Friday, September 29, 2017

Securing Windows 10, Mesos on GCP and NFS Storage VMotion

This week I was mostly working on securing Windows 10 built 1703 enterprise image. It’s unbelievable how hard the customers pushed to use the product the vendor way. It really comes to hardcore tweaking and almost hacking the OS.  Collection of few hardening URLs that I come across and might help others are here:
  •           Disable Edge Icon in IE –
  •           Disable EDGE start pages -
  •           Customizing Start Menu through XML file -
  •           PowerShell script to remove “Standard Applications” that have are very similar to Office 365 products (Mail, Calendar, Skype, Notes etc) -
  •           Very helpful set of Microsoft assets for hardening Windows 10 (v1703) -
  •           Previous version of the URL above with more details on differences between 1608 and 1703-

The second project that was touched by me (not planned) is Google Cloud Platform (GCP). It started with preparing my refresh of Mesos/Marathon Tutorial that I did run already in 2015 just before Openstack summit in Vancouver. The tutorial that time required Vagrant to run locally, vagrant was using Oracle VM Box. In 2015 I wanted to use VMware Workstation and bought Vagrant module for VMware workstation and spent some time tweaking it to get the tutorial running. This week when started reviewing preparation steps I discovered that now AWS, GCP and others can be used. I have a significant amount of free GCP credits – so I started setting up Mesos in GCP.  

I’m almost done with the setup and will blog about it when it’s all working. But the experience so far was BREATHTAKING – I can’t stop saying “this is so cool” to myself while deploying VMs in GCP, configuring automation through Ansible and deploying Mesosphere pieces.

Switching topics - I was approached a colleague of mine, virtualization architect and former customer with the question around VMware Storage VMotion traffic flow in NFS Environment. It was interesting research project and I’m writing about my blog post on Packet Pushers

Finally few awesome reads for this week:

Thursday, September 14, 2017

Office 365 - probing security and some useful links

Busy week, with not too many technology event.

Mostly spent digging into packet pushers community blog
Sourcefire systems and I'll share my findings as soon as I discover value in this technology. Also had fight hackers or phishers with Office 365 ATP - details on

Few good reads this week:

Also I attended Vancouver security meeting around DEFCON - now I feel really bad I decided to not attend this year and now it's definitely on my plan for 2018.

Hopefully I'll have more to share next week!

Friday, September 8, 2017

First week of September - random notes

Labor day long weekend completely messed up my calendar as an  addition to random personal obligations. It provided me with no way to focus on anything specific. However to keep my blog going I’ll try to summarize shortly what happened this week around me in terms of technologies.

Kubernetes meetup at Hootsuite headquarters was pretty good – listened to Kelsey Hightower  and watched live demo of project Envoy

Other talk was around persistent storage and containers given by Gordon Klok from PaxAutoma The topic is still highly controversial for me as it doesn’t make a lot of sense to have persistent data when your application is Elastic Cloud Native API driven container system.

It all inspired me to play with Kubernetes on my local Windows system. Project MiniKube  worked as a charm (after I moved to 0.21 version as 0.22 had some file permission issues). The best manual on running Minikube on Windows 10 or 7 is here

After playing with it for awhile I came up to realization that GCP is another equal issue for my experiments (since I still have over US$400 in credits).

Another completely separate thing I was working this week on is nawk – my customer’s security department dumping windows logs to linux machine and than querying them using Linux basic tools. My linux console drove me crazy as copy/paste were working weird. So I ended up copying logs back to windows machine and using Cygwin64 which has gawk instead of nawk but also allows me to pipe to linux native operators such as sort, uniq and grep!

My task was to provide count of all machines that had over 10 failed login attempts during August. Logs were enormous (as we are talking of 25K+ users) but the command returns results under 5 minutes mark – pretty impressive.

gawk -v pat="2017\t4625" '$0 ~ pat' userlog.2017-09-07 | gawk -F" " '{print $4, $17}' | sort | uniq -c | sort -nr 

And lastly few interesting articles to absorb:

Friday, September 1, 2017

Value of being NSX vExpert

This week was mostly spent at VMworld – re-connecting and catching up with old friends and meeting new people. 

My industry discoveries can be found on Packet Pushers 

I haven’t been to any VMworld session for several years – as VMware employee I was over loaded during most of my previous events - looking after my customers, organizing meeting between customers and VMware PMs, working at VMware booth etc. 

Also being departed from VMware recently I still feel that my exposure to the content has not expired yet and there is no immediate need to go to the sessions. I got Expo Only pass (that doesn’t allow to go to the sessions, Wednesday party and meals).

Trip highlights were vExpert meetingsNSX vExpert community afternoon on Tuesday was awesome – great coverage of NSX-T and AppDefense – thank you VMware NSBU! 

Also vEspert party allowed to get introduced to some long term vExperts! – more on vExpert Event here 

Additionally I felt really connected with folks at BigSwitch – they rented suite on 60th floor of Mandalay
Bay with an amazing view and invited vExpert to relax with them while consuming tasty drinks, enjoying the view and chatting. BigSwitch technology and culture felt really clicking with me a lot! (Petr version 2017).

In general it was very successful trip – I wish my meetings were scheduled more efficiently, so I would be to see more people. And lets try to keep in touch!