Databases are almost always used when building applications, whether they are web applications or native applications. Choosing an appropriate database engine is a critical step in the design and planning stage and should not be overlooked. A database engine (sometimes called a storage engine) is the underlying software in a database management system that takes care of creating, reading, updating, and deleting data. This article will be comparing two engines that are commonly used with MySQL, MyISAM and InnoDB. For those unfamiliar with MySQL, it is an open source relational database management system (RDBMS) developed by Oracle. As of June 2013 it is the most widely used open source RDBMS.
Let’s look at MyISAM first and contrast it to InnoDB since it is the default engine for MySQL 5.0 and offers several benefits. When setup correctly and conditions are ideal MyISAM is extremely fast. It also offers full-text indexes which are great for applications that need quick, accurate search functionality. MyISAM tables are also very simple thus being easily learned and understood. You may be thinking to yourself “Why would I want to use anything other than MyISAM? This sounds like the perfect engine!” However, its speed and simplicity comes with a few major drawbacks.
When BlackBerry first hit the consumer electronics scene in 1999, it was a game-changer. The device allowed people to stay connected, while mobile, to their businesses. BlackBerry’s strongest feature was its messaging and e-mail capabilities. The company continued to focus on these capabilities in its expansion, capitalizing on business oriented communications. While BlackBerry dominated the market for a while, its continued focus on its emailing and messaging prevented device developers from looking at other possibilities. In a sense, BlackBerry neglected the idea that consumers might have a need for alternative applications that phones could not yet provide.
As BlackBerry’s market share has continued to fall dramatically there has been a lot of talk about its sale. But before decisions are finalized, both consumers and experts alike are asking the question: is there a compelling reason for a business to use BlackBerry? Would businesses be better off centralizing on a different product and operating system, such as a Windows Phone, or Apple’s iPhone and iOS operating system? Or is bring your own device (BYOD) the way to go?
Centralizing on another product, such as the Windows Phone or the iPhone, allows for companies to set clear expectations of what is acceptable to be done with the device. By centralizing to one device, employees will all be on the same operating system, and in addition, there is less room for security risks. The general consensus is that companies should look into which device is best suited for the business, taking into account privacy, security and specific software applications.
Of course, BYOD would allow employees to choose their own device, which would be ideal for individuals with a preferred product. Letting employees use the devices they are most comfortable with can greatly boost productivity and worker morale. “Mac people” feel most comfortable operating with an iPhone rather than a BlackBerry or another device and visa versa.
However, BYOD has its own share of problems when it comes to business related communications. One of the most critical aspects to a BYOD program is the security of the data on these personal devices. Many have expressed concerns about accessing sensitive corporate information available on personal devices. There is also the risk of malware infected devices connecting to the corporate network. Allowing employees to use their own devices can also be a distraction, as some may be inclined to use devices for non-work activities during work hours.
While BlackBerry has hit hard times, the once top tiered mobile innovators are not done yet. Early last month, BlackBerry announced that they would launch a cross-platform, BBM Channels. The cloud-based enterprise mobility management solution is designed with the tools to secure and manage personal and corporate devices. This new EMM solution will offer business mobile device and application management, as well as security standards and self-service capabilities for end users. The success of this new EMM could help alleviate some of the concerns with BYOD policies, as well as help BlackBerry get back on the path to success.
After the recent launch of the BBM Channels “Messenger App,” BlackBerry has seen more than 10 million users download the free App for both Google Android and Apple iOS. In a recent statement, Andrew Bocking, Executive Vice President of BBM at BlackBerry confirmed, "The mobile messaging market is full of opportunity for BBM. We intend to be the leading private social network for everyone who needs the immediate communication and collaboration of instant messaging combined with the privacy, control and reliability delivered through BBM." But can the success of the App guarantee a future for BlackBerry?
Although BBM Channels is now in beta testing, it’s unclear when the service will be more widely available, and, whether or not the profits will be significant. Of that, Bocking told The Morning Edition, "We continue to plan to evolve the service and keep making it more engaging and have more reasons why people will come back to use the service." More than just a mobile chat messaging company, it’s possible that BlackBerry will seek long-term profits secure corporate and government communications, even exploring the acquisition of its own.
Hosting replica domain controllers in the Azure cloud is one of the most compelling reasons to extend your on-premises Active Directory. A replica DC is nothing more than another domain controller that is located on the distributed Azure network. Just like a local environment, it requires a dedicated VM and reliable network connectivity to the other domain controllers in the domain and forest. All the configuration was done on Windows 2008 R2. The secret sauce that allows your local network to connect to the Azure network is the point to site or site to site VPN. This post will focus on the point to site VPN since it can be used regardless of the type of firewall or VPN device on your local network. Microsoft is currently pretty limited with their site to site offering. This link provides a supported list:
Configuring a point to site VPN
A point-to-site VPN connects a single machine in your network, like a domain controller, to the entire virtual network configured in Azure. It does this by utilize a certificate based VPN that has matching certs installed on the target machine and uploaded to Azure. This connects your local DC to the cloud DC. Of course, you still need to do the AD basics of configuring sites, assigning subnets and verifying replication. The certificate can be self signed but needs a root certificate and its private key. To make the connection you need to
- create the root cert
- create the client certificate
- install the client cert on the target machine
- Upload the root certificate to Azure
- Download the precompiled VPN client
To create the certificate you need the utility makecert.exe from the Visual Studio SDK. When you have makecert installed, use it to create a root certificate and a client certificate with these commands:
makecert -sky exchange -r -n "CN=<RootCertificateName>" –pe -a sha1 -len 2048 -ss My
makecert.exe -n "CN=<CertificateName>" -pe -sky exchange -m 96 -ss My -in "<RootCertificateName>" -is my -a sha1
If you want to connect multiple point-to-site VPN connections, you can export the client certificate with its private key as a .pfx file. Otherwise, you can skip it and just export the root certificate as a .cer file. That .cer file needs to be uploaded to Windows Azure to create the VPN connection binary.
After uploading the certificate, Azure will churn for a while and then produce a ready to install network object that is preconfigured for your virtual network’s gateway and the root certificate you installed. It actually works extremely well. The next step is to install the package, go to your network adapters, right click and select connect. You will be prompted for elevated privileges so that CMROUTE.DLL can update the internal routes on the server.
You can verify the new routes or check these with the old standby command “route print”
Once it connects you are all set! You can see the data being transferred between the networks in the Azure dashboard and virtual machines running on Azure will be able to communicate with the point server. Make sure to check those local firewalls if you are troubleshooting!
The single most important step when correctly configuring ADFS 2.0 (Active Directory Federated Services) is the SSL certificate. This is true if you are using it for Office 365 or for any other purpose. You should be installing ADFS on a Windows 2008 R2 server and it should be fully patched. From the server that will be the primary ADFS server in the ADFS server farm you need to create the CSR. You do not use the IIS certificate manager. The certificate can be generated via certutil.exe or the Exchange commandlets but the GUI (Graphical User Interface) is the simplest approach for many people. Don’t use a self signed certificate or you will be cleaning up a mess when you finally move things into production.
Creating the CSR
To generate the certificate CSR (Certificate Signing Request) for ADFS (Active Directory Federation Services) you have to use the certificate manager MMC (Microsoft Management Console) snapin or run certmgr.msc. This will open the certificate repository. Right click on the Personal store and select All Tasks, Advanced Operations, Create Custom Request. This will start the wizard.
Click Next and then overcome the first challenge. In the Certificate Enrollment Policy screen, click and highlight Proceed without enrollment policy
Change the Template Option to Legacy Key
The next screen is where the details become important.
Settings for ADFS 2.0 SSL certificates
An ADFS 2.0 SSL certificate has a couple of critical settings.
The URL of the ADFS server must be set as in Subject Name of the certificate and should be set as a common name or CN. That means the veindustries.com implementation would be fs.veindustries.com and the format of the subject name is CN=fs.veindustries.com. You can utilize a SAN certificate (Subject Alternate Name certificate) if you like to cover the other server names but the Subject Name on the certificate will become the service name in ADFS so don’t mess it up.
The Key Length must be 2048 or higher.
The Private Key must be exportable.
Don’t set the Subject Name be the same as the server.
Configure the certificate via the Properties before clicking Next. Add the subject name and any other server names using the Directory Name type. I usually set the Friendly Name as the DNS name of the cert so it can be tracked easily later. Set Server Authentication and Client Authentication in Enhanced Key Usage. Update the private key and the key length as well.
Installing the Cert
After you click OK, you can move on to the export of the key. Upload the CSR to the your favorite CA. When you install the cert you can continue with the ADFS configuration. Based on a quirk with permission on private keys and how Microsoft does the certificate requests and storage, you may receive an error such as an Event ID 133. See http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-federation-service-startup-and-shutdown-problems%28v=ws.10%29.aspx . The ADFS service account needs permissions to read the private key and the private key needs to be in the same store as the certificate.