Month: April 2018

Migrate a MS SQL cluster with a shared RDM disk in a VMware environment

by David Fong

We had a need to migrate a MS SQL cluster with a shared RDM disk in a VMware environment to a new storage for both the OS disks and the RDM.  The two nodes on the clustered are located on different ESXi hosts.  We put the database files and logs on the RDM disk other than the OS is on a VMFS datastore.  It was not a very straight forward migration that involves un-mapping and re-mapping RDMs, coping the databases and all the related files, and finally migrating the OS drives.

Continue reading “Migrate a MS SQL cluster with a shared RDM disk in a VMware environment”

Backing up directly to the Cloud using Cloudberry

by Bhakti Chokshi

TCG now offers CloudBerry as a cloud backup alternative when we build servers for our clients. It is a low-cost, month-to-month managed cloud backup as a service. TCG can even provide CloudBerry as a standalone service for the systems we do not proactively manage with a support contract.

With this new offering that supports several Operating systems such as Windows, Mac, Linux, TCG installs backup software on the server, setup and manage the cloud storage account, tunes the backup strategies,  closely monitors the progress of any backups, troubleshoots any errors and perform any restores.

TCG is excited about this new offering as it aligns with the UIT multi-year cloud initiative.

Some of the interesting features of CloudBerry:

Continue reading “Backing up directly to the Cloud using Cloudberry”

Shibboleth Authentication on IIS

by Leroy Altman

As you may have heard, Stanford is moving away from their in-house created authentication software known as “WebAuth” to an industry standard Open Source technology called SAML2.  Software called “Shibboleth” is available to leverage SAML2 and it includes a version created for Microsoft’s Internet Information Server (IIS) web server running on Windows.

This article was gathered from two great sources listed below, and I encourage you to read both for more details.  This article is really just the tip of the iceberg:

There are two new terms to know:

  • Identity Provider (IDP):  This is Stanford’s central authentication service
  • Service Provider (SP):  This is your web server

Installation:  This is a quick summary of how to get Shibboleth installed and working on a Windows IIS web site.

Some prerequisites:

  • Windows Server 2012 R2 w/ IIS installed.
  • In addition to the default IIS modules, you’ll also need to add Management Compatibility components:
    • IIS 6 WMI
    • IIS 6 Metabase compatibility
    • IIS 6 Scripting tools
    • IIS 6 Management Console
  • Install ISAPI filter and Extensions [located in Web Server (IIS) → Web Server → Application Development]
  • A “Default Web Site” which has a default page, used for testing.
  • A “/secure” subfolder under the root, also with a test page.
  • An SSL certificate installed and working on the website.

Run the Shibboleth Installer.  The most recent version, as of this writing, is here:   https://shibboleth.net/downloads/service-provider/2.6.1/win64/

The defaults for installation are typically fine to use:

Continue reading “Shibboleth Authentication on IIS”

Granting User Access Without Granting User Access in Windows

by Kevin Tai

I recently had a client who hired a consultant to work on a special project to update their website.  The client initially requested to allow the consultant access to a file share on the server where the website is hosted so that he can update the files.  Then the consultant realized that he needed additional access like restarting the services for the website’s Prod and Dev environments. We could’ve lazily grant him Remote Desktop access to the server and call it the day, but that would be giving him more access than he really needs.  All he really needs to do is to be able to restart 2 services (the production web server and the dev web server) after he makes updates to the environments.

That got me thinking that there must be an alternative way to accomplish this without giving up too much access.  So, I designed a process that would do just that and here’s how it works…

Continue reading “Granting User Access Without Granting User Access in Windows”

My Cabin in the Woods

by Jonathan Lent

Systems administrators today (Linux systems administrators, in the context of this post) have many valuable tools at their fingertips. After some initial time expenditures, learning curves, architectural decisions, dead-ends, inevitable frustration, and testing, the adoption of automation technologies can make day-to-day tasks much more productive, repeatable, iterative, and secure.

Continue reading “My Cabin in the Woods”