Tech Roundup - 23rd February 2020

Some stuff collated/new/learnt since Tech Roundup - 31st December 2019 with headings:
AWS, Certificates (SSL), Cisco, FlexPod, Google Cloud, HP, IT Industry News/Commentary, Kubernetes, Microsoft, NetApp, pfSense, RedHat, Security, Tech Field Day, Veeam, Zone to Win

AWS

AWS Build a Winning Pitch Deck Workshop ... | Mar.10.2020 | London, England
... is designed to help pre-seed startups develop a fundraising narrative and build a pitch deck that serves as their tool to getting funded.

AWS Summit London | ExCel London | April 29, 2020

AWS Powers Guinness Six Nations Rugby Stats

Guinness Six Nations Matchstats

Certificates (SSL)

Microsoft Teams goes down after Microsoft forgot to renew a certificate

Summary of Windows Azure Service Disruption on Feb 29th, 2012

Let’s Encrypt: Why ninety-day lifetimes for certificates?

Certbot
Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.

Cisco

“The gateway in a Cisco ACI stretched layer 2 network can only reside on one site and has no capability to fail over to another site in case of a site loss.”

UCS Platform Emulator Downloads: UCSPE 4.0(4ePE1) / UCSPE 3.2(3ePE1)

Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices without any user interaction.

FlexPod

FlexPod Datacenter for AI/ML with Cisco UCS 480 ML for Deep Learning - Design Guide

FlexPod Datacenter for AI/ML with Cisco UCS 480 ML for Deep Learning - Deployment

Google Cloud

File storage made easier with NetApp Cloud Volumes, now GA

NetApp Cloud Volumes Service for Google Cloud
HP

“Cartridge cannot be used until printer is enrolled in HP Instant Ink”

HP Instant Ink
Save up to 50% on ink!
Monthly printing plans based on the number of pages you print not the amount of ink you use!

“By the way, did you know that printer ink is actually the most expensive liquid on this planet?”
HP explains why printer ink is so expensive

IT Industry News/Commentary

Jan 3, 2020: Blockchain 2020 – thoughts, comments and the future

Kubernetes

Container, Kubernetes & Microservices – how NetApp can help

“You will find this presentation a valuable trove of useful tricks. Enjoy.”

Microsoft


How to revert to an earlier version of Office
Applies to: Office 2019, Office 2016, Office 2013
Note: This article doesn’t apply to MSI versions of Office.
And if that doesn’t work...
1. Start the elevated command prompt (START > CMD > right-click and select "Run as administrator")
2. Paste and run "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe" /update user updatetoversion=16.0.11328.20512
3. Once the older version is installed, open any Office app, go to File > Office Account and select Disable updates (under Product Information)

Links for:
Event Properties - Event 2020, MSMQ: “The Message Queuing service cannot start”
Tip: If you want the Message Queuing service to start automatically, having it on a VMDK works, but in-guest iSCSI does not (since the iSCSI storage isn’t immediately available to the O/S when it boots.)

NetApp

IDC PERSPECTIVE: A New NetApp Is on the Rise

On-Demand Webinars:


NetApp Blog (blog.netapp.com):


NetApp Cloud (cloud.netapp.com):



Image: Windows Virtual Desktop (and Citrix) on Azure - Optimize End User Experience with Azure NetApp Files (ANF)

NetApp Cloud Manager and Cloud Compliance:

Cloud Manager
FlexCache with Cloud Volumes ONTAP: https://youtu.be/PBNPVRUeT1o

Cloud Compliance

NetApp HCI:

How a Disaggregated Architecture Can Lower HCI Total Cost of Ownership:

[Impact: High] NetApp H-Series BIOS update to reduce memory and machine check errors
Recommend updating the BIOS as part of the HCI Installation.

HOW TO: Reduce the wear on the boot drive of a NetApp HCI compute node
Recommend doing this as part of the HCI Installation.

Where vCenter was deployed using IP address, not FQDN...
...to rename to FQDN, it can only be done from vCenter 6.7U3 as per this article:

H410 Protection Domains
Extending storage availability across chassis.
- Node/chassis location awareness data layout
- Automatically detects H410 chassis and node configuration
- Double-helix data layout ensure that primary and secondary data blocks span domains
- Domain level capacity monitoring
- Minimum of three chassis required for domain level resiliency

Image: H410 Protection Domains

NetApp HCI Return to Factory Image (RTFI)
By Allen Johnson | January 25, 2020

NetApp Miscellaneous:



NetApp.io (NetApp DevOps Community):


NetApp TechONTAP Podcast:


NetApp NVAs:

NVA-1143: NetApp HCI - NIST Security Controls for FISMA with HyTrust for Multitenant Infrastructure
NVA Design and Deployment

NetApp TRs:


NetApp-ONTAP Python SDK:

... authoring some Python code using the newly released netapp-ontap Python SDK?
To find help for export policies:
Module netapp_ontap.resources.export_policy

NetApp ONTAP LUN rename:

Easy to do and non-disruptive, just needs:
lun move-in-volume -vserver SVM_NAME -path CURRENT_PATH -new-path NEW_PATH

Questions about NetApp impact related to released LDAP signing and channel binding security advisories published Microsoft:

NetApp customer facing KB:

Also see:
“What about ONTAP and LDAPS?
How do we do (configure) it?
- Change the port in the ldap config to port 636.
- Make sure -use-start-tls is turned to false
- And the enterprise root cert is installed into ONTAP.”

Related Microsoft URLs:

pfSense

Netgate pfSense Security Gateway Appliances for the public cloud (Amazon AWS and Microsoft Azure), and private cloud (hardware appliances):

Download the Community Edition appliance for VMware vSphere, Microsoft Hyper-V and Proxmox:

RedHat

Disaster Recovery Strategies for Applications Running on OpenShift

Image: OpenShift deployment topologies

Security

NetApp is on the DoDIN (Department of Defence Information Network) Approved Products List.
Search for:
Device Type = “Data Storage Controller”
Vendor = “NetApp, Inc.”
For ONTAP 9.6 and 9.7, all these controllers are certified:
FAS8040, FAS2520, FAS2552, FAS2554, FAS2620, FAS2650, FAS2720, FAS2750, FAS8020, FAS8060, FAS8080EX, FAS8200, FAS9000, AFF A200, AFF A220, AFF A300, AFF A700, AFF A700s, AFF A800, AFF8020, AFF8040, AFF8060, AFF8080EX, FAS8300, FAS8700, AFF A400

Tech Field Day [Videos]

NetApp Introduction to Active IQ

NetApp Active IQ Platform Architecture

NetApp AIOps

NetApp The New Active IQ Experience Demo

NetApp StorageGRID - Object Storage for What's Next

Veeam


NetApp primary storage users:
New versions of Universal Storage API plug-ins for:
NetApp Element Plug-in 1.0.10 (with a couple of enhancements around our SolidFire integration)
Also, an important note regarding NetApp ONTAP 9.7 support: this was found to be a "breaking" release due to an API change, so it will require v10. The RTM build does NOT support ONTAP 9.7 yet, as we finished testing after it was already shipped. However, we managed to include the required change into the GA build.

Veeam Snapshot Hunter is awesome!

Veeam: V10: Better Backup: Faster. Stronger. Smarter.
Watch the recording of the Feb. 18 launch event and find out what’s new in Veeam Availability Suite.

Veeam Availability Suite 10 unattended installation [with Ansible]

Veeam Backup & Replication Chocolatey packages

Veeam NAS and File Share Backups
From Gostev’s Veeam Community Forums Digest:

January 27 - February 2, 2020
“... it appears Microsoft Azure had a critical vulnerability (CVSS score of 10.0) last year, which allowed the attacker to escape the Sandbox of a cloud VM, overtaking the host and so other VMs running on it. I always thought of public cloud as of subway in that sense – if you take one, you have to watch your pockets, and have a copy of your documents at home (or in the hotel). But, do you keep a copy of your cloud VMs backups at ‘home’ (your on-prem datacenter in this case) though? Because we'll for sure keep seeing such vulnerabilities in future with all hyperscalers, and their primary "use case" will be to delete VM snapshots and deploy ransomware > Perfect 10.0: This Is a Cloud Security Nightmare

January 27 - February 2, 2020
“... one of the participants performed a live demo of BitLocker encryption bypass via TPM module sniffing. The key take away here is that the "default" BitLocker setups without pre-boot authentication can be more or less easily bypassed! So I'm now wondering how many BitLocker-enabled laptops carrying sensitive data were lost with IT thinking the data is safe, when it was not.”

February 10 - February 16, 2020
“How you prevent BitLocker encryption bypass attack via TPM module sniffing with pre-boot authentication. It assumes you have BitLocker already enabled, otherwise there's nothing to bypass!
1. Logon to Windows with an administrator account.
2. Open the Group Policy Editor (click Start, type "gpedit.msc").
3. Select Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives folder, and double-click the "Require Additional Authentication at Startup" option.
4. In the dialog that opens, select "Enabled" radio button at the top left.
5. In the "Configure TPM Startup PIN" drop-down list below, select "Require Startup PIN With TPM" option, and click OK to save changes.
6. Launch elevated command prompt (click Start, type "cmd", right-click and select "Run as administrator").
7. Run "manage-bde -protectors -add c: -TPMAndPIN" and set PIN (minimum length is 6 digits).
You're done! Other useful commands include "manage-bde -status" to check your protection status, and "manage-bde -changepin c:" to change PIN. Also, keep in mind that BIOS and TPM firmware updates require suspending BitLocker using the Manage BitLocker snap-in.”

Zone to Win

[Video] Zone to Win - Organizing to Compete in an Age of Disruption, by Geoffrey Moore

Comments