Posts

For the past year I’ve been working as a Vice President for a startup consulting company that deals with distressed assets. Think debt collections type stuff. My role involved managing projects, providing technical consultations about things like PCI-DSS, HIPAA and infrastructure design. While this position was certainly challenging in its own ways, it was time for me to make a change. I’m very excited to be joining the team at Ahead. Ahead is a consulting company in downtown Chicago that offers a variety of services for IT delivery. ...

I was recently approached to present the Keynote session for a few VMUG conferences and wanted to provide a perspective about the experience. Public Speaking is clearly not one of my top 10 things I’d like to spend my time doing. Being a Systems Engineer, I don’t mind explaining things to a small group of people, but for the most part am a pretty quiet and reserved person who would prefer to stay in the shadows. Don’t get me wrong, if asked to weigh in, I have had no problem providing feedback or participate in a conversation, especially if it’s something I’m knowledgeable about, but for the most part, I’m pretty shy. ...

A secured, remote connection to your data is a requirement for almost all network designs these days. Mobility, telecommuting and late night help desk calls have created an environment that needs to have access to the local network in a secure fashion. vCNS Edge can provide these services to your virtual infrastructure. In previous posts, I’ve walked through installing vCNS Manager and installing vCNS Edge appliances. These are prerequisites to setting up SSL VPN on the VMware vCloud Network and Security appliance.. ...

I recently purchased the HP 9470m EliteBook and wanted to give it a quick review. The Good The laptop has a pretty slim design as you would expect from an EliteBook. Be aware however that this is not as slim as a Mac b ook Air, or the Samsung Series 9 laptops. The good news though is that you don’t need to use a dongle just to plug in an Ethernet cable. The same goes for having a VGA output which I often use for presentations. It can be a pain to hunt down a dongle to connect to a wired network, or a projector so I give this Elitebook points for that. ...

Microsoft Dynamic Access Control is a new way to deploy access rules to your file shares. For many moons now, System Administrators have had a tedious task of managing tens, hundreds, or thousands of security groups to control how files are accessed. Groups of users have always needed to maintain different sets of security rules to prevent people from accessing confidential files. Human Resources obviously doesn’t want people outside their department to have access to personnel files, separate office locations may not want to share data with other offices in the same domain, and countries or cities might have different restrictions about sharing files with each other. ...

In part 1 of the series we covered some generalities about Microsoft Dynamic Access Control and a few steps needed to prepare the domain and file servers. Now let’s look at creating claims. A claim is a user, device or resource property. A user in Active Directory will have properties such as Location, Department, manager, etc. Each of these properties is a claim but for any actions to be utilized by Direct Access, they have to be defined. ...

So far we’ve covered: Initial Setup of Dynamic Access Control Claims In this post we’ll look at Resource Properties. Resource Properties A resource property is a claim that describes the characteristics of an object in the file system. A claim is a descriptor of a user or a device whereas a resource property is a characteristic of a file or folder. As an example, we have a folder with HIPPA related information in it. A description can be added to this folder to indicate that it has Protected Health Information (PHI) contained in that folder. This PHI description is a resource property. ...

We’ve discussed Initial configuration steps, Claims, and Resource Properties and we’re starting to see the power of Microsoft’s Dynamic Access Control, but we need a better way to manage these and that’s why we’ve come to “Rules and Policies”. A Central Access Rule can be used to take claims such as users in a department and match them up with permissions on a filefolder with specific resource properties. This is where the real power comes into play because now we don’t have to go through and map these for each individual file. We’re setting a general policy for the entire organization all at once. ...

In the first four parts of the Dynamic Access Control Series we covered Initial Configurations, Claims, Resource Properties and Rules Policies. These are working great in our environment but we still have to go through and manage the classification tags. Wouldn’t it be easier to have some files automatically tagged with a certain resource classification? Enter File Server Resource Manager to the rescue! Classification Rules From within File Server Resource Manager (FSRM) go to Classification Rules and choose to “Create Classification Rule…” ...

There are two terms used in IT that are often used in conjunction when learning about how technologies are built. These two terms are “Control Plane” and “Data Plane”. A quick and dirty definition of these two terms would be: Control Plane - The decision making part of any system. Usually considered the brains of the system. Data Plane - The part of a system that carries out an operation. This would be the routine tasks needed to make the system work. Just as a sidebar, if you are looking for me to site my source on those definitions you’re out of luck. These are my basic definitions that I’ve made up for purposes of this post. If for some reason these definitions become common place, then I want some royalties. :) ...