stars
(c)

May 30, 2018

General SAN Storage Failover and Failback PowerShell Scripts (Template) for Failover Cluster (e.g. Hyper-V) with an Easy-to-Use Interactive Console Menu

Note: This is a template to ease development. The storage-vendor-specific part of the scripts have to be coded by yourself.

Introduction

There sometimes comes a need to simply complex operations, in this case failover and failback operations of SAN storage replication between sites (e.g. production and DR), for reasons such as letting operators or the less technically-confident colleagues to more easily perform the operations in case of disasters or drill tests. To achieve that, this template has been created.

Written primarily in PowerShell, this package contains a set of SAN storage failover and failback scripts for Microsoft Failover Cluster (including Hyper-V cluster) and vendor-neutral pseudo code for SAN storage (for further modification to support different SAN vendors). Not only does it perform storage failover and failback, services running on top of it such as databases and virtual machines can also be catered.

Moreover, it features a user-friendly interactive console menu, where complex operations are handled by the scripts in the backend.

SAN-Failover-Failback-Console-Menu

May 20, 2018

Exchange 2016 Migration Checklist

Recently, I have been working on Exchange migration projects and the “70-345 – Designing and Deploying Microsoft Exchange Server 2016” exam. I have found video lessons on Pluralsight to be of great help, such as this one. Based on studies, a checklist including PowerShell commands has been crafted in the hopes of easily keeping track of milestones throughout similar projects. The example is for non-HA migration scenario from Exchange 2010 and 2013 to 2016. (This document is also available on GitHub as “exchange-2016-migration-checklist.md”).

Need a Pluralsight referral code? Here's my referral URL: http://referral.pluralsight.com/mQdE4cb for a discount (up to 50%) in Pluralsight registration

Inventorying Existing Environment

  • Have an estimation of how many mailboxes on each existing Exchange server

    • Get-Mailbox | Group-Object -Property:Database | Select Name,Count | ft -auto
  • Collect AD forest functional level info

    • Get-ADForest
  • Collect domain controller version in AD

    • Get-ADDomainController | Select Name, OperatingSystem
  • Client Access Namespace (used by client to connect to Exchange)

    • Inventory PowerShell – Collect internal and external domain names for each of the below
      • Autodiscover (SCP)
        • Get-ClientAccessServer | Select Identity,AutoDiscoverServiceInternalUri
      • Outlook Anywhere (RPC over HTTPS)
        • Get-OutlookAnywhere -ADPropertiesOnly | Select Server,Internalhostname,Externalhostname
      • OWA
        • Get-OWAVirtualDirectory -ADPropertiesOnly | Select Server,InternalURL,ExternalURL
      • ECP
        • Get-ECPVirtualDirectory -ADPropertiesOnly | Select Server,InternalURL,ExternalURL
      • Offline Address Book (OAB)
        • Get-OABVirtualDirectory -ADPropertiesOnly | Select Server,InternalURL,ExternalURL
      • Exchange Web Services (EWS)
        • Get-WebServicesVirtualDirectory -ADPropertiesOnly | Select Server,InternalURL,ExternalURL
      • MAPI/HTTP
        • Get-MAPIVirtualDirectory -ADPropertiesOnly | Select Server,InternalURL,ExternalURL
      • ActiveSync
        • Get-ActiveSyncVirtualDirectory -ADPropertiesOnly | Select Server,InternalURL,ExternalURL

April 24, 2018

Quick Windows Server Hardening with Chef – Infrastructure as Code (IaC)

CIS, Center for Internet Security, publishes prescriptive server hardening documents which provide guidance for establishing a secure system configuration on platforms such as Windows Server. Usually, their Windows Server documents are over 800 pages long and would take a long time to perform hardening by one man. Thankfully, there is an IaC (Infrastructure as Code) method using Chef Cookbook crafted and released by Mr. Matt Tunny as an open-source project that makes possible things such as the automation of the hardening process, maintaining the desired state, validating the results by checking with inspec, etc.

chef-recipe

Figure 1. Content of harden_winrm.rb, with references from CIS sections (one of the Chef recipes from MattTunny/windows_hardening GitHub repository)

Instead of demonstrating the power of IaC fully, this quick post only aims at introducing the concept by showing the steps to perform Windows Server hardening on a single local machine quickly, which may suit one-time use cases. We will install Chef Development Kit to use chef-apply for applying Chef recipes to harden a local machine and inspec for verifying the hardening.

February 26, 2018

Introducing tCrypt2Go and vCrypt2Go – Lock-and-Unlock Utilities for TrueCrypt and VeraCrypt Portable

Are you a security-aware person? Have you got a USB thumb drive or external hard drive you wish to use that does not have any built-in encryption features? You could turn it into one that does, with the cross-platform open-source alternative to BitLocker – TrueCrypt (succeeded by VeraCrypt) – but it is not as easy or intuitive to unlock or use as a purchased encrypted external storage solution in the market, because of its feature-rich nature; unlocking is done via an advanced user interface that is more meant for the technically inclined.

Solution – tCrypt2Go & vCrypt2Go to Simplify and Speed Up Drive Unlocking

image

Named after TrueCrypt and 'BitLocker To Go', tCrypt2Go – a set of open-source and cross-platform lock-and-unlock utilities on top of TrueCrypt enabling users to DIY their own encrypted portable storage which is simple to use as a purchased solution in the market – simplifies the user experience of TrueCrypt Portable on removable media/external hard disks by hiding the complexities of TrueCrypt and its options from users, making it easy to lock and unlock an encrypted USB thumb drive or hard disk with as few steps as possible.

Technical Overview – How tCrypt2Go and vCrypt2Go work

This is an article for enthusiasts detailing the technical design of tCrypt2Go for TrueCrypt (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified).

(This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go)

Topics Covered in this Article

  1. Container for Thumb Drive (Removable Media) vs Partition for External Hard Disk (Fixed Disk)
  2. Choosing a File System for the Encrypted Partition
  3. Pros and Cons of Each File System (NTFS, exFAT and FAT32)
  4. The Unlocking Flowchart
  5. Commands for Locking and Unlocking

1. Container for Thumb Drive (Removable Media) vs Partition for External Hard Disk (Fixed Disk)

In the high level, there are two modes from which a user can choose to encrypt their portable drives:

  • Encrypted Partition Mode (Entire Partition Encrypted) for a Hard Drive Setup
  • Encrypted File Container Mode (a Virtual Encrypted Disk within a File) for a Thumb Drive Setup or a Hard Drive Setup

Below comparison picture illustrates the difference between them:

image

Installation Guide – Setting up tCrypt2Go and vCrypt2Go to Encrypt Portable Hard Disks

This is an article for users illustrating how to encrypt a portable hard disk (click here if you have a thumb drive or memory card instead) as a partition for use with tCrypt2Go lock-and-unlock utilities for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified).

(This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go)

Image(55)[6]

List of Steps

  1. Creating 2 Partitions and Copy TrueCrypt/VeraCrypt Files to the Partition Labelled UNPROTECTED
  2. Eliminating Free Space on UNPROTECTED Partition (Preventing Users from Saving Files into Unencrypted Area)
  3. Encrypting Second Partition with TrueCrypt/VeraCrypt
  4. Unlocking Encrypted Partition
  5. Labeling Encrypted Partition as 'PROTECTED'
  6. Copying TrueCrypt/VeraCrypt Files to Encrypted Partition
  7. Suppressing 'Format Disk' Prompt with Diskpart

Installation Guide – Setting up tCrypt2Go and vCrypt2Go to Encrypt USB Thumb Drives

This is an article for users illustrating how to encrypt a USB thumb drive or memory card (click here if you have a portable hard disk instead) as a container (virtual disk file) for use with tCrypt2Go lock-and-unlock utilities for TrueCrypt Portable (also applicable to vCrypt2Go for VeraCrypt unless otherwise specified).

(This is a sub-article – click here to view to the list of articles or the main article of tCrypt2Go and vCrypt2Go)

Image(16)[4]

List of Steps

  1. Formatting Thumb Drive and Copy TrueCrypt Files
  2. Creating a 10 MB Dummy File as Buffer (Optional)
  3. Creating Encrypted Container with TrueCrypt
  4. Unlocking Encrypted Partition and Copy TrueCrypt Files There