Automation
Keith Smith - My Blog > AutomationMy latest IT infrastructure refreshSunday, May 15, 2022 - Posted by Keith A. Smith, in Network, Automation, Microsoft
Two years ago, I took on a new opportunity where the infrastructure environment was stuck in what felt like the tech era of the 2000s, specifically around 2005 and older. Things like network segmentation for security, modern operating systems, applications, hardware, scanning from copiers, ubiquitous Wi-Fi, and more did not exist at any of the sites. It took me just shy of a year to complete this infrastructure refresh. As I write this post, I'm glad to share that this refresh is done for now. I wanted to share some of the before and after shots.
I'll start from the server room and work my way outwards. This comparison shows the lack of cooling in the server room. Notice in the old pic the piece of cardboard on the vent. My guess is that it was supposed to redirect the air to another part of the room. The old A/C was failing and leaking refrigerant, so I replaced it with Redundant A/C units.
The racks were old, making it difficult to rack new equipment. I scheduled a maintenance window on a weekend to remove all the equipment and racks.
Here is a comparison of everything racked before and after. I had the electricians install LED lighting in the room. I moved a lot of services to the cloud but still needed a private cloud for certain services being provided to staff.
Here is a shot of all the racks and new equipment. I introduced virtualization, 1, 10 & 25 gig network connections, temperature and environment monitoring, and enterprise-wide Wi-Fi, which was a first for this org.
I decommissioned the legacy 100meg networking and cleaned up the cable spaghetti with color-coded cabling. I later upgraded the phone system software since it was due.
IDF1 - New 12-strand optical cables were run to this area, and I upgraded the network switches and cleaned up the cable spaghetti with color-coded cabling. Lastly, I added a cellular extender to help with signal strength.
IDF2 - New 12-strand optical cables were also run to this area, and I upgraded the network switches and cleaned up the cable spaghetti with color-coded cabling.
Remote site1 - All equipment had been exposed in a vehicle mechanic shop for years. I'm not sure how the old equipment stayed running in those conditions, but everything was full of dust and grease. I ordered a new 12U APC cabinet, upgraded the network switches, and cleaned up the cable spaghetti with color-coded cabling.
Remote site 2 - This site was the easiest to upgrade. I installed new network switches, added some remote site servers here, and replaced the cable spaghetti with color-coded cabling.
I created a standardized zero-touch windows 10 image with automated application deployment by department and deployed dozens of laptops, VPN, etc., with docking stations for staff to work from anywhere during the pandemic.
-End |
0 Comments Tweet |
Let's Encrypt redirect with KEMP load balancerSunday, November 10, 2019 - Posted by Keith A. Smith, in Network, Automation, Microsoft
PKI Management is a huge PITA, in a near future I will post how I've automated PKI renewals and installation of certificates. In this post I wanted share a method managing certificate renewals in an environment that has multiple web servers and a KEMP load balancer in front with a central server for certificate management. The Load balancer rules will send traffic with the /.well-known/acme-challenge/ to the certificate management server and all other 80 traffic gets redirected to 443. You will need to create a virtual service with two subVS's.
Open the virtual service then add the first SubVSs
The first subVS weight should be 1100 and Not Available Redirection Handling Error code set to 302 and the Redirect URL set to https://%h%s.
The second SubVS has a weight of 1000 and has the IIS server I use to create my Let's Encrypt certs set as the real server.
Create a content rule named Lets_Encrypt, Rule Type is Content Matching, Match Type is Regular Expression, Header Field is left blank, Matching String is /^\/.well-known/ and ignore case is checked.
Now enabled Content Switching at the VS. I then added all my Content rules for my domains to the first SubVS so they will be redirected to HTTPS then I added the Lets_Encrypt Content Rule to the second SubVS.
To download the exported file, visit my github repo https://github.com/KeithIT-Dev/Kemp
-End |
0 Comments Tweet |
Auto share requests to users in the field 'email ids to notify'Monday, October 28, 2019 - Posted by Keith A. Smith, in Automation
I have implemented the ManageEngine ServiceDesk numerous times over the past few years. In the most recent instance, I created a tiered structure and escalation process for the technicians. The technicians at tier1 would need to escalate any request that is beyond their scope of the resolution.
The Challenge The challenge was that when their requests were escalated to tier2, they would lose visibility to the request unless the request was shared with them. To share the request, they would input their e-mail into the "e-mail Id(s) to notify" field on the request, then click on share request and add themselves to the request before the request is escalated. These steps were time-consuming, and it took many clicks to accomplish this task. The Solution To make this process more efficient, I have published the python code that will set up an auto-share to users in the "e-mail Id(s) to notify" field on the request. The Steps
To get this to work you need to
-End |
0 Comments Tweet |
Escalations with the ManageEngine Servicedesk PlusThursday, August 22, 2019 - Posted by Keith A. Smith, in Automation
There is currently two ways to configure escalations with the
ManageEngine Servicedesk Plus. One way is to configure SLA actions which
you can do by watching this video
https://www.youtube.com/watch?v=H6wAgjA5dGQ
What I'm going
to focus on here is the way to create a manual escalation triggered by a
technician in the ManageEngine Servicedesk Plus. The first thing you need to do is create a support group,
e.g., Escalations - District technicians Tier2 then add the technicians
you want to the group. Now you need to create a business rule with the
following settings
The
settings in this rule will execute during any request creation and edit
at any time. Also, the criteria are to match all the group to perform
action changes to the status on the request to "Escalated - In Progress"
and set the level as "Level3".
Now to test this, you could use a requester account to login to the ServiceDesk then raise a request. Now logout of the ServiceDesk and login into the ServiceDesk with a technician account that is not in the Escalations - District technicians Tier2 group. Locate the request and open it, now change the group to Escalations - District technicians Tier2 and save your changes. You should see that the level was set to level3, the group has changed to Escalations - District technicians Tier2 and the status says Escalated - In Progress. If you have technician auto-assign setup, it will automatically assign a technician from the Escalations - District technicians Tier2 group. You can also confirm these actions by reviewing the history tab on the request. That's it. I hope this helps out a few people. -End |
1 Comments Tweet |
Installing Python 2 on Mac OS XThursday, October 11, 2018 - Posted by Keith A. Smith, in Automation, Linux
OS X comes with a
large number of UNIX utilities, those familiar with Linux systems will
notice one key component missing: a decent package manager. Homebrew fills this void.
Homebrew is a package manager for OS X. A package is a collection of code files that work together. Installing them usually means running a script (a bit of code) that puts certain files in the various directories. A lot of the packages you will want are going to have dependencies. That means they require you to have other packages already installed on your computer. Homebrew will find and install dependencies for you AND it will keep them organized in one location AND it can tell you when updates are available for them. On top of all of that it gives super helpful instructions when everything doesn't go smoothly. You can read more about it at Homebrew's website. For now, install Homebrew using the following line of code: $ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" The
script will explain what changes it will make and prompt you before the
installation begins. Once you’ve installed Homebrew, insert the
Homebrew directory at the top of your export PATH="/usr/local/bin:/usr/local/sbin:$PATH" Now, we can install Python 2.7: $ brew install python@2 Because export PATH="/usr/local/opt/python@2/libexec/bin:$PATH" Homebrew names the executable $ python -V # Homebrew installed Python 3 interpreter (if installed)
-End |
0 Comments Tweet |