How a cloud service pays for itself in one emergency

Imagine this scenario: It’s Friday evening and a storm that was going to hit a nearby town veers off toward your corporate HQ. Suddenly you are looking at torrential rains and flooding of biblical proportions at your corporate HQ. Oh, and to top it off it’s your major stocking location for your national distribution business.

We weren’t imagining this when Hurricane Harvey dropped trillions of gallons of rain on the Houston area. Of all the Disaster Recovery and Business Continuity plans the one that was so very very simple was email and communication. We had already transitioned all of that to Office 365. What was our DR/BC plan for email and other written communication? We didn’t need to worry about the service.  We simply made sure that key people had laptops and good to go!

Of course, all wasn’t peaches and roses.

We have a couple of areas in the business that were still using on-premises file servers. The users trying to access those servers had to use a VPN (an uncommon occurrence for many of them). That was awkward and strained our licensed capacity for VPN connections, but it wasn’t a major ordeal. Guess who is going to be pushed toward SharePoint Online Document Sites? You betcha!

The other pain point was our legacy IBM PowerSystem. None of our locations lost power/connectivity during the storm, but we watched it like a hawk to determine if we should failover to the DR site. If that system was in a cloud bank in Arizona, there is less chance of hurricane issues.

True enough, cloud-based systems have their own set of problems. However, if you go with a geo-diverse plan, the likelihood of a big storm/blizzard/earthquake halting your business are greatly reduced. This is in addition to all the typically touted benefits of OPEX vs CAPEX, hardware maintenance and all that.

The moral of the story: If you work in a hurricane zone – pay attention to the cloud.

 

 

Advertisements

TechMentor Redmond 2017 – the short(ish) version

What is TechMentor? The answers range from the serious business case to the snarky, depending whom you ask and when. The short answer: it’s a tech conference focused on education for IT Professionals. The long answer can be found here on their site.  For me, it’s a recharging of my mental batteries and a chance to learn a lot and see some fellow IT folk I only see at these things.

I’m not going to do a day by day because this is 5 full days of learning, both from the speakers and the fellow attendees. I promised a short post so here it goes!

1. We are not doing enough for security (duh) and we’re not alone in that. While our situation isn’t as dire as some, it’s not as good as it can be. After this week I have the tools needed to address some of this.  

2. I could be wringing a lot more use out of Azure Active Directory for not alot more money. Things like Dynamic Groups based on user’s AD attributes and assigning Office 365 features based on group membership.

3. We all need to move from “Classic IT” to “Modern IT”. That is, from spending time redeploying software and images on OEM pc’s to simply updating what came on them to what the business user needs to function. *Hint* The Windows Configuration Designer is key here for SMB’s. This feeds into the concept of Windows as a Service.

4. If you’re going to make good training videos, the gear and the environment is as important as the software to record. A LOT of dollars can be spent to generate professional grade educational videos, but it also appears that if you aren’t TOO picky, you can get moderate grade gear for a couple of hundred bucks.

5. Building custom Desired State Configuration Resources isn’t as hard as I thought. It’s not EASY, but if you can build a function and know a few tricks of formatting it’s do-able. That’s my first blush after a good intro to the subject this week. We’ll see if I feel the same after I get knee-deep into making one. Good thing I met an expert or two on this.

6. REST and SOAP calls in PowerShell aren’t nearly as complicated when you have a good teacher walk you through it. What can be complicated is the what you do  with the info you get back. This has some really interesting ideas churning in my head.

7. Regular Expressions aren’t as hard when you understand what the engine is doing behind the scenes. It’s also good to have a tool test your expressions before you turn it loose in the world.

That’s seven key takeaways in broad strokes. Now to use a “bonus thing” I learned and deconstruct those broad items into projects and tasks.

Not bad for 5 days…..

Windows 2016 and DSC – Like Peanut Butter and Chocolate

We’ve all heard about DSC, right? Sure you have. Maybe you’ve been playing around a bit in labs or using for test environments. Why haven’t we all taken the plunge to Infrastructure as Code ( or more accurately Infrastructure from Code)? Because it’s hard, and we’re busy?

Likely, it’s because we don’t have the opportunity to go all ‘greenfield‘ in our daily jobs. Most of us live in the depressingly named ‘brownfields.’ We have servers already, we have workloads on them that are of different importance to our companies. We can’t just rip everything out and replace it! Oh but wait! Most of those machines are running older versions of Window Server or have old hardware. We’re going to need to do an upgrade/replacement plan anyway.

I know a lot of us have those old servers that run some important job. Maybe we virtualized when the hardware broke, but otherwise, they are still on 2008 or god forbid 2003. We can’t manage them with the latest tools because they have an old version of PowerShell ( if at all). We want to get rid of them, but what a daunting task!

Why not combine these two tasks? Two birds one stone and all that. Build out a pull server, and rebuild your infrastructure the “Modern” way. Don’t upgrade those VM,s construct new ones and shift the workload over. That ensures the cleanest installation and configuration. Since you’re configuring them from scratch, why not do it with DSC?

Here’s what I’m in the middle of right now: I have several physical servers at or near the end of life. I have a few 2008 servers still lingering. I want to get all my servers on 2016 to take advantage of several newer technologies. To make our Hyper-V hosts more efficient, I want to move as much as possible to Server Core.  I had used DSC for several small servers but not in a truly ” production ” manner. Time to upgrade!

Here’s my plan in broad terms:

  1. Build out a pair of new load balanced secure Pull Servers – using DSC Push Mode.
  2. From there, make a BASE configuration shared by all servers and inject that MOF into the image I’m using to build new VMs. This base config contains things like domain join, setting up the LCM with where to look for the pull server, network set up, etc.
  3. Create configurations for the server Archetypes – File Server – Web Server – App Server – Backup Server – Domain Controller – etc.
  4. Write some basic Pester tests to verify that the configurations are doing what I expect.
  5. Start standing up servers, pushing configs and testing. Once tests pass…..
  6. Move to production mode!

At some point, I plan to move the whole shooting match from Github to Visual Studios Team Services for source control and test beds. It would be nice to be able to apply a MOF file to a VM in Azure, run pester tests, and upon a full pass, have it deploy that new MOF to the on-site pull servers. But that’s a learning curve for another day!

Your “WannaCry” Takeaway

Postmortem on ransomware attacks.

Don Jones

As the news media continues to report on the meltdown of all global tech (sigh), there’s one takeaway for you, a professional IT person, as a postmortem. And it’s a simple question:

View original post 1,004 more words

Quick VPN Reset for Windows Insiders

As a “Windows Insider” on the Fast Ring, I get new builds of Windows semi-frequently. Love it! Great! Oh wait, now to VPN into the office for that 3am emergency I have to reconfigure my VPN because the installation of the new build hosed it. ARRGGH!

To be clear, it’s NOT because of a fault in Windows per se, it’s a side effect of the constant state of upgrade. Our network requires us to install SonicWALL Mobile Connect to log into our firewall based  VPN. It’s a slick little system and not hard to set up, the problem comes when the Windows build elf comes in the middle of the night. This ‘breaks’ the registration of the Windows Store app for MobileConnect, so when you try to fire up a VPN you get an “application not found” error.

The manual process, while not hard , is both annoying and inconsistent. Each time, you have to go into the Settings/Apps & features to find the SonicWALL Mobile Connect app. Then click the Advanced Features link, and hit the RESET button. That’s all straightforward. Here’s where if gets funky.

Sometimes you can immediately connect up a VPN and get to work. Sometimes you need to rebuild the VPN configuration. Sometimes you need to reboot. Sometimes both! That’s frustrating enough to need a solution.

So I did some poking around with PowerShell ( of course) and discovered that essentially the SonicWALL app needed to be “re-registered”. A short script and a desktop shortcut later, and I’ve got a one-click fix!

The full script can be found HERE – It’s pretty straightforward but here are some parts that can stand a bit of explaining.

As I learned when scripting the creation of the VPN’s ,there are some XML variables required by the SonicWALL app.

Capture

I’m recreating existing VPN’s so I grab the list using Get-VpnConnection

Capture

Then it’s a quick For-Each loop to remove the VPN connections….

Capture

Followed by a re-add of the app….

Capture

And finally a simple For-Each loop to rebuild the VPNs I deleted earlier…

Capture

…. and done!

As I said, it’s not terribly complicated, but it sure is handy. I hope you found this helpful. If not directly then maybe it’s sparking some ideas.

 

Whose Job Is It Anyway?

Disclaimer: This is a generalized rewrite of an article I wrote for a company newsletter. I’m adding here because I think we ALL need a little reminder.


Actually the better way to phrase that would be “Whose career is it anyway?” Right? I mean most of us prefer to think of how we spend our days as a career and not just a job.  We’ll come back to that later. For now let’s just think at the ‘job level’. What you do today, tomorrow and even maybe next week.

I’m aiming most of this to those of us who are employeed by someone else. Self-employed people and business owners usually are well aware of “Who’s responsible for my skills”

Who is responsible for making sure we keep up with the changes in the business world, or at least our little corner of it? Of course your supervisor is supposed to make sure you meet the minimums required to do your current job. That works if all you want to do is be a minimum employee, and punch the clock every day. Maybe you’ll be able to do that until you retire, but more likely your job function will change and you’ll find you don’t have the basic skills required to be even minimum. That, my friends, is all on you.

The company is responsible for making sure you meet at least the minimums, sure. Some of us are fortunate enough to work for a company that offers educational programs of several different types. There are reimbursement programs for job related education, there are company sponsored training sessions.  All of that doesn’t really have an effect if you don’t invest at least your time and maybe even some of your money to improve your skillset. I spend my own money (in addition to company education) to pay for my continuing education in my chosen career. I know, some of you are saying “But I’m not an IT person, I’m just a ”. I could go on and on about how that shouldn’t matter or I can simply quote the man who said it best.

 “..Even if it falls your lot to be a street sweeper, go on out and sweep streets like Michelangelo painted pictures; sweep streets like Handel and Beethoven composed music; sweep streets like Shakespeare wrote poetry; Sweep streets so well that all the host of heaven and earth will have to pause and say, “Here lived a great street sweeper who swept his job well.”” – Dr. Martin Luther King, Jr.

There are many morals to that quote but the one I want to draw your attention to today is this. Take pride in what you do and be the best possible at what you do. Your manager is not responsible for your mortgage or rent, you are. Your supervisor isn’t responsible for feeding your family, you are. The ‘Company’ isn’t responsible for your career, YOU ARE.

Spend a little of your time improving your skillset in whatever you do. If you want to improve and don’t have a clear direction, ask your manager, and if they can’t tell you, then ask their manager. Get online and use Google to search for “warehousing best practices” or “call center best practices”. Take an online class in Accounting Principles. Watch a YouTube video on something other than cute cat tricks. Read a book. LEARN something.

Even if what you learn doesn’t immediately apply, it will give you a depth of understanding of why to do your job in a certain way, or even inspire you to think of a better way to do it! That’s what increases your value, helps you move up in position and pay, and incidentally, makes it more likely you’ll stay employed.

At the end of the day, you can lose your job. However, if you’ve invested in your career and yourself, not only would it be easier to get a new job, but you’ll be better at your current job. So don’t just be “minimum”, be exceptional!

TestLab v2 – The aborted build

If you missed the first two parts to this , start here and continue  here….

<SNIP!>

So the reason for the long delay in finishing this is due to some hardware problems with my test server. What was going to work fine for a 2012 server, doesn’t work for crap in 2016.

The problem is in the CPU. The old server I had planned on using as a lab does NOT have a SLAT capable chip. Since that’s a requirement for 2016 Hyper-V, it’s kind of a show stopper.

However – all is not lost! Jason Helmick and Melissa Januszko cooked up a PowerShell Automated Lab Environment that uses Virtual Engine Lability to easily stand up a lab environment on any Windows 10 machine. You don’t even have to manually download the ISO files for the OS install. Now I can very easily stand up/ tear down a lab with little fuss.

So with the lab situation handled, I’m moving on!

My goals this year is to get better with DSC, Pester testing and to complete a build pipeline for work. Let’s see how it goes…..