Connecting local Active Directory Cloud (AD) and Azure

Active Directory Cloud Enablement

Connecting local AD to Azure

Active Directory Cloud Simplifies user Access (Microsoft)With the deployment of more and more Office 365 services, managing separate AD instances can be daunting. Fortunately, Microsoft offers great tools to get your Active Directory Cloud initiative working. Azure’s AD is the backing AD for the Office 365 services. In this article, I am providing a summary of the key points to remember when connecting to Azure’s AD.

Microsoft provides a very powerful set of tools to easily connect a local Active Directory to Azure. There are also some advanced options available if you decide to use Azure as a full-blown AD server for your organization. However, it is important to be very careful. Here is what can happen if the connection isn’t done right: most if not all of the users will be locked out of their account. That means, no email (Outlook), no SharePoint, no OneDrive.

 The key is to configure the ADD connect the tool with a custom setting in order to make sure that the local domain doesn’t take over the Office 365 domain. The following steps assume that you have Office 365 deployed for your main domain. For example, NewPush.com is our main domain. 

Quick summary to connect the Active Directory Cloud 

1)    Check that all your local users have their email address set up properly in the “mail” attribute of your local AD. At this stage, you should also make sure that you have an Office 365 account set up with Global Admin privileges, and on the default Microsoft domain (e.g. [email protected]

2)    Installing the ADD. This is straightforward, however, make sure to not finish the install with the defaults, as we modify the sync rules in the next step. If you already installed, and have the wrong settings, you need to uninstall, reboot and reinstall.

3)     Select custom synchronization setting and select the mail attribute as UPN for sync which results in your main domain remaining the one used on Office 365. 

References for Active Directory to Azure Connection

1)      http://www.microsoft.com/en-us/download/details.aspx?id=47594

2)      https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom   Custom installation of ADD connect Start to end. 

 Please let me know if you found these instructions helpful, and do not hesitate to send me feedback.


NewPush Recognized as Top 20 VMware Cloud provider 2016

CIO Review recognition

NewPush started using VMware technologies from its inception in 1999. At the time the first dot com boom was just heating up. Many virtualization technologies were emerging for the Intel platform. Over the years we kept focusing on providing enterprise-grade infrastructure. Meanwhile, we have kept increasing the role of VMware as we understood that for Intel-based hardware VMware provided the most reliable enterprise solutions. As a result, we have moved the use of VMware from our development labs to our production systems and data-centers. Since the 2010’s we are formally a VMware partner providing VMware Cloud solutions. Most noteworthy, the last few years have shown a tremendous growth in the capabilities VMware Cloud delivers. Therefore it is our pleasure to announce that CIO Review has recognized NewPush as a top 20 VMware technology provider.
20 most promising VMware Cloud solution providers - 2016

VMware Cloud Solutions

Important milestone for NewPush

This recognition is a milestone that is important to us. We have worked hard to pioneer and to be successful in deploying state of the art VMware based cloud technologies. Our recent work focuses on NSX, vSAN, and the vRealize suite. As we continue our quest to provide the best cloud services to our customers, we look forward to deploy the new Docker and Hadoop enablement technologies.

Looking ahead

Cloud technologies keep changing at an ever-increasing pace. Companies who stay ahead are going to continue to have a competitive advantage, by providing a better customer experience. By partnering for technology decisions with NewPush, you can spend more time with your core business, while ensuring that you have a trusted partner with a proven track record to help you keep a competitive edge on the IT front. If you would like the NewPush advantage for your company, please do not hesitate to get in touch today. We are here to help 24 hours a day, seven days a week.


How to Flatten a Dimensional Data Model Built in Excel with Pivot Tables

To flatten a dimensional model built in Excel using pivot tables, follow these steps:

  1. save the original worksheet with the pivot table as a CSV (tab delimited is even better)
  2. select the range or column that contains the blanks (if you have blanks under the header, don’t select the column header in the range)
  3. select Edit -> Go to… -> Special
  4. select blanks (at this point Excel will select all the blank cells
  5. press equal
  6. point to the cell above the first selected cell
  7. press <ctrl>+Enter and Excel will copy the formula to all the blank cells
  8. to replace the formula by the values, simply save the worksheet again as CVS, or copy and paste special the cells as values
  9. that’s it, you’re done. (Don’t forget to save.)

Setting up FileZilla for connecting to the server (first time only)

 

  1. Start FileZilla. I’m using FileZilla 3.5.0 for this tutorial, but the steps should be the same in any recent version.
  2. We will start by creating a new site in FileZilla so that we won’t have to fill the credentials every time we would like to connect to the server. Open File > Site Manager… and click on the New Site button on the left. Edit the name of the site so it’s easy to recognize.
  3. Fill in the form on the right with the following information:
    • Host: [hostname/IP addess]
    • Port: [FTP port]
    • Protocol: FTP File Transfer Protocol
    • Encryption: Require explicit FTP over TLS
    • Logon type: Account
    • User: [your FTP username]
    • Password: [your FTP password]
    • Account: [the domain name for the user in Windows Server] Click on Connect to test the FTP connection.
  4. An Unknown certificate window will pop up. This means that FileZilla recognized that we are using a secure connection and asks whether the information in the certificate is legit. If it is, then click on *OK-. (You might want to check “Always trust certificate in future sessions” so that FileZila won’t ask this again.)
  5. Wait a little until the server processes the login request – it shouldn’t take more than 10 secs on a decent connection. If everything went right, the folders/files will appear on the right pane of FileZilla.

After this, you can use the FTP software as usual for downloading/uploading files to the server.

Connecting to the server

The next time you would like to access the FTP server just…

  1. Start FileZilla.
  2. Open up the Site Manager from the File menu.
  3. Select the saved site from the left and click on Connect.

FileZilla already knows the details of the connection from the steps above, so it should log in without any problem.


OpenVPN connects, but no ping

OpenVPN connection issue on Windows Vista and Windows 7

 

Problem

When connecting to an OpenVPN tunnel on Windows Vista or Windows 7, the OpenVPN GUI shows the connection as successful, but the protected network can not be reached.

Solution

Start OpenVPN as administrator. This is necessary even of the account launching OpenVPN is an administrator level account. If the OpenVPN GUI is already running, quit the application. Before launching OpenVPN GUI, right click, and select “Run As Administrator”.

There is a way to make this permanent in the Windows application properties:

Right click on the OpenVPN GUI icon, then click on Properties, and on the Compatibility tab. Tick the “Run this program as an administrator box.”


Installing a Secure Certificate on IBM Smart Business Server (VERDE)

At the time of this writing, the IBM Smart Business Server’s control panel doesn’t allow importing a secure certificate (SSL cert). Never-the-less it is possible to install a valid (CA signed) secure certificate from the command line. This article assumes that the reader is familiar with SSL and the basic SSL KEY, CSR, and CRT generation step. We are therefore picking up at the point where you have an SSL KEY as well as an SSL CRT. You will also need a machine that has openssl installed (any Linux or Mac box will do). In fact the smart business server itself has openssl installed, as well as keytools, so all the steps can be performed directly on the smart business server.

Please note that this is a draft document, and work in progress. At this time only the public facing websites have been successfully set up with a CA signed certificate.

  • The Apache configuration file for the setup wizard is:/etc/apache2/httpdWSW.conf
  • The Apache configuration file for the intranet is here:/etc/apache2/httpdInt.conf with the corresponding SSL configuration here: /etc/apache2/extra/httpdInt-ssl.conf
  • First copy the new key and cert (in the same file, key goes on top and then the cert) into /etc/opt/ibm/bbp/smartcontainer/httpdWSW.cert
  • (Optional, this step hasn’t been successfully tested, because a non-RFC compiant method is used.) To create an RFC compliant PKCS8 version of the key pair where the intranet config file is expecting it:
    cd /etc/opt/ibm/bbp/
    openssl pkcs8 -topk8 -inform PEM -nocrypt -in smartcontainer/httpdWSW.cert -out PKCS8.cert
  • Make sure the CA bundle is made available and properly reference in the above mentioned config files (cp path/to/sf_bundle.crt smartcontainer/)
  • Create a PKCS12 version of your certificate:
    openssl pkcs12 -export -chain -CAfile sf_bundle.crt -in '<your>.crt' -inkey '<your>.key' -out PKCS12.cert -name <name> -passout pass:111111
    (at the time of this writing, the default cert store password hard coded in the VERDE install is 111111)
  • Location of the Java SSL Keystore: /etc/opt/ibm/bbp/SSLkeystore
  • Location of the [SAFEv3] encription tool:/opt/ibm/bbp/saf/encryptPassword.sh
  • Password retrieval command:/opt/ibm/bbp/saf/lib/security/manageAdminCreds -f get -a JavaKeyStore2048BitKey -i 1
  • Create a new keystore based on the PKCS#12 cert:
    keytool -importkeystore -destkeystore SSLkeystore.new -srckeystore PKCS12.cert -srcstoretype PKCS12 -alias <common_name_of_SSL_cert>
  • Update the Keystore configuration reference in /opt/ibm/bbp/saf/cfg (use the password retrieved above).
  • Copy the PKCS#12 cert to the VERDE Tomcat cert store:
    cp PKCS12.cert /var/lib/verde/host.p12
    cp /var/lib/verde/host.p12 /usr/lib/verde/etc/host.p12
    (Make sure you save your previous copies of any file you modify.)

At this point, you have to restart the system, to make sure that all public services get the proper certificate loaded on boot. If you prefer, you can restart the services:

  • /etc/init.d/lwi restart
  • /etc/init.d/simpleAgent_d restart
  • restart the VERDE software from the web console

References

  • http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips
  • http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html
  • Many thanks to the bISV IBM support team

Migrating Data Between DB2 Servers

DB2 Support for Data Migration

When it is time to upgrade from DB2 on Intel to DB2 on Power for example, taking a backup/restore approach isn’t possible as DB2’s backups are platform dependent. The solution is to use a DB2 command called db2move.

Basics of db2move

db2move allows to export data from DB2 at different levels of granularity. It also has a very simple syntax to allow exporting all of the data and structure of a database.

Exmaple of db2move


su - db2inst1
mkdir /tmp/db2export
cd /tmp/db2export
db2move sample export

Where db2inst1 is the db2 instance owner, /tmp/db2export is where the DB2 data and structures are being exported, and sample is the database name.

For more DB2 Support hints, please visit our DB2 category.


Planning for Storage, Server, and Network Infrastructure

Questions to ask when planning storage and server infrastructure

Storage Requirements

  • What our their current storage environment? (What technology do we use? NetApp, EMC, HP, Hitachi, Compellant?)
  • What is our current amount of usable storage?
  • What is our current data in GB / TB? How much of that data is deemed critical as opposed to 2nd tier, or even archivable?
  • What growth increase are we seeing from year to year? (25%? 30%? 40%? More?)
  • Is this our largest variable IT cost within our overall budget?

Server Infrastructure

  • How many servers do we have within our overall Infrastructure environment?
  • What percentage is comprised of Power, Linux or “Wintel”?
  • Do we have a vendor standard? (HP, Dell, IBM?)
  • What is our overall server utilization (7%? 10%? 20%? 50%? More?)
  • Do we utilize virtualization in our server infrastructure environment?
  • If so, what percentage of our environment is virtualized?
  • What version / type of virtualization do we use?
  • Are we looking to do a server consolidation project to help us save on additional software maintenance and energy costs?

Network Infrastructure

  • Do we have (primarily) our own data center or do we store all of our equipment at a co-location / managed services location? (and if so, whom?)
  • What is our current network environment (Cisco? Avaya?)
  • Do we standardize on a vendor?
  • How old / new is their network environment?
  • What kind of connectivity do they have? (T1? T3? DS?)

Security Solutions

  • Do we have a set standard for our security environment?
  • Do we do quarterly security assessments? (PCI and/or FFIEC Assessments?) (Who do we use?)
  • Are there areas we need to improve?

Software Maintenance

Do we have a goto partner we standardize on for software and hardware maintenance contracts?

Projects

  • What are there next three primary projects?
  • What is our IT budget?
  • What is our Calendar year? Jan – Dec? July – June? Etc.

For more information about planning for storage, servers, and network infrastructure, look at our data warehouse pages.


Remove old or bogus address form Outlook email auto-complete address book

Problem

As a result of people changing their email address, or just simple typos, the MS Outlook auto-complete list ends up with a number of bogus queries.

Solution

To remove a name or email address from Outlook’s auto-complete list, simply follow these 4 steps:

  • Create a new email message in Outlook (don’t worry, you can cancel it as soon as the task is complete)
  • Start typing the name or address you want to remove
  • Use the down arrow key to highlight the desired (undesired) entry — make sure you actually use the arrow keys on the keyboard: if you use the mouse, the address will be selected in your recipient list, and you have to start over
  • Press the Del key on your keyboard, et voilà, the unwanted entry is gone