Most of the products documentation are now online. this is very nice since it is centralized, and very easy to update, but on the other hand when working offline, you are stuck.
This is the case for IAG that you can find here:
http://technet.microsoft.com/en-us/library/bb838642.aspx
One of my friend, Eli, gave me a link to a very nice tool, called "PackageThis". You can download it here : http://www.codeplex.com/packagethis
This tool will in fact download all the content you want, and generate a "CHM" file. Great tool !
Enjoy !
Intelligent Application Gateway 2007 Service Pack 2 is now available!
Marking a significant milestone for this technology, Service Pack 2 brings with it a variety of enhancements that improve overall IAG scalability, interoperability, and functionality. Alongside these benefits, IAG SP2 has the ability to run as a virtual machine on Hyper-V, achieving low TCO, deployment flexibility, and a simplified solution for disaster recovery. For the first time ever, customers are able to download a fully functional, trial version of the IAG that can be used in their production environment without requiring an evaluation appliance. This opens up a new world of trial and adoption and is an important step in the growth of this technology taking it much closer to the classic and distributable model of most other Microsoft products.
For more information on the service pack please review:
§ General information : www.microsoft.com/iag
§ Download SP2 (existing customers) http://www.microsoft.com/downloads/details.aspx?FamilyID=e69dfd1d-d333-4c27-9246-279ada224317
§ To download the IAG Trial Virtual Machine http://www.microsoft.com/forefront/edgesecurity/iag/en/us/trial-virtual-machine.aspx
§ TechNet Edge Video - Learn more about SP2 http://edge.technet.com/Media/IAG-SP2-hits-RTM-details-under-the-cover-interview/
§ TechNet Center for IAG http://technet.microsoft.com/en-us/forefront/edgesecurity/bb687299.aspx
(Extract from internal communication)
Yesterday IAG 2007 Service Pack 2 has been launched by the team.
If you want to download it, you will have to download it from your OEM web site. Here is the link for Pyramid Appliances : http://www.pyramid.de/en/products/valueserver_vpn1.php
I advise you to read this POST. It has been writted by Assaf Ronen, the Product Unit Manager :http://blogs.technet.com/edgeaccessblog/archive/2008/11/02/iag-sp2-it-is-all-about-the-application.aspx
If you speak French, I presented IAG and the SP2 to the customers and partners in a webcast last monday : http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=fr-FR&EventID=1032398472&CountryCode=FR
... soon, the links to download IAG SP2 "Virtual Machine For HyperV" .
Come and join me for an hour presentation web cast. This presentation is in French, and will take place december 15th, at 13H00 Paris time
Register with this link : http://technet.microsoft.com/fr-fr/bb902788.aspx
Vous pouvez me rejoindre pour cette présentation/Webcast d'une heure. En Francais, elle aura lieu le 15 décembre, à 13H00.
Pour vous enregistrer : http://technet.microsoft.com/fr-fr/bb902788.aspx
This week, I had the chance to join my friends of Microsoft Poland for a 2 days event around the IDA space. Snow was there !
The first day, more than 40 customers joined us for a conference at the Warsaw Technology Center. It's been for them a great opportunity to discover Microsoft IDA offer (IAG, RMS, ILM) and also a great opportunity to share with one of our technology partner, Gemalto, who presented their technologies around IAG (strong authentication including Smartcard, .net smartcard, One Time Password, ..) and ILM.
The next day 30 IT specialists joined me for a quick start training about IAG. It has been a great opportunity for me to discover the Polish market, the way they work, the technology they use... and of course in return how IAG can help them to publish and protect the business applications and the data.
It seem that the new features of IAG SP2 generated a lot of good ideas, especially around SingleSignOn scenarios (KCD, Mac & Linux support, ..) : we spend 45 minutes on this subject !
I hope that soon I will be able to go back again, it has been a very nice experience, and all the team has been very nice with me.
Dziękuję !
Do you want to discover IAG ? Come and join me for a free 2 days training.
This will take place in December, at Microsoft France MTC, rue de l'université close to the Eiffel Tower.
Here is the agenda :
* Day 1 morning, IAG presentation : what is IAG, why it is used for, IAG and competition, ... This is the ideal moment for technical and sales people. If you are a sales person, you can come only for this part.
* Day 1 afternoon, Hands On LAB (HOL). Based on Microsoft Virtual Machines, you will learn how to create a portal, publish application such as Sharepoint & Exchange, and understand the potential of the product.
* Day 2 (full) we will do a deep dive on the technology : "IAG and SSO", "IAG and Kerberos", "publish and protect Microsoft Sharepoint","IAG and ADFS - Kerberos Constrained Delegation" ... etc. If you have specific needs, just let me know !
If you want to attend (only 20 sits) please register now : https://training.partner.microsoft.com/plc/details.aspx?publisher=12&delivery=250790
TRAINING WILL BE IN FRENCH, and you have to bring your laptop for the Labs.
It is with a lot of pleasure that next week, I will have the opportunity to go in Poland for an IDA event.
On Day 1, customers and partners will have the opportunity to get a presentation about the IDA products, including RMS, ILM and ILM V2, IAG.
On Day 2, I will be giving a quick hands on lab about IAG. We will be able to install the Microsoft Virtual PC environment, and start to play with IAG in a "realistic" environment. We will try to create portals, authenticate the users and provide SSO, publish Sharepoint. It will also be the opportunity for me to introduce the new version of IAG, called Service Pack 2.
If you are around, come and join us !
I had a very nice evening today. One of my best friend came at home, and we organized a audio/video conference with our other best friend, Alex, who left France a few months ago to Peru.
The 3 friends had a 1 hour of fun time talking about anything.
What a funny moment when my dog started to bark, and wanted to see what was going on. I must say that my dog is not "VOIP" aware ;-) but he heard the voice of my friend Alex, and started sort of conversation.
For once in a while, I don't talk about technology in my blog... but the service it brings ;-)
Alerandro, tu estas mi Amigo !!
In the list of new features arriving with IAG SP2, we have now the possibility to install an IAG "Virtual Machine" (same image as the one you have in a physical appliance, but available online as a VM) on top of windows 2008 HyperV.
I am currently working on a project where IAG as a VM has been requested by the customer. Since this machine is supposed to be in DMZ, we have decided to use windows 2008 Core to execute the HyperV role.
First I have downloaded from Microsoft web site the ISO file of "HyperV server Windows 2008 "Link to download ISO file. It is not a big ISO so 30 mn later, have my ISO file.
I have tested this installation on my own hyperV machine... so as you will see at the end, I will get an error that you will never have with a real machine.
Here is the step by step procedure :
Boot on your CD install the option you want. Except if you are from China, select English.
Select the appropriate configuration. Since I am using an AZERTY keyboard, I select French.
We can see here that we are installing Microsoft HyperV server.
Then installation starts. Don't go too far, the installation process is in fact pretty fast.
The machine will restart twice, and then you will get the login banner. Type the "administrator" name you want (could be anything) and do not give any password.
Provide your password and you are all set.
Because I am running a hyperV machine inside my hyperV test machine I have this error message (no active network adaptor found). Unfortunately I will bot be able to go further
But on a real machine, I would get the hyperV configuration menu.
In fact it has been pretty fast, and took less than 15 mn to get that machine ready to install my IAG VM.At that level we can continue the installation of our machine...
Hi,
"you turned blue" is what a friend of mine said when I announced a few months ago that I was moving to a position at Microsoft EMEA. I am very happy and very excited by this new role at Microsoft EMEA, working for the incubation team and specialized in security and mobility.
My new blog is now on technet : http://blogs.technet.com/fesnouf
Come and join me !
A lot of cool stuff about ISA and TMG, IAG and UAG, NAP, Stirling, Hyper-V, ILM...
The main purpose of hyperV is not to "play" with VMs. Virtual PC is designed for that whereas HyperV is supposed to provide a strong solution for virtualization.
"But", my day to day work force me to also use hyperV, and frankly : "I like it a lot !'.
One of the tiny feature that we use all the time with Virtual PC is transfer file from the physical machine to the Virtual Machine. A basic copy and past (with the VPC addition tools) and the job is done.
Unfortunatly, hyperV is not designed to do so.
Using the TCP/IP stack could be a solution (loopback) but it is not that convenient.
I wanted to share with you the trick I use all the time : convert a directory as an ISO file, then bind that .iso file to the VM DVD.
This is very nice, it works great, and there are plenty of freeware on the Web.
If you have another and better idea, let me know !
Before even working on VMs, we need to configure the network properly.
The big challenge here is to understand the interaction between the physical machine and the HyperV environment.
For my LAB, I have 1 Laptop with 2 NICs : an Ethernet one, and a Wifi one.
My first VM will be used to install Microsoft ILM V2 RC recently launched. This means that for a day to day activity this VM will be totally isolated from the "outside" (working on a private Virtual LAN, running all the requested services such as AD, sharepoint, ... all services on one single machine).
But sometimes, this machine will have to be able to reach the Internet to download components, reach windows update, ... That is why I have decided that I wanted to have 2 virtual NICS on this first VM :
1) One will be connected to the HyperV Private NIC (day to day activity, Isolated from the internet)
2) The second one will be bound to the laptop physical NIC, and will be activated/deactivated manually when needed
But let's go back to the step by step procedure.
CREATE Virtual Networks in management console
First of all, in the Hyper-V manager console, I have created Virtual Networks. There are in fact 3 types of virtual network :
1) INTERNAL ONLY is created by Hyper V and will authorize connectivity between the PARENT (physical machine) and the GUEST partitions (VMs).
2)PRIVATE is also created by Hyper V. It will will do the same as INTERNAL ONLY, but will remove the PARENT partition from the connectivity.
3)EXTERNAL partitions are created by the administrator (you). It is used to create a "Virtual Network/Virtual Switch" attached to one of the physical NICs of your machine.
I bound the EXTERNAL network to the Ethernet card of my laptop.
Now, I have the ability to use 3 different networks because they are defined at HypeV level.
INSTALL your first VM
This is time now to install first Virtual Machine... then 30 mn later (or more).. I have my first Windows 2008 Enterprise VM.
CONFIGURE NETWORK at VM Level
Once this VM is installed, we will of course see NICS detected in the Virtual Machine, but they will be in fact "Virtual NICs". By default, only one will be created during the installation of your OS.
For my LAB, I want 2 of them. One will be connected to the internal network (isolated), the other one will be connected to the physically NIC of my laptop (I will deactivate it by default to prevent security problems) via the EXTERNAL switch we have created.
To do so, I just edit my first VM configuration via the HyperV manager (machine must be down otherwise network part is grayed out). I go in ADD HARDWARE, select NETWORK ADAPTER, and select the EXTERNAL Virtual network.
This news NIC will be connected to my Ethernet Card, so DHCP will take place and I will be able to reach the Internet. Once windowsupdate or downloads are finished, I just deactivate the card to be totally Isolated.
Here is a diagram that summarizes all the stacks and GUI to reach that config :
After a few components installed, I can now install my ILM V2 RC.
As a step 1 in my lab, I had to install windows 2008 on my physical machine and also activate the HyperV role.
First of all, I wanted to have a very stable machine so started Windowsupdate. After a few updates, my OS was not that good :
As a matter of fact, I had some serious hardware recognition problems, and more precisely, win2008 was not able to detect and install the different components.
As you can see in the screenshot I had 2 different errors : "Base System Device" error and "unknown device".
First, I went on lenovo download site and installed their "Lenovo ThinkVantage System Update". Once installed, this tool generated by fist problem : my machine was detected as a "Windows Vista/FR" but I am running a "Windows2008/US" Operating system.
![clip_image002[6]](http://blogs.technet.com/blogfiles/fesnouf/WindowsLiveWriter/Installingwin2008HyperVonmyLenovoT61pmac_11B9B/clip_image002%5B6%5D_thumb.jpg)
Online, I can see that Lenovo do not provide any driver for Windows 2008, so I crossed my fingers to see these Vista updates as solution for my problems.
The second problem was the amount of file to download, and the very poor response time. It took me 5 hours to download these files :
![clip_image002[4]](http://blogs.technet.com/blogfiles/fesnouf/WindowsLiveWriter/Installingwin2008HyperVonmyLenovoT61pmac_11B9B/clip_image002%5B4%5D_thumb.jpg)
After a few reboots and a few other "System update" downloads, I reduced the number of problems but not all of them. Windows 2008 "problem reports and solution" still have some problems to identify the solution.
![clip_image002[8]](http://blogs.technet.com/blogfiles/fesnouf/WindowsLiveWriter/Installingwin2008HyperVonmyLenovoT61pmac_11B9B/clip_image002%5B8%5D_thumb.jpg)
At that level I considered that I did the best.. and started to play with my machine... and see where it leads.
Lucky me, I have the chance to use 2 machines for my work.
The big one (heavy, powerful) is a lenovo T61P laptop running windows 2008/HyperV.
So far my 4 Go or RAM were sufficient to play with the different products.
The biggest problem I am facing on the 2 machine is the drivers. If you check Lenovo Web site, there are always missing drivers, and you have to wait a lot of time to get the more recent one. A few months ago, I had to wait 6 months to get a graphical driver whereas it was available it was available at Intel Web site (but unfortunately protected to make sure that you can't install it).
As I am writing this POST, I am still getting some error in the Device Manager of my T61P... I can see a bunch of "unknown device" and "Base System Device" in error.
Investigating...
Microsoft IAG is today (prior SP2) only available as a Hardware machine (Appliance).
In the list of new features introduced by IAG Service Pack 2 we have the support of Windows2008 HyperV. November 2008, a customer will have the choice between a hardware appliance (Pyramid, Celestix, ..) and or a Virtual Machine (VM).
This means that you can use any kind of 64 bits hardware (make sure this is compatible with the HCL), install win 2008 (Core or win GUI), add hyperV role... and then you just have to buy and download a VM from Microsoft and execute it. It is pre-installed, pre-hardened and ready to plug and activate.
This new approach generates a lot of questions.. do you think so ?
As one of the IAG specialists at Microsoft, I am part of the IAG Service Pack 2 TAP (Technical Adoption Program) and have personally have to face these questions : How to install Win2008/hyperV ? Which version, core or GUI ? what are the security questions around this new approach ? How to harden the win2008/HyperV stack and how to keep it secured.. Etc..
I will try in my blog to share with you my research and tests in this area.
Step1 will be for me to investigate the Win2008/HyperV configuration, and I will primarily focus on Win2008 Enterprise CORE version.
To be continued...
