Azure Stack – The Game Changer

8 01 2016

While having a “Cloud First, Mobile First” strategy makes a lot of sense, especially in consumer related projects, this approach is problematic in quite a few industrial and professional embedded scenarios.


Well, as a company you might not have connectivity for all your devices everywhere due to infrastructure/cost reasons or security/high-availability considerations.
In these scenarios one currently is quite left alone today by large SW vendors, with what was considered legacy datacenter technology.
However, some smart people at Microsoft have thought about this and have found a great solution!


What, if You could use Cloud (Azure) technology on-premises just as in the Cloud and maybe even transparently roam between the two just as required? Sounds good?
If that raises some interest with you, have a look at Azure Stack. Jeffrey Snover, aka the father of PowerShell, introduces the newest version of this game changing technology in his current blog post.

I consider this great news for all solution architects that have to cope with real world scenarios, which never are Cloud-only or datacenter-only!

Great work Azure Stack team! Keep it up, I am eagerly waiting for more to come. 🙂




A very Happy New Year!

4 01 2016

to all readers of my blog!


May the new year bring peace, freedom and happiness to all of You!



All the best


Windows Phone 8.1 VPN-Trigger for MDM managed devices

3 12 2015

Well, let us start with the bad news first:

do not work on WP 8.1!

Why? – Well, I do not know and I really tried hard! 😦


Computer problem


However, you should specify the DNS Suffix * as well as the corresponding IP-Range (e.g. in any case in your MDM VPN profile, to enable VPN split tunnels (this means: Intranet traffic goes through tunnel, all the other traffic through normal network connection), which does work!

To trigger a VPN connection, using an MDM deployed “automatic” VPN Profile, you can use PIDs, which e.g. can be found  here:, or Product Family Names (PFNs, e.g. from package manifest, if you have a LOB app).
Generally VPN triggers do only work on “automatic” profiles!

PIDs only work with older WP8.0 or built-in apps (well, except for triggering IE, which does not work at all and that seems to be a bug).
If you have newer apps (e.g. based on Universal Windows Platform – UWP), only PFNs will work as triggers. Therefore, PFNs are the way to go forward.


Another trigger approach are IP-Range based triggers. If you call an IP-address in the intranet range specified ( in our example) from an app,  a VPN Tunnel is launched. An interesting thing is that the phone does not care, if the address really exists. So calling any of the addresses within the range from an app, will open a VPN Tunnel.

I nearly forgot DNS shortnames, such as http://my . This way to trigger a connection  does work, but is not really often used, at least by my customers.


Happy Tunneling!


Windows Phone 8.1 Enterprise Services and Certificates

29 11 2015

Windows Phone 8.1 has some great enterprise features and is one of the most secure phones in the market.
However, there are some things to consider, if You want to use these devices in an MDM managed enterpise service (VPN/Wi-Fi) scenario.
One of these things are device certificates: Quite a few companies use several dedicated certificates to access enterprise services like VPN and Wi-Fi. This approach does not work with WP 8.1 phones, because they expect only a single device certificate per device and company root CA, not service specific ones.
Of course, you could roll-out a variety of different SCEP certificates via an MDM system, but the cert-picker on the phone will not automatically select the fitting certificate for a service, because it always chooses the first device cert from your company CA, it finds in the cert store!
This will naturally not always be the suiting one, which causes trouble accessing the service.

This behavior is by design and seems to be annoying at the first glance, but it is, if you think about it from an architectural perspective, much cleaner than the different certs for different services approach. A device certificate should only be used to authenticate the device and user against enterprise services, the related user / device rights should be stored in the directory services of your company.
Using this approach, rights management is much more transparent for administrators and not dependent on the possession of a certain service certificate. In addition, managing a single certificate is much less effort than multiple per device.



Too hot to go out? – Check this!

16 07 2015

Summer can be cruel. At first it seems to be cold and rainy all days and as soon as it gets nice, temperatures ramp up for new records. Nature has become completely digital – on or off and much too little in-between.

Well, do not yield yourself to despair and see what my friends form Pluralsight have prepared for You.
They know how to cope with digital problems!



Camp Pluralsight is a 6 week campaign with weekly challenges and prizes. Get access to 36 free IT, dev and creative courses. It is open to everyone including current subscribers.

Weekly challenges and prizes:

  • Week 1: complete 2 PS courses for a chance to win an Apple Watch
  • Week 2: watch at least 200 minutes for a chance to win a $500 ThinkGeek gift certificate
  • Week 3: share Camp Pluralsight on Twitter get a chance to win a Surface Pro 3
  • Week 4: complete a pop culture assessment get a chance to win a Xbox One + Kinect
  • Week 5: complete a Code School course get a chance to win a Sharp 55” Smart TV
  • Week 6: watch a Pluralsight webinar get a chance to win an Alienware X51 gaming desktop

Weekly second and third prizes are annual Pluralsight and Code School subscriptions.

Complete at least 2 of the challenges above and you are entered into the grand prize drawing for:

1. Trip to Silicon Valley Comic Con

2. 2 year Pluralsight subscription

3. Han Solo mini-fridge

 Lighthouse. Westkapelle, Netherlands

Summer Camp – nearly as nice as being on the beach!




Did I recommend watching my Pluralsight State Machine, Mobile Security and Windows Embedded Standard courses?
Have a look at them and have great fun!

IoT- too many standards? – Wait there is help!

17 06 2015

It can get quite confusing looking at all the different competing standards in IoT. However, if you really look into it, only a few of them are mature enough to really face the challenges in a connected world of devices.
One of these mature standards is OPC-UA. It is not an evolution, but a complete new development solving the problems the old implementation “OLE for Process Control” was targeting long ago on the factory floor. Back then, it was based on Microsoft OLE/DCOM Technology, which was never made for the age of the Internet. 
Fortunately this new development called “OPC – Unified Architecture” started already a few years ago and well known manufacturing companies put a lot of effort into it to guarantee robustness, security, reliability and platform independence. These investments pay-off nowadays as IoT moves to grow into mainstream. OPC-UA offers solutions to most of the challenges we, as IoT developers, are facing at the moment and a foundation with more than 450 active members are still pushing to advance the standard to the next level, which is very promising looking at the future.


Gear Icon on Dark Digital Background.

The great news is that Microsoft is now going to support OPC-UA as Rohit Bhargava (CTO, Worldwide Discrete Manufacturing, Enterprise and Partner Group, Microsoft) lays out in his very interesting “Don’t get left behind” blog post
If you need more technical details I highly recommend this presentation by Clemens Vasters, Principal Architect for Microsoft Azure IoT Services, and Erich Barnstedt, Microsoft Engineering Lead for Windows IoT, from the OPC Day 2015 Europe event.

Quite exciting stuff: Microsoft and OPC Foundation are shaping  a great vision  for professional, industrial grade IoT solutions!



Nutzen Sie die Cloud zu Ihrem Vorteil!

21 05 2015

Unser Cloud Event in Nürnberg rückt näher!

Cloud, Azure & Sie: die ganze Wahrheit

11. Juni 2015 | 13:00 – 17:00 Uhr | Multimediaraum Südwestpark Nürnberg


Anmeldung unter:


Tropical beach


Nutzen Sie die Gelegenheit aktuelle Themen rund um Azure, Cross-Platform und Cloud mit anerkannten Experten zu diskutieren.


Wir sehen uns in Nürnberg!