IMPORTANT ANNOUNCEMENT FOR OUR READERS!
AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!
We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!
Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.
If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.
NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!
As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!
My name is Bryan Zink and I am a Microsoft Premier Field Engineer focused on supporting Windows Server and Active Directory. You’ve probably read the fantastic post by Yong Rhee introducing RAP as a Service. Maybe you even read What is RAP as a Service? Is That a Real Acronym? posted by Doug Symalla. Today I wanted to assure you that yes, it is a real acronym and one you’ll want to fully understand. In this post, we’ll dig into HOW it works and WHY you should jump in.
First a brief history
A long time ago in a galaxy far far away (actually, it was Dallas, TX), a team of 15 PFEs pulled together some tools, wrapped them in a process and called it the Active Directory Health Check (ADHC for short). The intention was to partner with a customers’ IT team to help spot the issues we knew caused pain to avoid lost productivity and outages.
As the process matured, we found there were two huge benefits. First, outages were dropping as customers better understood how to operate their AD environments. Second, we drove some great changes through the Windows product team resulting in improvements to diagnostic tools and prescriptive guidance.
When we transitioned from the ADHC to the era of the Active Directory Risk and Health Assessment Program (ADRAP for short) we formalized the tools and services development process in many ways. While our goals around assessing the issues and providing remediation guidance were still the same, we wanted to bring a more exciting experience to the customer and leave behind a much nicer toolset.
Now we’re bringing you the next big thing in Active Directory assessments, RAP as a Service for Active Directory. Essentially we’re combining the best of the best in tools and processes, moving it to the Azure Cloud platform and giving customers a persistent on-demand assessment experience.
HOW RAP as a Service-AD works
First and foremost, RAP as a Service is a service with a few basic components. These components are made up of the following:
· RAP as a Service Client
· Windows Azure Cloud service
· Online Services portal
The front-end (RAP as a Service Client) is downloaded and installed onto a machine in your AD Forest. This tool essentially discovers the Active Directory components in your environment and facilitates the data collection process. Once data collection is completed, the RAP as a Service Client allows you to securely submit an encrypted blob into the Azure Cloud service.
Once you complete data collection and submission, you will fill out an Operational Survey. This survey covers topics we can’t answer with diagnostic tests. Backup and Disaster Recovery, operational processes etc are examples of topics covered in the Survey.
The Azure Cloud service is where the heavy lifting happens. The collected data along with the Survey results are analyzed for the good, the bad and the ugly against our collection of rules.
The Online Services portal is your view of not only the collected data but also the issues that were identified through the analysis process. This portal is your customized and secured dashboard view. You have the ability to control who from within your organization has access to view this information.
In addition to the components described above, you will receive not only a detailed report of the findings and recommendations but also deep-dive knowledge transfer on the top issues in the environment. You also have a couple of options for how this all comes together. We offer a remote delivery option as well as something that includes on-site time. Specifics can be explained in more detail with your Microsoft Technical Account Manager (TAM).
RAP as a Service does have a re-use license whereby you’re able to leverage the persistent on-demand assessment experience. This enables you to track progress against recommended remediation tasks and generally, check-up on your AD environment at whatever frequency makes sense.
WHY RAP as a Service-AD matters
There are numerous benefits for you to leverage with the RAP as a Service platform. Instead of listing the bullet points from the marketing glossy, let’s cut right to the chase.
Customers who have leveraged the power of RAPs in the past have had almost zero exposure to issues such as the time rollback problem so elegantly detailed in Mark’s post Fixing When Your Domain Traveled Back In Time, the Great System Time Rollback to the Year 2000.
Another example of an issue that strikes many environments who have not had the pleasure of an AD assessment DFS Shares either not replicating or seemingly missing data. Here’s a post by the infamous Ned Pyle covering the Top 10 Common Causes of Slow Replication with DFSR.
Finally, have you ever wondered about just how weird the symptoms of Lingering Objects can be? Have a look at this post from David Everett setting us straight on Strict Replication Consistency – Myth versus Reality.
At present, there are roughly 600 Health and Risk issues we specifically look for in a RAP as a Service-AD assessment and more are being added weekly. All of this can and should be yours, operators are standing by. If you’re still reading and would you’d like a RAP as a Service-AD, feel free to contact us at Askpfeplat and we’ll get the right people going.
In the event you want to see a more formalized list of value points, keep reading.
Delivered when you’re ready: Faster turnaround time for generating actionable results: data is collected and submitted as soon as you are ready and reports generated by a PFE within a few days of completing the submission tasks.
New/Updated IP always available: Absolute latest rules (IP) and all new IP updates available to customers during their contract without paying for an additional assessment.
Current State Assessment on-demand: Updated view of your environment through the Online Services portal, as often as you would like, helps tracking remediation progress.
A PFE can still go on-site: If you still want on-site assistance in the form of knowledge transfer or remediation assistance, we can still absolutely provide that experience.
Support: ADRAP (actually all RAPs in general) had no support for either the toolset or the process other than what the PFE was able to deliver as part of the engagement. However, RAP as a Service has full support for both the toolset and the end to end process. The only thing not supported is the actual remediation of an identified issue.
Updates to the toolset: Not only do we update the IP (rules and issues) much more frequently but we now also perform updates to the RAP as a Service Client as well as the back end platform.
Reliability, Security and Privacy: Providing a feature rich and usable experience is only part of the solution. Reworking the backend systems that integrate to complete this experience have allowed us to provide a more reliable, stable and secure experience for everyone.