Adding extra service mappings to Nexpose

10/07/2017 by user

Nexpose does have good coverage of services in the “well known” range of ports (0-1024). An environment with a lot of propriety systems will cause Nexpose to some services as unknown or even misidentifying them. The screenshot below is a good example of this.

The example is from a Domain Controller. Nexpose identifies the port 3389 service correctly as RDP. Ports 3269/32769 are used by the Global Catalog service, so labelling them as LDAP/LDAPS isn’t strictly accurate. For port 3260 and 5666 it gives up. Depending on your needs, you may want to get these labels a bit more accurate. This can be achieved by using a custom service names file (you can alter the default one, but it’s probably best to leave that in its default state).

The default file, default-services.properties, is located in the <install location>/plugins/java/1/NetworkScanners/1 folder. The format is basic, with each line as <port #>/<tcp or udp>=<Service Name>. Some of the custom ports I added are shown below:

Once the properties file is in a state you’re happy with, place it in the same folder as the default one and either create a new or edit an existing scan template and put the file name into the field on the Service Discovery section. Load up the page of an asset to test and queue a scan on it with the scan template. The reported services should update with the new values.

If all your IT department does is BAU work, you have a problem

16/01/2017 by user

Over the years I’ve heard stories from peers and read them online about the very ordinary experiences they had as IT workers. I’ve even experienced it myself. A common theme is that the IT department is only performing a maintenance function, often called Business as Usual (BAU), operations or break-fix work. Being in that position can be very dangerous.

VMware NSX – First Impressions

29/06/2016 by user

One of the first “killer applications” on the PC platform was Lotus 1-2-3, a spread sheeting program that greatly improved the productivity of the people using it and making a clear case for buying PCs. More recently, we’ve seen this sort of thing happening in IT infrastructure, with virtualisation, automation, cloud and “as a service”. VMware’s NSX product is the latest in a line of products from VMware in this sort of area.

If we go back to the “good old days” of getting a server up and running, it could take weeks. The diagram below shows the amount of effort involved.

While some of these numbers may have been more or less depending on circumstances, in many cases it could’ve taken over 150 business hours to get a server ready for use. Or almost a full month.

VMware Horizon 7 – First Impressions

06/04/2016 by user

VMware Horizon is a Virtual Desktop Infrastructure (VDI) product which initially allowed provisioning of Virtual Desktops off a base image in an easily to manage fashion. Over time, VMware have added extra functionally, such as the ability to add Remote Desktop Services (RDS) servers.

Version 7 has added a number of interesting features and improvements. The one mentioned first in the release notes is Instant Clones. This is a technology I’ve been following for a while, ever since I read about it. Originally known as VMFork, it’s a technology to allow very rapid, almost instant, provisioning of Virtual Machines. Duncan Epping wrote a good overview of VMFork/Instant Clone back in 2014. Support for Virtual Volumes and Linux desktops are some of the other features that have been added.

SQL As A Service Proof of Concept with SQL 2012 and vRealize Automation

05/03/2016 by user

Standing up a redundant/highly available database infrastructure can be one of the more complicated pieces of work. Doing it by hand is a long process with any points where errors could happen. It was with this in mind that I decided to use this as my first “project” with vRealize Automation.

A Brief History of SQL Server High Availability

When discussing redundancy or high availability (HA) for databases, there’s two distinct outcomes – firstly to ensure the continued delivery of the service in the event of infrastructure failure (the actual HA part) and secondly to ensure the data is kept in an orderly fashion (data integrity, no loss of data, etc). Where these two activities happen depend on the technology used.

In older versions of SQL Server, these outcomes were achieved using SQL Clustering. In SQL Clustering, the HA function was achieved at the server level by having 2 or more servers, while data integrity was maintained by the database residing on shared storage.

Want hands on with Virtual Volumes? EMC has a Virtual Appliance for that

12/02/2016 by user

Virtual Volumes (VVols) is a new method of managing storage introduced in VMware vSphere 6.0. Unlike many of the new features in vSphere 6.0, VVols requires not just vSphere 6.0 to work, but a storage device that supports the technology. Fortunately, EMC have produced a virtual appliance that emulates a storage device with VVol support, so you can get some practical exposure to Virtual Volumes without needing a shiny new storage array. Download and documetation can be found at http://www.emc.com/products-solutions/trial-software-download/vvols.htm The process for getting Virtual Volumes completely working is rather long, as the flow chart from EMC’s documentation below shows:

I’ll run through the steps in getting the Appliance and Virtual Volumes working on a vSphere installation.

vRealize Automation 7.0 – First Impressions

29/01/2016 by user

vRealize Automation is, as VMware puts it, cloud automation software. It’s the black box where the magic that happens between a customer or consumer of your cloud services and the infrastructure the cloud sits on, providing the services we would normally associate with a cloud service such as self-service, elasticity and multi-tenant support.

vRealize Automation - The Black Box — vRealize Automation – The Black Box

In the past, this product was known as vCloud Automation Center, or vCAC. It was rebranded along with a number of other VMware products under the vRealize banner. However, the newly branded vRealize Automation product still retains some references to vCAC.

vCloud Air Test Experience

13/10/2015 by user

vCloud Air is VMware’s public cloud offering, similar to Amazon’s AWS or Microsoft’s Azure. The key distincion between vCloud Air and these other offerings is that vCloud Air uses VMware’s products such as vSphere.

The VMWare User Group (VMUG) recently added free credits on vCloud Air OnDemand as part of their EVALExperience program. As the name suggests, vCloud Air OnDemand is a pay-as-you-go service. I looked at this service offering as a server engineer with a reasonable background in VMware, considering aspects such as the ease of basic tasks, general administration, technical considerations for the business (good and bad) and how it compares to other offerings.

Hands on with the Lenovo Thinkpad X230t

15/01/2013 by user

One of the fortunate things of working in the SCCM space is you sometimes get first shot at a new piece of hardware when it comes in. In this case, it was the Lenovo Thinkpad X230t, a convertible laptop.

The tablet has become a disruptive technology since the iPad really burst onto the scene and one of the outcomes of this is the convertible laptop, a device that can be used as a table but still managed as a native Windows device and have the benefit of whatever Windows software you have available.

The X230t is the first Thinkpad I’ve managed to use in a serious way and having heard about the legendary quality when they were made by IBM, it seems that has carried over with Lenovo. The construction feels good, not tacky or cheap. The only point of physical design I wasn’t overly comfortable about was the swivel point to convert between laptop and tablet modes. The swivel can only twist one way and seems to be betting to be twisted the wrong way and broken by a user. The only other sore point I had with the physical design was the location of the 3G card slot – it’s located under the battery, requiring you to take out the battery to access it.

In operation, the machines I used were quite fast thanks to the SSD in them. They come with a stylus for using the touch screen and there’s a nice little slot to put the stylus when not in use. The screen seems to have a matt coating of some sort, possibly to prevent scratches/damage from the touch use. Using the 3G slot was good, as the device appears as another wireless style connection, meaning you don’t have to deploy/install the proprietry application your 3G provider has you use.

The last point to note is Lenovo has come to the party with SCCM support and added driver packs similar to what HP and Dell are doing. This made adding the X230t to the existing SCCM setup quite easy.

Office 2010 products MIA in SCCM 2007 reporting

01/11/2012 by user

One of the curious things about SCCM 2007 is the number of hot fixes it has to fix what are (in my experience) relatively common problems. One of these came up when I wanted to do a report of how many Office 2010 installations there were versus other versions and reconcile those against the installed base of Windows 7 machines the RAC had. The idea was to see how many machines were out of MOE compliance and start remediating them.

I got a bit of a shock when I started doing reporting and no numbers, not even entries, would appear for Office 2010 products, including Visio and Project. Some of the more recent server products also weren’t listed (although this was a secondary concern at the time).

I soon found out there is not just one hot fix for this, but at least 3 have been issued, going back as far as November 2010 at least. Following a change request, I got the latest version of the hot fix in and the reporting started working correctly.