Skip navigation
1 15 16 17 18 19 Previous Next

Geek Speak

1,831 posts

I’ve really enjoyed watching (and re-watching, a few times) this video SolarWinds made in honor of SysAdmin day (SysAdmin Day Extreme). What appeals to me – besides the goofy sound effects and scenarios (Seriously, guys? “Parkour Password Reset”?!?) is the underlying premise – that sysadmins are adrenaline junkies and our job is a constant series of RedBull-fueled obstacles we must overcome. Because even though that doesn’t match the reality in our cubicle, it is often the subtext we have running through our head.


In our heads, we’re Scotty (or Geordi) rerouting power. We’re Tony Stark upgrading that first kludged-together design into a work of art. We’re MacGuyver. And yeah, we’re also David Lightman in “War Games”, messing around with new tech and unwittingly getting ourselves completely over our head.


As IT Professionals, we know we’re a weird breed. We laugh at what Wes Borg said back in 2006, but we also know it is true: “…there is nothing that beats the adrenaline buzz of configuring some idiot’s ADSL modem even though he’s running Windows 3.1 on a 386 with 4 megs of RAM, man!”.

And then we go back to the mind-numbing drudgery of Windows patches and password resets.


I’ve often said that my job as a sysadmin is comprised of long stretches of soul-crushing frustration, punctuated by brief moments of heart-stopping panic, which are often followed by manic euphoria.


In those moments of euphoria we realize that we're a true superhero, that we have (as we were told on Saturday mornings) "powers and abilities far beyond those of mortal man."


That euphoria is what makes us think that 24 hour datacenter cutovers are a good idea; that carrying the on-call pager for a week is perfectly rational; that giving the CEO our home number so he can call us with some home computer problems is anything resembling a wise choice.


So, while most of us won't empty an entire k-cup into our face and call it "Caffeine Overclocking", I appreciate the way it illustrates a sysadmin's desire to go to extremes.

I also like that we've set up a specific page for SysAdminDay and that along with the video, we've posted links to all of our free (free as in beer, not just 30 day demo or trial) software, and some Greeting Cards with that special sysadmin in your life in mind.


Oh, and I've totally crawled through a rat’s nest of cables like that to plug something in.


What are some of your "extreme SysAdmin" stories?

Windows 10: An Honest Review.

Posted by Bronx Employee Jul 31, 2015

Okay, I'm sure you've read my thrashing concerning Windows 8 and the slight pep I had towards Windows 8.1. Now we have Windows 10. I'll keep this brief. (Probably not.)

The good:

  • Total download and installation time? About 2.5 hours. Once installed, nothing was lost or unfamiliar – unlike Windows 8. Classic Shell was promptly uninstalled – by me.
  • Installation and upgrading was near flawless. Kudos to the Dev team for that! (Only hiccup was a false message saying I was low on memory, which I'm sure an update will rectify posthaste since this is not the case.)
  • Compatibility was not an issue. Everything works thus far.
  • Start menu is back; however, at the last minute, Microsoft decided to hide/remove a needed Start menu tweaking tool which would enable the user to re-arrange the Start menu. (Removing options is bad. See my review of Windows 8.) To their credit, some advanced tweaks to the Start menu can be performed through a quick Google search and simple instructions. (Normal tweaks are obvious.)
  • Minimize, Maximize, and Close buttons are back. Also the snap-to feature has been enhanced – can do quadrants now.
  • Multiple virtual desktops. Good, I guess. Although if you're organized, one is sufficient.

The bad:

  • After using the available tweaks, the Start menu is still...not like I want it to be – better than it was in Windows 8 and closer to the Windows 7 experience, just not perfect.
  • A computerized narrator to “help” me after installation was quickly quashed. (Think Clippy from Word, circa 2003.)


  • New, redesigned menus/options for the fingers abound, but some of the old looking stuff lingers (which I prefer). Some older menus are colorful and mouse-centric, while newer menus are flat, gray, and designed for finger tapping. Very Visual Studio 2012-esque. It also looks as though time was the enemy, meaning the Dev team did not have time to upgrade deeper menus/options because while some option windows look much different, other options still have the Windows 7 look and feel. Whatever. Consistency is a nice to have.
  • I would add the new version of IE to the Bad list, but I use Chrome. IE (or whatever the new name is) is still...intrusive – requiring too much input for functions that should be automated. Microsoft, focus on the OS...the rest of the world will take care of the apps. Sorry to be so blunt but, well, not really.



Edge is the new version of IE. Personally, I have not used IE since IE 7. Edge, I'm sorry to say, is still IE. I like the minimalist approach, but the engine needs to go.

    The Good: Looks better and cleaner, offers browsing suggestions, provides the ability to share pages.

    The Bad: Still IE, meaning certain pages do not render properly, as they do in Chrome. (Chrome does not add "hidden" padding to Div tags, among others, where IE and Firefox do.)

    Conclusion: Try it. I still prefer Chrome. This is a personal choice akin to your favorite beer - both will get the job done, but what flavor do you prefer?


Talking to your computer:

Cortana. Good idea, but you're not ready. (No one is really.) Few people use Siri (iphone) or Google voice (Android). I do use the Amazon Echo, however. The difference? People are programmed to type with a computer. Being quiet while doing anything on a computer invokes a sense of privacy. Talking to a machine that is primarily used for typing and mousing is unnatural. The Echo is new and can only be used via speech. The transition is more natural, although odd at times. I know Microsoft feels a need to catch up – and that's fine. Just do it in the lab until you're ready; nay, better!



Microsoft is trying to compete in the tablet market, and rightly so. I applaud capitalism; however, they are losing, and that's okay. I do have some firm opinions which may clear things up.

Microsoft, you are a computer company primarily focused on computer operating systems. Focus on that. If you want to enter the tablet market with a tablet OS, great! But know your audience. Your audience is overwhelmingly PC users who work, not tablet users who play.

If you insist on adding tablet features, keep them independent of the PC features – even on the same device. Meaning, do not add tiles (tablet features) to the Start menu (PC feature). If you must enter the tablet domain, you should have a simple tray icon to toggle between PC and tablet modes (work and play modes, respectively). That's it. Go from work to play mode in one click/tap. Bam! That would make all the difference and crush the competitors IMHO. (Although, I would rethink the tiles and replace them with something less intrusive and more customizable.)


Continue improving Windows until we get to that Minority Report hologram computer. Make Windows more functional, more seamless, more integrated, easier to use, and with lots of cool options. (Options are HUGE.) Once you nail that, then add speech and speech recognition (when that technology is near flawless). BTW, we all kill the bloatware. Rely on yourself, not the ads of others please.

Bottom line:

Good and worth the price (free). I would pay the $119 asking price too if I were assured the Start menu could be tailored to my needs. Nice comeback. Beer's on me, but just the first.


5 Deadly SysAdmin Sins

Posted by DanielleH Administrator Jul 30, 2015

If a bunch of SysAdmins all went out for a beer (or two) after work, there is a 99% chance they would swap user stories from their “hall-of-shame” collections. It’s hard to believe this day in age that they still receive the deer in the headlights look when they ask a user, “what version of Windows do you have?” At the end of the day, we’re all human and make mistakes or ask dumb questions (gallery of them here), and some might even call it job security for IT pros.


I personally enjoy hearing a SysAdmin’s worst moments, flops, and face palms in their career because there’s nothing like learning through failure. In honor of SysAdmin Day, I’m sharing 5 Deadly SysAdmin Sins some of us might be guilty of and hopefully you got away with it – some of us aren’t always so lucky! Feel free to add on.


5 SysAdmin Sins

1) Thinking the problem will just go away

2) Blaming the blue screen of death before it becomes a real issue

3) Rebooting the firewall during business hours

4) Upsetting the president/ceo's secretary (they wield a big stick)

5) When all else fails, blame the network (as long as you're not the network guy too)

Shadow IT refers to a trend where users adopt IT tools and solutions outside of the knowledge or control of the official IT department. If the IT department is aware or has policies that allow systems which they don’t manage to be used, then it’s not shadow IT, but if IT doesn’t know about it and offers a comparable service then it is. For example, most IT departments are responsible for providing email. If a user chooses to use Gmail or some other email provider, then IT isn’t able to manage the risk of corporate data getting lost or stolen, email spam, or phishing attacks.


The use of shadow IT can be hard to detect. Although many agencies have network policies blocking certain sites or types of traffic, the sheer quantity and diversity of the services available can easily overwhelm an already overworked IT department. So why should they even bother? If the user is able to find a solution that works on their own, more power to them, right? Unfortunately, it’s not that easy. When users circumvent IT, then something goes wrong – the services goes down, they lose data that was only hosted there, someone steals their credentials, and copies all of the sensitive data – they look to IT for help. This leads to conversations like, “I know I’m not supposed to do this, but will you please help me make sure nobody else was able to access those files on Dropbox?”


The Threat
From our recent State of Government IT Management and Monitoring Survey, the primary concern regarding the use of shadow IT is security issues. And the use of shadow IT is in full force, with 90% of respondents seeing shadow IT being used in their environment today and 58% expect to see it continue to be used.

Shadow IT Use.png


Not only was shadow IT not a top focus area, it actually ranked at the bottom, with only 12% saying it was very important (versus 72% indicating cyber security was very important). Given that 90% of federal and civilian agencies believe shadow IT is in use in their environment, it’s the second ranking area that IT has the least control over, and the highest negative consequences of shadow IT are security issues – it’s shocking that shadow IT isn’t getting more focus.


How to respond
To create a strategy for managing shadow IT, you need to understand why your users are looking to it. Even in networks with no direct connectivity to the Internet, computers systems and critical data can easily be misused and the risk for comprise is real. To manage all of these risks, you need to understand why your users go around you and make it easier for them to work with you instead.


From the survey, we saw that the IT acquisition process is the main trigger for shadow IT, followed by perceived lack of innovation by the IT department. Of course, there is a long tail of other reasons and you should survey your users to understand exactly why they are using systems outside of you purview and specifically what those systems are.

Perceptions Triggering Shadow IT.png


One of the questions we strove to unravel during this survey was what to expect in the future, and as it turns out, there is a lot of confusion around what should be done about shadow IT as a whole. About a quarter of those surveyed believe it should be eliminated, another quarter thinks it should be embraced and the remaining half were somewhere in between.

Shadow IT Preferences and Protection.png

Although this split may appear to be conflicting, it actually makes sense. Some environments are too sensitive to tolerate any IT services that are not strictly controlled by IT. However, in many agencies, particularly civilian ones, the IT department has an opportunity to identify ways of providing better service to their customers by understanding why their users are looking elsewhere. Once a system, service, or tool has been evaluated by IT and put on the acceptable list, it’s no longer considered shadow IT. If IT can leverage these opportunities, they might be able to both deliver better service and create more productive relationships in their agencies.


What is clear, however, is that the more visibility you have in to your environment, the more confident you will be in your ability to protect your agency against the negative consequences of shadow IT.


Full survey results:

Ten years ago IT was a very different space for SysAdmins than it is now, and I too remember the day when server sprawl needed wrangling (hello virtualization), work silos were everywhere (what is that storage guy's name again?), and datacenter space was in short supply (maybe something's never change).


As I read through comments on the “Gearing up for SysAdmin Day 2015: The Ever-changing role of the System Administrator” post, some key skills for SysAdmins come to mind that are going to be critical in the future.


Business understanding


Gone are the days where SysAdmins sat in their lair and controlled their domain from behind a monitor and phone. There are times where the business is looking to the SysAdmin to help the company move forward and grow. SysAdmins today should look to have a seat at the table when the company is planning long-term business strategy. Making sure business planning is coupled with IT planning will ensure long-term success. In order to do this, SysAdmins should be able to articulate how IT affects the company's business and bring new ideas and technologies to the table. Understanding new technologies lead to the next point around learning.


Learning new skills and technology is critical


Any SysAdmin worth their weight in gold keeps a constant eye on technology advances in the industry. Now we all know keeping an eye and actually learning about new technology are two different things. However, as technology advances and changes keep increasing, SysAdmins need to recognize that ongoing learning is critical. Learning how to do things easier and helping the business run more efficient is a key thing for all SysAdmins, no matter their experience. For years when IT learning would come up, leadership would tune out, that cannot be the case anymore. SysAdmins have to be a champion of change and make sure they pick up the skills needed to help their company.


Being purposeful


Finally, SysAdmins need to be purposeful.  In an ever changing world, having a direction is critical to keep up (let alone staying ahead). From new technologies, to new ways of doing things (or going back to an old way), to changing business requirementsa SysAdmins world is all about change. Having a clear understanding of where you want to take your IT department, your solutions, and your career is key to long-term success. Here are some questions to help you:


  • Where is the company heading?
  • How can IT play a part in that success?
  • What new technologies can help ensure success?
  • What skills are needed?


As in most roles in business, the SysAdmin role is evolving and changing. Business understanding, learning new skills, and being purposeful are just a few skills needed today and tomorrow. However, these are core skills that can help SysAdmins grow and advance for the long-term. 




*P.S* – Celebrate the small things. You won’t get credit 365 days a year, but there is one day your hard work doesn’t go unnoticed – SysAdmin Day, y’all! It’s this Friday and naturally, we’re pre-gaming with some fun freebies. Come celebrate >>

Last time I mentioned that I would take a look into some of the major cloud providers' database as a service offerings in order to show how each one works and how it is setup. With that said, I decided to start with the offering from Microsoft's Azure cloud. Below I will take you through creating a database and then how to connect to it.


Creating an Azure SQL Database


I figured since the entire process takes less than 5 minutes to do I would just create a short video on how this works. You can check it out here.


Since I could not add audio at the time I recorded it, I will describe what happens in the video.


  • Basically we just log into the Azure Portal, so the biggest prereq is that you have an Azure account, if you do not it takes just a couple minutes to get going.
  • Once logged in we click on the SQL Databases tab and click Add at the bottom of the page.
  • Once we do that we get some options for creating our database, I picked Custom Create because I wanted to show you the most options.
  • Next we name our database as well as pick how big we think we want it to be, don't worry too much here... we can scale this up or down later if we need to. Lastly I pick new server to put this database on, if you wanted to add this database to an existing server you can do that too.
  • Next enter login credentials for our database server and pick where we want the new server to be created geographically. We can also pick whether we want all Azure VM's to be able to connect be default, as well as if we want to use the latest version of SQL.
  • When we click finish the database server is created and then the database, this takes about a minute, but then you will see a status of "Online" on the database.


After this process we are ready to connect to our new database!


Connecting to your Azure SQL Database

OK now that we have a database in the cloud, we need to connect to it. I will use an Azure virtual machine, but anything from anywhere can connect to an Azure DB provided you allow it on the security settings.

Things we will need for this step include:

  • Username you created before
  • Password you created before
  • Server Name (and FQDN)
  • A server using ODBC (or something else compatible) to connect to the Azure SQL server


OK let's get started. I am using an Azure VM for this demo, but there is no reason why you couldn't connect from anywhere in the world. Just make sure to see my TIP section toward the end of the article for details on security settings you will need to change.


After logging in to your server you will need to prepare your server just like any other SQL server... So go install the SQL Native Client so that we can connect from the ODBC Data Source Administrator.



Once SQL Native Client is installed click on Add and select it as the new data source.


Now before I go any farther in the wizard on our client let me show you where to get the server name for your database.


In the Azure portal click on SQL Databases and then take a look at the list of databases. In this example we want to connect to the thwack database. So if we look in the server column we see the servers hostname. That name will be used to finish out our FQDN, which is simply <servername> You can also click on the database to see more detailed information and the FQDN is listed on the right hand side too.


OK back to the Client wizard.


How that we know the FQDN we can enter a connection name and the server name into the wizard, then click next.



Next we enter the login credentials that we created when we created the database and database server. If you don't remember then already you can use the Azure portal to reset the password and determine the login name.



SNAG!!!! Yes I really did get this message. But if you actually read it, which I don't typically do (who needs a manual right!), you will see that it gives you a big hint... use username@servername instead of just username. Presumably this is because I am using an older SQL native client.



So I added in @servername to the Login ID field and presto! I was able to login.



Just like any other SQL server you can then also select a database to make the default. I like to use th drop down to verify that the ODBC client can actually see the databases on the server. Here we can select our thwack database so we know its working now!



There you go! all finished with a new cloud hosted database, connected to a cloud server... ready to be used.


Tip: Connecting from outside of Azure

One thing I didn't show you so far was the Security section of the Azure DB settings. Because I used an Azure VM I did not need to modify any of the security settings because Azure DB understands that the traffic was coming from a (fairly) trusted source. Now in order to connect from a server at your office or something similar you will need to login to Azure Control Panel, navigate to your database server that contains the database, and then click on "Configure". Then on the Configure page you will see a list of IP addresses, or at least a box where you can put some in, this is where you will enter the Internet IP of your server. Once you do, make sure to click Save at the bottom of the page, and now you should be able to connect from that IP address.



Backup/Restore and Replication


So this part is always important no matter where your database lives. Azure DBaaS makes this really simple, in fact your backups are done automatically and are completed on a schedule based on your database type, so make sure to check that schedule and if it doesn't fit your needs you may need to scale the database up in order to get more backups. To restore you simply go to the database in question and at the bottom of the portal there is a restore button.


Once you click that button you will see a restore settings box.



In this box you can specify a database name for the restore to go to as well as the restore point... it has a DVR like slider... my database just hasn't been online very long so i don't have a long history.



At the bottom you can monitor progress on the restore. For my blank database it took about 5 minutes for it to restore.



Once it is restore it will appear in the database list ready to be connected to.


On the replication side things are a little big more involved, but still not too bad.

From the database dashboard we click on Geo-Replication. Then at the bottom we can select Add Secondary.


Click the Add Secondary button to get started.



All we need to do is configure the type of replication by selecting the secondary type (read only or non readable), as well as where we want it replication to geographically, and finally the target SQL server... I had already created a SQL server in the West Region, but if you haven't just select New Server and it will run you through the SQL server wizard just like we did earlier.



Confirm that they can bill you more



And there you go! SQL replication in place with a pretty darn respectable RPO! Check here for details.


So what did you think?

Well that wasn't too bad was it? I have to admit that I've used Azure's DBaaS before, so it was familiar to me and getting another DB setup for this post was super quick... except for the ODBC error I encountered ... but the error was descriptive enough that it didn't take too long to fix the issue.


So making it that easy to get a database is a great thing but also possibly a bad thing! This is exactly the kind of thing that causes shadow IT, but you can prevent this and still provide the same easy and speed if you have the Windows Azure Pack implemented.


So here are the homework questions:

How long does it take to get a database at your IT shop?


Have you ever found someone leveraging Azure DBaaS in a shadow IT scenario due to ease of use?


Are you using the Microsoft Azure Pack to build an internal DBaaS offering?



Like many of you, I suspect, I am firmly under the thumb of my corporate security group. When they want to know what’s going on on the network I’ll put in as many taps as they want; but sometimes they want more than that, especially where NAT is involved and IPs and ports change from one side of a device to the other and it’s otherwise difficult to track sessions.




High Speed Logging


Have you heard of High Speed Logging (HSL)? I’d like to say that it’s a single standard that everybody plays by, but it seems like more of a concept that people choose to interpret in their own way. HSL is the idea of logging every single session, and in particular every single NAT translation.


So who offers HSL? Well, in theory if you can log session initiation to syslog, you can do High Speed Logging, but some vendors explicitly support this as a feature. For example:





Potential Road Blocks


High Speed Logging sounds simple enough, but there are a few things to consider before configuring it everywhere.




  1. What is the impact on your device when you enable High Speed Logging?
  2. Is it possible that the volume of logging messages generated might exceed the capacity of your device’s management port? One solution to this is to use an in-band destination for HSL instead.
  3. With multiple devices logging at high speed, can your management network cope with the aggregate throughput?
  4. Once you have the logs, how long do you have to keep those logs? Do you have the necessary storage available to you?
  5. For those logs to be useful, any system that is doing analysis, filtering or searching of the logs is going to have to be fairly fast to cope with the volume of data to look through.
  6. Will a DDoS attack also DoS your logging infrastructure?



speedy-snail.pngHow Powerful Is Your Engine?


The question of the whether a device is capable of supporting HSL should not be underestimated. In one company I worked at, the security team logged every session start and end on the firewalls. To accommodate this the firewall vendor had to provide a special logging-optimized code build, presumably at the cost of some throughput.

In another case I’ve seen a different firewall vendor’s control CPU knocked sideways just by asking it to count hits on every rule, which one would imagine should be way less intensive than logging every session.





Assuming you manage to get all those logs from device to log server, what are you going to do with them? What’s your interface to search this rapidly growing pile of log statements–undoubtedly in different formats–in a timely fashion? Are you analyzing real time and looking for threats? Do you pre-process all the logs into a common, searchable format, or do you only process when a search is initiated?



rocket-bike.jpgBicycles Are Nice Too


I suppose the broader question perhaps is whether High Speed Logging is actually the right solution to the problem of network visibility. Should we be doing something else using taps or SPAN ports instead? Having worked in an environment that logged every session on firewalls, I know it is tremendously useful when troubleshooting connectivity issues, but that doesn't make it the best or only solution.



What do you think? Have you tried High Speed Logging and succeeded? Or failed? Do you think your current log management products (or perhaps even just the hardware you run it on) are capable of coping with an onslaught of logs like that? What alternatives do you use to get visibility? Thanks in advance for sharing your thoughts!

In our second visit back to our 2015 pro-dictions, let’s take a look at the evolution of the IT skill set. It appears Patrick Hubbard was spot-on in his prediction about IT pros needing to broaden their knowledge bases to stay relevant. IT generalists are going the staying with what they know best, while IT versatilists and specialists are paving the way to the future.


Earlier this year, kong.yang wrote a blog addressing this very topic, which he dubbed the Stack Wars. There, he lightly touched on generalists, versatilists, and specialists. Read the following article to get a deeper look at each of the avenues IT pros can pursue: “Why Today’s Federal IT Managers May Need to Warm Up to New Career Paths.”


Fans of spy fiction (of which there are many in the government ranks) might be familiar with the term “come in from the cold.” It refers to someone who has been cast as an outsider and now wishes to abandon the past, be embraced, and become relevant again.


It’s a term that reflects the situation that many federal IT managers find themselves in as government agencies begin focusing on virtualization, automation and orchestration, cloud computing, and IT-as-a-Service. Those who were once comfortable in their position as jacks-of-all-IT-trades are being forced to come in from the cold by choosing new career paths to remain relevant.


Today, there’s very little room for “IT generalists.” A generalist is a manager who possesses limited knowledge across many domains. They may know how to tackle basic network and server issues, but may not understand how to design and deploy virtualization, cloud, or similar solutions that are becoming increasingly important for federal agencies.


And yet, there’s hope for IT generalists to grow their careers and become relevant again. That hope lies in choosing between two different career paths: that of the “IT versatilist” or “IT specialist.”


The IT Versatilist

An IT versatilist is someone who is fluent in multiple IT domains. Versatilists have broadened their knowledgebase to include a deep understanding of several of today’s most buzzed-about technologies. Versatilist can provide their agencies with the expertise needed to architect and deliver a virtualized network, cloud-based services, and more. Versatilists also have the opportunity to have a larger voice in their organization’s overall strategic IT direction, simply by being able to map out a future course based on their familiarity surrounding the deployment of innovative and flexible solutions.


The IT Specialist

Like versatilists, IT specialists have become increasingly valuable to agencies looking for expertise in cutting edge technologies. However, specialists focus on a single IT discipline. This discipline is usually directly tied to a specific application. Still, specialists have become highly sought-after in their own right. A person who’s fluent in an extremely important area, like network security, will find themselves in-demand by agencies starved for security experts.


Where does that leave the IT generalist?

Put simply – on the endangered list.

Consider that the Department of Defense (DoD) is making a major push toward greater network automation. Yes, this helps takes some items off the plates of IT administrators – but it also minimizes the DoD’s reliance on human interference with its technologies. While the DoD is not necessarily actively trying to replace the people who manage their networks and IT infrastructure, it stands to reason that those who have traditionally been “keeping the lights on” might be considered replaceable commodities in this type of environment.


If you’re an IT generalist, you’ll want to expand your horizons to ensure that you have a deep knowledge and expertise of IT constructs in at least one relevant area. Relevant is defined as a discipline that is considered critically important today. Most likely, those disciplines will center on things like containers, virtualization, data analytics, OpenStack, and other new technologies.


Whatever the means, generalists must become familiar with the technologies and methodologies that are driving federal IT forward. If they don’t, they risk getting stuck out in the cold – permanently.


**Note: this article was originally published in Technically Speaking


There’s no doubt that over the past couple of years the cloud as gone from a curiosity to a core component of many companies IT organizations.  Today Amazon AWS and Microsoft Azure are well known commodities and the cloud-based Office 365 has proven to be popular for businesses as well as well as consumers.  Today it’s even common for many business applications to be cloud based. For instance, is a popular Software-as-a-Server (SaaS) application and many organizations have moved to cloud-based email. However, one notable holdout has been database applications. While there certainly are cloud-based database options business have been more than a little reticent to jump abroad the cloud for their databases.


Why the reluctance to move to the cloud?


The fact of the matter is that for most organizations their relational databases are the core of their IT infrastructure. Business critical applications are built on top of those databases and availability is paramount. While businesses can tolerate some downtime in their email downtime connectivity problems with their relational databases are unacceptable.  While there’s no doubt that internet and cloud connectivity is better than at any point in the past it this past year’s well publicized outages have shown that it’s far from perfect.


And then of course there are the control and security issues. Many organizations are just uncomfortable moving their data off premise. While the security of most cloud providers exceeds the average IT organization putting your critical data into someone else’s hands is a matter a trust that many organizations are not willing to make. When you data is on-premise and backed up you know you can restore it – the control remains within your own organization.  That’s not the case if your data is in the cloud. There you need to depend on the cloud provider


Another key issue for many international organizations is data sovereignty. In many countries like Canada, businesses are required by law to keep their data within their countries borders. In the past this has been a hurdle for many cloud providers as cloud servers could be located anywhere and they are not typically aligned with national boundaries. This is beginning to change as some cloud providers are beginning to support national data boundaries.


Where Cloud Database Fit Best?


So does this all mean that databases will never make to the cloud? The answer is clearly no. While established medium and enterprise sized businesses may have reservations about moving to the cloud, the cloud can make a lot of sense for smaller business and startups. Using the cloud can result in considerable capital savings for new businesses. SMB that may be faced with considerable hardware upgrade costs could also find the cloud to be a compelling alternative. Just as important is the fact that cloud database move many of the maintenance tasks like patching and upgrades into the hands of the cloud vendor freeing the business from them.


The move to cloud databases is far from inevitable but cost and labor savings make it a compelling option for new businesses and SMBs. In the next posting I’ll look at what happens if you do make that jump to the cloud.


There are many areas in which existing monitoring, and orchestration fall short. Subsequent to the discussions in response to my previous posting there were some interesting and appropriate concerns raised.


The added complexity of the addition of the hybrid cloud into the equation regarding monitoring dictate that hypervisor, hardware, and connectivity make reliance on specific platform a quandary that requires massive consideration prior to the willingness to undertake such a purchase. If you accommodate for one of these things, but not all of them, you’ll find yourself open to a tool that simply doesn’t do what you need it to. Let’s say that you’ve chosen a tool that relies on a specific hardware platform, but then choose a third party provider that uses different switching gear, or different host servers. What would your solution be in this case? The answer is that your solution won’t solve anything, and becomes shelfware. So, what becomes necessary in this case is a full-evaluation of your potential solution, along with an eye toward the future growth of your environment.


Can your management layer provide insight into the hybrid data center? If so, does your solution rely on standard MIBs, via SNMP? Will it give accurate predictive monitoring of server/switch/storage through this tunnel? How does it handle the migration of workloads or does it at all? What if you’re trying to monitor variable hypervisor stacks? Will you be able to interact from your internal hypervisor to an external OpenStack environment? What about the storage on the other end? Will you gain insight to your own storage? How about that on the other end?   


As I’ve stated, any monitoring solution that relies on a specific hardware platform, not APIs or SNMP; a system that relies on literally anything proprietary will only work if your systems comply with these standards. You’ll need to be willing to comply with lock-in in order for these systems to work for you. This is a key consideration of any purchasing decision. Of course, today’s architecture may fit into any proprietary rule set, but what about the future. Does management want to invest in such a massive undertaking (not only the investment in software, but systems, and manpower) with short-sightedness? Remember, this is a capex as well as opex investment. Often, the operational expenses can far outreach those of the capital investment.


In my opinion, the future of the cloud world is still uncertain. OpenStack has changed the game, yet its future too is uncertain. The fragmentation in this nascent technology leaves me wondering where its future may lie. And again, I’m still not sold on the cost model. This particular business needs to solidify, and engage in deeper standards, meanwhile allowing for full-stack OpenStack models to be created with the inclusion of a support model that doesn’t leave the customer in the lurch.


I wonder what this means for the future of these products. Should an organization invest in a single stack? I wonder…


Dark Side Of The Encryption

Posted by mfmahler Jul 20, 2015

“Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information”. - Wikimedia blog, June 12, 2015


“and that by the end of 2016 65-70% of traffic will be encrypted in most markets”. - Sandvine Global Internet Phenomena Spotlight



I recently met a bright young man who works for Google in Europe.

Me: It’s nice to meet you!

Him: It’s nice to meet you, too!

Me: I have to say to you that Google’s “HTTPS everywhere” makes my life harder as a network security professional”.

Him: Well… This is the way to make things more secure.

Me: I agree, especially in the user perspectives. But my job is still harder…




Pierre Far and Ilya Grigorik gave an awesome Google I/O session to developers, titled HTTPS everywhere, in June 2014. They evangelized that ALL web communications should be secure always and by default, in order to protect users’ privacy. To prevent Man-In-The-Middle (MITM) attacks, all web communications should be secured by HTTPS, which is HTTP over TLS. Pierre and Ilya stated that HTTPS not only would provide encryption of the client-server communications, but also authentication and data integrity. They later demonstrated the best practices of setting up a secure web site and its indexing signals for Googlebot.




Google’s increasing use of HTTPS inspired Electronic Frontier Foundation (EFF) to introduced HTTPS Everywhere (with uppercase E in Everywhere) with version 1.0 released in 2011. HTTPS Everywhere is an open source web browser extension for Firefox, Chrome, and Opera. If the target websites support HTTPS, the browser extension automatically makes the web browsing connections to HTTPS. As far as I understand, IE users can install the non-EFF Zscaler Tools HTTPS Everywhere; Safari users need to type https:// manually.




Canadian network policy control products company Sandvine conducted a study with a North American fixed access network service provider in April 2015 to understand the encryption adoption of the internet traffic. The study found that 29% of the downstream traffic of that service provider was encrypted. The majority of the encrypted source traffic was YouTube and BitTorrent’s traffic followed.


For the unencrypted traffic, Netflix contributed 35% share (surprise, surprise, surprise not). This was an interesting finding because in April 2015, Netflix announced in the quarterly earnings letter that it would move to HTTPS to stream movies in the next year, in addition to the existing encrypted log-in and other sensitive data pages. With the Netflix transition to secure content delivery, Sandvine predicted that almost two-third on that North American ISP traffic would be encrypted.


More and more web sites are moving to HTTPS. For example, Wikimedia Foundation announced in a blog on June 2015 that it were in the process to encrypt all Wikimedia’s content with HTTPS and that it would use HTTP Strict Transport Security (HSTS) to protect against MITM attacks.




My team has recently been working on a project to migrate our perimeter firewalls to the Next Generation Firewalls (NGFW). Before we would put them inline, we set them up as monitor mode. What did we observe? Over 95% of our DMZ inbound traffic was encrypted. It’s not a surprise because our company’s website enforces HTTPS connections. About 60% of our outbound web traffic was encrypted. Of course with only monitor mode, our NGFW found ZERO threat from the encrypted traffic.


How do you monitor the activities in the encrypted traffic? You may say you can implement SSL Interception. SSL Interception is a beautiful term that we information security use for what we do, but in the end, it’s basically MITM attack (OK, in a white hat).


Even though we have the blessing from the executives to implement SSL interception for DLP, IPS, IDS, etc, we certainly cannot provide 100% customer satisfaction to our employees. NGFW and web proxy vendors provide a list of affected applications when SSL interception is implemented. The list includes, Microsoft Update, iTunes Store, GoToMeeting, and Dropbox. Beside high cost (money and man power) of implementing SSL interception for visibility and control, I wonder how many companies are blind to the encrypted traffic on their network.


Lastly, I would like to point out that Jacob Thompson of Independent Security Evaluators proposed a method against SSL interception. He demo’ed it at DerbyCon 4 in 2014. My point is that the half a million to a million dollars NGFW/IPS may not be able to give you 100% visibility that you expect.


Do you encounter any challenge to detect threats with the increasing encrypted traffic on the infrastructure? Do you have any successful and failure story to share? I would like to hear from you.

Iaas, SaaS, PaaS... It seems like everything can be consumed as a service these days. Databases are no different thanks to the cloud providers out there, but my question to you... the IT admin / DBA / programmer ... is, are you ready to use them? After all most things out there have a pretty similar adoption cycle, but databases seem to be a bit of a touchy subject. Throughout the years of working at technical consulting companies the one thing that always seemed to be static is that most IT departments don't get too crazy with their databases, meaning not too many were ready to be a trendsetter on how they manage or operate databases. Why? Well most of the time I found that not too many of them considered themselves "database people". Now with that said some customers, who had full time DBA's, were much more liberal about upgrading things and pushing the limits ... but most mid-market companies didnt have a full time DBA..

So getting back to my question. Are cloud databases ready for primetime?

My guess is that most mid-market companies would shy away from answering this question or even the thought of putting their databases on any cloud as a service... but I could be wrong.

Think about it this way... people have had email host by their ISP, or hotmail, or yahoo, etc for decades... yet hosted enterprise email has really only taken off in the last few years. Even though people know how it works and know it can be trusted in terms of reliability. So I think to answer my question I should first ask: "What do you know about cloud hosted databases?" and "If you knew more about them would you be ready to sign up?"

To help you answer these questions I should probably help explain why DBaaS is attractive. Like anything (XaaS) the best part of consuming these services is that you don't need to worry about the hardware or the platform software. So in a sense, DBaaS is perfect for the exact market that would shy away from it, because all of the things that people don't know about databases are the things that are taken care of for you when using DBaaS. All you need to do as the consumer is connect your app to the service and start consuming.

So with that said I'm thinking we should review some of the more mainstream DBaaS offerings as well as some that you might not know and along the way do some how to get started posts.

On the list of DBaaS to review I have: Azure SQL, Amazon RDS ( which really includes MySQL, Oracle, MS SQL, and Postgres), Google Cloud SQL, HP Helion Relational DB (MySQL), and Openstack Trove.

Also just as a side note, I'm not trying to endorse one service over another, or even over services that I havent listed. These are just the ones I know about, I am however open to suggestions.

So stay tuned, hopefully we will all learn a little more about DBaaS after checking these out.


Azure Database Review

Google Cloud SQL Review

Amazon (AWS) DBaaS Review

HP Helion Cloud Relational DB MySQL

If you recall, to kick off the New Year, the Head Geeks made predictions forecasting how they thought the year in IT would unfold. Now that we’re past the mid point in 2015, I thought it would be fun to revisit some of their predictions over the coming weeks.

So, to kick things off, let’s start with the following prediction:

Security  prediction.jpg

It’s safe to say that this prediction from adatole holds true. Security issues can be devastating for a company, let’s take a look at this related article, “preventing a minor, insider accident from becoming a security catastrophe.


There are accidents – and then there are accidents.

A dog eating a kid’s homework is an accident. Knocking over a glass of water is an accident. A fender-bender at a stop sign is an accident.

The incorrect use of personal devices or the inadvertent corruption of mission-critical data by a government employee can turn out to be more than simple accidents, however. These activities can escalate into threats that can result in national security concerns.

These types of accidents happen more frequently than one might expect — and they’ve got DOD IT professionals worried. Because for all of the media and the government’s focus on external threats — hackers, terrorists, foreign governments, etc. — the biggest concern continues to be threats from within.

As a recent survey by my company, SolarWinds, points out, administrators are especially cognizant of the potential for fellow colleagues to make havoc — inducing mistakes. Yes, it’s true: DOD technology professionals are just as concerned about the person next to them making a mistake as they are of an external anonymous-style group or a rogue hacker.

So, what are agencies doing to tackle internal mistakes? Primarily, they’re bolstering federal security policies with their own security policies for end-users.

While this is a good initial approach, it’s not nearly enough.

IT professionals need more than just intuition and intellect to address compromises resulting from internal accidents. Any monitoring of potential security issues should include the use of technology that allows IT administrators to pinpoint threats as they arise, so they may be addressed immediately and without damage.

Thankfully, there are a variety of best practices and tools that address these concerns and nicely complement the policies and training already in place, including:

  • Monitoring connections and devices on the network and maintaining logs of user activity to track: where on the network certain activity took place, when it occurred, what assets were on the network, and who was logged into those assets.
  • Identifying what is or was on the network by monitoring network performance for anomalies, tracking devices, offering network configuration and change management, managing IT assets, and monitoring IP addresses.
  • Implementing tools identified as critical to preventing accidental insider threats, such as those for identity and access management, internal threat detection and intelligence, intrusion detection and prevention, SIEM or log management, and Network Admission Control.

Our survey respondents called out each of these tools as useful in preventing insider threats. Together and separately, they can assist in isolating and targeting network anomalies. Log and event management tools, for example, can monitor the network, detect any unauthorized (or, in this case, accidental) activity, and generate instant analyses and reports. They can help IT professionals correlate a problem — say, a network outage — directly to a particular user. That user may or may not have inadvertently created an issue, but it doesn’t matter. The software, combined with the policies and training, can help administrators attack it before it goes from simple mistake to “Houston, we have a problem.”

The fact is, data that’s accidentally lost can easily become data that’s intentionally stolen. As such, you can’t afford to ignore accidental threats, because even the smallest error can turn into a very large problem.

**Note: This article was originally published by Defense Systems.**

Every time an organization decides to adopt a new technology or expands its business operations, the IT network is the department where the process beginschanges and additions to the existing network to accommodate new technologies and users. But making changes to the existing IT infrastructure is one thing most network admins think twice about. Even a small configuration error can lead to network downtime, a security breach, or data loss which in turn may even cause the organization to vanish from the business map.


GNS3 is the solution to a network admin’s reluctance for experimenting with the production network. With GNS3, a network admin can emulate their actual network to try out configuration changes they otherwise would have had to perform on the production network. The benefits don’t end therean admin can design, build, and test complex networks using GNS3 before even spending capex to procure actual physical hardware.


Now, networks don’t run forever once configured. A network monitoring solution is critical to maintain network uptime and ensure business continuity. And because monitoring is such a critical component, the best possible tool has to be chosen for the task.  If you are a network admin who does not like to run trial software in the production network, you should check out GNS3 and their community, the Jungle. And to work with it, there is now enterprise-class monitoring from SolarWinds. Network monitoring products from SolarWinds, including SolarWinds Network Performance Monitor can be installed on any virtual network created using GNS3 and used to monitor it. Welcome to virtual reality! 


GNS3 is a strategic SolarWinds partner and to help you get to know them better, we bring you the newly created GNS3 group in Thwack! Log into thwack, register for ThwackCamp and join the GNS3 group so you’re in the know!

“Oh, the farmer and the cowman should be friends” – Rogers & Hammerstein, “Oklahoma!”


The modern office environment has its fair share of rivalries, competitions, and friction. In some companies, interdepartmental politics abound,  project teams put “frenemies” in direct contact with each other, or a heated exchange can impact an entire career. This affects IT Professionals as much as any other career area (some would say more).


There’s one IT rivalry I have seen consistently in almost every organization, and that’s between the team responsible for security (InfoSec) and the team in charge of network monitoring and operations (NetOps). In many companies, the dynamic is almost co-predatory, with each side attempting to completely obliterate the efficacy and credibility of the other.


The classic characterization is that

1) the Monitoring team wants/needs complete access to all systems in order to pull reliable and accurate metrics;

2) While the InfoSec team wants to lock everyone out of all systems in the name of keeping things “secure”


But it’s patently not true. At ThwackCamp 2015, security industry powerhouse Charisse Castagnoli (c1ph3r_qu33n here on Thwack) and I sat down for a frank talk about the pressures of our respective roles, and then brainstormed ways to get InfoSec and NetOps/Monitoring working together rather than in opposition.


One of the things we hit on was the good old lunch-and-learn. A lot of the friction between security and monitoring comes from a good old communication disconnect. Not knowing about the current pressures, priorities, and projects on the other side of the cube wall typically leads to frustration and loathing. The solution is to regularly sit down to hash it out, and find ways to augment, rather than short-circuit, each other’s efforts.


During our talk Charisse and I challenged viewers to set a table, along with a meeting request, and record notes of how the conversation went (You had a food fight? We want to see pics or it never happened!). Post those notes (and pictures) below, and we’ll select some of the best ones to receive 500 thwack points.

Filter Blog

By date:
By tag: