Cloud Platform System 1.0 Update 2

Features

Disaster recovery to Azure Public Cloud
Before Cloud Platform System (CPS) 1.0 Update 2, offering disaster recovery to tenants through Azure Site Recovery (ASR) required a minimum of two CPS stamps, and this increases costs. After you install Update 2, you can use Microsoft Azure as the recovery site. This requires fewer configuration steps for CPS administrators who create and publish Azure Pack plans that include disaster recovery. If disasters affect the primary CPS stamp, workloads can be temporarily moved to Azure by a simple click. This lets CPS customers avoid the expense of acquiring and managing a second CPS stamp for recovery. 

FedRAMP
CPS has been evaluated for compliance with the most current FedRAMP moderate baseline. Customers seeking FedRAMP certification can now use a precompiled System Security Plan (SSP) template and a Customer Responsibility Matrix (CRM). The SSP and CRM help streamline parts of the FedRAMP authorization process, providing CPS customers an easy way to understand their compliance levels when they are deploying services to internal or tenant users who require FedRAMP compliance. The SSP and CRM can increase confidence that with CPS, your IT infrastructure can be certified for FedRAMP with a significant reduction in the time, cost, and resources that are required by the process.

BitLocker drive encryption
Customers who seek stronger security for their data at rest can now encrypt management, tenant, and backup data in CPS by configuring BitLocker Drive Encryption. For more information, see http://support.microsoft.com/kb/3078425. 

Off-stamp backup
Before Update 2, CPS backup allowed customers to back up tenant VMs to disk and retain them for a week, which gave them time to perform operational recovery. However, this solution does not provide for scenarios such as offsite backup or long-term retention. As part of CPS Update 2, customers can now deploy Data Protection Manager (DPM) servers either onsite or offsite, outside CPS. They can back up tenant VMs to secondary DPM servers. By using secondary DPM servers, customers can have an offsite, backed-up copy on disk or on tape for long-term retention. Off-stamp backup lets customers more easily meet tenant backup requirements, such as offsite backup copies or long-term retention for their VMs.

Updates for System Center 2012 R2
System Center 2012 R2 Data Protection Manager Update Rollup 7 https://support.microsoft.com/en-us/kb/3065246
System Center 2012 R2 Orchestrator - Service Management Automation Update Rollup 7 https://support.microsoft.com/en-us/kb/3069115
System Center 2012 R2 Operations Manager Update Rollup 6 http://support.microsoft.com/kb/3051169
System Center 2012 R2 Orchestrator - Service Provider Foundation Update Rollup 6  http://support.microsoft.com/kb/3050307
System Center 2012 R2 Virtual Machine Manager Update Rollup 7 https://support.microsoft.com/en-us/kb/3066340

Updates for Windows Azure Pack
Update Rollup 7.1 for Windows Azure Pack https://support.microsoft.com/en-us/kb/3091399

Updates for Windows Server 2012 R2
MS15-011: Vulnerability in Group Policy could allow remote code execution: February 10, 2015: https://support.microsoft.com/en-us/kb/3000483
Performance regressing in Hyper-V guest system in Windows Server 2012 R2 or Windows 8.1: https://support.microsoft.com/en-us/kb/3014069
Update to add support for Generic Routing Encapsulation in Windows 8.1 and Windows Server 2012 R2: https://support.microsoft.com/en-us/kb/3022776
Shared Hyper-V virtual disk is inaccessible when it's located in Storage Spaces on a Windows Server 2012 R2-based computer: https://support.microsoft.com/en-us/kb/3025091
MS15-021: Vulnerabilities in Adobe font driver could allow remote code execution: March 10, 2015: https://support.microsoft.com/en-us/kb/3032323
MS15-020: Description of the security update for Windows text services: March 10, 2015: https://support.microsoft.com/en-us/kb/3033889
MS15-020: Description of the security update for Windows shell: March 10, 2015: https://support.microsoft.com/en-us/kb/3039066
MS15-034: Vulnerability in HTTP.sys could allow remote code execution: April 14, 2015: https://support.microsoft.com/en-us/kb/3042553
"STATUS_PURGE_FAILED" error when you perform VM replications by using SCVMM in Windows Server 2012 R2 https://support.microsoft.com/en-us/kb/3044457
MS15-044 and MS15-051: Description of the security update for Windows font drivers: https://support.microsoft.com/en-us/kb/3045171
MS15-068: Description of the security update for Windows Hyper-V: July 14, 2015: https://support.microsoft.com/en-us/kb/3046359
Hyper-V cluster unnecessarily recovers the virtual machine resources in Windows Server 2012 R2: https://support.microsoft.com/en-us/kb/3072380
Possible performance degradation updating very large de-duplicated files https://support.microsoft.com/en-us/kb/3073062
MS15-078: Vulnerability in Microsoft font driver could allow remote code execution: July 16, 2015: https://support.microsoft.com/en-us/kb/3079904
"The URL cannot be resolved" error in DirectAccess and routing failure on HNV gateway cluster in Windows Server 2012 R2 - https://support.microsoft.com/en-us/kb/3047280
Tenant VMs lose network connectivity if NAT gateway VM exhausts all TCP/IP ephemeral ports in Windows Server 2012 R2: https://support.microsoft.com/en-us/kb/3078411

Hardware updates
Firmware and driver updates have been incorporated in the Microsoft Patch and Update Framework (P&U) for this release. As part of the P&U process, every node is updated to have the most current, tested version of firmware or drivers to help ensure optimal system performance. After P&U applies software, firmware, and driver updates, it restarts CPS nodes when restarts are required.

The following is a list of automated firmware updates that are applied as part of CPS 1.0 Update 2: