’m sure will, in time, replace DirectAccess. So, where does that fit in?

Great response there from Richard, and then my colleague Steve Harwood (@steveeh) joined in, advising that Auto VPN still requires a VPN profile and infrastructure but gets initiated through either a Universal Windows Platform (UWP) or desktop app being started or stopped, meanwhile DirectAccess has other benefits from being always-on avoiding the need to expose management/compliance systems publicly.

Actually, it gets a bit better with the Windows 10 Anniversary Update (RedStone 1/1607), which has the Always On VPN profile option, but we’re still Windows-only at this point. Richard has recommended a DirectAccess alternative for Windows, MacOS, iOS and Android:

So if the question is “should you deploy DirectAccess?”, the answer is “maybe”. It’s a Windows Enterprise-only solution but, if you have other clients in your enterprise, you might want to consider alternatives instead of or alongside DA.

Auto-responder for blog marketing requests…

Having a popular blog is great. Mine’s probably not as popular as it once was – mostly that’s because I don’t get the time to write all the content that I would like to – but there are still more than 2000 posts here, so I do see a reasonable volume of traffic.

Unfortunately, that also means I get a lot of emails (sometimes several a day) asking me to add a link/feature some content/something else – much of which is clearly scripted bulk email. And not replying only results in multiple chaser emails… so I’m fighting back with my own scripted response (I actually got the idea from a journalist who provided advice to PR teams to help them only pitch items he’d be interested in…):

“Hi,

You’re receiving this email because you recently emailed about the website at markwilson.it/markwilson.co.uk. Thanks for getting in touch; however, I receive several emails each day that take a lot of time to respond to (or multiple chaser emails if I don’t respond) so please don’t be offended by this automatic reply.

  • If you’re looking to place ads on my site, please don’t ask me what I would charge. Instead, please make me an offer. I don’t really know what the market rates are but you probably do. Please also include details of the page you’d like to advertise on, the landing page you would like and the period you would like to advertise for. I’ll only advertise sites that I think will be relevant to my readers so please don’t be offended if I don’t reply.
  • If you have a great resource that you’re sure would improve my content, please consider that markwilson.it is a blog. I’m not going to go back and edit posts from months or years past but you could always leave a comment on a post instead, as long as it’s genuine and not just spam.
  • If you’re offering to create content, please note that the content on the site is all written by me or by one of a very small number of trusted colleagues or family. I do not feature content written by others to promote their goods and services. If you’re starting out as a writer, I wish you well but would politely suggest you write on a public platform – or maybe start your own blog.

Thanks for your understanding.

Mark”

It’ll probably make no difference at all… but at least I can legitimately ignore repeated requests that haven’t acted on my reply…

Removing the residue left behind by stickers on a laptop

Yesterday, I was at an event where, during a discussion on developers becoming evangelistic on their various technology choices, another delegate referred to the “stickers and t-shirt” brigade. That made me laugh (and he was joking) as my Surface Pro wears quite a few stickers (though I struggle to find good ones for Microsoft products…) and only the night before I’d been removing one that was dragging down the overall tone.

After removing a large sticker that was starting to look a bit scruffy (using a plastic spatula to try and prise it away in pieces), I was left with a lot of sticky mess. Inspired by a WikiHow article on removing stickers from a laptop, I first used some cooking oil, then some window-cleaning fluid and finally a baby wipe to remove the glue, leaving the surface clean.

These may sound like strange materials for removing stickers but I didn’t want to risk anything stronger as it might damage the paint on the device (which isn’t actually mine – it’s my work PC). The end result is some pristine new real estate for a new batch of stickers (maybe there will be some at the Azure Red Shirt Developer event tomorrow…).

Facebook’s Restricted list

Imagine the situation, a family member befriends you on Facebook and you foolishly accept, then find their replies on your posts to be inappropriate or annoying… after all, you can choose your friends but not your family, right?Well, it turns out that

Well, it turns out that Facebook has a feature for situations like this – the Restricted list.

“Putting someone on the Restricted list means that you’re still friends, but that you only share your posts with them when you choose Public as the audience, or when you tag them in the post.

For example, if you’re friends with your boss and you put them on your Restricted list, then post a photo and choose Friends as the audience, you aren’t sharing that photo with your boss, or anyone else on your Restricted list. However, if you tag your boss in the photo, or chose Public as the audience, they’ll be able to see the photo.”

May be useful to know…

The Windows Network Connection Status Icon (NCSI)

Last night, whilst working in the Premier Inn close to the office, I noticed the browser going to an interesting URI after I connected to the hotel Wi-Fi.  That URI was http://www.msftconnecttest.com/redirect and a little more research tells me it’s used by Windows 10 to detect whether the PC has an Internet connection or not.

The feature is actually the Network Connection Status Icon (NCSI) and, more accurately, the URIs used are:

The URI I saw actually redirects to MSN whereas the ones above return static text to indicate a successful connection.

For those who want to know more, there’s a detailed technical reference on TechNet, which dates back to Windows Vista and an extensive blog post on the Network Connection Status Icon.

Do we need another as-a-service to describe functions?

Last week saw quarterly earnings reports for major cloud vendors and this tweet caught my eye:

You see, despite Azure growing by 93%, this suggests that Amazon has the cloud market sewn up. Except I’m not sure they do…

I think it would be interesting to see this separated into infrastructure-, platform- and software-as-a-service (IaaS/PaaS/SaaS). I suggest that would present three very different stories. And I’d expect that Amazon would only really be way out front for IaaS.

My friend and former colleague, Garry Martin (@GarryMartin) questioned the relevance of those “legacy” distinctions but I think they still have value today.

In the early days of what we now recognise as cloud computing, every vendor was applying their own brand of cloud-washing. It still happens today, with vendors claiming to offer IaaS when really they have a hosted service and a traditional delivery model.

Back in 2011, the US National Institute of Standards and Technology (NIST) defined cloud computing, including the service models of IaaS, PaaS and SaaS. Those service models, along with the (also abused) deployment models (public cloud, private cloud, etc.) have served us well but are they really legacy?

I don’t think they are. Six years is a long time in IT, let alone the cloud but I think IaaS, PaaS and SaaS are as relevant today as they were when NIST wrote their definition.

When asked how “serverless” technologies like AWS Lambda, Azure Functions or Google Cloud Functions fit in, I say they’re just PaaS. Done right.

Some people want to add another service model/definition for Function-as-a-Service (FaaS). But why? What value does it add? Functions are just PaaS but we’ve finally evolved to a place where we are moving past the point of caring about what the code runs on and letting the cloud manage that for us. That’s what PaaS has supposed to have been doing for years (after all, should I really need to define a number of instances to run my web application – that all sounds a bit like virtual machines to me…)

To my mind, “serverless” is just the ultimate platform as a service and we really don’t need another service model to describe it.

To quote a haiku from Onsi Fakhouri (@onsijoe):

“Here is my code
Run it in the cloud for me
I don’t care how”

Or, as Simon Wardley (@swardley) “fixed” this Cloud Foundry diagram:

Outlook gotcha: only cached data is exported to data file (.PST)

This weekend, a family project that required its own mailbox ended, meaning I could reduce the number of licences in my Exchange Online subscription. That’s straightforward enough but I wanted to take a backup copy of the email before cutting the mailbox loose.

From the last time I did any Exchange Online administration, I recalled that one of the limitations was that you can’t back up a mailbox to a PST from PowerShell. That may have changed but the advice at the time was to backup to an Outlook data file (also known as a Personal Folder) in Outlook. It’s clunky but at least it’s functional.

I couldn’t work out why not all of the data was being exported; only the items that were cached and not the ones that appeared if I clicked on “There are more items in this folder on the server/click here to view more on Microsoft Exchange”. Then I found a clue in a Spiceworks post from Joe Fenninger, where Joe says “Dont [sic] forget to download all [Office 365] content prior to export.”.

I needed to adjust the cached mode settings for the mailbox to change how much email is kept offline, after which Outlook could export all items to the Outlook Data File, rather than just the ones that were cached locally.

Securing the modern productive enterprise with Microsoft technology

“Cybercrime costs projected to reach $2 trillion by 2019” [Forbes, 2016]

99: The median number of days that attackers reside within a victim’s network before detection [Mandiant/FireEye M-Trends Report, 2017]

“More than 63% of all network intrusions are due to compromised user credentials” [Microsoft]

The effects of cybercrime are tremendous, impacting a company’s financial standing, reputation and ultimately its ability to provide security of employment to its staff. Nevertheless, organisations can protect themselves. Mitigating the risks of cyber-attack can be achieved by applying people, process and technology to reduce the possibility of attack.

Fellow risual architect Tim Siddle (@tim_siddle) and I have published a white paper that looks at how Microsoft technology can be used to secure the modern productive enterprise. The tools we describe are part of Office 365, Enterprise Mobility + Security, or enterprise editions of Windows 10. Together they can replace many point solutions and provide a holistic view, drawing on Microsoft’s massive intelligent security graph.

Read more in the white paper:

Securing the modern productive enterprise with Microsoft technology

Generating a GPX file for Strava after the tech let me down

This afternoon was glorious. The sun was shining and, even though it was a work day, the company I work for had arranged an afternoon out for staff at Cannock Chase (Go Ape). High ropes, Forest Segway, or Mountain biking activities were all available – right up my street!

I decided I’d like to Segway but I was in the second group (which meant waiting around for an hour or so), so I took a bike out for a little ride whilst I was waiting. Unfortunately, I didn’t have my Garmin with me and my iPhone’s attempts to capture my movements on Strava were woeful.

Shortly after setting off on “Follow The Dog“, I lost the rest of the group (whilst messing around with Strava!) and decided that I would rather come back and ride another day with my son than ride on my own and (potentially) miss the Segway opportunity. But I still wanted to capture the details of the (admittedly short) ride…

Generating a GPX file to upload to Strava is straightforward enough – I used Mapometer for that. Unfortunately though, Strava won’t allow GPX files without time information to be uploaded.

The workaround is to estimate some time data and insert it in the file – which is where the excellent Gotoes site helped! Goetoes has several utilities for Strava and Garmin Connect including:

  • Combining FIT, GPX or TCX files
  • Merging heart rate and position files (FIT/TCX)
  • A bookmarklet to export GPX from Garmin Connect
  • The ability to upload to Strava via email

and…

Using this with an estimate of my time, a known distance (so an estimated speed) and Gotoes’ ability to work out what my speed might have been at different points on the route came up with something approximate to put into Strava. I’ve hidden it from leaderboards – because it’s “fake data” – but it’s enough for me to track the distance and the fact I did go for a little bimble.

Strangely, the iPhone’s GPS performed OK for the Segway ride (which I’ve recorded as an eBike and alse hidden from leaderboards):

“You need to work less”. Musings on finding the elusive work-life balance

“You need to work less”, said David Hughes (@davidhughes) as we were discussing why I carried a power supply with my Surface Pro. This was in response to my observation that the device will get me through the work day but not through travel at each end as well.

“Actually, you have a point”, I thought. You see, weekdays are pretty much devoted to work and pseudo-work (blogging, social media, keeping up to date with tech, etc.) – except for meals, sleep, the couple of hours a week spent exercising, and a bit of TV in the evening.

David commented that he reads – rather than working – on the train (I tweet and email but really should read more). And when I asked how he organises his day, he introduced me to ToDoIst. It seems that having a task list is one thing but having a task list that can work for you is something else.

Today was different. I knew I wanted to get a blog post out this morning, finish writing a white paper, and find time to break and meet with David in my favourite coffee shop. I’m terrible at getting up on working-from-home days (more typically working well into the evening instead) but I had managed to be at my desk by 7am and that meant that when I left the house mid-morning I’d already got half a day’s work in. For once, I’d managed some semblance of work-life balance. The afternoon was still pretty tough and I’m still working as we approach 7pm (my over-caffeinated state wasn’t good for writing!) but I met my objectives for the day.

Now I’ve added ToDoIst to my workflow I’m hoping to be more focused, to wrap up each day and set priorities for the next. I need to stop trying to squeeze as much as I can into an ever-more-frantic existence and to be ruthless with what can and can’t be achieved. Time will tell how successful I am, but it feels better already.