Mark, Author at SmiKar - Page 59 of 73

Is Disaster Recovery Really Worth The Trouble (Part 1)

by Mark | May 3, 2019 | Cloud Computing, How To, Security

Is Disaster Recovery Really Worth The Trouble

(Part 1 of a 4 part series)

Guest Post by Tommy Tang – Cloud Evangelist

Often when you talk to your IT colleagues or business owners about protecting their precious system with adequate Disaster Recovery capability (aka DR), you will get the typical response like ‘I have no money for Disaster Recovery’ or ‘We don’t need Disaster Recovery because our system is highly available’. Before you blow your fuse and try to serve them a comprehensive lecture on why Disaster Recovery is important, you should understand the rationale behind their thinking.

People would normally associate the word ‘disaster’ to insurance policy. So it is about natural disaster event such as flooding, thunderstorm, earthquake or man made disaster like fire, loss of power or terrorist attack. These special events are ‘meant’ to happen infrequently that the inertia of human behaviour will try to brush that off, and in particularly when you are asking for money to improve Disaster Recovery capability!

You may ask how do you overcome such deep rooted prejudice towards DR in your organisation? The first thing you must do is DO NOT talk about Disaster Recovery alone. DR should be one of the subjects covered by the wider discussion regarding system resilience and availability. Before your IT manager or business sponsor going to cough up some hard fought budget for your disposal you’ll need to articulate the benefit in clear, precise and easily understood layman’s terms. Do not overplay the technology benefit such as ‘it’s highly modularised and flexible to change’ or ‘it’s loosely coupled micro-service design that is good for business growth’, or ‘it’s well-aligned to the hybrid Cloud architecture roadmap for the enterprise’. Quite frankly they don’t give a toss about technology as they only care about operations impact or business return.

For IT manager it’s your job to paint the rosy picture on how a well designed and implemented DR system can help meet the expected Recovery Time Objective (RTO), minimise human error brought on by the pressure cooker like DR exercise, and save the manager from humiliation amongst the peers and superiors in the WAR room during a real DR event. As for the business sponsor it’s only natural not to spend money unless there is material benefit or consequence. You’ll need to apply the shock tactics that will scare the ‘G’ out of them. For certain system it’s not difficult to get the message across. For example, the Internet Banking system that requires urgent funding to improve DR capability and resilience. The consequences of not having the banking system available to customers during business hours will have severe material and reputation impact. The bad publicity generated in today’s omnipresent digital media is both brutal and scathing and will leave no place to hide.

So now you have done the hard sell and secured funding to work on the DR project, how would you go about delivering maximum value with limited resource? This could be the very golden ticket for you to ascend to the senior or executive position. Here is my simple 3 phase approach outlined below and I’m sure there are many ways to achieve the similar outcome.

Architecture

This is the foundation of a resilient and highly available design that can be applied to different systems and not just a gold plated one-size-fit-all solution. The design must be prescriptive but yet pragmatic with well defined cost and benefits.

Implementation

It has to be agile with risk mitigation strategy incorporated in all delivery phases. I believe automation is the key enabler to quality assurance, operational efficiency and manageability.

On-Premises and Cloud

The proliferation and adoption of Cloud has certainly changed the DR game. Many different conversations taking place today is about “To Cloud” or “Not To Cloud”, and if it is Cloud then HOW? Disaster Recovery must be, along with system resilience, included into such critical decision, and it’s ought to be adaptive to whatever path the business has chosen.

Understanding what DR really means in the organisation is utterly important and it can often lead to the change of prejudicial thinking with well articulated benefits and consequences. In the coming weeks I’m going to share my insights for the aforementioned phase approach.

This article is a guest post by Tommy Tang (https://www.linkedin.com/in/tangtommy/). Tommy is a well rounded and knowledgeable Cloud Evangelist with over 25+ years IT experience covering many industries like Telco, Finance, Banking and Government agencies in Australia. He is currently focusing on the Cloud phenomena and ways to best advise customers on their often confused and thorny Cloud journey.

Multi-Cloud Deployment – Are you Ready?

by Mark | Apr 29, 2019 | Cloud Computing, Security

Are you ready for Multi-Cloud?

Guest Post by Tommy Tang – Cloud Evangelist

Lately I have heard colleagues earnestly discussing (or perhaps debating) the prospect of adopting Multi-Cloud strategy; and how it could effectively mitigate risks and protect the business as it was a prized trophy everyone should be striving for. For those uninitiated Multi-Cloud strategy in a nutshell is a set of architecture principles that would facilitate and promote the absolute freedom to select any cloud vendor for any desired service at time of your choosing; and there is no material impact to move from one cloud service provider to another.

Before you get too excited about Multi-Cloud I’d like to mention the much publicised US Department of Defence’s Joint Enterprise Defence Infrastructure cloud contract (aka JEDI). Amongst the usual objectives and strategies stated in the JEDI strategy document, the most contentious issue revolves around the explicit requirement for choosing a single cloud service provider who can help modernise and transform their IT systems for the next 10 years. Not Multi-Cloud. The reaction to the single cloud approach has certainly brought on some fierce debate in the IT world, of which both IBM and Oracle tried to register their displeasure through legal avenues. Both companies have been dismissed and out of the running of the JEDI contract now.

While you are pondering the reason why Department of Defence would seemingly go against the conventional wisdom of Multi-Cloud, let’s briefly examine some of the advantages and disadvantages of Multi-Cloud strategy.

Advantages

Mitigate both service and commercial risks by procuring from multiple cloud vendors (i.e. not putting all eggs in one basket)
Select the best-in-bred service from a wide range of cloud providers (E.g. AWS for DevOps, Azure for Business Intelligence and Google for Artificial Intelligence)
Strive for favourable commercial outcome by encouraging competition between different players
Leverage fast emerging new technologies and services offered by the incumbents or new cloud entrants
Promote innovation and continuous improvement without artificial cloud boundaries

Disadvantages

Multi-Cloud architecture design can be more complex (I.e. integration, replication and backup solution that would need to work across different cloud vendors)
Unable to take advantage of vendor specific feature or service (E.g. Lambda is an unique AWS service)
Difficult to track and consolidate finance with different contracts and rates
No single pane-of-glass view for monitoring and managing cloud services
Need extensive and continuous training for different and never-ending cloud technologies

After learning the good and bad of pursuing the Multi-Cloud dream do you think the JEDI approach is wrong? Well the answer in my humble opinion is it depends. For example if you’re managing an online holiday booking service then you’re probably already using cloud services and thus it’s unlikely you’d face any impediments for deploying your Java applications to a different cloud vendor. On the other hand if you’re running the traditional supermarket and warehouse business using predominately on-premises IT systems then it is much more difficult moving them to the cloud; let alone running in different cloud vendors without massive overhaul.

If you’re still keen to explore the Multi-Cloud strategy then I’d consider the following guidelines. These are not prerequisites but certainly help achieve the ultimate cloud-agnostic goal.

Modernise IT Infrastructure

Modernise the on-premises IT systems to align with the common cloud infrastructure so they are Cloud Ready, This is the most important step regardless whether you are aiming for single cloud or Multi-Cloud deployment. During the modernisation phase you’d soon find out certain IT systems are difficult (and insanely expensive) to move to the cloud. This is the reality check you ought to have. It is perfectly ok to retain some on-premises system because quite frankly not every system is suitable for cloud. For instance large and complex application that requires specialised hardware or highly latency sensitive application is probably not for the cloud. Quarantine your cloud disenchanted applications quickly while consolidating cloud friendly applications into Intel-based virtualised platform. (E.g. VMWare or Hyper-V) Modernised on-premises virtualised platform provides the cloud foundation with added benefits of running virtual infrastructure. It is a good strategy for either Multi-Cloud or hybrid cloud. You should take full advantage of the existing data centre while you are embarking on the 3-5 year cloud journey.

Modular Application Design

Application development cost typically outweighs the infrastructure cost by a factor of 3x-5x. Given AppDev is quite expensive it is absolutely paramount to get it right from the start. The key design objective is to create an application that is highly modularised, loosely-coupled and platform agnostic. Hence the application can run on different cloud services without incurring massive redevelopment cost. The latest trendy term that everyone has been using is Microservice. Microservice is not bound to a specific framework or programming language. Any mainstream language like Java, C# or Python is suitable depending on one’s own preference. Apart from the programming language I’d also like to touch on application integration. I understand many people would prefer developing their own APIs because it is highly customisable and flexible. However in today’s cloud era it’d require lots of effort and resources to develop and maintain APIs for different cloud vendors as well as on-premises IT systems. Unless there is a compelling reason I’d consider using specialised API vendor like MuleSoft to speed up and simplify development. Last but not least I’d also embrace Container technology for managing application deployment. (E.g. Kubernetes) Containerised application capsule can significantly enhance portability when moving between clouds.

Data Mobility

It is about your prerogative over your own data. When you are considering Multi-Cloud strategy one of the burning issues is how to maintain data mobility. Data that is stored in the cloud can be extracted and moved to on-premises IT systems or another cloud service providers as desired without restrictions. Any impediment to data mobility would seriously diminish the benefits of using cloud in the first place. In the new digital world data should be treated as capital with intrinsic monetary value and therefore it is unacceptable for data to be placed with restrictive movement. So how do you overcome data mobility challenges? Here are some basic principles you should consider. First one is data replication. For instance is it acceptable to the business if the application would take 5 days to move from AWS to Azure? How about 4 weeks? The technology that underpins the Multi-Cloud strategy must meet the business needs otherwise it becomes totally irrelevant. Data replication between different cloud platforms can be implemented to ensure data is always available in multiple destinations of your choice. Native database replication tool is a relatively straightforward solution for maintaining 2 independent data sources. (E.g. SQL Always-On, Oracle Data Guard) The second principle is to leverage specialised cloud storage provider. Imagine you can deploy applications to many different cloud vendors while retaining data in a constant readily accessible location. The boundaries of Multi-Cloud would simply dissipated. For example NetApp Data ONTAP is one of the leading contestants in the cloud storage area. The third principle is the humble long standing offsite backup practice. Maintaining a secondary data backup at alternate site is an absolute requirement for both cloud or non-cloud system. It is a very cost effective way of retaining full data control and avoiding vendor lock-in.

Multi-Cloud is a prudent, agile and commercially sound strategy with many benefits but I believe it is not suitable for everyone. Blindly in pursuit of Multi-Cloud strategy without compelling reason is fraught with danger. The decision made by US Department of Defence to partner with only one cloud vendor, which is yet to be determined at the time of writing this article, is one of the high profile exception. Time will tell.

Check out this link where we dive deeper in to the difference of IAAS resilience on AWS and Azure.

How to upgrade to SCCM 1810

by Mark | Dec 21, 2018 | How To, SCCM

Step by step how to upgrade SCCM to version 1810

What’s new in SCCM 1810?

Here is a quick run down of the exciting new features that Microsoft has added to SCCM for release 1810. You can see more information around this update on the Microsoft blog site.

Specify the drive for offline OS image servicing

Now you can specify the drive that Configuration Manager uses when adding software updates to OS images and OS upgrade packages.

Task sequence support for boundary groups

When a device runs a task sequence and needs to acquire content, it now uses boundary group behaviors similar to the Configuration Manager client.

Improvements to driver maintenance

Driver packages now have additional metadata fields for Manufacturer and Model which can be used to tag driver packages for general housekeeping.

Phased deployment of software updates

You can now create phased deployments for software updates. Phased deployments allow you to orchestrate a coordinated, sequenced rollout of software based on customizable criteria and groups.

Management insights dashboard

The Management Insights node now includes a graphical dashboard. This dashboard displays an overview of the rule states, which makes it easier for you to show your progress.

Management insights rule for peer cache source client version

The Management Insights node has a new rule to identify clients that serve as a peer cache source but haven’t upgraded from a pre-1806 client version.

Improvement to lifecycle dashboard

The product lifecycle dashboard now includes information for System Center 2012 Configuration Manager and later.

Windows Autopilot for existing devices task sequence template

This new native Configuration Manager task sequence allows you to reimage and re-provision an existing Windows 7 device into an AAD joined, co-managed Windows 10 using Windows Autopilot user-driven mode.

Improvements to co-management dashboard

The co-management dashboard is enhanced with more detailed information about enrollment status.

Required app compliance policy for co-managed devices

You can now define compliance policy rules in Configuration Manager for required applications. This app assessment is part of the overall compliance state sent to Microsoft Intune for co-managed devices.

SMS Provider API

The SMS Provider now provides read-only API interoperability access to WMI over HTTPS.

Site system on Windows cluster node

The Configuration Manager setup process no longer blocks installation of the site server role on a computer with the Windows role for Failover Clustering. With this change, you can create a highly available site with fewer servers by using SQL Always On and a site server in passive mode.

Configuration Manager administrator authentication

You can now specify the minimum authentication level for administrators to access Configuration Manager sites.

Improvements to CMPivot

CMPivot now allows you to save your favorite queries and create collections from the query summary tab. Over 100 new queryable entities added, including for extended hardware inventory properties. Additional improvements to performance.

New client notification action to wake up device

You can now wake up clients from the Configuration Manager console, even if the client isn’t on the same subnet as the site server.

New boundary group options

Boundary groups now include two new settings to give you more control over content distribution in your environment.

Improvements to collection evaluation

There are two changes to collection evaluation scheduling behavior that can improve site performance.

Approve application requests via email

you can now configure email notifications for application approval requests.

Repair applications

You can now specify a repair command line for Windows Installer and Script Installer deployment types.

Convert applications to MSIX

Now you can convert your existing Windows Installer (.msi) applications to the MSIX format.

Improvement to data warehouse

You can now synchronize more tables from the site database to the data warehouse.

Support Center

Use Support Center for client troubleshooting, real-time log viewing, or capturing the state of a Configuration Manager client computer for later analysis. Find the Support Center installer on the site server in the cd.latestSMSSETUPToolsSupportCenter folder.

Support for Windows Server 2019

Configuration Manager now supports Windows Server 2019 and Windows Server, version 1809, as site systems.

SCCM 1810 prerequisites

As with any update, you should make sure that you have all the prerequisites to install this update to Configuration Manager, prior to starting the upgrade process.

These prerequisites to SCCM 1810 are;

Every site server within your existing Configuration Manager environment should be at the same version
To install the update, the minimum SCCM version you can currently be on is version 1710. 1802 and 1806 are also accepted
SQL 2017 CU2 Standard and Enterprise
SQL 2016 SP2 Standard and Enterprise
SQL 2016 SP1 Standard and Enterprise
SQL 2016 Standard and Enterprise
SQL 2014 SP3 Standard and Enterprise
SQL 2014 SP2 Standard and Enterprise
SQL 2014 SP1 Standard and Enterprise
SQL 2012 SP4 Standard and Enterprise
SQL 2012 SP4 Standard and Enterprise
SQL 2012 SP3 Standard and Enterprise
Windows Server x64
Windows Server 2012 R2 x64
Windows Server 2016
Windows Server 2019 version 1809

How to upgrade SCCM to release 1810.

Step 1 – Administration Tab

Open you System Centre Configuration Manager Console and navigate to Administration

Step 2 – Updates and Servicing

Now click on Updates and Servicing and hopefully you should see the Configuration Manager 1810 update as highlighted in the attached picture.

Step 3 – Check SCCM 1810 Prerequisites

Next, right click on the Configuration Manager 1810 update and choose Run Prerequisite Check

Step 4 – Checking Prerequisites

Now the SCCM 1810 prerequisites will run and check that the Configuration Manager 1810 update is compatible with your current system. This will take some time, so perhaps go make a coffee while you wait.

Step 5 – ConfigMgrPrereq.log

You can check the status of the prerequisite check by looking at the ConfigMgrPrereq.log located in the C: drive of your configuration management server.

As you can see in my logs, the prequisite check has passed.

Step 6 – Install Update Pack

Now the fun stuff begins. We are ready to start the upgrade process for SCCM.

Right click the Configuration Manger 1810 update and choose Install Update Pack

Step 7 – Start the installation process for SCCM 1810

On the Configuration Manager Updates Wizard, you can choose to Ignore any prerequisite check warnings and install this update regardless of missing requirements if you so wish.

As with any production environment, it’s always best case to never ignore any warnings, but we have had none in the previous check, so do not need to click this checkbox.

When you are ready to start the update process, click next.

Step 8 – Features included in update pack

The next page on the wizard are various features you can install as part of this update.

Check if any of the features you will need and when ready click on next.

Step 9 – Review and accept the terms

You can review the license terms that Microsoft has for this update. Accept these by checking the checkbox and click Next

Step 10 – Summary

Review this page to confirm that all the settings and features you have chosen previously are correct, and again when ready click Next.

Step 11 – Installation Completed

Finally, the last screen of the Configuration Manager 1810 upgrade wizard is the completed screen. Review the summary and then click on Close.

SCCM will upgrade in the background. This can take sometime dependent on your infrastructure setup.

Step 12 – Check Installation Status

To check the status of your SCCM upgrade, you need to go to Overview, then Updates and Servicing Status.

Step 13 – Show Upgrade Status

Select the Configuration Manager 1810, then right click and choose Show Status.

Step 14 – Update Pack Installation Status

Highlight Installation and you will see the status of all the components that are upgrading.

Keep on clicking Refresh until you see all the tasks with a green tick. Be mindful, this does take sometime.

Click on Close when they are all green.

Step 15 – Update the Configuration Manager Console

Once all the ticks have gone green, click refresh within the SCCM console and you should be prompted with the Console Update.

Click on OK to proceed.

Step 16 – Update the Configuration Manager Console

The SCCM console update will download the required files and update your configuration manager console to the latest version

Step 17 – SCCM 1810 Upgrade Finished

Finally, SCCM has updated your Config Manager environment to release 1810

How to Snapshot your VMs before patching with SCCM and SnaPatch

Now that you have upgraded SCCM to the current branch 1810, here is a quick run down on how to use SnaPatch with SCCM to quickly and easily snapshot your VMs prior patching.

SCCM Clients re-evaluate software updates

by Mark | Dec 18, 2018 | SCCM

SCCM – Change the time for a client to re-evaluate software updates

SCCM Schedule Updates
System Center Configuration Manager (SCCM) is an essential tool for managing and deploying software updates in an organization. SCCM provides a robust platform to manage software updates for desktops, servers, and mobile devices. However, SCCM clients can be configured to re-evaluate software updates based on specific criteria such as time, detection method, or client settings. In this article, we will discuss how to change the time for a client to re-evaluate software updates in SCCM.

What is SCCM, and Why is it Important?

SCCM is a system management software developed by Microsoft. It is used to manage large-scale deployments of operating systems, applications, and updates across an organization’s network. SCCM can manage various devices such as desktops, laptops, servers, and mobile devices. SCCM is essential for organizations that need to manage software updates across a large number of devices.

How to Change the Time for a Client to Re-evaluate Software Updates in SCCM

Changing the re-evaluation time for software updates can help keep devices up to date with the latest security patches. By default, SCCM clients are configured to check for software updates every seven days. However, this time interval can be changed based on an organization’s requirements. The following steps can be followed to change the time for a client to re-evaluate software updates in SCCM:

Step 1: Open the SCCM Console

Launch the SCCM console on your computer. The SCCM console can be launched by clicking on the Start menu and searching for “Configuration Manager Console.”

Step 2: Navigate to the Client Settings

In the SCCM console, navigate to the “Administration” tab and click on “Client Settings” under the “Client Settings” section.

Step 3: Configure the Software Updates Client Settings

In the “Client Settings” window, click on “Software Updates” in the left-hand pane. In the right-hand pane, scroll down to the “Software update evaluation schedule” section.

Step 4: Set the Time for Re-evaluating Software Updates

In the “Software update evaluation schedule” section, click on “Custom schedule.” In the “Custom schedule” window, enter the number of days that you want SCCM clients to re-evaluate software updates. Click on “OK” to save the changes.

SCCM Client Software Update Evaluation FAQs

FAQ	Answer
How often does SCCM check for software updates?	i. Default Time Interval for Checking Software Updates: The default time interval for SCCM to check for software updates is every 7 days.
	ii. How to Configure the Time Interval for Checking Software Updates: To change the time interval for checking software updates in SCCM, go to “Administration” > “Client Settings” > “Default Client Settings” > “Software Updates.” Under the “Software Update Scan Schedule” section, select the desired interval from the drop-down list. Click “OK” to save the changes.
How do I force SCCM to check for software updates?	i. Using SCCM Console to Force Software Update Check: To force SCCM to check for software updates using the console, navigate to “Assets and Compliance” > “Devices.” Select the devices that you want to check for updates, right-click and select “Client Notification” > “Check for Software Updates.”
	ii. Using PowerShell to Force Software Update Check: To force SCCM to check for software updates using PowerShell, open PowerShell as an administrator and run the following command: `Invoke-CMSoftwareUpdateScan -DeviceName <DeviceName> -AllowUseDefaultCredentials -ForceScan`. Replace `<DeviceName>` with the name of the device you want to check for updates.
How do I know if my SCCM client is up to date?	i. Checking the Last Scan Status of SCCM Client: To check the last scan status of an SCCM client, navigate to “Assets and Compliance” > “Devices.” Select the device that you want to check, and click on “Software Updates” > “Last Scan States.” This will display the last scan status of the device.
	ii. Verifying the Installed Software Updates on SCCM Client: To verify the installed software updates on an SCCM client, navigate to “Assets and Compliance” > “Devices.” Select the device that you want to check, and click on “Software Updates” > “Compliance 1 – Overall Compliance.” This will display a list of installed and missing software updates on the device.

SCCM is an essential tool for managing and deploying software updates in an organization. Changing the time for a client to re-evaluate software updates in SCCM can help keep devices up to date with the latest security patches. In this article, we discussed how to change the re-evaluation time for software updates in SCCM. We also answered some FAQs to make the process easy. By following the steps outlined in this article, you can ensure that your SCCM clients are up to date with the latest software updates.

Adobe Flash Compromised – Latest Security Concerns

by Mark | Dec 18, 2018 | Patch Management, Patch Releases, Security

Adobe Flash compromised

Adobe Flash Vulnerability Compromises Cybersecurity

Adobe officials have confirmed that a critical vulnerability has been discovered in Flash version 19.0.0.207, which was just released on Tuesday. Security researchers warn that this vulnerability, identified as CVE-2015-7645, is being exploited by attackers to surreptitiously install malware on end-users’ computers, even in fully-patched versions of the software.

Zero-Day Exploits

The critical security flaw is reportedly being used exclusively by Pawn Storm, a group that is targeting only government agencies as part of a broader, long-running espionage campaign. However, it’s common for these kinds of zero-day exploits to be distributed more widely once the element of surprise has waned. The vulnerability has been found in Flash versions 19.0.0.185 and 19.0.0.207, as well as potentially earlier versions. At present, no further technical details are available.

Recent Attacks

In the most recent attacks, links were sent via email that purported to contain information on current events. These URLs hosted the exploit, leading users to download the malware without realizing it. The following topics were used as bait in these attacks:

• “Suicide car bomb targets NATO troop convoy Kabul”

• “Syrian troops make gains as Putin defends air strikes”

• “Israel launches airstrikes on targets in Gaza”

• “Russia warns of response to reported US nuke buildup in Turkey, Europe”

• “US military reports 75 US-trained rebels return Syria”

How to Stay Safe

In light of this vulnerability, it’s essential to take steps to stay safe while using Flash. First, ensure that you have updated to the latest version of Flash Player to reduce the risk of an attack. It’s also important to avoid clicking on links or downloading attachments from suspicious emails or websites. If you receive an email with an unsolicited link or attachment, delete the message immediately. Finally, consider disabling Flash altogether, particularly if you don’t use it often.

Conclusion

The recent discovery of a critical security flaw in Adobe Flash is a cause for concern, particularly as attackers have already been exploiting it in targeted attacks. As such, it’s essential to stay vigilant and take steps to protect yourself against this and other vulnerabilities. By staying up-to-date with the latest software updates, being wary of suspicious emails and attachments, and disabling Flash if necessary, you can help ensure that your computer remains secure.

« Older Entries

Next Entries »