How Do I Add a Veritas NetBackup Media Server?

Hi Friends,

I'm creating a new NetBackup environment and I installed the Primary (Master) server and I noticed a question.  Would you like to add Media servers?  Well no, I haven't installed my Primary yet...  Right?

So after I installed my Primary, I began installing the NetBackup software on my Media servers.  You tell NetBackup it's NOT a Primary, you give the installer the name of the Primary and away you go!

After everything installed, I noticed my new Media servers showed up in the Hosts tab in the Web GUI, but when I tried to add one of my new Media servers as a Storage server, they weren't showing up...  Hmmmm.....

To you NetBackup veterans, you're going to laugh at me, but for the life of me I couldn't figure out how to let the Primary server know this new server was a Media server.

From what I can see, there are a couple ways to do this.  I'm sure there's lots of other ways, so let me know in the comments!  :-)

1. Edit the bp.conf located in /usr/openv/netbackup

2. Add the machine in the Java GUI using jnbSA in /usr/openv/netbackup/bin

=========

Let's tackle number one first.  On the Primary server go to /usr/openv/netbackup and edit the bp.conf file.

Here's what mine looks like:

SERVER = the_name_of_your_primary_server

CLIENT_NAME = the_name_of_your_primary_server

CONNECT_OPTIONS = localhost 1 0 2

EMMSERVER = the_name_of_your_primary_server

VXDBMS_NB_DATA = /usr/openv/db/data

OPS_CENTER_SERVER_NAME = the_name_of_your_primary_server (unless your Ops Center isn't the primary)

MEDIA_SERVER = the_name_of_your_new_media_server

SERVICE_USER = the_user_you_selected

WEBSVC_GROUP = nbwebgrp

WEBSVC_USER = nbwebsvc

TELEMETRY_UPLOAD = YES

The MEDIA_SERVER entry should not exist and this will need to be added.

After you add this line I've seen sometimes having to restart netbackup on the Primary, sometimes on the Media, but for me it eventually popped up as an asset and I could use as a Storage Server.

========

The second way involves opening up the Java GUI (jnbSA) under /usr/openv/netbackup/bin.  When the GUI opens, click on Host Properties > Master Servers.

On the right hand side, right click on your Primary/Master server and select Properties.

Then click on Servers on the left hand side and select Media Servers on the right hand side.  From here, you can add your Media servers, which will add the server(s) to your bp.conf file.

Check your bp.conf file again and make sure the Media server was added.

As I said earlier, I've seen recommendations to restart NetBackup on your Primary server, but for me the newly added Media server popped up as a Storage server in the Web GUI.

And that should be it!  You should be able to use your new Media server(s).

Until Next Time,

Neil

Veritas CloudPoint Install - Tips and More Tips!

Hi Friends,

I've been busy working away and installing software so I can show you all the coolness Veritas has to offer.  I've been recently tackling Veritas CloudPoint (CP).  This is a SUPER cool piece of software the integrates with your existing NetBackup infrastructure.  Basically the CP server lets you talk to your cloud provider(s) so you can backup stuff in the cloud or to the cloud, depending on how you'd like to architect your environment.  LOTS more to come on this.

Here's a few new cool CloudPoint features that were introduced in NetBackup 9.1:

• Cloud autoscaling dynamically resizes cloud resources, ensuring your protection needs are met while optimizing storage costs and resources.

• Cloud intelligent policies lets you back up snapshots to anywhere using the same protection policies on-premises and in the cloud.

• Native Kubernetes support provides integrated, scalable, container-agnostic protection for all major Kubernetes deployments across all architecture layers.

• Cloud immutable storage with support for immutable Object Lock storage on AWS S3 ensures backup data integrity and prevents your data from being compromised.

What would Neil's blog be without a friendly tip on something I messed up on and don't want you to have to suffer as well?

CP runs within a Docker container, so if you've never worked with Docker, you might want to have a look at some of their docs to get you familiar with the technology.

I was following the instructions in the CloudPoint Administrator's Guide and it was time to deploy the CP image after I installed Docker.

After you download the CP software, it's time to load up your CP software into Docker:

# sudo docker load -i Veritas_CloudPoint_2.x.x_IE.img.gz

Okay, that was easy enough.

Next it's time to install the software:

# sudo docker run -it --rm -v /<full_path_to_volume_name>:/<full_path_to_volume_name> -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:<version> install

Wow, there's a lot there!

Okay, here's where I messed up:

/<full_path_to_volume_name>:/<full_path_to_volume_name>

Sooooo what is the full path to the volume name?  Well, according to the document:

<full_path_to_volume_name>

Represents the path to the CloudPoint data volume, which typically is /cloudpoint.

Stupid me, I decided to put something else, cause why be like everyone else?

When I ran the process everything was going cool until it hit:

"Creating self signed keys and certs for nginx".

And then it froze....  After MANY uninstalls and re-installs I decided to go talk to my good friend Google.  And wouldn't you know it.

SOLUTION!

Yep, there was an article describing EXACTLY what I saw and how to fix the problem.

Problem

When attempting to install CloudPoint to a directory other than /cloudpoint, the installation hangs at "Creating self signed keys and certs for nginx".

Error Message

N/A

Cause

Currently we only support installing CloudPoint at /cloudpoint location.

Solution

If the cloudpoint mount point is not /cloudpoint, then unmount the current mount point and re-mount it as /cloudpoint.

Then re-attempt the installation:

# docker run -it --rm -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:<version> install

So make sure when you install your CP server, don't be like Neil and choose whatever for your install directory.  Choose /cloudpoint:/cloudpoint.  You'll save yourself hours of swearing, headaches, and pain in general.  :-)

Until Next Time!

Neil

Veritas in The Cloud (AWS, Azure, Google Cloud Platform)

Hi Friends,

I'm studying and reading like crazy to learn about Veritas NetBackup goodness because it's been awhile since I've used it.  This is NOT the NetBackup that I used so many years ago, it's got so many cool new features!

You'll probably say, "We already know about this Neil!", but I was so jazzed when I saw some of the new features I wanted to share what I've seen so far.

Just like when I was a System Administrator, you can run NetBackup on prem, but say you want to put your backup infrastructure in the cloud.  I was thinking, you've got to deploy some servers, install the software, make sure everything is configured correctly, yada, yada yada.

The cloud brings great new rewards, but it can be challenging and intimidating if you're not familiar with it.

But wait, what's this?  Veritas NetBackup images right in the cloud stores!  How cool is that?!

Remember I'm still learning, so bear with me here.  :-)

Want to deploy in AWS:

How about Azure:

And last but not least Google Cloud Platform:

Isn't that cool?!  Okay, *I* think it's cool.  :-)

More when I'm more educated!

Neil

Hello World - Part III

Hi Friends,

I've started a new position at Veritas!  I'm super excited to start sharing all the cool things Veritas has in store for you.  I'm going to be focusing on cloud, so feel free to send in requests!

In the mean time, here are some pretty pictures of clouds.  :-)

Until Next Time,

Brain

Decoding DMARC - Part One

Hi Friends,

Welcome to Part One of decoding DMARC. DMARC is mysterious, curious and often times misunderstood technology. None-the-less this technology can help provide security to you and the people you do business with.

DMARC, Domain-based, Message Authentication, Reporting and Conformance is not a tool at all, it’s a technical standard that helps keep the good email going and the bad email out.

If you’re a total DMARC newbie, it can be a bit overwhelming, but basically here’s what it is in a nutshell:

1. Your domain’s authentication practices, what happens if the recipient’s server can’t verify the message sender is who they say they are, are published in Domain Name System (DNS), the phonebook of the Internet.

2. DNS will state what happens when authentication checks fail.

3. Reports are sent of email claiming to be from your domain, if configured.

So how do we do this? By using two authentication standards; SPF and DKIM.

Sender Policy Framework or SPF are the IP addresses of email servers that are allowed to send emails from your domain. IP addresses are identifying numbers given to a computer when it joins the Internet.

Domain Keys Identified Message or DKIM is a lock and key scenario. When you setup DKIM you create a private key that is present on every email you send. In DNS you tell everyone what your public key is. An email from your domain will only be accepted if the private key on the email fits the public key in DNS.

One thing you’ll hear a lot when it comes to DMARC is alignment. Alignment makes sure that SPF and DKIM are in sync. If there is no discrepancy between the two, the email will pass alignment.

Setting up DMARC helps to validate emails that are coming from your domain. Here’s how it works:

1. An email comes to the ACME company from the Widgets company. How does ACME know the email is really from Widgets or is some threat actor spoofing the Widgets’ company domain?

2. Luckily Widgets company configured DMARC so other companies can check for validity.

a. Do the DKIM private and public keys match from what’s in DNS and on the received email?

b. Did the message come from an email server that matches IP addresses placed into DNS?

c. Is there proper alignment between SPF and DKIM?

3. If all three of these conditions are met, ACME company knows the email really did come from Widgets company.

4. But what if the conditions aren’t met? Well, that depends on what is published in DNS. You have three choices:

a. None – Emails will be treated as if DMARC was not used.

b. Quarantine – Accept the email, but put it some place other than the user’s inbox.

c. Reject – If it doesn’t pass, reject it.

When configuring DMARC, companies need to be cautious not restricting email traffic too quickly, since this can potentially cause legitimate emails from being delivered. It is important to investigate all sources that will send email on behalf of your domain.

This concludes Part One of Decoding DMARC.

In Part Two, we’ll take a deeper dive into DMARC policies and how to read them in DNS.

Thanks to DMARC - Explained by SparkPost for ideas for this post!

Malware Mania! What's a Malware Campaign?

Hi Friends,

Sorry for being a flake, you know work, work, work, blah, blah, blah, busy, busy, etc.  :-)  Today I thought I'd talk about what the difference is between a "malware" and a "malware campaign".  It was a new concept for me and I thought I'd explain it in "Neil Speak".

Okay, set the way-back machine back a number of years when I was a System Administrator.  No I'm not going to say how many years.  :-)

When companies I worked for got hit by malware, it was always a mad scramble to try and contain the little beasties from sleazing their way through our network.  Most of them were probably delivered by email, clicked on and then began their nastiness.  Usually that meant network attached drives to Windows Servers were now flooded with malware and moving their way vertically through the company.

As a Sys Admin, my main concern was finding something to neutralize the threat and get production up and running cause business users don't like it when they can't do their work.  No work usually means no revenue for the company.  So get your behind moving Neil!!

Let's back up a little bit, and focus less on the malware itself and more on the campaign.  A malware campaign is just like any other campaign.  You decide what you're going to do, make a plan and then launch that plan.  In the case of malware, a threat actor(s) decides they're going to launch an attack with a certain type of malware, and HOW they're going to get that malware to you.

Remember my example of running around like a chicken with no head trying to stop the malware from spreading?  Those were most likely malware campaigns, but by the time it got to me it was already an end point nightmare.

So what's the differentiation?  Malware is malware, it's the bits and bytes that are going to do the nastiness.  The malware campaign is how it's going to get delivered to you.  Here are some examples:

1.  An email message with the malware right in the email.
The Threat Actor is being pretty bold and just attaching the malware.  If you open it, unfortunately they've got you.  This doesn't seem to be a major delivery method anymore since a lot of anti-malware software will see a .exe, .vbs, etc. and block the file from ever being delivered.

2.  An email message with a link to a website that asks you to download a file once you get there.
Since many anti-malware systems block out questionable files, this seems to be a favorite among threat actors.  The email isn't the malware, the link isn't the malware, the file it downloads MIGHT be the malware, but a lot of times it isn't, it's just another link in the chain, but more on that later.

3.  An email message with a compressed (ZIP) password protected file is included in an email to you with the password to the archive in the email message.
The email is not the malware, it's just the method to expose you to the malware.

4.  This one is really nasty.  A specially written email to someone in a company that handles money, from what seems to be a high ranking officer in the same company.  Typically the threat actor builds up trust and then asks for a large sum of money to be sent to a bank account number for a business transaction.
This is what's called Business Email Compromise (BEC).  In this case NO malware is involved at all.

So you see, the campaign is just as important as the malware itself.  Threat Actors are constantly thinking of new ways to send malware and just because they used a link to the malware in Campaign 1, doesn't mean they'll use the same URL or even a URL at all in Campaign 2.

Before you go running for the hills and throw away all of your technology, just remember, Threat Actors are always trying to kick us in the gut and they do a very good job.  As anti-malware companies build better mouse traps, Threat Actors are continually working on better mice.  This means evolving malware campaigns to new and more nefarious methods.  As you saw in number 4, they don't even use malware, it's just a complex game of smoke, mirrors and misdirection.

Remember I said I'd talk more about number 2.  What's really creepy is Threat Actors have created multi-stage malware campaigns.  Here's an example:
1.  You receive an email that looks like it's from your bank.  There's a link that says you need to go to this link or your account will be deactivated.
2.  You go to the link and to the fake sight which looks legitimate.  You are requested to download a new version of the end user license agreement (EULA).
3.  You download this file and open it up.
4.  A vulnerability in Microsoft's Equation Editor allows for a file to run, NOT the malware.
5.  This file contacts a Command and Control (C&C) server controlled by the Threat Actor.
6.  The Threat Actor puts EMOTET on your desktop.

Here steps 1-5 are the campaign, not the malware.  Emotet, a banking trojan, is put on to your computer after a number of complex steps.  The wild thing is Threat Actors are now using malware to call OTHER malware.  It's just another way to further obscure anti-malware software from stopping the malware.

So how do you avoid all of these shenanigans?

Unless you live in a cave with no connection to the outside world you can't, but you can be educated and aware of the new tactics Threat Actors are using.  Few things to keep in mind:

1.  If it looks fake, it probably is.
2.  When in doubt, don't click on any links in email.
3.  Password protected ZIPs are suspicious.
4.  If you receive something and you're concerned, DON'T click on links in the email.  Go directly to the official website and log in there.
5.  If you don't want to go to the website, call the vendor.  They normally will have an 800 number for you to call their customer support.
6.  If someone sends you a file in email, ask yourself some questions.
Do I know this person?
Do they normally send me stuff?
Does it seem suspicious?
Can you contact the person and see if they really did send the email and the attachment?
7.  Does the email contain lots of grammatical and spelling mistakes?
That's a good indicator it might be fake.

I know it's a pain in the neck, but welcome to the connected world.  It's both glorious and terrifying at the same time.

Be safe out there!
Neil

RobinHood - Steal From Everyone and Keep It!

Hi Friends,

Got some news on a new ransomware making a name for itself.  It doesn't appear to spread itself through spam, but researchers aren't really sure how it's spread yet.  The one thing they do know is that it's pushed out to servers using a Domain Controller.  The ransomware is named RobinHood and unlike good Robin of Loxley, this ransomware doesn't take money from rich people and give it to the poor, it just takes money.

RobinHood is a ransomware, which means when it's kicked off, it goes to work encrypting your files. Yep, encrypting files is good when you have the key to unlock it, but in this case you can only get the key if you've paid the ransom. 

Think of it like this.  Some guy breaks into your house when you're at work.  He changes all the locks on the doors and when you come home he says, "Hey, I've locked up your house and you can't get in.  All of your things are still in the house and I'll give you the new key only if you give me $5000.  If you don't give me $5000 in a few days, you can come in, but all your stuff will be gone."  That would suck!

Ransomware has been declining due to Bitcoin losing a bunch of it's value.  In December of 2017 it was almost up to $20,000 per coin (yes 20,000), but quickly lost value in 2018. (https://en.wikipedia.org/wiki/History_of_bitcoin) The first couple months in 2019 it was around $3500-$4000 per Bitcoin.  That's a heck of a loss!

Ah, but if you've taken a look at the price of Bitcoin lately, it's starting to creep up again.  I checked today's prices and it's almost $8000 a coin, so with the price of cryptocurrency going up, so does the prevalence of ransomware.

One of the first highly publicized instances of RobinHood is when it attacked the city of Greenville in North Carolina in April. (https://www.baltimoresun.com/news/maryland/politics/bs-md-ci-ransomware-attack-20190517-story.html)  According to the article in the Baltimore Sun, 5 weeks after the April attack, the city was still recovering! 

Can you imagine that?  Shutting down a city for over a month!  Now this isn't to say that Greenville was teleported back to the dark ages because their servers were locked-up, but can you imagine the headache that this caused?  Everything is being computerized!

Now shift gears to May and another city is hit by RobinHood.  This time Baltimore in Maryland was hit.  Adding insult to injury, Baltimore was hit last year with malware that took down their 911 system.  So I'm sure the cities IT folks, officials and citizens are less then happy.

Baltimore has decided not to pay the ransom and it is rebuilding it's servers as I write this article.

Can you imagine the huge pain in the behind this causes a city?  Now imagine this happening to a hospital!

It's a brave new world folks and things like this are becoming common place.  You can't stop threat actors from attacking your city or your hospital (Unless you're a security person working for your city or hospital.), but you can educate yourself. 

If you get a weird email about your accounts being locked or compromised or needing additional information, don't click on anything!  If you're truly concerned, go to the actual companies website and login from there.

Be careful out there!
Neil

Got a Ransomware? Check Here Before Paying!

Hi Friends,

I was reading BleepingComputer this morning and came across and article about ransomware and they talked about a free decrypter made by Emsisoft.  There are FREE decrypters out there?!  How cool is that?!  Sorry if I'm a little late to the party, but that is super awesome!  If you're late to the party too, let me help enlighten you.  :-)

Let me first say, I'm not an employee of Emsisoft nor have I used or tested their decrypters.  Use at your own discretion.

So head on over to https://www.emsisoft.com/ and highlight the Support tab.  You should see  Ransomware Decrypter as an option.  Select that and you'll go to the page with all of the decrypters on it.

There are 48 decrypters on the page going back to August of 2013 and they just released a new decrypter yesterday, May 2nd!

Bravo to Emsisoft for trying to help out folks who have unfortunately been infected by ransomware.

I don't wish ransomware on anyone, but if in the unfortunate event you become infected with it, hopefully one of the Emsisoft decrypters can help you without having to pay the ransom.

Neil

Watch Out Crime, Cybercrime is Giving You a Run For Your Money!

Holy Cow!!  According to the FBI's Internet Crime Complaint Center (IC3) cybercrime made $2.7 billion(that's billion with a *B*) in 2018.  And that's just from the complaints that they got!  So can you imagine how much money was lost to cybercrime last year?

According to IC3 there were 351,936 complaints of cybercrime last year, leading to the $2.7 billion in losses.  That just boggles my mind.  And you HAVE to know that a lot of people just didn't report when they got attacked. 

How about an example?  :-)   Sextortion has been huge lately and do you think I'm going to call the FBI if some Threat Actor threatened to expose my pornographic tendencies to all my friends?  Yeah that would be awesome, here goes my thought on how the call would go....

"Ugh yeah, is this the FBI?"

"Yes Sir it is, how can we help you?"

"Ummm, yeah, some dude sent me an email and said he broke into my computer and was going to lock up my computer but decided that since I was such a pervert and had horded tons of pornographic material he was going to extort me for a bunch of money or he would contact my wife and all of my friends and tell them I'm a pervert and would release a video of me entertaining myself!"

Yeah, I can see that going REALLY well...  What the heck do you say to something like that if you're the FBI???

But I digress... 

IC3 has been tracking this since May of 2000, so they've got about 19 years of data on this.  From May of 2000 till 2018, 4,415,870 complaints have been reported to the FBI with about 300,000 complaints a year and about 900 per day.  That's a lot of hacking.

Now this is very interesting.  The crimes with the largest losses were business email compromise (BEC), confidence/romance fraud, non-payment/non-delivery and extortion.  So what's BEC you ask?  It's a form of attack where the Threat Actor does a very targeted attack to YOU.  Yep, as creepy as it sounds, Threat Actors do a lot of research on their mark. 

Where does all this information come from?  Think about it, how much information do you have about yourself on LinkedIn, Facebook, Instagram, Twitter, shall I go on?  And I'm not saying unplug, live in a cave and wear furry animal skins.  Just be a little mindful of what you're putting up on the Internet because it's public.  Let that sink in just a little bit before you read on.

BEC is very popular with Threat Actors because targeted attacks make more money.  According to the BleepingComputer article I'm getting this information from (https://www.bleepingcomputer.com/news/security/cybercrimes-total-earnings-skyrocketed-to-27-billion-says-the-fbi/)  BEC made $1.2 billion last year.  So almost half of all the money came from these targeted attacks.

Here's an example.  I'm a threat actor and I find out you're the controller of a company.  Suddenly you get an email from your CEO addressed to you.  It states that he/she is working on an important deal and it's extremely time sensitive.  The email looks legitimate, the names are correct and there's a bank routing number where to transfer the money. 

Do you transfer the money or do you do more research?  If it's real, the CEO might get really pissed if you cause him/her to miss out on this deal.  If it's fake you could end up sending the wrong person a chunk of money.  What to do?

But Neil, it has the correct names on it...  Yep, that's easy to fake.
But Neil, they knew my name...  Yep, that's easy to find.
But Neil, they knew what I did...  Yep, that's easy to find.

So see why it's so successful?  Traditional phishing is usually pretty spammy with mis-spellings and grammatical mistakes and is easier to spot.  BEC is personal and it should worry you.

Well on that sunny note, I think I'll stop scaring everyone.  :-)  If it seems fishy, it's probably cause it is.  If it seems to good to be true, it's probably cause it is.  Threat Actors do a lot of stuff to hit us in the gut and make us ask "how high" when they say jump.

Be careful out there!
Neil

Zero Day Exploits Patched by Microsoft (CVE-2019-0859 & CVE-2019-0803)

Hi Friends,

You know how much I LOVE patches, actually they scare they heck out of me...  Here comes the, "When I was a <fill in the blank>" moment.  Ready?  Let me get my rocking chair.

When I was a system administrator patches were the bane of my existence.  Why?  If it isn't broken, DON'T fix it!!  When you work in a production environment, you don't want anything messing up your up-time.  Business people tend to get very fussy when their production applications aren't available and the last thing I wanted to do was add an unknown into a working system.  Yes I know that's what test environments are for, but remember, test isn't something you want to break either.  Where do you think these business folks do all their testing?

But alas, being in the security industry has given me a new perspective on patches that I've never had.  Now that I know about some of the creepy crawly code running around the Internet, it scares me even more than patches!

Zero day this, malware that, exploit this, it's enough to make me want to unplug my Ethernet cable and never plug it back in.  But that doesn't even work anymore because of wireless.  ;-)  So what does this paranoid technical guy do?  Patch.  I'm not saying run out and patch your production environment immediately without some sort of test, but we can no longer hide our heads in the sand and hope it goes away.

With that said, let's talk about the latest "Patch Tuesday" Microsoft went through.  Microsoft tends to release patch bundles on the second or fourth Tuesday of each month.  It's a practice they started back in 2003.  Unfortunately Patch Tuesday is now followed by Exploit Wednesday.  Yep, just like the rest of us, Threat Actors get to see what Microsoft patched and it's an opportunity to go after vulnerable systems that haven't been patched yet.

Hold onto your socks for this one.  This latest bundle contained patches for 74 vulnerabilities with 15 being classified as critical.  Let's break it down a bit more.  Within that bundle was also a patch for CVE-2019-0859 and CVE-2019-0803.  These two Common Vulnerabilities and Exposures patched a problem with win32k.sys.  Win32k.sys is a very important file and is critical in the startup of Windows.  No file, no boot.

These vulnerabilities are what's called a Use-After-Free, which is the incorrect usage of dynamic memory during the programs operation.  Basically it's a problem of freeing up the memory when a program is done using it.   Because of this situation, Threat Actors have been seen creating PowerShell "HTTP Reverse Shell"  or a backdoor into a system.

Yep it's as bad as it sounds.  The attacker is able to run code in kernel mode and game over man!  They can then install programs, view, change or delete data or create new accounts with full rights.  And FYI, this isn't for some antiquated OS, this is for Windows 7 and 10.

Believe me, I'm not trying to scare you, just tell you the facts.  But if it does scare you a little, you're starting to understand how I feel.  :-)

There's tons of information about this patch bundle and these two CVE's, but here's a great article from BleepingComputer:
https://www.bleepingcomputer.com/news/security/patched-windows-zero-day-provided-full-control-over-vulnerable-systems/

Be safe out there!
Neil

Java Catch-22

Hi Friends,

Today I found myself in a Java "Catch-22" and wanted to let you know how I got past it.  I loaded up a webpage that needed Java to run the utility.  The page told me that only Internet Explorer and Firefox were supported.  If you've read my last blog, I let you know that Windows 7 is going away so I decided to jump on the Windows 10 band wagon.  I know, about time Neil!

Anywho, I'll just load up Edge cause that's the IE replacement right?  Nope, the page didn't recognize Edge as IE.  Ah crap!  But that's okay, I still have Firefox!  Firefox will work right?  I load the page and I'm told I need to update Java.  No problem, a couple of clicks and Viola!!  Hmmm, still not working...  Maybe a restart of Firefox will work!  Nope...

Okay, okay, time for my buddy Google.

Firefox:
Apparently Firefox version 52 and above have removed the NPAPI plugin support for Java.  So I can't enable the plug-in.  Doh!!!
https://java.com/en/download/help/enable_browser.xml

Edge:
Apparently the Edge browser does not support plug-ins and won't run Java....  UGH!!
https://www.java.com/en/download/faq/win10_faq.xml

So see my predicament...  I tried Chrome for the heck of it, but nope, that didn't work either.  So I looked around a bit and realized that Edge can open a page in IE.  Whaaaaat?!?!?

So I went to the page that needed Java in Edge, then selected the Open with Internet Explorer and it worked!!

I'm not sure how long that will be in Edge or how secure it is, but bravo Microsoft for helping me out of the difficult predicament I was in!

All the best,
Neil

Windows 7 & 8 Anti-Malware Software Crashing

Hi Friends,

To followup from my last blog about the end of life of Microsoft Windows 7, here's some more good news for you!

According to BleepingComputer, Microsoft's Anti-Malware software has been crashing on Windows 7 and 8 machines.

Microsoft users believe the error comes from a buggy definition update that was released on March 18th.  The good news is Microsoft is aware of the error and is coming up with a fix.

So why am I bugging you about something that will probably be fixed by the time you read this?  Just more ammunition to use with your boss, spouse, parents, IT department to remind them Windows 7 is coming to the end of it's life....

Windows 10 is the current OS with fixes and learnings from Windows 7 and Windows 8.  As much as I hate to let my good friend Windows 7 go, Windows 10 is the latest and greatest and was released on July 29th of 2015.  Yep, it's been out for almost 4 years.  I KNOW, I was surprised too!! (https://en.wikipedia.org/wiki/Windows_10)

Here's the article from BleepingComputer. (https://www.bleepingcomputer.com/news/security/microsoft-antimalware-crashing-with-error-0x800106ba-on-windows-7-and-8/)

Best,

Neil

Let's Talk About Windows 7

Hi All,

Brain here.  Today I thought I'd talk about Windows 7.  I really like Windows 7.  I was a big fan of it when it came out.  It's stable, looks good and runs well.

For those of you that have read my blog for awhile you know I know Windows.  :-)  When you test VDI you get very close to Windows and learn all about it's special behaviors.  Yep, I tested out other flavors of Windows too, but Windows 7 is still my favorite.

When I first started testing Windows 10, I liked it better than Windows 8, but I still have a special place in my heart for Windows 7.  Windows 8 felt like it was developed for tablets and was a bit ahead of it's time, hence Windows 10.  10 is a nice compromise between the touch screen affinity of Windows 8 and the mouse controls of Windows 7.  I'm still not a huge fan of 10, but I'm slowly warming to it.

Unfortunately Windows 7 is coming to the end of it's life and it feels like a close friend is passing away.  Yes the relationship has been rocky at times and sometimes I just wanted it to go away, but all-in-all I'm really quite sad.  For those of you that don't know Windows 7 will be coming to the end of it's support life on January 14th of 2020.  Now does that mean it'll stop working on that day?  Nah, it'll keep working but you will no longer be getting any updates.  Here's the official Microsoft page on it's end of life:
https://www.microsoft.com/en-us/windowsforbusiness/end-of-windows-7-support

I have a funny relationship with patches.  Coming from a system administration background, patches scare me.  But Neil, aren't patches good?  Yes, yes they are.  However, after patching there were always systems that were finicky and didn't want to boot up afterwards.  Yes patching has gotten better since I've been out of system administration, but you can't run away from your past.  :-)

Now that I'm in security, I see patching in a whole new light.  Now patching seems to be something I can't do quick enough!  Security hole here, zero day there, it's enough to make me want to unplug my network cable.  Well, with that bright and cheery view, I've got some bad news for Windows 7 folks.  Google recently patched a zero day exploit in Chrome (https://www.bleepingcomputer.com/news/security/google-chrome-update-patches-zero-day-actively-exploited-in-the-wild/), but it seems they are advising folks to get off Windows 7.

What a bummer.  So my good friend is not only passing away next year, but now I'm being told I really should stop using it.

Apparently even with the patch, Google recommends leaving Windows 7 and go to Windows 10. (https://www.bleepingcomputer.com/news/security/google-advises-upgrade-to-windows-10-to-fix-windows-7-zero-day-bug/)

Let's face it, Windows 7 came out on October 22 of 2009 (https://en.wikipedia.org/wiki/Windows_7) making it almost 10 years old.  I guess all good things come to an end and so must Windows 7.

So if you're running Windows 7, you should start thinking about your migration path.  Does that mean a new computer or an upgrade?  Well, that's up to you, but my suggestion is get it done before support officially ends.  And if you're running Windows XP....  Let's not talk about that.  :-)

So long my friend, you've been a solid performer and you haven't let me down.  I'll miss you.

Brain

How About Some Threat Awareness Goodness?

Hi All,

Thanks so much for the positive wishes on my return, I really appreciate it!  Here's something I've been working on lately.  It's called Threaty Bytes and I have a bunch of webinar recordings that I've created that discuss interesting email threats that are floating around the Internet.  I talk about what they are, what they do and hopefully how you can avoid them.  They have the "Neil" flavor and they're only a few minutes so you're sure to laugh and hopefully learn something cool too!

The only catch (of course there's a catch!) is they're gated behind a site.  Yeah yeah yeah, I know you hate signing up for things, so I've got a few episodes you can watch without signing up for anything!  First three are free.  :-)

Okay, first with the un-gated ones.

1.  Go to www.youtube.com
2.  Search for proofpoint
3.  Select the Proofpoint channel
4.  Click on Videos
5.  There's three of my videos you can watch:

https://www.youtube.com/watch?v=o-5MOPFVKzA
https://www.youtube.com/watch?v=9TESEIdzlzc
https://www.youtube.com/watch?v=cBxX74DFiv0

The first link is about a nasty little beasty called AZORult, the second is how threat actors used Hurricane Michael to try and get money out of people and the third is another nasty one called Marap.

I'm not going to tell you anymore about them, but hold onto your socks cause they're gonna try and fly off!

Now once you've listened to those episodes and say, "Oh my goodness, I need MORE!" I've got you covered.

1.  Go to www.brighttalk.com
2.  Create an account
3.  Search for threat byte
4.  Behold the plethora of videos for you to watch!

I hope you like the videos, if you don't, let me know how I can make them better!

You know what this calls for?

A FLASH JUMP!

Hello World - Part II

OMG! I can't believe it's been over 2 years since my last post.  I'm sorry....  But the Brain is BACK!!!

So what the heck happened to me?  I've been heads down for 2 years learning a new industry folks, that's right Brain is now in security and I'm with a new company!  Storage is my first love, but sometimes you gotta take a leap of faith and see where it takes you.

I'm with Proofpoint now and I've been drinking from the security fire hose.  I have TONS of information I want to share with you and I'll start blogging on a regular basis about all the fun and excitement in the world of security.

The security world is exciting and frightening, so be on the look out for an all new Brain!

Best!
Neil

VMware App Volumes - The Next Evolution in VDI - Step 2 Writable Volumes

Hi Friends,

Ready for the next step in VDI evolution?  A little while back I showed you how cool AppStacks were in VMware App Volumes - The Next Evolution in VDI - Step 1 AppStacks.  Today I'm going to show you how to setup and use Writable Volumes.  AppStacks are really cool because you can assign applications to users that need them, Writable Volumes allow users to install their own applications on non-persistent desktops!

Wait, wait, wait just one second there Neil, you just contradicted yourself.  Install applications on non-persistent desktops?  Isn't that the whole point of non-persistence?  You're right friends, and that's what makes Writable Volumes so cool!  Writable Volumes give users the persistence and freedom they demand coupled with non-persistent desktops that allow administrators to roll out patches and changes to a single image.

Don't believe me huh?  Yeah, I was a bit skeptical too, but wait till you see how cool this is!

Let's head over to our App Volumes GUI, click on the Volumes tab and then Writables.  Click on the Create Writable button to create our first writable volume.

This next step looks like there's a lot going on, but it's pretty easy and I'll break it down step by step.

First, we need to find who or what we're going to assign this Writable Volume to.  In the case below I'm assigning it to a user named avtest1.

After you click on the search button, App Volumes will go take a look through your active directory and find the user or machine you want to assign to.

Check the box of the user or machine you want.  Now we select what storage the Writable Volume will reside on, the path to it and the source template.  Here I'm using a Tintri T5080.

Once you're happy with your configurations, click on Create.

The Writable Volume has been created!

Wait, don't celebrate too much yet, we're not there just yet.  Notice the status is Enabled, but Detached.  We've created our Writable Volume, but our avtest1 user hasn't done anything with it yet.

I've just logged into a virtual machine called appvolumes2 with user avtest1 and everything looks normal on the Windows side, but unknown to our avtest1 user, they now have a 10gigs of storage to install applications of their own!  Notice the state is now Attached?

The plot thickens!!!

One thing I forgot to mention is that the desktop(s) that will use App Volumes need to have the agent installed.  That can easily be rolled out by changing the golden image and doing a recompose.  Here's a screen shot of appvolumes2, the agent is installed and my test application, Notepad++ is not there.

Here I am installing Notepad++ on appvolumes2 as user avtest1.

And here's appvolumes2 after the install.  If you take a look the Notepad++ shortcut is on the desktop and it's now listed as an installed program.

Now, for the test, if I log into appvolumes2 as a different user, will Notepad++ still be there?

Woo Hoo!  I'm logged into appvolumes2, but as avtest2 and there's no Notepad++.

Now, what if I log into another desktop as avtest1?

Okay.... NOW it's time to celebrate!

How cool is that?!?!

Until Next Time!
-Brain

Dr. Brain's - Gadgets of The Year for 2016

Hi Friends,

It's that time of year again!  Yep, Dr. Brain's Gadgets of 2016!!  I had so much fun writing about last years gadgets, I decided to do a repeat for 2016.  Without further delay, here are the gadgets!!

NES Classic Edition

In my opinion, the original NES **IS** the home system that changed home gaming forever!  No offence to all the great home systems that came before the NES, but before it there was a big difference between arcade games and home systems.  Even before NES I was amazed video games were available at home, but the NES brought arcade quality to our living rooms.  Remember the original commercial with Super Mario, Duck Hunt and the little robot dude?  I sure do!


Amazon Echo and Alexa

This is the second year Amazon has made my list.  They just keep coming up with cool stuff!  Remember watching movies where your house is totally automated, you ask for something and ta-da!  The Amazon Echo and Alexa might not be there just yet, but it's getting pretty darn close.  It's like having a personal assistant ready to answer your questions!  Bravo Amazon, keep up the great work!!

Ring Video Doorbells

Okay, so it's a video camera, so what right?  Yes, it is a video camera but it's very cool!  It can hook up where your old door bell ringer is, pings your phone when someone is ringing your door or if it detects movement.  You can talk to the person ringing your door from almost anywhere!  The kit comes with all kinds of great things you many need for installation and their videos are top notch showing you how everything fits together and how to do the install.  Awesome job Ring!

Pip-Boy: Deluxe Bluetooth Edition

Okay, okay, okay it's not available until March 2017, but this is so fricking cool!!!!  Brought to you by the awesome people of ThinkGeek!  Look how cool it is!  Need I say more?!?!


The Apple Watch

Second year in a row, WOOT!  There's lots of arguments around wearables.  I've seen some articles poo-poo'ing them, but I think they're AWESOME!!  Is the Apple Watch perfect, no, but it's VERY cool.  My wife got me one for my birthday this year, yes she is an awesome wife, and I'm currently on watchOS 3.  Apple recently released the second generation of the watch and I hope this means it'll be around for a long time.  I'm weird, I don't use it for it's normal functions.  I don't have it pinging me about my appointments, I don't text with it, but I still love it!  Apple has some pretty cool watch faces, I usually have it on Mickey Mouse, but the other day I needed a stop watch, just changed the face to a chronograph and BOOM, instant stopwatch.  But where does this thing really make me happy?  Games!  I've got breakout, a Flappy Bird type game, Pong, and there's this really cool one called Time Unit.  Oh and I didn't realize I could upload my music from my phone to my watch so I can listen to my music on a bluetooth speaker or headset without my phone!


Microsoft Surface

I've got to hand it to Microsoft, it's not easy coming up with new and innovative consumer computers, but I think Microsoft has a winner here.  A tablet that can replace my laptop, pretty cool huh?  Remember Star Trek Next Generation?  Where they were always typing on these little pad thingies?  Hey, we're just about there!  Here's hoping that I'll soon only have one device that does everything!


Hoverboard

Nope, not going to include a link because there are tons of different sites and vendors that sell them.   Love them or hate them, you got to admit they made an impression on you this year! :-)  When I first heard about them I was expecting a gravity defying device like Michael J. Fox road in Back to the Future 2, but alas, it still has wheels and you still need roads.


Pokemon Go

You didn't think I would forget about Pokemon Go did you?!?!  When was the last time you heard of a video game that actually got people moving!?!?  Pokemon or Pocket Monsters are not new, they've been around for quite some time now.  They were introduced in 1995 by Satoshi Tajiri and it focused around games and trading cards.  If I'm wrong, please forgive me I'm using Wikipedia for my facts.  Pokemon have always been popular, but with the creation of Pokemon Go, Pokemon became a household name for people who never knew a thing about Pokemon.  It's still a similar concept,  you're a trainer of these little critters.  You go looking for them, capture them and train them to do battle!  According to Wikipedia, the app has been downloaded more than 500 million times and is one of the most used and profitable mobile apps in 2016!!!  Yep, my wife and I play Pokemon Go.  :-)

Super Mario Run

There was enormous anticipation for this game, well at least by me!  :-)  It was first announced at the Apple annual iPhone event on September 7, 2016 and I couldn't wait!!!!  I'm a HUGE Nintendo and Mario fan and was so excited Nintendo finally decided to bring the plumber with the red hat to iPhone!!  It was just released on December 15th this year, so time will tell if Mario's charisma can propel Nintendo into a major developer for mobile apps.  I REALLY hope Nintendo will release more applications for mobile.

Apple iPhone 7

Ask anyone, almost ANYONE what an iPhone is and I'd be surprised if they haven't heard, seen, tried or own one.  This year Apple introduced the iPhone 7 and it's cooler than ever.  Something my wife and I noticed is that with the iPhone 4, the camera quality became really good.  So good we stopped carrying our other cameras.  That's a pretty tall order since we're both photography nuts and we love taking pictures.  A friend of ours once said that the best camera you have is the one that's with you when you want to take a picture.  The cool thing about having the camera on your phone is that your phone is usually with you!  Apple has also improved the camera substantially since the iPhone 4 and it keeps getting better.  Bravo Apple!

Nest

Home automation is HUGE, and even though I talked about the Ring doorbell earlier in this article, I felt adding more wouldn't hurt at all.  If you haven't had a chance to take a look at some of the Nest products, they are very cool!  They have the thermostat, smoke/CO detector, indoor cameras and now outdoor cameras.  From what I've seen the products are simple to install, simple to use and are very sharp looking!

Google Self Driving Car

Yay!!!  Let's hear it for self driving cars!  Yep, I know they're not available to the general public and I know there's a whole lot more of them out there then just the Google Car, but how cool is this?!  I was in a co-worker's Tesla earlier this year and it had the self driving feature, it was so cool!  It showed you, other cars, where you and they were in the lane, etc.  I can't wait for truly autonomous cars to be available to the public.  The tough part is making it so EVERYBODY is no longer driving.  But Neil, how can you put your life in a computer's hands?  A computer is faster, non-biased, doesn't hesitate, more reliable and doesn't get angry.  Only time will tell how reliable, safe, etc. these cars will be, but I'm hopeful.  It's not the flying car I was promised as a kid, but it's so cool, I might forgive the people that promised me one!

Tesla Model X

Ooooooh <drool> <drool>!!  Elon Musk, you make some REALLY sexy cars!  And!  And!  They're made right here in Fremont California!!  Look at those doors, look at them!  Not only are his cars all electric, full of electronic goodies, but they're sexy!  This is the second year Telsa has made my list and I hope the Model 3 will come out soon so I can talk about it soon.

ThinkGeek

Okay, no it's not a gadget and no it didn't come out in 2016, but it's an awesome website!  It's my go to site for most of the shirts I wear these days.  :-)  ThinkGeek comes out with really cool products that they've created and carries tons of products that would be difficult to find anywhere else.  If you haven't had a chance to check out their site, I highly recommend taking a quick peak.  Before you know it you'll find your shopping cart overflowing with cool gadgets you never knew existed!

Unless I have a spark of imagination, but I think I'm sparked out this year, that's Dr. Brain's Gadgets for 2016!  I hope you enjoyed reading about them and will return to Glick's Gray Matter for lots more fun and geeky technology articles for years to come!

Happy 2016 My Friends!

Best,
Neil

DABCC Radio - Tintri / Citrix Ready: VM-Aware Storage Podcast - Episode 266

Hi Friends,

I'm happy to announce myself and Lei Yang were on DABCC Radio with Doug Brown!  Lei and I had a great time talking to Doug about the goodness of Tintri, VM-Aware storage and how Tintri can help with your VDI and Citrix deployments!

What's DABCC Radio you ask?  From the DABCC site, "DABCC Radio is an interview based podcast show where the hottest virtualization and cloud vendors talk with Douglas Brown about their solutions. Detailing such topics as, what do they do, how it works, why we should care, how do they complete, and much more. Featuring technologies such as virtualization, cloud computing, desktop virtualization (VDI), server virtualization, application virtualization, remote desktop services, application deployment, application management, performance monitoring, and server-based computing from vendors such as Citrix, VMware, Microsoft and many more! DABCC Radio is hosted by Douglas Brown, Microsoft MVP, Citrix CTP, VMware vEXPERT, and founder of www.dabcc.com."

Take a look at the DABCC site, there's tons of great material!

Here's the direct link where you can listen to the episode or you can get it from iTunes.

http://www.dabcc.com/tintri-citrix-ready-vm-aware-storage-podcast-episode-266/?

Thanks to Doug for having us on his radio show!!

This definitely calls for a Flash Jump!

VMware App Volumes - The Next Evolution in VDI - Step 1 AppStacks

Hi Friends,

I've been busy learning all about VMware's new cool VDI technology, App Volumes.  Let's set the Wayback machine to the dawn of virtual desktops.

In the early days, VDI was easy.  You had a bunch of non-persistent desktops that reset themselves after each use, didn't need customization or special user applications or profile settings.  These were created for call centers, libraries or wherever someone just needed a desktop for temporary use, logged in, logged out and everybody was happy!

But what happens when you need to create a desktop for someone like me?  I have specific applications I need, save data to my computer, have a certain look and feel I've come to expect.  Sheesh, what happened to simple non-persistent desktops?  I had to go and make it all complicated!

Okay, so how do I get the non-persistence and ease of use administrators need, but the customization and persistence users demand?

VMware App Volumes!  That's right, VMware has done a really awesome job balancing out the ease of non-persistence and the customization of full persistence Knowledge Workers have come to expect.

App Volumes is pretty packed with cool stuff, so I'm going to break the technology out into a few blogs.  Today I'm going to talk about AppStacks.  AppStacks allow administrators to install and assign applications to individual users or desktops as needed.  Yep, that's right, if you're a VDI admin and you've got users demanding certain applications or departments bugging you to install certain apps, this might be the answer!

The first step is to choose a desktop to install the application on.  Here I've chosen to install on a desktop called AppVolumes2.  I think it's a good idea to take a snapshot of the desktop before you start making changes just in things don't go to plan.  Tintri snapshots would be a good choice, they're fast and space efficient!

Okay, after you've selected which desktop will be the install desktop, go to the App Volumes GUI and select Create AppStack.

Give your AppStack a name, what storage it will use, the path and where the template lives.  Here I'm using a T5080, Tintri's top of the line all flash array.

One the AppStack has been created, next we need to attach it to our install desktop so the application can be installed and put under control of App Volumes.  Here we've got our newly created AppStack and I select Provision.

Remember when I said to pick a machine to be the install machine?  Here's were we search Active Directory for that machine.  When you find your machine, click on Provision.


























Here we can see the AppStack is being attached to appvolumes2.

Okay, the AppStack is attached to appvolumes2 and as the message says, it's time to install our application.

We're connected to appvolumes2 and we can see the App Volumes message telling us we're in provisioning mode and to click OK after the install is done.

I've chosen to install Notepad++.  If you haven't had a chance to take a look at Notepad++ it's a really cool program that gives Notepad like capabilities but MUCH MUCH more!!  Definitely worth a look if you're looking at logs and opening text files a lot.

The next step is to install your application like you normally would.

Awesome, our application has been installed!  Click on the OK button and we'll proceed to the next step.

FYI, I didn't show it, but I deleted the installer because we're done with it.

The application is analyzed by App Volumes and then a dialog box will pop up telling you to click the OK button to complete the process and reboot the computer.

If everything works okay you'll be greeted with this dialog box that tells you the provisioning was successful.

Back to our App Volumes GUI, we can see the application installed and it's time to assign the application.  Wait a second, I thought we installed it on appvolumes2?!?!  Well, yes and no.  We did install it on appvolumes2, but it wasn't really installing it on that machine, it was recording the installation procedure so we can put the app on any computer we want.

Now, this part is cool!  We can assign the application to certain machines AND/OR users.  Pretty cool huh?  So here I'm going to assign the appliation to avtest1.  This way the user will get Notepad++ regardless of which computer they log into.

Now, the test!  If I log into appvolumes2 as user avtest1 will Notepad++ be there?

Yep, there it is.  But, here's the big test, what if I log into appvolumes3 with user avtest1?

Yep, there it is!! How cool is that?!

Okay, but what happens if I log back into appvolumes2 as a different user?  Here I'm logging in as avtest2.  Now remember, avtest2 wasn't given access to the application.

No application!  VERY cool!

Now this is just the tip of the iceberg, there's TONS more for me to show you.  Writable App Volumes, backup and recovery, the list goes on!

Be on the lookout for the continuing saga of App Volumes!!!

Until Next Time
-Brain