Announcing Windows 10 Insider Preview Build 19631 | Windows Experience Blog

Hello Windows Insiders, today we’re releasing Windows 10 Insider Preview Build 19631 to Windows Insiders in the Fast ring.
You can check out our Windows Insider Program documentation here, including a list of all the new features and updates released in builds so far. Not seeing any of the features in this build? Check your Windows Insider Settings to make sure you’re on the Fast ring. Submit feedback here to let us know if things weren’t working the way you expected.
If you want a complete look at what build is in which Insider ring, head over to Flight Hub. Please note, there will be a slight delay between when a build is flighted and when Flight Hub is updated.

ARM64 VHDX available for download
Back in February with Build 19559, we added the ability to install Hyper-V on ARM64 devices such as the Surface Pro X running the Enterprise or Pro editions of Windows 10. Today, we are offering the ARM64 VHDX for Windows 10 Insider Preview Build 19624, so that Insiders can run Windows 10 as a guest OS in Hyper-V. You can download the VHDX here. We will regularly release updated VHDX downloads for newer Insider Preview builds going forward.
Note: Hyper-V on Windows 10 ARM64 devices only works on Windows 10 Insider Preview Builds 19559 and above. Nested virtualization is not supported.

We updated the configuration of Windows Hello to make sure it works well with 940nm wavelength cameras.
Windows Sandbox WSB files are now case insensitive.

We’re looking into an issue where some devices booting from eMMC storage may bugcheck when resuming from hibernate.
We’re looking into reports of the update process hanging for extended periods of time when attempting to install a new build.
We’re working on fixing an issue for a future Insider Preview build where in Settings > Privacy the Documents and Downloads sections show a broken icon next to their page name (just a rectangle).
We’re looking into reports that taskbar preview thumbnails aren’t rendering consistently (showing a blank area).

Looking for fun games to play online? Check out our online games and puzzles feature on Bing! Challenge your friends to a game of Uno, Checkers, Connect4, and more.
If you want to be among the first to learn about these Bing features, join our Bing Insiders Program.

State of Decay 2 celebrates 2 years with sale, new update and limited time outfits | Windows Experience Blog

It’s already been two years since the arrival of State of Decay 2, and the team is celebrating with discounts, an update and a chance for a limited time to get some cool new apparel.
Head over to the State of Decay blog to watch the video and find out about getting the game for 15% off through May 26, free playable content now available with Update 17, and the limited availability of the State of Decay-themed Logo Ninja Hoodie and Undead Green Cattleman Hat.

What’s coming in Windows 10 accessibility | Windows Experience Blog

I hope this blog finds you, your family and friends and your colleagues all healthy and safe during these changing times. I’m excited to share some of the updates we are incorporating within Windows 10 to make it easier to see and use for people with low or no vision.  These improvements, coming to Windows 10 users in the May 2020 Update, represent the next steps in our journey to empower every person on the planet to achieve more.
Thank you for all the feedback to date. Please keep it coming! Our users, especially Windows Insiders, are continuing to shape Windows 10 accessibility by helping us understand what improvements matter most. Information about how best to reach us is included at the end of this post.
Making Windows 10 easier to see and use
Text cursor improvements
We recently made text and pointers easier to personalize in Windows 10. Millions of people prefer larger text, and larger and brighter pointers to make Windows 10 easier to see and use. Perhaps not surprisingly, many low vision users asked us to continue to make it easier to work with text cursors. More specifically, they told us that text cursors are difficult to find when they are too thin and don’t contrast enough with text. Now users can easily make cursors wider and add a text cursor indicator; we’ve even included the ability to choose custom colors, making it even easier to find their text cursor on the screen.
Figure 1 – New Ease of Access Settings make text cursors easier to see and use.
We made some related changes in Magnifier. We recently added a Magnifier option to follow the mouse pointer, so that users did not have to scan their display to find the pointer. Instead, they could rely on the mouse pointer to be in an expected location in the center of their display. Again, not surprisingly, users asked us to make it easier to work with text cursors with Magnifier. Now Magnifier will follow the text cursor in the center of the display by default, so that users can find the text cursor in an expected location.
Magnifier reading reduces strain and fatigue
We’ve heard from many Magnifier users that it can be difficult to read and work with text throughout their day; they often strain to read text and end their day with severe fatigue or headaches. We added a new feature that makes it easy to have text read aloud to reduce the strain of reading. Magnifier now includes Play, Pause, Next sentence, Previous sentence and Read from here controls to make it easy to read text in popular browsers including Edge, Chrome and Firefox and other Windows applications like Microsoft Word, Outlook and PowerPoint. Magnifier will highlight each word that is spoken and will scroll content into view if it is not currently displayed.
Finally, we’ve improved the Magnifier user interface. Magnifier will now respond to larger text and Dark mode settings, so that it is easier to see and use.
Figure 2 – New Magnifier features include reading and support for larger text and dark mode.
Making Windows easier to use without sight, with a screen reader
We’ve made a few sets of improvements to Narrator, which is the free, built in screen reader in Windows 10.
Narrator easier to use
We made reading more natural by reducing unnatural pauses and processing complete sentences to aid with proper pronunciation. We also redesigned Narrator sounds to enable Narrator users to be more efficient. We added sounds for the most common actions while reducing the total number of sounds to make them easier to learn and use. For example, rather than having to hear “scan on” or “scan off” when switching between scan mode and other modes, now you can choose to hear tones instead of the words. By default, both the words and sounds are turned on, to learn the new sounds. You can then change the level of detail that Narrator speaks about text and controls to hear fewer words for common actions. Finally, we improved support for announcing capital words and letters, e.g., when proofing a message or document. Narrator will handle initial, mixed and all cap words.
Smarter browsing
We made multiple improvements to the Narrator browsing experience.
First, Narrator will automatically start reading web pages from the top of the page. Automatic reading is intended to improve efficiency and give users confidence that the intended page loaded. Second, we implemented a page summary on demand. In addition to better understanding the complexity of a page, e.g., the number of landmarks, links and headings, you can also get a list of the most popular links generated by Bing to make it easier to get to where you want to go. Press Narrator key + S to hear the landmarks, links and headings on the page and press Narrator key + S twice quickly to bring up the page summary that includes a list of popular links. Third, we addressed one of the top accessibility issues with poorly crafted web pages. We made it possible to disambiguate links with titles like “Click here” without having to press the link to see where it goes. Press Narrator key + Ctrl + D, the same command to generate an image description, to hear the title of the linked page before pressing the link.
Finally, we made multiple improvements to Narrator with popular browsers. In addition to Microsoft Edge and Chrome, Narrator now supports Firefox. We improved several Narrator experiences, including faster “Find” and more reliable table reading. We also added support for rich text in Chrome and Firefox, which makes it easier to consume content on sites like Wikipedia.
More efficient Outlook mail
In addition to general Narrator and Narrator browsing improvements, we improved Narrator’s Outlook experience. We optimized Narrator for the Outlook inbox to make it faster and easier to triage mail; we read a smaller set of data in the expected order. We also improved the message reading experience. Like when web pages load, we now automatically start reading content when you open a message. We also automatically enable scan mode and recognize and ignore layout tables to make it easier to navigate and read message content. We improved Outlook responsiveness, e.g., reducing lags when arrowing through messages in the inbox or through text in a message.
Please keep the feedback coming
While we are excited to share our progress, we recognize that we have more work to do to create delightful experiences for people with disabilities. Thank you to the many people who have provided feedback — both positive and constructive — to help make Windows great. If you’re interested in providing help or suggestions, we welcome your feedback via the Windows Insider Program. All the features referenced in this blog were shared with and shaped by Windows Insiders. Whether you’re using an Insider build, or a generally available version of Windows, Windows 10 makes it easy to share your thoughts and suggestions — just press Windows logo key + F to launch the Feedback hub and share what’s top of mind.
Finally, if you are a customer with a disability and need technical assistance, the Disability Answer Desk is there to assist via phone (800-936-5900) and chat. In addition, we also have an ASL option available for our customers who are deaf or hard of hearing in the U.S. (+1 503-427-1234). Please contact us, we are always happy to help.

Making the web more accessible and inclusive for all with Microsoft Edge | Windows Experience Blog

The past few months have forever changed the way we work, learn and play each day. Our routines have been entirely disrupted, and we’ve had to adapt to new ways to stay productive, entertained and healthy. This change in our global landscape has increased our dependency on technology and highlights the importance of digital accessibility and inclusion – core to how we build products at Microsoft.
Microsoft Edge is committed to building a more accessible web for everyone. A little over a year ago, we announced our intention to rebuild Microsoft Edge with the same open source technology as Google Chrome. Since then, we’ve committed over 150 changes on accessibility features alone back into the open source project with the support of the Google Chrome team. We’re proud to share this work and to continue building features that will benefit everyone.
We have continued to be inspired as we hear stories like Emmy’s. Emmy is a fifth grader from Fairfax County Public Schools, who not only uses Immersive Reader herself but has also become an advocate for the tool by leading a tech chat for her teachers and helping her classmates. Immersive Reader in Microsoft Edge truly empowers people to achieve more and today we are excited to highlight some of our new and existing features in Edge.
New – Open Immersive Reader across the web

Immersive Reader in Microsoft Edge is helpful for anyone who is looking to improve their experience reading online. You may recognize Immersive Reader across other Microsoft Products like OneNote and Word, and we took our lessons from these experiences to bring this important feature to Edge.
Until recently, the primary ways to access Immersive Reader in Microsoft Edge have been to click the icon in the address bar or to use our F9 shortcut on certain sites. Now, you can simply select content on a web page, right click, and choose “Open in Immersive Reader.” All three of these options will allow you to easily remove distractions and access a variety of tools that allow for personalization.
New – View visual definitions of words with Picture Dictionary in Microsoft Edge

One of our newest tools in this set will be Picture Dictionary which will help you view a picture representation of a word on a web page to increase comprehension. Ideal for those learning another language or for students learning on their own, it will allow you to stay in the flow of what you are reading. You’ll be able to simply select the word on a web page and see a picture that represents the word. You will be able to turn Picture Dictionary on by navigating to Reading Preferences and using the toggle.
Picture Dictionary in Microsoft Edge is coming to preview builds soon.
 New – Translate full web pages into 54 languages within Immersive Reader in Microsoft Edge

The web is packed with important information and many prefer to read pages in their native language. Translate in Microsoft Edge breaks down the walls of language by giving people the ability to easily translate web page text into one of 54 languages with the press of a button. This is ideal for students and professionals who are researching sources across the web and want to make the most of their time. To get started, navigate to the reading preferences in Immersive Reader, select your language of choice, and see the words change instantly to your preferred language.
Translate in Immersive Reader in Microsoft Edge is available in preview builds today.
Hear the web with Read aloud in Microsoft Edge

Already in Microsoft Edge, Read aloud translates words on a web page into spoken text so you can absorb information in multiple ways. Anyone can benefit from using Read aloud to simplify their lives and listen to website content without being tethered to a screen. With Read aloud, you can hear the text read aloud to you and words are highlighted as you go so that you can easily follow along to aid comprehension. We currently have 25 voice options to choose from based on your preference for voice in 13 languages and 21 locales, with our most natural sounding voices yet.
Read aloud is now generally available in desktop and mobile, and works on and offline. Read aloud for PDF is available in preview builds today.
Celebrate our community with our featured Bing homepage image

Beyond offering inclusive tools for web accessibility, Microsoft also highlights key contributors to this space. On Global Accessibility Awareness Day, on the Bing homepage, we are showcasing a painting by Jeff Hanson, an award-winning artist. Hanson is legally blind and only vaguely sees shapes and colors and has developed a unique tactile process that helps him feel his compositions by first plastering the canvas with a thick plastic material. Once that hardens, he uses the defined ridges to navigate the piece to apply his signature vibrant color. Today we’re featuring Hanson’s painting to observe the ongoing work to make technology accessible for more people around the world. Please visit on May 21 to take a closer look at Hanson’s painting, plus listen to a short audio clip of the artist talking about his work. If you’re reading this after May 21, you can see the image here. Check out more of his paintings at
The web is for everyone, and we are committed to building more inclusive experiences in Microsoft Edge in the coming year. As a company our mission is to empower every person and every organization on the planet to achieve more – and this is something we care deeply about. If you haven’t yet downloaded the new Microsoft Edge, please try it today. You can also read more about how students from Newmark Schools are using accessibility tools while learning from home in our Education blog. For other tips on how to make the most out of accessibility features across Microsoft products, please visit our remote learning resource site.
We look forward to sharing what’s next.

Adobe Experience Manager buoys U.S. census during pandemic

Holding up the 2020 U.S. Census as an example, Adobe made its case to U.S. government users that its cloud content management and web experience tools can serve up rich digital experiences, as Congress opens up its coffers to fund IT modernization.

The census is taken once every 10 years and boasts the largest peacetime mobilization of U.S. civilians in order to count its population, said Christina Stoehr, chief of the U.S. Census Bureau’s web and new media branch. In the midst of the COVID-19 pandemic and social distancing, the national self-response rate was 57.3% as of current data through May 5, exceeding the planners’ expectations, she said.

Digitizing the census-taking process saves $107 in taxes for each citizen who fills it out, with a potential savings of $55 million over the course of the census, said Stoehr, who discussed the project at the Adobe Digital Government Symposium. The census launched digitally earlier this year on Adobe Experience Manager, and enables citizens to fill it out online for the first time.

“The U.S. census serves as a recent example of how dedicated focus on [IT] modernization and customer experience can transform how mission outcomes are delivered,” said Suzette Kent, the federal CIO, in her conference keynote. “Our up-front investments prepared the government to continue operations, even when the COVID-19 crisis [began].”

Federal CIO Suzette Kent
At the Adobe Digital Government Symposium virtual conference, Federal CIO Suzette Kent, the U.S. government’s top IT official, discusses the deployment of Adobe cloud software across several agencies.

Census CX built from scratch

The census helps government officials determine how to spend $675 billion in federal funding based on community populations; the digital experience around the site had to convey this point and encourage participation in a climate of general distrust of the government, Stoehr said.

It also had to accommodate rapidly changing technologies and mobile devices, and be able to manage the incoming data. So the bureau decided to use customer experience principles to accomplish their goals.

“Even in the public sector, government is starting to better understand its customers and offer them personalized content and service offerings by population segment, and by demographics, via digital channels,” Stoehr said. “With this in mind, for the 2020 census we needed a real point to deliver messages to specific visitors.”

Even in the public sector, government is starting to better understand its customers and offer them personalized content and service offerings by population segment, and by demographics, via digital channels.
Christina StoehrChief of the web and new media branch, U.S. Census Bureau

The project also included refreshing the census site data access interface used by researchers, journalists, academics and more, and supporting advertising campaigns to recruit census takers and to encourage citizens to fill it out.

The agency chose Adobe Experience Manager to host the content, Adobe Launch for content analytics and Adobe Target to serve relevant content to users from the site, which supports 59 languages. Accenture provided journey mapping, among other services. Communications agency Reingold provided UX design and site testing, as well as content creation and coordination.

Adobe takes on Amazon, Microsoft

The Census Bureau’s digital experience project launched amid a number of large government IT initiatives, including the still-under-dispute $10 billion Joint Enterprise Defense Infrastructure (JEDI) contract awarded to Microsoft and numerous other federal IT modernization projects.

Alan Pelz-Sharpe, founder of advisory firm Deep Analysis, said that while Adobe’s not a headline-grabbing government IT vendor, its technology has been deeply ingrained in local, state and federal IT for decades on the strength of it PDF digital document tools.

While those technologies might not have the cachet of the Adobe Experience Manager and sophisticated web analytics that the company currently markets heavily, PDF’s saturation of the government market provides the launch pad for new government IT contracts up for grabs.

“When we think about Adobe, we think about experience management, the things they do with digital marketing, advertising agencies and websites,” Pelz-Sharpe said. “But then there’s the traditional part of Adobe, the Document Cloud. For some reason, nobody wants to talk about those, but it’s their core business.”

The U.S. government is far behind European sites in digital experience for its citizens, Pelz-Sharpe said. Using commercial cloud systems and consultants like Accenture to update sites should catch it up faster and may prove to be less expensive than building their own sites and back-end support. The census site could serve as Adobe’s proof of concept for other federal agencies seeking to modernize their own digital experiences, he concluded.

Go to Original Article

Zuckerberg lists benefits, drawbacks of remote work

Facebook Inc.’s co-founder and CEO Mark Zuckerberg delivered a frank assessment about the benefits of remote work, especially with respect to recruiting. He also listed the drawbacks, uncertainties and the need for improvements in remote work technology. 

But the biggest takeaway from Zuckerberg’s livestream employee town hall Thursday is that the pandemic has permanently changed how work will get done — especially at Facebook. 

“I think that it’s quite possible that over the next five to 10 years, about 50% of our people could be working remotely,” Zuckerberg said.

Zuckerberg sees this as a major cultural change for the firm.

“I just think COVID is going to be with us for a while to come,” Zuckerberg said. “That means that we can’t and don’t have to figure out every single detail about what the long-term is going to look like right now.”

Zuckerberg listed some clear benefits of remote work. It “gives access to a lot of new pools of talent,” Zuckerberg said. Specifically, people who would never consider moving to a bigger city for a job, he said. “I’m very excited about that.”

Another benefit to remote work is retention. “Improved retention is as valuable — if not more — than being able to recruit new people,” Zuckerberg said.

I think that it’s quite possible that over the next five to 10 years, about 50% of our people could be working remotely.
Mark ZuckerbergCo-founder and CEO, Facebook Inc.

While his remarks were directed at Facebook employees, Zuckerberg’s theme was universal. Every firm, it seems, is trying to figure out how to adapt now and after the pandemic ends.   

Flexibility is top employee choice

Working in the office remains popular at Facebook. In an internal survey, about 50% of Facebook employees “said that they really just want to get back into the office as soon as possible,” Zuckerberg said. 

The largest preference, about 60%, wanted flexibility, a mix of being able to work in the office and from home. Employees weren’t limited to one choice in the survey.

The employee sentiment about flexibility is in line with Gartner’s assessment about the future of work. 

“I think the norm of the 9 to 5, Monday through Friday, brick and mortar office space will be replaced with a much more flexible environment — both in location and time,” Liz Joyce, a Gartner analyst, said. 

“In the near term, the reality of reopening while still maintaining social distancing will drive that flexibility,” Joyce said. “Many organizations will have to adjust schedules to allow smaller groups of employees in the office.”

That is true for Facebook, which employs about 45,000 people. The social network giant has already told its employees they can expect to work from home through 2020. About 95% of its employees are now working remotely. 

Facebook, when it reopens offices at some future point, will limit occupancy to 25% capacity. “A lot of us are going to have to be working remotely for some time to come,” Zuckerberg said.  

Tools are falling short

Zuckerberg didn’t indicate problems with worker productivity but said messaging and video chat tools were falling short of “building bonds” between employees in the company. They were more transactional, he said. But this is also an area that Facebook is working on with its enterprise Workplace collaboration platform. 

Zuckerberg raised long-term questions about balancing in-office and remote work, such as: “How do we make offices effective and full of energy if a lot of people who have desks aren’t around?” 

Zuckerberg continued to point to a need for employees to meet from time to time, as well as building tools for collaboration. He also announced some new office hubs in Denver, Dallas and Atlanta, which seemed intended to create some focal points for people hired and working in those regions.

From a cost perspective, Zuckerberg said a shift to remote work wouldn’t necessarily lead to cost savings, a conclusion he based on discussions with other firms that have undergone such a transition. “There are just different costs here,” he said, and that includes more tooling to make remote work offices function, including good audio, lighting and internet connection for video. 

Not all firms will follow Facebook’s approach. 

Consider OpenText in Waterloo, Ontario. Like Facebook, the content management firm shifted 95% of its 15,000 employees to remote work in response to the pandemic. 

At some point, a majority of OpenText employees will return to their offices, but just not as many as before. 

OpenText expects about 2,250 employees, or about 15% of its workforce, will continue to work remotely full-time, or more than double the pre-pandemic number of remote workers. The increase in remote work will allow OpenText to close some smaller offices. The large development centers in Silicon Valley, Europe, India and the Washington, D.C., area will remain.

“OpenText has always had a relaxed work-from-home policy” to support families with young children, people with special needs and those with long commutes, said Muhi Majzoub, executive vice president and chief product officer.

“Many of our employees have told us in previous employee surveys that they actually prefer and feel more productive working from home” instead of dealing with long commutes, Majzoub said.  

Go to Original Article

Dell EMC Isilon file storage floats into Google public cloud

Dell EMC spun out a flurry of cloud initiatives to bolster one of the few areas where its products lag competing storage vendors.

The infrastructure vendor teamed with Google to make its Dell EMC Isilon OneFS file system available for scale-out analytics in the Google Cloud Platform (GCP). Dell EMC said Google cloud customers can scale up to 50 petabytes of Isilon file storage in a single namespace, with no required application changes.

The managed NAS offering uses Google compute to run software instantiations of Isilon OneFS. The service is part of Dell Technologies Cloud, an umbrella branding for Dell EMC’s cloud options. This is Google’s second major foray into file system storage within the last year. It acquired startup Elastifile, whose scale-out system is integrated in Google Cloud Filestore.

Dell Technologies Cloud hybrid cloud infrastructure enhancements also include native Kubernetes integration in VMware vSphere, along with more flexible compute and storage options.

File storage written for cloud

Dell EMC allows customers to tier local file storage to all three public cloud providers via its Isilon CloudPools, but the Google partnership is its first effort at writing OneFS specifically for cloud-native workloads. AWS has the largest market share of the public cloud market, followed by Microsoft Azure and Google Cloud Platform.

Dell did not address if it plans similar integrations with AWS or Microsoft Azure, but it represents a likely path, especially as enterprises deploy multiple hybrid clouds. File pioneer NetApp started offering cloud-based versions of its OnTap operating system several years ago, while all-flash specialist Pure Storage recently added file services to its block-based FlashArray flagship array. Hewlett Packard Enterprise also sells file services in the cloud on ProLiant servers through an OEM deal with Qumulo, whose founders helped to engineer the original Isilon NAS code.

Dell has to continue to execute on this strategy with the other major cloud providers. This can’t be a one-and-done.
Matt EastwoodSenior vice president of enterprise infrastructure, IDC

“Dell has to continue to execute on this strategy with the other major cloud providers. This can’t be a one-and-done [with Google]. We’ll need to see more improvements from Dell in the next six to 12 months to show they are able to bring their file storage technologies to the cloud,” said Matt Eastwood, a senior vice president of enterprise infrastructure at IDC.

Although Dell and Google publicly acknowledged a beta version in 2018, the formal OneFS cloud launch comes a little more than one year after Thomas Kurian took over as CEO at Google Cloud Platform. An interesting twist would be noteworthy if Kurian’s arrival helped spur the Dell product development: George Kurian, his twin brother, and CEO at NetApp, has said Dell is “years behind” NetApp’s Data Fabric strategy.

Brian Payne, a Dell EMC vice president, said enterprises have struggled to run traditional file systems that fully exploit Google’s fast compute services for analyzing large data sets. Enterprises can purchase the cloud version of Dell EMC Isilon OneFS with the required compute services in the Google Compute Platform portal.

“We found that customers are using Google to run their AI engines or data services, and we paired with Google to help them process and store very large content files in Isilon,” Payne said.

Node requirements flexed for Dell Technologies Cloud

Dell’s strategy has evolved on how to unify is hybrid cloud offerings with public cloud technologies, although its ownership of VMware provides assets supported by Dell EMC storage competitors.

Dell Technologies Cloud integrates VMware Cloud Foundation (VCF) and Dell EMC VxRail hyper-converged infrastructure as a combined stack to run workload domains, software-defined storage, software-defined networking and virtualized compute. Customers can buy Dell Technologies Cloud and manage it locally or as an on-demand service.

VMware Cloud Foundation 4.0 includes native Kubernetes integration that allows container orchestration to be managed in vSphere. The Kubernetes piece is part of Project Pacific, the code name for a major redesign of the vSphere control plane. Payne said it allows cloud-native workloads to run directly on the Dell Technologies Cloud platform, with Dell handling lifecycle management.

Dell Technologies On Demand offers the same services as a consumption license. Payne said Dell’s new entry requirement is a minimum of four nodes, down from eight nodes, and users can scale capacity across multiple racks.

The Dell Technologies Cloud binge includes updates to Dell EMC SD-WAN software-defined networking, based on the VeloCloud technology VMware acquired in 2017. Dell also added support for Dell EMC PowerProtect Cyber Recovery data protection to VMware Cloud, which uses Dell EMC storage to extend private IaaS deployments to public clouds.

Go to Original Article

IT pros clamor for Kubernetes multi-cloud deployment API

Enterprises are watching the development of the Kubernetes Cluster API project, which they hope will evolve into a declarative multi-cloud deployment standard for container infrastructure.

With a declarative API, developers can describe the desired outcome and the system handles the rest. Kubernetes today requires users to deploy a series of such APIs separately for each cloud provider and on-premises IT environment. This makes it difficult to take a cohesive, consistent approach to spinning up multiple clusters, especially in multi-cloud environments. Existing Kubernetes deployment procedures may also offer so many configuration options that it’s easy for end users to overcomplicate installations.

Enterprises that have taken a declarative, also known as immutable, approach to other layers of the IT infrastructure as they adopt DevOps want to enforce the same kind of simple, repeatable standards for Kubernetes clusters through a standard declarative API. Some IT shops have struggled and failed to implement their own APIs for those purposes, and say the community effort around Kubernetes Cluster API has better potential to achieve those goals than their individual projects.

One such company, German IT services provider Giant Swarm, created its own Kubernetes deployment API in 2017 to automate operations for more than 200 container clusters it manages for customers in multiple public clouds. It used a central Kubernetes management cluster fronted by the RESTful API to connect to Kubernetes Operators within each workload cluster. Eventually, though, Giant Swarm found that system too difficult to maintain as Kubernetes and cloud infrastructures continually changed.

“Managing an additional REST API is cumbersome, especially since users have to learn a new [interface],” said Marcel Müller, platform engineer at Giant Swarm, in an online presentation at a virtual IT conference held by API platform vendor Kong last month. “We had to restructure our API quite often, and sometimes we didn’t have the resources or knowledge to make the right long-term [architectural] decisions.”

Kubernetes Cluster API
Kubernetes Cluster API architecture

Switching between cloud providers proved especially confusing and painful for users, since tooling is not transferable between them, Müller said.

“The conclusion we got to by early 2019 was that community collaboration would be really nice here,” he said. “A Kubernetes [special interest group] would take care of leading this development and ensuring it’s going in the correct direction — thankfully, this had already happened because others faced similar issues and come to the same conclusion.”

A Kubernetes [special interest group] would take care of leading this development and ensuring it’s going in the correct direction — thankfully, this had already happened because others faced similar issues and come to the same conclusion.
Marcel Müller Platform engineer, Giant Swarm

That special interest group (SIG), SIG-Cluster-Lifecycle, was formed in late 2017, and created Cluster API as a means to standardize Kubernetes deployments in multiple infrastructures. That project issued its first alpha release in March 2019, as Müller and his team grew frustrated with their internal project, and Giant Swarm began to track its progress as a potential replacement.

Cluster API installs Kubernetes across clouds using MachineSets, which are similar to the Kubernetes ReplicaSets Giant Swarm already uses. Users can also manage Cluster API through the familiar kubectl command line interface, rather than learning to use a separate RESTful API. 

Still, the project is still in an early alpha phase, according to its GitHub page, and therefore changing rapidly; as an experimental project, it isn’t necessarily suited for production use yet. Giant Swarm will also need to transition gradually to Cluster API to ensure the stability of its Kubernetes environment, Müller said.

Cluster API bridges Kubernetes multi-cloud gap

Cluster API is an open source alternative to centralized Kubernetes control planes also offered by several IT vendors, such as Red Hat OpenShift, Rancher and VMware Tanzu. Some enterprises may prefer to let a vendor tackle the API integration problem and leave support to them as well. In either case, the underlying problem at hand is the same — as enterprise deployments expand and mature, they need to control and automate multiple Kubernetes clusters in multi-cloud environments.

For some users, multiple clusters are necessary to keep workloads portable across multiple infrastructure providers; others prefer to manage multiple clusters rather than deal with challenges that can emerge in Kubernetes networking and multi-tenant security at large scale. The core Kubernetes framework does not address this.

“[Users] need a ‘meta control plane’ because one doesn’t just run a single Kubernetes cluster,” said John Mitchell, an independent digital transformation consultant in San Francisco. “You end up needing to run multiple [clusters] for various reasons, so you need to be able to control and automate that.”

Before vendor products and Cluster API emerged, many early container adopters created their own tools similar to Giant Swarm’s internal API. In Mitchell’s previous role at SAP Ariba, the company created a project called Cobalt to build, deploy and operate application code on bare metal, AWS, Google Cloud and Kubernetes.

Mitchell isn’t yet convinced that Cluster API will be the winning approach for the rest of the industry, but it’s at least in the running.

“Somebody in the Kubernetes ecosystem will muddle their way to something that mostly works,” he said. “It might be Cluster API.”

SAP’s Concur Technologies subsidiary, meanwhile, created Scipian to watch for changes in Kubernetes custom resource definitions (CRDs) made as apps are updated. Scipian then launches Terraform jobs to automatically create, update and destroy Kubernetes infrastructure in response to those changes, so that Concur ops staff don’t have to manage those tasks manually. Scipian’s Terraform modules work well, but Cluster API might be a simpler mechanism once it’s integrated into the tool, said Dale Ragan, principal software design engineer at the expense management SaaS provider based in Bellevue, Wash.

“Terraform is very amenable to whatever you need it to do,” Ragan said. “But it can be almost too flexible for somebody without in-depth knowledge around infrastructure — you can create a network, for example, but did you create it in a secure way?”

With Cluster API, Ragan’s team may be able to enforce Kubernetes deployment standards more easily, without requiring users to have a background in the underlying toolset.

“We created a Terraform controller so we can run existing modules using kubectl [with Cluster API],” Ragan said. “As we progress further, we’re going to use CRDs to replace those modules … as a way to create infrastructure in ‘T-shirt sizes’ instead of talking about [technical details].”

Go to Original Article

Linux kernel utility could solve Kubernetes networking woes

As production Kubernetes clusters grow, a standard Linux kernel utility that’s been reinvented for the cloud era may offer a fix for container networking scalability challenges.

The utility, extended Berkeley Packet Filter (eBPF), traces its origins back to a paper published by computer scientists in 1992. It’s a widely adopted tool that uses a mini-VM inside the Linux kernel to perform network routing functions. Over the last four years, as Kubernetes became popular, open source projects such as Cilium began to use eBPF data to route and filter Kubernetes network traffic without requiring Linux kernel changes. 

In the last two years, demand for such tools rose among enterprises as their Kubernetes production environments grew, and they encountered new kinds of thorny bottlenecks and difficult tradeoffs between complexity and efficiency.

IT monitoring vendor Datadog saw eBPF-based tooling as the answer to its Kubernetes scaling issues after a series of experiments with other approaches.

“Right now, there are a lot more people running Kubernetes at smaller scale,” said Ara Pulido, a developer relations specialist at Datadog, in an online presentation last month. “When you start running Kubernetes at bigger scale, you run into issues that just a handful of people have found before, or maybe you are the first one.”

As Datadog’s environment expanded to dozens of Kubernetes clusters and hundreds of nodes, it quickly outgrew the default Kubernetes networking architecture, Pulido said.

Among the scalability issues Datadog encountered was the way the native Kubernetes load balancer component called kube-proxy handles service networking data. In microservices environments, application services comprised of Kubernetes Pods communicate through load balancers; by default, kube-proxy performs this role and is deployed to every Kubernetes cluster node. Kube-proxy then monitors the Kubernetes API for any changes. When changes are made, by default, kube-proxy updates Iptables to keep track of service routing information.

“One of the issues is that with every change, you have to resync the whole table, and as you scale the number of pods and services, that’s going to have a cost,” Pulido added.

Since Kubernetes 1.11, kube-proxy can also use the Linux IP Virtual Server instead of Iptables, which doesn’t require a full resync when changes are made to the cluster, among other improvements. However, this required Datadog engineers to become upstream contributors to IPVS to ensure it worked well in their environment, Pulido said.

As we moved to Cilium in our newer clusters, we realized we could also remove kube-proxy, as Cilium already implements a replacement.
Ara PulidoDeveloper relations, Datadog

Datadog then began to explore eBPF tools from Cilium for granular container security features and found it could serve as wholesale replacement for kube-proxy.

Cilium provides identity-based connections via Kubernetes labels, rather than connections based on IP addresses, which may not be fine-grained enough to accommodate individual workload permissions in security-sensitive environments, Pulido said in an interview following her presentation. “As we moved to Cilium in our newer clusters, we realized we could also remove kube-proxy, as Cilium already implements a replacement.”

Cilium updates eBPF for Kubernetes networking

Cilium, launched four years ago, and its commercial backer, Isovalent, have developed Kubernetes networking and security tools based on eBPF, as have other vendors such as Weaveworks, whose Weave Scope network monitoring tool uses eBPF data  to perform granular tracking of Kubernetes TCP connections. Another company, Kinvolk, created the cgnet open source utility to collect detailed pod and node statistics via eBPF and export them to Prometheus.

Cilium Kubernetes networking architecture
Cilium eBPF-based tools replace native Kubernetes networking functions.

Cilium’s eBPF-based tools replace Kubernetes networking elements including kube-proxy to provide network and load balancing services and to secure connections within them. Users say the Cilium tools perform better than kube-proxy, especially the IPtables version, and offer a more straightforward approach to Kubernetes service network routing than overlay tools such as Flannel.

“The IPtables approach [with kube-proxy] was always kind of kludgy,” said Dale Ragan, principal software design engineer at SAP’s Concur Technologies Inc., an expense management SaaS provider based in Bellevue, Wash.

Ragan also encountered some known issues between Flannel and Kubernetes NodePort connections as of late 2018, which he discovered that Cilium could potentially avoid. Concur has since swapped out Flannel Container Network Interface (CNI) plugins for Cilium in its production clusters, and is also testing Isovalent’s proprietary SecOps add-ons, such as intrusion detection and forensic incident investigation.

“The other [appeal of eBPF] was from a security perspective, that we could apply policies both cluster-wide and to individual services,” Ragan said.

eBPF vs service mesh

Cilium contributors also contribute to Envoy, the sidecar proxy used with Istio and other service meshes, and eBPF isn’t a complete replacement for service mesh features such as advanced layer 7 application routing. Cilium can be used with a service mesh to accelerate its performance, said Isovalent’s CEO, Dan Wendlandt.

“CNIs are at a lower layer of Kubernetes networking — service mesh still depends on that core networking and security layer within Kubernetes,” Wendlandt said. “Cilium is a good networking foundation for service mesh that can get data in and out of any service mesh proxy efficiently.”

However, at lower layers of the network stack, there’s significant overlap between the two technologies, and Concur’s engineers will consider whether eBPF might support multi-cluster connectivity and mutual TLS authentication more simply than a service mesh.

“We want to get the networking layer correct, and from there add service mesh,” Ragan said. “From a TLS perspective, it could be very transparent for the user, where Cilium is inspecting traffic at the system level — there are all kinds of opportunities around intrusion detection without a lot of overhead and work for [IT ops] teams to do to allow visibility for SecOps.”

Still, Cilium and other eBPF-based tools represent just one approach that may gain traction as more users encounter problems with Kubernetes networking at scale. For some truly bleeding-edge Linux experts, eBPF may be eclipsed in network performance enhancement by the io_uring subsystem introduced in the Linux kernel a year ago, for example.

“eBPF is going through a bit of a hype cycle right now,” said John Mitchell, an independent digital transformation consultant in San Francisco. “From the VC perspective, it’s a super-techy ‘special sauce’, and the eBPF ecosystem has gotten some good push from influential uber-geeks.”

However, eBPF has real potential to add advanced Kubernetes network security features without requiring changes to application code, Mitchell said.

Go to Original Article

Accessibility tools support Hamlin Robinson students learning from home | | Microsoft EDU

More than ever, educators are relying on technology to create inclusive learning environments that support all learners. As we recognize Global Accessibility Awareness Day, we’re pleased to mark the occasion with a spotlight on an innovative school that is committed to digital access and success for all.

Seattle-based Hamlin Robinson School, an independent school serving students with dyslexia and other language-based learning differences, didn’t set a specific approach to delivering instruction immediately after transitioning to remote learning. “Our thought was to send home packets of schoolwork and support the students in learning, and we quickly realized that was not going to work,” Stacy Turner, Head of School, explained in a recent discussion with the Microsoft Education Team.

After about a week into distance learning, the school quickly went to more robust online instruction. The school serves grades 1-8 and students in fourth-grade and up are utilizing Office 365 Education tools, including Microsoft Teams. So, leveraging those same resources for distance learning was natural.

Built-in accessibility features

Stacy said the school was drawn to Microsoft resources for schoolwide use because of built-in accessibility features, such as dictation (speech-to-text), and the Immersive Reader, which relies on evidence-based techniques to help students improve at reading and writing.

“What first drew us to Office 365 and OneNote were some of the assistive technologies in the toolbar,” Stacy said. Learning and accessibility tools are embedded in Office 365 and can support students with visual impairments, hearing loss, cognitive disabilities, and more.

Josh Phillips, Head of Middle School, says for students at Hamlin Robinson, finding the right tools to support their learning is vital. “When we graduate our students, knowing that they have these specific language-processing needs, we want them to have fundamental skills within themselves and strategies that they know how to use. But we also want them to know what tools are available to them that they can bring in,” he said.

For example, for students who have trouble typing, a popular tool is the Dictate, or speech-to-text, function of Office 365. Josh said that a former student took advantage of this function to write a graduation speech at the end of eighth grade. “He dictated it through Teams, and then he was able to use the skills we were practicing in class to edit it,” Josh said. “You just see so many amazing ideas get unlocked and be able to be expressed when the right tools come along.”

Supporting teachers and students

Providing teachers with expertise around tech tools also is a focus at Hamlin Robinson. Charlotte Gjedsted, Technology Director, said the school introduced its teachers to Teams last year after searching for a platform that could serve as a digital hub for teaching and learning. “We started with a couple of teachers being the experts and helping out their teams, and then when we shifted into this remote learning scenario, we expanded that use,” Charlotte said.

“Teams seems to be easiest platform for our students to use in terms of the way it’s organized and its user interface,” added Josh.

He said it was clear in the first days of distance learning that using Teams would be far better than relying on packets of schoolwork and the use of email or other tools. “The fact that a student could have an assignment issued to them, could use the accessibility tools, complete the assignment, and then return the assignment all within Teams is what made it clear that this was going to be the right app for our students,” he said. 

A student’s view

Will Lavine, a seventh-grade student at the school says he appreciates the stepped-up emphasis on Teams and tech tools during remote learning and says those are helping meet his learning needs. “I don’t have to write that much on paper. I can use technology, which I’m way faster at,” he said.

“Will has been using the ease of typing to his benefit,” added Will’s tutor, Elisa Huntley. “Normally when he is faced with a hand written assignment, he would spend quite a bit of time to refine his work using only a pencil and eraser. But when he interfaces with Microsoft Teams, Will doesn’t feeling the same pressure to do it right the first time. It’s much easier for him to re-type something. His ideas are flowing in ways that I have never seen before.”

Will added that he misses in-person school, but likes the collaborative nature of Teams, particularly the ability to chat with teachers and friends.

With the technology sorted out, Josh said educators have been very focused on ensuring students are progressing as expected. He says that teachers are closely monitoring whether students are joining online classes, engaging in discussions, accessing and completing assignments, and communicating with their teachers.

Connect, explore our tools

We love hearing from our educator community and students and families. If you’re using accessibility tools to create more inclusive learning environments and help all learners thrive, we want to hear from you! One great way to stay in touch is through Twitter by tagging @MicrosoftEDU.

And if you want to check out some of the resources Hamlin Robinson uses, remember that students and educators at eligible institutions can sign up for Office 365 Education for free, including Word, Excel, PowerPoint, OneNote, and Microsoft Teams.

In honor of Global Accessibility Awareness Day, Microsoft is sharing some exciting updates from across the company. To learn more visit the links below:

Go to Original Article
Author: Microsoft News Center