Wednesday 24 November 2010

Troubleshooting Kerberos Delegation

Historically, there has been two things I have used when troubleshooting Kerberos delegation issues:

The other day I found a fantastic tool called “DelegConfig” which appears to have been authored by a Microsoft Support engineer. The tool allows you to set-up a web application which will diagnose your Kerberos configuration. This means it’s only really relevant for troubleshooting Kerberos delegation under IIS but I cannot recommend it enough. More information here.

There appears to be a “DelegConfig v2 (beta)” but I have not tested it. More information here, it appears to better support IIS 7.0.

When configuring DelegConfig, remember to set the AppPool running the DelegConfig web application to the same account as the one you want to use to perform the delegation.

Kerberos Delegation with IIS 7.0

Under IIS 7.0 you need to watch out for “Kernel Mode Authentication”, there is a very good post on the subject here.

To change your settings as per the above link, you need to change the values in the “applicationHost.config” file (you cannot set the value in your application’s web.config as that configuration section is locked. You can find the file here:

%systemdrive%\Windows\System32\inetsrv\config\applicationHost.config

You might also want to disable the loopback check.


Thursday 18 November 2010

The various types of Cloud offerings

There are three main types of Cloud offerings, these are:

  • Infrastructure-as-a-Service (IaaS) provides basic compute and storage resources. Vendors in this space include Amazon (with it's EC2 product).
  • Platform-as-a-Service (PaaS) provides an application services framework. Vendors in this space include Microsoft (with Azure), Google (with Google Apps Engine) and Salesforce (with Force.com).
  • Software-as-a-Service (SaaS) provides complete applications. Vendors in this space include Microsoft (with Office 365), Google (with GMail/Google Docs/Google Apps) and SalesForce (with Salesforce.com).

Each offers an increasing level of abstraction, with SaaS, being the highest level of abstraction, delivering shrink wrapped products with little room for customisation.

Note the distinctions between the three, each is a very different offering with very distinct characteristics. Matching your requirements against the type of offering allows you to narrow down the list of appropriate vendors dramatically.

Notice also the delineation between the IaaS and PaaS/SaaS vendors. The PaaS vendors generally also have SaaS offerings (using their platform to deliver software) but there's no major vendor with offerings that cross over from IaaS to PaaS/SaaS.


About Me