Showing posts from February, 2020

Sales Engineer Guide: Understanding the vendor elimination phase

One of the hardest things for technical people to understand is how to adjust answers taking into account context and where the questioner is in their evaluation process.  The blue line describes how evaluators eliminating as many options as possible as early as possible. They do this so they can dig deeper into the few options that are left. Evaluators may use in-house analysis or leverage professional research companies .  The red line conveys the idea that decision makers learn as they go along. Note that the mass elimination often happens  before they truely understand the scope of what they need to know. The customer works to reduce their problem space to something manageable. They start with a  Vendor Elimination  phase where they try to learn as much as possible while eliminating as many vendors as soon as possible. They ask all kinds of questions to learn more and to eliminate many options quickly.  A  straight up "no" answer that means instant elimination

Using authenticator applications with VIP 2FA protected sites

You can generate Syamtec VIP compatible 2FA tokens that can be loaded into standard TOTP based Authenticator applications like  Microsoft Authenticator  , Google Authenticator  or FreeOTP. You generate new tokens  t o be registered with the protected web site.  You cannot load existing tokens  tokens because you do not have access to the token's secret seed . See references below for the original 2014 work on this. Steps These steps are documented on the Docker Hub page for this docker image. 1. Pull Docker Image     docker pull freemansoft/vipaccess 2. Generate token, example with SYMC prefix     docker run freemansoft/vipaccess provision -p -t SYMC 3. Save the token URL and Symantec ID somewhere 4. Generate a QR code to be scanned by mobile application replacing the otpauth://...  with the otpauth string from above.     docker run --entrypoint "qrencode" freemansoft/vipaccess -t ANSI256 otpauth://... 5. Scan the QR code with your Authent

Protect messaging and streaming data in the cloud with "data key" encryption

The best approach for protecting data in message queues and data streams is to not put any sensitive data in the message. Some systems use a claim check  model where the messages contain just resource identifiers that can be used passed to the originating system to retrieve the data. The  Claim check approach   creates tighter coupling between the producer and consumers. It puts an additional burden on the producer to be able to cough up the data associated for the claim for some period of time.  Some systems sometimes have to create caching architectures to store the claims for retrieval adding additional complexity to the producer.  Data / payload encryption is an alternative approach that can be used to protect data stored in messaging systems or on disk. Sensitive data is encrypted and put into the message payload.  Producers and consumers only need share access to encryption or decryption keys. This is easy in cloud environments which have services built just for this. Standar

Are you "on board or out" or "disagree and commit"

Active and passive resistance to changes and initiatives drain energy and morale significantly reducing the chance at success. Poorly managed disagreements  can be a project killers.  Companies take different approaches to counter this. Methodologies G et on board or find another job  where an executive decision is the end of the discussion. This approach does not acknowledge that there is a time for discussion and dissention. It forces people to get on the same path while devaluing their role.   Disagree and commit  is an approach most recently made famous by Amazon.  Individuals vigorously disagree during planning and decision making phases. They explicitly  commit  to the effort once a decision has been reached.  Create no common framework and operate with a policy of  hire smart people and they will do the right thing  across the organization.  This can devolve into  sandbox style fighting  with no obvious path to resolution. I hesitate even mention this guerilla warfare d

Azure Stack ASDK Hosts and Networks as 2020 February

This is the network setup for Azure Stack ASDK as of February 2020.  All of the Azure Stack VMs run on a single host using Storage Pool to host all the the VM disks. Note that the NAT gateway machine no longer exists. VMS Azure Stack ASDK installs these virtual machines. AzS-ACS01 AzS-ADFS01 AzS-CA01 AzS-DC01 AzS-ERCS01 AzS-Gwy01 AzS-NC01 AzS-SLB01 AzS-SQL01 AzS-SRNG01 AzS-WAS01 AzS-WASP01 AzS-Xrp01

Recognizing Violent Agreement

Violent Agreement is something to look out for and point out when you see it.  It means good things are happening without everyone being aware.  Watching for violent agreement  is on my shortlist of behaviors that I watch out for in myself and others.   Recognize it, acknowledge it, celebrate it and accelerate your efforts! Violent Agreement is behavior that you can see in situations involving vigorous problem-solving .   Parties become so involved in the discussion that they do not realize they are essentially aligned or that the discussion has closed their differences. The phrase popped into the mainstream in the mid-2000s.  I found these two definitions  on an old linguist mailserve discussion .  to spend time arguing about a topic only to find that they actually agree but don't realize it because they're coming at the discussion from different viewpoints. a group who are all after the same goal but have totally different ideas how to get there, so that they agree a

Azure Stack ASDK local installation workflow

Microsoft Azure Stack ASDK documentation  Prepare the host Set up the ASDK Installer GitHub Post Deploy steps   It is possible tovalidate via the priv endpoint prior to ASDK powershell installation. Register your ASDK with Azure ASDK Admin Basics (once installed) Process Overview The install starts on your Windows Server where you enable a direct bootable VHD The process then moves to running a bootable VHD running on the Windows Server.  The final step installs VM servers in Hyper-V inside the bootable VHD. Start and Stop You can reboot out of the VHD and back into your root system and back again without issues. The management VMs autostart and then deploy the rest of the components on Hyper-V restart. Video Walk-through Change Log 2020 02 09 Added post installation steps including Azure regsitration

Azure Stack ASDK data disks - when "you need 4 disks" isn't enough information

Azure Stack ASDK is a cloud-like environment that lets you experiment with Microsoft Azure services at home or in a non-cloud data center. The ASDK runs in a completely self contained environment that is delivered as a bootable VHD.  That VHD runs the Azure Stack ASDK as a cloud environment running in Hyper-V running on top of the Azure Stack booted VHD.  Azure Stack program and server deployments and provisioning are typically managed from the Azure portal or via PowerShell.   Data Disks The AzureStack ASDK documentation doesn't make it obvious how data disks are used or how they should be sized. It just says that you need 4 blank disks over a certain size without any other guidance.  I had 4 250GB SSDs above the minimum.  That didn't seem to work while a combination of large spinning disks and smaller SSDs worked on the first attempt.   ASDK pulls the data disks into a storage cluster. The storage cluster can combine disks of different sizes and types. It u