Archive for the ‘SQL’ category

SQL Server 2017

November 22nd, 2017

SQL Server 2017 went on general release a couple of weeks ago. This brings a whole host of benefits

Microsoft SQL Server 2017 features the much-anticipated SQL Graph, which provides new graph database capabilities for representing complex many-to-many relationships. Social media platforms like Facebook and LinkedIn use graph databases extensively, and in the era of big data, use cases are emerging across many industries.

Businesses can explore these relationships to reveal valuable information – from changes in the types of structures to the query abilities being requested of you and your teams. Whether it’s identifying similarities in customers behind trends in purchasing behavior, or mapping patterns in credit card usage to determine credit limits or risk indicators of defaulting on repayments, the introduction of graph capabilities to SQL Server makes the processes more streamlined.

Perhaps the most touted feature of the new version is that it will be available to be installed on Linux; an entirely inconceivable premise 10 years ago, which just goes to show how far Microsoft have changed in their approach to supporting non-Windows platforms as standard.

The announcement earlier this year that Power BI would be included as part of SSRS in was welcome. Previously, each tool was well suited for a specific reporting purpose – SSRS was great for designing reports that require a lot of visual tailoring and widely common formats for exporting, whereas Power BI is more geared towards real-time, dashboard views that marry together disparate data sources in a straightforward way. By being able to leverage SSRS to fully utilise Power BI reports, the application suddenly becomes a lot more versatile and the potential for combining together functionality becomes a lot more recognisable. So, for example, having the ability to drill down to an SSRS report from a Power BI report would be an excellent way of providing reporting capabilities that satisfy end-user consumption in 2 different, but wildly applicable, scenarios

The updated SSMS client for SQL Server 2017 has been given refreshed icons that bring the application more in line with how Visual Studio and other Microsoft products are looking these days

Inside a Microsoft cloud data centre with Synergy Software Systems

November 22nd, 2017

Get the reach and local presence you need with Microsoft’s global datacenters – https://azure.microsoft.com/en-us/regions/ Azure is generally available in 36 regions around the world, with plans announced for 6 additional regions.

Go beyond the limits of your on-premises datacenter using the scalable, reliable infrastructure that powers the Microsoft Cloud.

Transform your business and reduce maintenance costs with an energy-efficient infrastructure spanning more than 100 highly secure facilities worldwide, linked by one of the largest networks on earth.

The engine that powers Microsoft’s cloud services, the is designed to support smart growth, high reliability, operational excellence, cost-effectiveness, environmental sustainability, and a trustworthy online experience for customers and partners worldwide.

Microsoft deliver the core infrastructure and foundational technologies for Microsoft’s over numerous online businesses including: Dynamics 365, Power Bi, Cortana analytics, IoT, Bing, MSN, Office 365, Xbox Live, Skype, OneDrive and the Windows Azure platform.

The infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers, content distribution networks, edge computing nodes, and fiber optic networks.

The portfolio is built and managed by a team of subject matter experts working 24x7x365 to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide

Those are 2014 figures and the Microsoft cloud has expanded greatly since then for example the acquisition of Linked in and the launch of Dynamics 365.

To help you comply with national, regional, and industry-specific requirements governing the collection and use of individuals’ data, Microsoft offers the most comprehensive set of compliance offerings of any cloud service provider. Microsoft business cloud services operate with a cloud control framework, which aligns controls with multiple regulatory standards (https://www.microsoft.com/en-us/trustcenter/guidance/risk-assessment#Audit-reports)

Argentina PDPA – Microsoft has implemented the security measures in the Argentina Personal Data Protection Act.

BIR 2012 – Agencies operating in the Netherlands government sector must comply with the Baseline Informatiebeveiliging Rijksdienst standard.

Canadian Privacy Laws – Microsoft contractually commits to implementing security that helps protect individuals’ privacy.

CCSL (IRAP) – Microsoft is accredited for the Australian Certified Cloud Services List based on an IRAP assessment.

CDSA – Azure is certified to the Content Delivery and Security Assoc. Content Protection and Security standard.

China DJCP – Azure and Office 365 operated by 21Vianet are rated at Level 3 for information security protection.

China GB 18030 – Azure and Office 365 operated by 21Vianet are certified as compliant with the Chinese character standard.

China TRUCS – Azure and Office 365 operated by 21Vianet obtained Trusted Cloud Service certification.

CJIS – Microsoft government cloud services adhere to the US Criminal Justice Information Services Security Policy.

CS Mark (Gold) – Microsoft received the CS Gold Mark in Japan for Azure (IaaS and PaaS) and Office 365 (SaaS).

CSA STAR Attestation -Azure and Intune were awarded Cloud Security Alliance STAR Attestation based on an independent audit.

CSA STAR Certification – Azure, Intune, and Power BI were awarded Cloud Security Alliance STAR Certification at the Gold level.

CSA STAR Self-Assessment – Microsoft STAR Self-Assessment details how cloud services fulfill Cloud Security Alliance requirements.

DFARS – Microsoft Azure Government supports Defense Federal Acquisition Regulation (DFARS) requirements.

DoD – Microsoft received Department of Defense (DoD) Provisional Authorizations at Impact Levels 5, 4, and 2.

EN 301 549 – Microsoft meets EU accessibility requirements for public procurement of ICT products and services.

ENISA IAF – Azure aligns with the ENISA framework requirements through the CSA CCM version 3.0.1.

EU Model Clauses – Microsoft offers EU Standard Contractual Clauses, guarantees for transfers of personal data.

EU-U.S. Privacy Shield – Microsoft complies with this framework for protecting personal data transferred from the EU to the US.

FACT – Microsoft Azure achieved certification from the Federation Against Copyright Theft in the UK.

FDA CFR Title 21 Part 11 – Microsoft helps customers comply with these US Food and Drug Administration regulations.

FedRAMP – Microsoft was granted US Federal Risk and Authorization Management Program P-ATOs and ATOs.

FERPA – Microsoft aligns with the requirements of the US Family Educational Rights and Privacy Act.

FIPS 140-2 – Microsoft certifies that its cryptographic modules comply with the US Federal Info Processing Standard.

FISC – Microsoft meets the requirements of the Financial Industry Information Systems v8 standard in Japan.

GxP – Microsoft cloud services adhere to Good Clinical, Laboratory, and Manufacturing Practices (GxP).

HIPAA/HITECH – Microsoft offers Health Insurance Portability & Accountability Act Business Associate Agreements (BAAs).

HITRUST – Azure is certified to the Health Information Trust Alliance Common Security Framework.

IRS 1075 – Microsoft has controls that meet the requirements of US Internal Revenue Service Publication 1075.

ISO 9001 – Microsoft is certified for its implementation of these quality management standards.

ISO 20000-1:2011 – Microsoft is certified for its implementation of these service management standards.

ISO 22301 – Microsoft is certified for its implementation of these business continuity management standards.

ISO 27001 – Microsoft is certified for its implementation of these information security management standards.

ISO 27017 – Microsoft cloud services have implemented this Code of Practice for Information Security Controls.

ISO 27018 – Microsoft was the first cloud provider to adhere to this code of practice for cloud privacy.

IT Grundschutz Compliance Workbook – Azure Germany published this Workbook to help our clients achieve IT Grundschutz certification.

ITAR – Azure Government supports customers building US International Traffic in Arms Regs-capable systems.

MARS-E – Microsoft complies with the US Minimum Acceptable Risk Standards for Exchanges (MARS-E).

MeitY – The Ministry of Electronics and Info Technology in India awarded Microsoft a Provisional Accreditation.

MPAA – Azure successfully completed a formal assessment by the Motion Picture Association of America.

MTCS – Microsoft received certification for the Multi-Tier Cloud Security Standard for Singapore.

My Number (Japan) – Microsoft does not have standing access to My Number data, a number unique to each resident of Japan.

NEN 7510:2011 – Organizations in the Netherlands must demonstrate control over patient health data in accordance with the NEN 7510 standard.

NHS IG Toolkit – Azure is certified to the Health Information Trust Alliance Common Security Framework.

NIST 800-171 – Microsoft DoD certifications address and exceed US NIST 800-171 security requirements.

NIST CSF – Microsoft Cloud Services meet the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

NZ CC Framework – Microsoft NZ addresses the questions published in the New Zealand cloud computing framework.

PCI DSS – Azure complies with Payment Card Industry Data Security Standards Level 1 version 3.1.

Section 508 – Microsoft cloud services offer Voluntary Product Accessibility Templates.

Shared Assessments – Microsoft demonstrates alignment of Azure with this program through the CSA CCM version 3.0.1.

SOC 1- Microsoft cloud services comply with Service Organization Controls standards for operational security.

SOC 2 – Microsoft cloud services comply with Service Organization Controls standards for operational security.

SOC 3 – Microsoft cloud services comply with Service Organization Controls standards for operational security.

Spain ENS – Microsoft received Spain’s Esquema Nacional de Seguridad (National Security Framework) certification.

UK Cyber Essentials PLUS – Cyber Essentials PLUS is a UK government-defined scheme to help organizations protect against common cyber-security threats.

UK G-Cloud – The Crown Commercial Service renewed the Microsoft cloud services classification to Government Cloud v6.

WCAG 2.0 – Microsoft cloud services comply with the Web Content Accessibility Guidelines 2.0.

SQL Server 2012 Service Pack 4 (SP4) is available

October 16th, 2017

SQL Server 2012 Service Packs, Service Pack 4 (SP4). This release of SQL 2012 Service Pack has 20+ improvements centered around performance, scalability and diagnostics to enable SQL Server 2012 to perform faster and scale out of the box on modern hardware design.

SQL Server 2012 SP4 includes all the fixes up to and including SQL Server 2012 SP3 CU10

SQL 2016 new cumulative update releases

September 26th, 2017

The 5th cumulative update release for SQL Server 2016 SP1 is available for download at the Microsoft Downloads site. Please note that registration is no longer required to download Cumulative updates.

To learn more please visit:
•CU#5 KB Article: https://support.microsoft.com/en-us/help/4040714/cumulative-update-5-for-sql-server-2016
•Understanding Incremental Servicing Model for SQL Server
•Microsoft ® SQL Server ® 2016 SP1 Latest Cumulative Update: https://www.microsoft.com/en-us/download/details.aspx?id=54613
•Update Center for Microsoft SQL Server: http://technet.microsoft.com/en-US/sqlserver/ff803383.aspx
The 8th cumulative update release for SQL Server 2016 RTM is now available for download at the Microsoft Downloads site. Please note that registration is no longer required to download Cumulative updates.

To learn more visit:
•CU#8 KB Article: https://support.microsoft.com/en-us/help/4040713/cumulative-update-8-for-sql-server-2016
•Understanding Incremental Servicing Model for SQL Server
•Microsoft ® SQL Server ® 2016 RTM Latest Cumulative Update: https://www.microsoft.com/en-us/download/details.aspx?id=53338
•Update Center for Microsoft SQL Server: http://technet.microsoft.com/en-US/sqlserver/ff803383.aspx

Backup Compression and Transparent Data Encryption (TDE)

September 26th, 2017

Backup Compression and Transparent Data Encryption (TDE) have been immensely valuable and popular features in SQL Server.

In SQL Server 2016, backup compression was enabled for TDE databases. When you backup a TDE enabled database with compression and MAXTRANSFERSIZE > 64K, backup compression will kick in to reduce backup size and to improve overall backup performance and time.

Recently, Microsoft found some edge scenarios related to backup compression for TDE databases caused backups or restores to fail.

Hence our recommendations have been
• Avoid using striped backups with TDE and backup compression.

• If your database has virtual log files (VLFs) larger than 4GB, then do not use backup compression with TDE for your log backups.

• Avoid using WITH INIT when working with TDE and backup compression. Instead, use WITH FORMAT.

• Avoid using backup checksum with TDE and backup compression

Note: The default native backup uses MAXTRANSFERSIZE = 64K when the database has a single database file, so compression doesn’t kick in automatically for TDE enabled databases and the above issues aren’t encountered.

However, there are c scenarios (listed below) where the SQL server engine chooses to use MAXTRANSFERSIZE > 64K dynamically to optimize for performance. That means compression for TDE databases can kick in automatically even when maxtransfersize is not explicitly set.

• When the database has multiple data files created, it uses MAXTRANSFERSIZE > 64K for which the backup compression kicks in automatically if compression is specified and database has TDE enabled.
• When performing backup to url, the default MAXTRANSFERSIZE = 1MB for which the backup compression kicks in automatically if compression is specified and database has TDE enabled.

Starting SQL 2016 RTM CU7, SQL 2016 SP1 CU4 and above, improvements and updates to the SQL Server engine avoid these edge cases . If you plan to leverage native backup compression for TDE databases or are already using it, we strongly recommend you apply the latest CUs on SQL 2016 to ensure you are not hitting any of the known issues .

If you are already using backup compression for TDE databases in your environment on SQL 2016 builds below RTMCU7/SP1CU4, then we strongly recommend you validate your backups by a test restore and also apply the latest CUs proactively to ensure your RPO/RTO requirements are met.

If the restore of the backup from SQL Server build below RTMCU7/SP1CU4 is failing, then applying the latest CUs won’t allow restore of older backups.

Only backups created from the latest CU build will avoid the above issues and can be restored without any errors.

VDI support for backup compression on TDE enabled databases is not added yet and Microsoft plans to add it soon in an upcoming service releases of SQL Server.

Security security security

September 26th, 2017

You never know when some item that queries or alters data in SQL Server will cause issues.

Bruce Schneier recently commented on FaceID and Bluetooth security, the latter of which has a vulnerability issue. I was amazed to see his piece on infrared camera hacking. A POC on using light to jump air gaps is truly frightening. It seems that truly anywhere that we are processing data, we need to be thinking (see https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/)

Airborne attacks, unfortunately, provide a number of opportunities for the attacker. First, spreading through the air renders the attack much more contagious, and allows it to spread with minimum effort. Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats. Airborne attacks can also allow hackers to penetrate secure internal networks which are “air gapped,” meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure. With BlueBorne, attackers can gain full control right from the start. Moreover, Bluetooth offers a wider attacker surface than WiFi, almost entirely unexplored by the research community and hence contains far more vulnerabilities

Finally, unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file. No action by the user is necessary to enable the attack.

Fully patched Windows and iOS systems are protected

– the Equifax breach for example must worry everyone who has ever had credit in the USA. (Hackers broke into Equifax’s computer systems in March, which is two months earlier than the company had previously disclosed, according to a Wall Street Journal report.)

The Securities and Exchange Commission said Wednesday that a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. In a statement posted on the SEC’s website, Chairman Jay Clayton said a review of the agency’s cybersecurity risk profile determined that the previously detected “incident” was caused by “a software vulnerability” in its EDGAR filing system (which processes over 1.7 million electronic filings in any given year.) The agency also discovered instances in which its personnel used private, unsecured email accounts to transmit confidential information.

So let me suggest take a good look at your systems and be honest – do you feel safe?

Microsoft has released Microsoft 365, a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely. Watch Satya introduce it.

What about your websites?
Although acts of vandalism such as defacing corporate websites are still commonplace, hackers prefer to gain access to the sensitive data residing on the database server and then to sell the data.

The costs of not giving due attention to your web security are extensive and apart form direct financial burden and inconvenience also risks:
• Loss of customer confidence, trust and reputation with the consequent harm to brand equity
• Negative impact on revenues and profits arising e.g. from falsified transactions, or from
employee downtime
• Website downtime – is in effect the closure of one of the most important sales and marketing channels
especially for an e-business
• Legal battles and related implications from Web application attacks and poor security
measures including fines and damages to be paid to victims.

Web Security Weaknesses
Hackers will attempt to gain access to your database server through any way they can e.g. out of date protocols on a router. Two main targets are :
• Web and database servers.
• Web applications.

Information about such exploits are readily available on the Internet, and many have been reported on this blog previously.

Web Security Scanning
So no surprise that Web security should contain two important components: web and database server security, and web application security.

Addressing web application security is as critical as addressing server security.

Firewalls and similar intrusion detection mechanisms provide little defense against full-scale web
attacks.
Since your website needs to be public, security mechanisms allow public web traffic to
communicate with your web and databases servers (i.e. over port 80).

It is of paramount importance to scan the security of these web assets on the network for possible vulnerabilities. For example, modern database systems (e.g. Microsoft SQL Server, Oracle and MySQL) may be
accessed through specific ports and so anyone can attempt direct connections to the databases to try and bypass the security mechanisms used by the operating system. These ports remain open to allow communication with legitimate traffic and therefore constitute a major vulnerability.

Other weaknesses relate to the database application itself and the use of weak or default passwords by
administrators. Vendors patch their products regularly, and equally regularly find new ways of
attack.

75% of cyber attacks target weaknesses within web applications rather than directly at the
servers. Hackers launch web application attacks on port 80 . Web applications are more open to uncovered vulnerabilities since these are generally custom-built and therefore pass through a lesser degree of
testing than off-the-shelf software.

Some hackers, for example, maliciously inject code within vulnerable web applications to trick users
and redirect them towards phishing sites. This technique is called Cross-Site Scripting (XSS) and may
be used even though the web and database servers contain no vulnerability themselves.

Hence, any web security audit must answer the questions “which elements of our network
infrastructure are open to hack attacks?”,
“which parts of a website are open to hack attacks?”, and “what data can we throw at an application to cause it to perform something it shouldn’t do?”

Ask us about Acunetix and Web Security
Acunetix ensures web site security by automatically checking for SQL Injection, Cross Site Scripting,
and other vulnerabilities. It checks password strength on authentication pages and automatically
audits shopping carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where vulnerabilities exist

SQL Server 2014 SP2 CU7

September 3rd, 2017

The 7th cumulative update release for SQL Server 2014 SP2 is available for download at the Microsoft Downloads site.
Registration is no longer required to download Cumulative updates.

• CU#7 KB Article: https://support.microsoft.com/en-us/help/4032541/cumulative-update-7-for-sql-server-2014-sp2
• Microsoft® SQL Server® 2014 SP2 Latest Cumulative Update: https://www.microsoft.com/en-us/download/details.aspx?id=53592
• Update Center for Microsoft SQL Server: http://technet.microsoft.com/en-US/sqlserver/ff803383.aspx

GDPR Affects All European Businesses – What about the G.C.C. and U.A.E.?

August 19th, 2017

See our previous article on this topic for why your company may be affected if you are a branch of a European company, or have branches in Europe, or trade with a European company.

From May 25, 2018, companies with business operations inside the European Union must follow the General Data Protection Regulations (GDPR) to safeguard how they process personal data “wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.”

The penalties set for breaches of GDPR are up to 4% of a company’s annual global turnover.
For large companies like Microsoft that have operations within the EU, making sure that IT systems do not contravene GDPR is critical. As we saw on August 3, even the largest software operations like Office 365 can have a data breach.

Many applications can store data that might come under the scope of GDPR. the regulation has a considerable influence over how tenants deal with personal data. The definition of personal data is “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
GDPR goes on to define processing of personal data to be “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

That means that individuals have the right to ask companies to tell them what of their personal data a company holds, and to correct errors in their personal data, or to erase that data completely.

Companies therefore need to:
- review and know what personal data they hold,
- make sure that they obtain consents from people to store that data,
– protect the data,
- and notify authorities when data breaches occur.

On first reading, this might sound like what companies do – or at least try to do – today. The difference lies in the strength of the regulation and the weight of the penalties should anything go wrong.

GDPR deserves your attention.

The definitions used by GDPR are broad. To move from the theoretical to the real world an organization first needs to understand what personal data it currently holds for its business operations, and where they use the data within software applications.

It is easy to hold personal information outside of business applications like finance and erp and crm e.g. inside Office 365 applications, including:
• Annual reviews written about employees stored in a SharePoint or OneDrive for Business site.
• A list of applicants for a position in an Excel worksheet attached to an email message.
• Tables holding data (names, employee numbers, hire dates, salaries) about employees in SharePoint sites.
• Outlook contacts, and emails. Skype business,
• Social media sites
• Loyalty programmes
• T@A systems
• E commerce sites
• Mobile apps e.g. What’s App

Other examples might include contract documentation, project files that includes someone’s personal information, and so on.

What backups do you have of the customer’s data?
What business data do your staff hold on BYOD devices e.g. in What’s App?

Data Governance Helps
Fortunately, the work done inside Office 365 in the areas of data governance and compliance help tenants to satisfy the requirements of GDPR. These features include:
• Classification labels and policies to mark content that holds personal data.
• Auto-label policies to find and classify personal data as defined by GDPR. Retention processing can then remove items stamped with the GDPR label from mailboxes and sites after a defined period, perhaps after going through a manual disposition process.
• Content searches to find personal data marked as coming under the scope of GDPR.
• Alert policies to detect actions that might be violations of the GDPR such as someone downloading multiple documents over a brief period from a SharePoint site that holds confidential documentation.
• Searches of the Office 365 audit log to discover and report potential GDPR issues.
• Azure Information Protection labels to encrypt documents and spreadsheets holding personal data by applying RMS templates so that unauthorized parties cannot read the documents even if they leak outside the organization.

Technology that exists today within Office 365 that can help with GDPR.

Classification Labels
Create a classification label to mark personal data coming under the scope of GDPR and then apply that label to relevant content. When you have Office 365 E5 licenses, create an auto-label policy to stamp the label on content in Exchange, SharePoint, and OneDrive for Business found because documents and messages hold sensitive data types known to Office 365.

GDPR sensitive data types

Select from the set of sensitive data types available in Office 365.
The set is growing steadily as Microsoft adds new definitions.
At the time of writing, 82 types are available, 31 of which are obvious candidates to use in a policy because those are for sensitive data types such as country-specific identity cards or passports.

Figure 1: Selecting personal data types for an auto-label policy (image credit: Tony Redmond)

GDPR Policy

The screenshot in Figure 2 shows a set of sensitive data types selected for the policy. The policy applies a label called “GDPR personal data” to any content found in the selected locations that matches any of the 31 data types.

Auto-apply policies can cover all Exchange mailboxes and SharePoint and OneDrive for Business sites in a tenant – or a selected sub-set of these locations.


Figure 2: The full set of personal data types for a GDPR policy (image credit: Tony Redmond)

Use classification labels to mark GDPR content so that you can search for this content using the ComplianceTag keyword (for instance, ComplianceTag:”GDPR personal data”).

Caveats:
It may take 1-2 week before auto-label policies apply to all locations.
An auto-label policy will not overwrite a label that already exists on an item.

A problem is that classification labels only cover some of Office 365. Some examples of popular applications where you cannot yet use labels are:
• Teams.
• Planner.
• Yammer.

Microsoft plans to expand the Office 365 data governance framework to other locations (applications) over time.
Master data management
What about all the applications running on SQL or other databases?
Master Data Management MDM is a feature of SQL since SQL 2012. However, when you have many data sources then you are relay into an ETL process and even with MDM tools the work is still significant.

If you have extensive requirements then ask us about Profisee our specialist, productized MDM solution built on top of SQL MDM that allows you to do much of the work by configuration.

Right of Erasure
Finding GDPR data is only part of the problem. Article 17 of GDPR (the “right of erasure”), says: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.” In other words, someone has the right to demand that an organization should erase any of their personal data that exists within the company’s records.

Content searches can find information about someone using their name, employee number, or other identifiers as search keywords, but erasing the information is something that probably also needs manual processing to ensure that the tenant removes the right data, and only that data.

You can find and remove documents and other items that hold someone’s name or other identifier belonging to them by using tools such as Exchange’s v Search-Mailbox cmdlet, or Office 365 content searches.
What if the the data ahs to be retained because the company needs to keep items for regulatory or legal purposes, can you then go ahead and remove the items?
The purpose of placing content on-hold is to ensure that no-one, including administrators, can remove that information from Exchange or SharePoint.

The GDPR requirement to erase data on request means that administrators might have to release holds placed on Exchange, SharePoint, and OneDrive for Business locations to remove the specified data. Once you release a hold, you weaken the argument that held data is immutable. The danger exists that background processes or users can then either remove or edit previously-held data and so undermine a company’s data governance strategy.

The strict reading of GDPR is that organizations must process requests to erase personal data upon request.
What if the company needs to keep some of the data to satisfy regulations governing financial transactions, taxation, employment claims, or other interactions? This is a dilemma for IT. Lawyers will undoubtedly have to interpret requests and understand the consequences before making decisions and it is likely that judges will have to decide some test cases in different jurisdictions before full clarity exists.

Hybrid is even More Difficult

Microsoft is working to help Office 365 tenants with GDPR. However, I don’t see the same effort going to help on-premises customers. Some documentation exists to deal with certain circumstances (like how to remove messages held in Recoverable Items), but it seems that on-premises customers have to figure out a lot things for themselves.

This is understandable. Each on-premises deployment differs slightly and exists inside specific IT environments. Compared to the certainty of Office 365, developing software for on-premises deployment must accommodate the vertical and company specific requirements with integrations and bespoke developments.

On-premises software is more flexible, but it is also more complicated.
Solutions to help on-premises customers deal with GDPR are more of a challenge than Microsoft or other software vendors wants to take on especially given the industry focus of moving everything to the cloud.

Solutions like auto-label policies are unavailable for on-premises servers. Those running on-premises SharePoint and Exchange systems must find their own ways to help the businesses that they serve deal with personal data in a manner that respects GDPR. Easier said than done and needs to start sooner than later.

SharePoint Online GitHub Hub

If you work with SharePoint Online, you might be interested in the SharePoint GDPR Activity Hub. At present, work is only starting, but it is a nway to share information and code with similarly-liked people.

ISV Initiatives

There many ISV-sponsored white papers on GDPR and how their technology can help companies cope with the new regulations. There is no doubt that these white papers are valuable, if only for the introduction and commentary by experts that the papers usually feature. But before you resort to an expensive investment, ask yourself whether the functionality available in Office 365 or SQL is enough.

Technology Only Part of the Solution

GDPR will effect Office 365 because it will make any organization operating in the European Union aware of new responsibilities to protect personal data. Deploy Office 365 features to support users in their work, but do not expect Office 365 to be a silver bullet for GDPR. Technology seldom solves problems on its own. The nature of regulations like GDPR is that training and preparation are as important if not more important than technology to ensure that users recognize and properly deal with personal data in their day-to-day activities.

Docs.com – New Microsoft documentation portal

August 6th, 2017

Microsoft Corporation has provisioned a new portal for all their application/framework documentation and are also placing the ability to add to that content.

The new docs.microsoft.com rolled out recently for their documentation for each of the following topic groups arranged by product line/focus:
• SQL
• Windows
• Microsoft Azure
• Visual Studio
• Office
• .NET
• ASP.NET
• Dynamics 365
• Enterprise Mobility + Security
• nuget
• Xamarin

So no longer navigate to msdn.microsoft.com. The central portal leads to additional functionality and information sharing not previously offered.

3 new Microsoft tools to help you to move to the cloud.

April 18th, 2017

Here’s a breakdown of the three new Microsoft tools to help you move to the cloud faster and what they can offer businesses.

1. Free cloud migration assessment

This assessment will help customers to more easily find and to better understand their current server setups, to help them to determine the cost and the value of moving to the cloud. Once the servers are discovered, the tool can analyze their configurations, and give the user a report of the potential cost drop of moving to Azure.

Data center administrators can export the results of the assessment into a customized report. The report could provide some valuable data and statistics for a CIO conversation with the CFO.

2. Azure Hybrid Use Benefit

This tool should save users money on their cloud deployments. Customers can activate the Azure Hybrid Use Benefit in the Azure Management Portal,It is available on Windows Server virtual machines in Azure, to all customers. “Use your on-premises Windows Server licenses that include Software Assurance to save big on Windows Server VMs in Azure. By using your existing licenses, you pay the base compute rate and save up to 40 percent.” the tool’s web page said,

3. Azure Site Recovery

Azure Site Recovery is meant to ease the process of migrating virtual machines to Azure. Applications running on AWS, VMware, Hyper-V, or physical servers can be moved. Additionally, a new feature in Azure Site Recovery will “allow you to tag virtual machines within the Azure portal itself, This capability will make it easier than ever to migrate your Windows Server virtual machines.”

Other features include automated protection and replication of virtual machines, remote monitoring, custom recovery plans, recovery plan testing, and more

SQL memory

April 10th, 2017

While I am a big fan of maximizing memory its important to consider your memory configuration!
You add RAM in a physical server and expect it to work as you want.
Anything that leverages lots of RAM to function, including a database server, can take a substantial performance hit on performance.
Depending on the DIMM configuration, you might slow down your memory speed, which will slow down your application servers.
This speed decrease is virtually undetectable from the OS.
An example : To configure 384GB of RAM on a new server.
The server has 24 memory slots.
• You could populate each of the memory slots with 16GB sticks of memory to get to the 384GB total.
• Or, you could spend a bit more money to buy 32GB sticks of memory and only fill up half of the memory slots.
• Your outcome is the same amount of RAM.
• Your price tag on the memory is slightly higher than the relatively cheaper smaller sticks.
In this configuration, a 16GB DIMM configuration runs the memory 22% slower than if you buy the higher density sticks.

Check out page 63 of the server build guide for an HPE Proliant DL380 Gen9 server. https://www.hpe.com/h20195/v2/getpdf.aspx/c04346247.pdf

The fully populated 16GB stick configuration runs the memory at 1866 MHz.
When you only fill in the 32GB sticks on half the number of slots, then the memory runs at 2400 MHz.

SQL Server dynamically acquires and frees memory as required. Typically, an administrator does not have to specify how much memory is allocated to SQL Server. However, the max server memory option can be useful in some environments. Make sure that sufficient memory is available for the operation of Windows Server. . For example, make sure that you run a dedicated instance of SQL Server on a server that has at least 4 gigabytes (GB) of memory. If the available memory for the server drops below 500 megabytes (MB) for extended periods, then the performance of the server may degrade.

Use the ‘Memory: Available Mbytes performance counter’ for the Windows Server operating system to determine whether the available memory drops below 500 MB for extended periods. If the available memory drops below 500 MB frequently or for extended periods, then we recommend that you reduce the max server memory setting for SQL Server or increase the physical memory of the server.

Dynamics 365 – Licensing and support key dates to be aware. Ask Synergy Software Systems, Dubai

March 18th, 2017

License Renewal & Anniversary Date:

If you are considering an upgrade to Dynamics 365 for Operations, then your license anniversary or enhancement renewal date is significant, You have the opportunity to do a full platform and license transition. There are specific incentives and license credits available to make this transition when you are on a supported product version.

The Mainstream Support End Date of your Current Dynamics AX Software Version:

If you do not opt to move to a cloud-based license model at your license anniversary, then the next important date to consider is the mainstream support end date for the current product you are using:

Support Dates for Existing Dynamics AX On-premise products:
AX 2009, AX 2012 R1 & R2 – Mainstream support ends in April 10, 2018; Extended support is available until October 12, 2021
AX 2012 R3 – Mainstream support ends on October 12, 2021; Extended support is available until January 10, 2023

Why is it important to be on a Mainstream Supported Product?

There are many reasons to be on a supported product :
1.The option to receive support updates and hotfixes – this is the forum in which Microsoft collects bugs and issues and systematically releases fixes, making the platform up-to-date and reliable.
2.Regulatory Compliance ends with Mainstream Support – this means that when your organization is legally obligated to follow regulatory compliance standards, this process will need to be manually completed.
3. Access to Customer resources.

During Extended support, Microsoft provides support for the product and will provide security-related hotfixes.

Your Dynamics Roadmap – Action Plan

So, what should all of these dates mean to you? The answer depends on many things: which version you’re currently using, the range of modules, and customisations, and integrations, your hardware investment, internet connectivity, how you are impacted by statutory changes, economic pressures, and so on..

For those on AX 2009, AX 2012 R1 & R2:

It’s ideal to be on a mainstream supported product, and extended support is available through October of 2021. In either scenario, you need to an action plan to:
◾Decide whether to stay on premise thereafter , or whether to go cloud at some point.
◾Decide to what product you’ll upgrade and whether this will be a one or two step process – AX 2012 R3 or direct to Dynamics 365 operations?
◾Identify requirements for path chosen (Data migration, customizations, process change, short term hardware investments, whether to upgrade SQL or operating systems, etc.)
◾Budget [time and money] for the requirements gathering [can last several months] and the actual upgrade
◾Identify internal/external resources to execute the project
◾Perform and test the upgrade , and train new users.

Most companies want to have the decision and plan in place before mainstream support ends – which is just over a year away – April of 2018 for 2019.

There are other incentives as to upgrading sooner rather than later.

For those on AX 2012 R3:

Like the clients on AX 2009, 2012 R1, & R2 (above), the same decisions must be made.
Do you want to upgrade to Dynamics 365 Operations?
Do you want to stay on premise?

While your mainstream support lasts longer, there are benefits and incentives to consider when deciding on a timeline for your changes.

On-premise vs. Cloud Options:

Until February 2017, existing on-premise clients only had 3 Options:
◾Stay with your Perpetual License on AX 2012 or earlier (keep paying Enhancement or Software Assurance)
◾Upgrade to Dynamics 365 for Operations and move to Subscription Only [Cloud] Model (available at license anniversary/renewal)
◾Upgrade to Dynamics 365 for Operations in a Hybrid Model (Perpetual License + Cloud Add-On)
◾ Move to Dynamics 365 for Operations subscription license but continue to use Dynamics 2012 on premise R3 for some time before moving to Dynamics 365 for Operations (‘equivalence”)

On February 23rd, Microsoft announced a new, hybrid option based on edge computing:
◾Upgrade to Dynamics 365 for Operations, but stay on premise, either with a subscription license or keep a Perpetual License model.

On Monday last week in the Tech Conference , Microsoft announced more details about the new deployment options for Dynamics 365 for Operations that will be available in Q2 2017.

In addition to a pure-cloud environment, organizations can now choose from two options on how this can work .

◾The first is a hybrid deployment (called Cloud and Edge) where critical operations processes, as an example, can remain in an on-premise database, but the power of the cloud can be harnessed for additional scalability.

◾ The second option is, essentially, on premise option. Microsoft calls this option Local Business Data, where Dynamics 365 resides in your existing datacenter.

Investment Credit and Incentives:

Most companies do their budgeting annually, so planning your roadmap should already be underway in 2017. At the Summit Conference last October, Microsoft announced a 40% discount to existing on-premise clients who want to transition to the new Dynamics 365 Cloud Platform. This incentive is active for 3 years.
If you transition in 2017, you’ll be able to leverage 2 years of discounts,
if you transition in 2018, then you’ll only be able to leverage 1 year of discounts
If you do not transition till 2019, you may not get a discount (depending on transition month).

Under Dynamics 365, licensing SKU’s, functionality and license names also changed , so there is an additional consideration to make in how your organization is licensed. Like previous license models, Dynamics 365 for Operations has different user license types – each with different user rights. The more prescriptive you can be for what your users need to access to the more accurate will be your license transition and the more money you can save.

Strategic Planning with Synergy Software Systems

Synergy Software Systems can undertake a license and environment audit to help you understand your high- level options and costs associated with those options. If you feel that cloud has exciting new functionality and integration that you’ve been looking for, use the time you have between now and your next license anniversary/renewal to look at Dynamics 365 for Operations with us and decide if it’s right for you.

If you’re on Dynamics AX 2009, AX 2012 R1 or R2, use the time between now and April 2018 to decide how to best leverage your existing investment in your ERP system in the next supported step in your Dynamics roadmap journey.

If you’d like help to better understand your options then reach out to us on 00971 4 3365589

Dynamics 365 launch event Microsoft Gulf

February 5th, 2017

Last week Synergy staff attended the Dynamics 365 regional launch day. This gave insights into the Microsoft Dynamics solution portfolio. Siegfried Leiner the Principal Program Manager, Dynamics CRM Microsoft gave a ‘deep dive’ key note speech.

The event was kicked off by Samer Abu Ltaif Regional General Manager, Microsoft Gulf and Karim Talhouk
Regional Director, Microsoft Business Solutions, Microsoft Gulf who presented how digital transformation is happening in the Gulf. Steve Plimsoll Chief Digital and Data Officer, PWC, and Harris Mygdalis Deputy CIO, Commercial Bank of Dubai gave further insights.

This well attended event attracted customers with a wide range of requirements. Mobility, analytics, and integration were common themes.

Microsoft organisational changes from 1 February 2017.

January 11th, 2017

Microsoft is combining its Small and Mid-Market Solutions & Partners (SMS&P) and Enterprise Partner Group (EPG) business units in an attempt to streamline business processes. The changes, which will take effect from February 1, will affect its sales, partner, and services teams, and will see both units come together as one under its Worldwide Commercial Business, led by executive vice-president, Judson Althoff. Corporate vice-president of mid-market solutions and partners, Chris Weber, will lead the combined business.

This seems to echo former CEO Steve Ballmer’s 2013 One Microsoft plan. No layoffs are expected

In Australia, Mark Leigh runs the SMS&P business after David Gage resigned from the role. As for its local EPG business, the head of the unit is yet to be filled as Steven Worrall was given the managing director title after Pip Marlow left the company. However, how these changes will affect Microsoft Australia and New Zealand are yet to be determined.

This move follows the recent departure of then Microsoft chief operating officer, Kevin Turner, whose role was not replaced and was split amongst five senior executives including Althof. As part of that restructure, Althoff was handed the Worldwide Commercial Business, focusing on the Enterprise and Partner Group, Public Sector, Small and Midmarket Solutions and Partners, the Developer Experience team, and services.

The company restructure also sees the creation of a new One Commercial Partner business, which combines various partner teams within Microsoft; a unit called Microsoft Digital, which is expected to grow Microsoft’s cloud division; and the merger of its Worldwide Public Sector and Industry businesses. it will be led by former Salesforce vice president and Microsoft’s current Corporate Vice President of Enterprise Partner Ecosystem, Ron Huddleston. The new group called Microsoft Digital will push Microsoft’s current customers and partners to use the company’s cloud programs. Anand Eswaran, corporate vice president of Microsoft Services, will lead that group.

Corporate Vice President of Worldwide Public Sector Toni Townes-Whitley will lead a combined group comprising Microsoft’s Worldwide Public Sector and Industry Businesses

Jeff Teper, who was Microsoft’s corporate vice president of corporate strategy, announced on Twitter last week he now leads the company’s OneDrive and SharePoint teams. It’s a familiar role, as Teper led the group that first built SharePoint for its 2001 launch. The move seems to be the latest to make room for Kurt DelBene, who was brought back to the executive team after retiring in 2013 to help the U.S. government fix the healthcare.gov website. DelBene assumed a new title as executive vice president of corporate strategy and planning in April. (Soon after, Eric Rudder, executive vice president of advanced strategy, and Mark Penn, executive vice president of advertising and strategy, announced they would be leaving Microsoft.)

David Treadwell, a longtime Microsoft executive who oversaw the Windows engineering team, is also on the move. He’s taking an unidentified role in the Cloud and Enterprise group. Treadwell told staff he was reluctant to leave the Windows team, but “when the CEO calls, well, you take that call.”

According to Microsoft’s announcement, Kim Akers and the ISV team, Victor Morales and the Enterprise Partner team, and Gavriella Schuster and the WPG team will all be moving into One Commercial Partner.

Azure – what is it exactly?

January 8th, 2017

You may have recently seen a television commercial for “The Microsoft Cloud,” which featured Healthcare, Cancer Research, and Cybercrime. So, what does this have to do with Microsoft Azure?

Microsoft Azure is the Microsoft product name for the Microsoft Cloud. The names are used synonymously in the technical industry.

The Cloud digital transformational shift, question remains, “What is Azure, and for whom is it meant?”

Azure was announced in October 2008 and released on February 2010 as Windows Azure, and was then renamed to Microsoft Azure in March 2014.

Azure is a cloud computing platform plus, the underlying infrastructure and management services created by Microsoft to build, deploy, and manage applications and services through a global network of Microsoft-managed data centers.

What Microsoft Azure Data Centers?

There are 34 interconnected Microsoft Data Regions around the world with more planned.

Microsoft describes Azure as a “growing collection of integrated cloud services, including analytics, computing, database, mobile, networking, storage, and web.” Azure’s integrated tools, pre-built templates and managed services simplify the task of building and managing enterprise applications (apps).

Microsoft Corp. CEO Satya Nadella calls Azure, “the industry’s most complete cloud — for every business, every industry and every geography.”

The Complete Cloud

For many businesses, their first foray into leveraging cloud software as a service (SaaS) is with Microsoft Office 365, Exchange online for hosted email, or CRM online for managing business and customer relationships. However, the Azure platform is much more than just an online business software delivery platform.

Here are just a few of the things that you can do with Azure:
• Build and deploy modern, cross platform web and mobile applications.
• Store, backup and recover your data in the cloud with Azure-based disaster recovery as a service (DRaaS).
• Run your Line of Business applications on Azure.
• Run large scale compute jobs and perform powerful predictive analytics.
• Encode, store and stream audio and video at scale.
• Build intelligent products and services leveraging Internet of Things services.

Use Azure, and your partner, to rapidly build, deploy, and host solutions across a worldwide network and to create hybrid solutions which seamlessly integrate on premise existing IT with Azure.

Many leverage Azure to protect data and meet privacy standards like the new international cloud privacy standard, ISO 27018, or HIPAA.

Azure customers can quickly scale up infrastructure, just importantly, scale it down, while only paying for what they use.

Azure also supports a broad selection of operating systems, programming languages, frameworks, tools, databases and devices.

Contrary to the perception that Azure is for Windows only, nearly 1 in three Azure virtual machines are Linux.3

Widespread Adoption

More than 80 percent of Fortune 500 companies rely on Azure, which offers enterprise grade SLAs on services. In addition, Microsoft is the only vendor positioned as a Leader across Gartner’s Magic Quadrants for Cloud Infrastructure as a Service (IaaS), Application Platform as a Service (PaaS), and Cloud Storage Services for the second consecutive year.1

What is Microsoft Azure IOT

Microsoft’s powerful Azure Internet of Things Hub and tool suite has also been widely adopted for use in commercial and scientific applications to securely connect and manage Internet of Things (IoT) assets. The service processes more than two trillion IoT messages weekly.4

From broadcasting the Olympics to building massively multiplayer online games, Azure customers are doing some amazing things, and in increasing numbers. Microsoft recently revealed that the rate of Azure customer growth has accelerated to more than 120k new Azure customer subscriptions per month.4 In line with the accelerated adoption, the company is projecting an annualized commercial cloud revenue run rate of $20 Billion in 2018.3

Cloud Leadership

With Azure, Microsoft has made a huge commitment to cloud computing. Since opening its first datacenter, Microsoft has invested more than $15 billion in building its global cloud infrastructure.5 In addition, the company recently announced it would build its first Azure data center in France this year as part of a $3 billion investment to build its cloud services in Europe.6

Microsoft is quickly closing the gap in market share with IaaS provider Amazon Web Services, (AWS). While 37.1% of IT professionals surveyed indicated that Amazon AWS is their primary IaaS platform, Microsoft Azure is a close second at 28.4%, followed by Google Cloud Platform at 16.5%.7

and hot off the press…….
Microsoft isn’t building its own connected car — but it is launching a new Azure-based cloud platform for car manufacturers to use the cloud to power their own connected-car services.

The new Microsoft Connected Vehicle Platform will go live as a public preview later this year.
“This is not an in-car operating system or a ‘finished product’,” Microsoft’s EVP for business development Peggy Johnson writes in this week’s announcement. “It’s a living, agile platform that starts with the cloud as the foundation and aims to address five core scenarios that our partners have told us are key priorities: predictive maintenance, improved in-car productivity, advanced navigation, customer insights and help building autonomous driving capabilities.”

Microsoft also announced that it is partnering with the Renault-Nissan Alliance to bring the new connected-car services to Renault-Nissan’s next-gen connected vehicles. The two companies were already working together on other projects before this, so it’s maybe no surprise that Renault-Nissan is Microsoft’s first partner.
Microsoft is also working with BMW to develop that company’s BMW Connected platform on top of Azure. BMW and Nissan also showed in-car integrations with Microsoft’s Cortana digital assistant at CES this year, so your future car could potentially use Cortana to power its voice-enabled services. For the time being, though, it looks like these are still experiments.

Microsoft has talked about its aim to bring “intelligence” to as many of its services as possible. It has also recently opened up Cortana to third-party developers, so bringing it to its connected car platform is a logical next step (and we’re also seeing Amazon doing the same thing with Alexa, ).

Johnson also used today’s announcement to take a thinly veiled swipe at Google/Alphabet, which spun out its self-driving car unit a few weeks ago. “As you may have gathered, Microsoft is not building its own connected car,” she writes. “Instead, we want to help automakers create connected car solutions that fit seamlessly with their brands, address their customers’ unique needs, competitively differentiate their products and generate new and sustainable revenue streams.”