All posts by this author

For those of you who haven’t come across Gitlab or maybe even those of you who have but think it’s something that only developers use then I’d like to dispel that because Gitlab is a fantastic repository for scripts of all shapes and sizes. Not only that but from Gitlab 8.8 and up, it is possible to enable the Gitlab docker registry which allows Gitlab to also be a target for images created for docker. Overall, it is quite a powerful tool with more than one trick up its digital sleeve.

Learn More

Appreciate how useful this article was to you?

5 out of 5, based on 1 review

Loading...

Certificate Authority, Docker, Gitlab, https

In my time in IT I’ve installed certificates quite a few times on various web servers and into various applications but it’s really only in the past two years that I’ve started looking into HTTPS and the myriad of options that come with certificates which are often hidden deep into config files but yet can make the difference between a site that can be rendered vulnerable via a HTTPS downgrade attack or one that is actually secure because today, installing a cert is simply the tip of the iceberg so I thought it might be handy to go through the options that need to be set in a web servers config file in order to get A+ on both the Qualys and securityheaders.io web servers.

This blog is going to be all about the secure certificate side of things, by setting these headers you reduce the chances of certain types of probes and attacks from being successful. The server itself and whatever applications you are running on it still need to be upgraded and configured to reduce the chances of someone gaining unauthorised access to your systems.

Learn More

Appreciate how useful this article was to you?

No Ratings Yet

Loading...

HTTP, https, security

As a summary, LAPS is the Local Administration Password solution from Microsoft. This software changes the local administrator password on a selection of machines on a schedule and stores that password in plain text in Active Directory.

The first time I came across LAPS was when I hear about project Honolulu and I’ll admit that I hadn’t heard about it before which is something of a shame because LAPS is one of those very handy little add-ins that Microsoft should be offering as part of the core AD experience.

For those who haven’t come across LAPS before, LAPS is a handy tool for scenarios where you need to change or set the local admin password to something random because you need to give out that password.

Learn More

Appreciate how useful this article was to you?

No Ratings Yet

Loading...

Active Directory, AD, domain controllers, GPO, Group Policy Objects, LAPS, PowerShell

There have been a lot of high profile security breaches this year, the highest profile has to be that of Equifax as that is a breach which has the potential to run and run for some time to come. Deloitte also got breached and alongside those large companies which should have known better, there have been various others impacting systems such as Disqus.

Of course, once it was made clear how the breach occurred, a lot was said about how bad it is that the breaches accorded and how it should never have happened and this is quite valid from a technical standpoint but, the reasons that these security issues were allowed to exist go far beyond the technical and into the realm of human factors.

To be clear, I’m an IT pro, I love what I do. I’m not a psychologist and nor am I attempting to be one but I also have an interest in how disasters unfurl, not least of which are aviation disasters. Whenever there is an aircraft accident the investigators always look at the human factors alongside the technical and mechanical ones and I think that it’s time that the IT industry started to do the same when reviewing IT disasters including security breaches.

Learn More

Appreciate how useful this article was to you?

No Ratings Yet

Loading...

disaster, firewalls, IPS, load balancer, security, security breaches, security incidents

A lot of the time I see and speak to people asking about DR solutions when what they really want is HA with a few backups so I wanted to use a blog article to go through some of the technical terms used in conjunction with DR.

When people say “I want DR”, I’ll ask them about the sort of disasters they are looking to protect against and most of the time the response is “I want to keep working if my hypervisor crashes”.

Learn More

Appreciate how useful this article was to you?

No Ratings Yet

Loading...

Disaster Recovery, DR, failover, HA, HA failover, HA hypervisor, high availability, hypervisor, VMWare replication

One of the things I come across time and again is a lack of monitoring in what are supposed to be corporate environments. I am honestly surprised at how little monitoring is carried out on infrastructure. These days, it is quite possible to carry out some very in-depth monitoring by using a freely available software on Linux and Windows. In this article, I’m going to go through the various monitoring tools that I use to monitor both production and my lab environment.

Having extensive monitoring in a lab is handy when testing systems as not only are it possible to get an idea of the sorts of information you can get from the device when it’s in production but you also get to see how it works thanks to having a greater visibility of the system. These little insights are always handy for putting into documentation ahead of deploying to production plus it’s a huge help when you’ve already seen error messages before and have a clearer understanding of what may have caused them.

Learn More

Appreciate how useful this article was to you?

No Ratings Yet

Loading...

backup, Check_mk, Grafana, Graphite, Graylog, Hypervisor Monitoring, MongoDB, monitoring, network, Observium, Performance metrics, Uptime Robot, Veeam One monitor, VMs monitoring

The past month has been categorized as something of a performance and upgrades challenge as one of the constant calls I hear is “application X is going to slow”, of course, a month ago it was fine but today it isn’t and normally this is just down to increasing load.
One of the common fixes for increasing load is to add more vCPU and RAM but often that can cause its own set of problems especially when NUMA boundaries are crossed and when vCPU contention pushes things a little too far.
The second part of the challenge is the upgrade challenge where various applications need upgrading but there are dependency chains to take into account, this is the sort of thing where application X needs a very specific version of application y. In those cases, an upgrade is much easier to do by reinstalling the OS and starting again then transferring the data across!

As a potential solution to these issues that I’ve been exploring is Docker on VMWare’s Photon OS.

Learn More

Appreciate how useful this article was to you?

No Ratings Yet

Loading...

Amazon, AWS, CentOS, Container, Docker, Dockerfiler, ESXi, file shares, Linux, Photon OS, RedHat, repository, VMs, VMware, vSphere

As most of you are probably aware, Gitlab is, in part, a source code hosting repository which suffered something of a major outage just a few weeks ago. Unusually, they posted a very full and frank report on what actually happened. It’s very rare for a company to do this and even rarer for it to be made public, I wish more companies would do this, even if it was just an internal review with the blame put on the process, it would at least highlight where the weaknesses are in the infrastructure.

Learn More

Appreciate how useful this article was to you?

No Ratings Yet

Loading...

backup, Bginfo, blue/green environment, Gitlab, GPO, infrastructure, server

I’ve recently been spending more and more time looking into various cloud technologies such as AWS and Azure. One of the projects I’ve been working on required the on-premises active directory to be extended to Azure to allow for a future introduction of various Office365 elements.
The process for doing this is fairly easy as it’s just a matter of installing the Azure Active Directory Connect tool onto a server, creating the domain in the Azure portal and then waiting for Azure AD connect to Sync.

Learn More

Appreciate how useful this article was to you?

No Ratings Yet

Loading...

AD Connect, Azure, Azure AD, Microsoft, SQL, SQL Server

I’ve been using VMWare’s VPID (Virtual Port ID) technology for some time now both in work and in the home lab but I was curious to see just how VMWare handled a NIC going down and then coming back up and it turned out to be a lot more powerful and smooth than I first though.

In my lab, I’ve got several HP Microservers and a mix of TP-Link and Netgear switches.
I’ve found the TP-Link switches to be perfect for a lab as they have 48 1GBit ports and 4 1GBit FC ports. They haven’t cheapened out like Netgear have with the link between the last two Ethernet and the first two FC. With Netgear, you can only use last two Ethernet OR the first two FC ports.
You cannot use all of the ports on the switch. With TP-Link, all the ports are available and I find the web GUI a little more initiative although I did experience a bug on the TP-Link where the SNMP Engine kept crashing. This was fixed in a firmware upgrade so it wasn’t a major issue.

Anyway back to VMWare and VPID!

Learn More

Appreciate how useful this article was to you?

No Ratings Yet

Loading...

ESXi host, NIC, VMs, VMware, vNIC, VPID, vSwitch