Virtualization, Cloud, Infrastructure and all that stuff in-between

My ramblings on the stuff that holds it all together

Standing down from UK and London VMUG

I’ve been a VMUG leader for the last 10+ years and it’s been a great experience, I hope you’ve all enjoyed the content the team and I have put on.

However, as announced earlier I’m moving on to a new role and joining Microsoft working on Azure Confidential Compute so I’ll be handing over the chairman role of the UK & London User Groups.

David, Chris, Linda and Gareth will be announcing my successor in due-course.

I’d like to say a heartfelt thanks to the team and all of our attendees over the 10 years as a leader (and the 5 years before that when I was an attendee), I still maintain that user groups (regardless of the technology or vendor) are the best way to learn from your peers, VMUG offers an excellent network of professionals who are open and always willing to help.

I’ll still be blogging here as and when I can.

London and UK VMUG Sessions – The Album

We (The UK/London VMUG team) have a massive archive of recording from the last 7 or so years of UKVMUG (and more recently London) VMware User Group events, this is community event run by volunteers and I’m pleased to say we work very hard to keep the agenda clear of sales pitches and keep the focus on interesting and relevant content. As a result we’ve built up a pretty large archive of material.

During the various COVID Lockdowns we held our usual meetings over Zoom and the side-benefit of this is we have all the sessions recorded (via Zoom and our super-star AV tech Gareth Edwards) rather than just a select few.

Whilst the version numbers and products in the oldest recordings have aged we always tried to have a closing keynote that was a less product specific and more personal/industry skills focused (or even about space exploration!) – you can find the full selection of videos at https://tinyurl.com/UKVMUGVIDEO

The following is a list of our closing keynotes

Chis Wahl – (2014) Stop being a minesweeper

John Troyer (2015) TechReckoning – Architecting Your Career

Julian Wood (2016) Demystifying the Future of IT a Practitioners Guide

Chris McCain (2017) Clouds Collide, Lightning Strikes

Duncan Epping (2018) (r)Evolution of Infrastructure

Prof. Anu Ojha OBE (2019) Space, So What?

Duncan Epping (2020) There is no Growth in the comfort Zone, there is no comfort in the learning Zone

(2020-21) were on an external events platform, will see if I can get the videos imported to YouTube

Other notable mentions:

Katherine Skilling (2020) – Finding my Way, Who am I and what can I offer?

Presentation Skills (2021) – Kev Johnson / Gareth Edwards

Joe Baguley has provided an opening keynote for all our meetings and is what I think a good presenter should be, engaging, surprisingly accurate and obsessed with chickens

2014 CTO Rant-as-a-Service

2015 Containers, Microservices, Turtles, Chickens and other Animals

2016 Digital, Apps & other Buzzwords

2017 Modernising the centre ready for the edge

2018 VMware Strategy Update

2019 VMware Office of the CTO 2020 Outlook and Beyond

(2020-21) were on an external events platform, will see if I can get the videos imported to YouTube

If you’re interested in attending one of our future events keep an eye on https://vmug.com/london and https://vmug/usercon

What I use

Thought it may be useful to add a post showing what I use daily.

Office, work from home place – Fancy office shed at the end of my garden, fully insulated & double glazed 5m x 5m with concrete base (important – lots of foxes where I live) – I built my Global ShedQuarters about 10yrs ago (well, paid someone to build it) and it’s really paid off for my own domestic sanity having a separate work/live space.)

I share it with my wife and whilst the schools were shut during COVID we also had 2 kids in the office – so we all have our own desks if required

The office is cabled to the house using some armoured cable for power and ethernet (4 x 1GbE – trunked to 3GbE.. well, because I could rather than any actual need.. and 1GbE as direct patch to HP c7000 chassis OA in the garage – blades mainly off unless serious lab work – but use a pair of Cisco 3020 blade switches to do L3 routing for the house.

2 x IKEA FLOALT light panels with remotes, hooked into Alexa – great especially during winter as daylight at the end of the garden is scarce

Herman Miller Aeron Size B chair with (extortionately priced) headrest from Amazon – brilliant chair, I got it 2nd hand about 15yrs ago and it still works perfectly – upgraded recently with rollerblade type wheels (still not sure about those – bit too easy to go flying across the office).

Desk – Ikea BEKANT sit/stand motorised desk – got used to having a sit/stand desk at work and it was a great COVID purchase – ensuring I get some motion during the day

Whiteboard(s) – I have 4 – you can never have too many – generic AmazonBasics brand ones, magnetic – lots of magnets (do not let your children “accidentally” eat them…! 1 x scary A&E experience

Thinking chair – IKEA POANG with leather cushion – brilliant for not staring at a screen.
Book shelves, office furniture – IKEA (see a pattern here?) mostly 2nd hand from eBay or Facebook marketplace for pennies.

Lego

Bit of a Lego nerd and display space has overspilled from the house to the office – including an emergency drawer full of random Lego, you know… for those long conference calls

Internet service

I’m luckily in that I can get Virgin Media cable and it’s periodically upgraded – I’ve currently got a 200mbps service with 10mb upstream – the download is way more than I really need, but it’s always “sign for another 12 months and we’ll upgrade your speed”, I’ve had it for 8 or 9 years and it’s been really stable… apart from that time their installers cut through my cable in the cab to connect a new customer… and then it was out for 3 weeks and took a lot of shouting to get it back.

I use their “Super”hub in modem mode and use my own WiFi (UniFi) and UniFi USG 3P as the firewall and it’s pretty solid.

I have a TP-Link 4G router with an Ethernet connection as backup with a PAYG SIM if there is big outage, although – word of warning if you have kids with a Playstation your PAYG data allowance won’t last long as I discovered during the great cable cut incident of 2018

Tech

42U Rack with glass doors – got years ago for free from local paper (that shows how long ago it was!)

Office networking is all Cisco – 24 port PoE – pretty quiet

HP ML110 G7 running vSphere for all my normal VMs – small and quiet

IOMega PX-7 NAS – NFS storage for VMs

Unifi UAP-AC-Lite rest of house (non-work side) is using UniFi / USG equipment – can’t fault it

2 old monitors on the wall running from an old HP thin client which just about runs Windows 10 – CCTV monitor and streaming news – currently switch between Sky & BBC News channels using their VOD services

Primary display – Apple Thunderbolt 27″ screen – pretty old but still holds its own – USB-C adapter to laptop – and provides USB for my desk and wired Ethernet (please, if you spend all day on Teams, Skype etc. _WIRE_ a connection – don’t rely on wireless

Secondary display Lenovo 27″ over DisplayPort->USB-C to laptop

My layout is usually

Primary display: work VDI

Secondary display: general web browsing, gping running in a terminal to keep an eye on network latency during calls, CPU history/load

Mac display: personal email – Office365 running in a web browser

Both monitors on arms clamped to desk (especially important with a sit/stand desk as you don’t want to knock one off!

Laptop – recently upgraded an old MBP to a new M1 MacBook Pro 14″ with M1 Pro chipset, 8Gb RAM, 1TB SSD – can’t fault it – still really like the Apple virtual desktop / swipe setup which makes it easy to switch between my day job VDI and other remote sessions and browsers using a swipe

Apple Magic Mouse – it’s expensive but worth it for the swipe feature + virtual desktops

Cheap-ish Mac bluetooth keyboard – starting to annoy me, but it does pair with 3 devices which is handy

Day job involves using a VDI – once

Primary Browser – Chrome – despite the fact it eats a lot of resource I continue to use it, maybe more out of habit than desire

Edge for some personal Office365/Azure dev/test tenants I have (mainly seperate browser running InPrivate so I can keep ID separate from my main logged on OS

Linux terminal – OhMyZSH – brilliant

Files an storage paid-for Dropbox, but thinking about moving it to OneDrive in my Office365 tenant as the price is increasing pretty sharply and features are pretty much at parity for most of what I use, I keep everything in dropbox with smart sync (probably didn’t need a laptop with such a big drive in hindsight)

Microsoft RDP client for access to several Windows machines I use in my lab

Webcam Logitech C920 – seems to work well, if my MacBookPro were positioned better on my desk I’d use its webcam instead.

Plantronics W720 dual can DECT headset over USB – a bit long in the tooth but works faultlessly – friends don’t let friends use bluetooth headsets, DECT everytime – works a fair way up the garden if I need to stretch my legs on a call

Jabra Speak 710 wired with USB – really good for hands-free usage when my wife isn’t in the office

Backup Lenovo Thinkpas W530 – beast of a laptop with 32Gb RAM and actual real ethernet and VGA ports running (just) Windows 10/11 Insider builds – not used that much but handy to have a round

Cloud Services

Office365 primary email and collab
Azure – several tenants for personal use – script to kill off and delete resources in my ‘experiments’ resource group to avoid me forgetting about them and ramping up a large bill

Home Lab

I still have and use my lab at home – for day to day running my ML110 G7 runs most of the management pod, vCenter and general house VMs. I have an HP7000 in the garage with some chunkly 128GB blades running vSphere and Hyper-V (sometimes virtualised StackHCI) that get spun up when the need arises, blades are usually off as they suck quite a lot of power.

c7000 chassis with 2 Onboard Administrators and 2 Cisco 3020 switches averages just under 300W and does all my core routing – the OAs are waaaay out of support now so sometimes its a bit of a struggle to find a VM/laptop with Internet Exploder and an old version of ActiveX to be able to run the remote iLo console reliably so I have a VM on stand-by on the ML110 to do-so.

Gmail calendar – shared family stuff

Sound

I like my music, and sometimes I like it err, loud – which is handy as my office isn’t really near anyone else so I can usually be as antisocial as I like.

most music comes from Spotify via an Alexa Echo plugged in via an Aux cable (yes, I know.. the horror! – just need something convenient with an optical) nothing too fancy in HiFi terms (sold all my really good stuff long ago but all good 2nd hand bargains)

NAD 310 Amplifier

Marantz DV4100 DVD player for those spinny silver things that we all used to use

Wall mounted Mission LX-2 speakers. I used to have some really loud floorstanding speakers but they took up too much space and didn’t really fit the room when it got busy during COVID, these aren’t bad speakers at-all – sometimes depends on how well mixed the source is.

Hope you found it useful/interesting…

Allow ICMP Ping through Windows firewall from command line

Leaving this here for the next time I can’t remember how to do it.. Windows by default ships with the firewall slammed shut (and rightly-so) however if you can’t easily see the console of the machine like if it’s in Azure sometimes it’s hard to figure out when it’s up and ready to go – I have a jump box in Azure that I power-up when I need it.

so, to do-so you need to run this command once the first time you use it then, ICMP (Ping) will be allowed for evermore

netsh advfirewall firewall add rule name="Allow ICMP Ping" protocol=icmpv4:8,any dir=in action=block

RBAC required for Granting JIT access to an Azure VM for a standard user

Azure JIT is a great feature for temporary access to Jump boxes that I use in my home lab – Bastion is better, but I’ve not got as far as setting that up because of some constraints on the networks I created.

I like JIT via the Azure portal as it gives you a quick & dirty way to ensure there is MFA (as long as your AAD account is MFA-enabled to access the Azure portal) behind setting up an RDP request to the jump box (and limited by source port and the firewall rule automatically revoked afterwards by JIT) without having to setup brokers, 2FA sources, more complex security arrangements.

I recently had to share one of these machines with someone else in my AAD org, but despite having reader roles at the Azure subscription they got an error when invoking the JIT role or asking for it by leaving your RDP ports open to the entire Internet – note if you’re making the connection on a shared network behind a NAT like a corporate LAN or university everyone else behind that NAT will also get RDP access to this server; so you still need good password-level authentication to the jump box.

So, a custom RBAC assignment was required (it works ok for owners/contributors at the subscription level).

This Microsoft GitHub page has discussion of the roles required (last post where the case is closed) so I had to create a custom role as shown below, note the Microsoft.Network/*/read permission didn’t exist when I tried it, but as my user has reader at the subscription anyway this wasn’t required for me – So your mileage may vary.

Or, if you prefer the JSON

{

    "properties": {

        "roleName": "VINF_NET-Request-JIT-Access",

        "description": "custom role required for non-global admins to invoke JIT",

        "assignableScopes": [

            "/subscriptions/YOUR_SUBS_ID_HERE"

        ],

        "permissions": [

            {

                "actions": [

                    "Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action",

                    "Microsoft.Security/locations/jitNetworkAccessPolicies/read",

                    "Microsoft.Security/policies/read",

                    "Microsoft.Compute/virtualMachines/read"

                ],

                "notActions": [],

                "dataActions": [],

                "notDataActions": []

            }

        ]

    }

}

 

Hope that helps

 

POSH1Liner – Add sequential DNS A records

When setting up a new environment you often need to create a bunch of sequential DNS A records, with reverse look up PTR records.

For example, I do this in my home lab – this 1-liner creates hosts 1..16.

You can adjust the server naming convention by editing the $name variable to suit and editing the -ZoneName parameter to match your environment.

Likewise, you can adjust to fit your IP addressing schema by editing the $ip variable/

To start at a different number (mine start from 1), adjust the $num = 1 statement.

 
for ($num =1; $num -le 16; $num++) { $name="L1-slot" + $num ; $ip = "172.16.10." +$num ; Add-DnsServerResourceRecordA -Name $name -ZoneName "theBORG.int" -AllowUpdateAny -IPv4Address $ip -CreatePTR ; }

 

In my example I’m running this on my lab Windows DC/DNS server (home lab, not production!), if you’re doing it from a different server you can add a -ComputerName “yourDNSserver.local” parameter to point it at your DNS server.

Note the use of the semi-colon ; to pass multiple PowerShell commands on a single line making it easier to cut & paste this command.

If you’re doing this ‘for real’ outside your own lab you can also use the -WhatIf parameter to see what would happen.

Blogged here for the next time I need to do this!

LonVMUG Socially-Distanced Edition Recordings

Due to the current situation (how sick of hearing that are you..?) we had to hold our April 30th London VMUG meeting online, instead of face to face in London.

I was a little skeptical as to how well this would work – but I have to say I was absolutely blown-away by how well it worked, I’m well used to doing Skype, Zoom, WebEx etc. for work meetings – but generally not for a whole day and in a less governed setting and, unlike a lot of work meetings EVERYONE managed to mute themselves when not speaking (my pet peeve!) and we didn’t have to play mute-police.

There was some great banter during the breaks, a majority of people used their video and it was >almost< like one of our normal f2f meetings and at one point we went over 80 participants, which I think was great for our first virtual outing.

We recorded the fun and you can find the video on YouTube here. a write-up from @rimmergram and our very own star-presenter Katherine.

@GarethEdwards86 did a great job helping the 4 of us on the normal London team drive Zoom and ensure the transitions went well (except for the bit where I forgot how Zoom worked) so thanks to Gareth it all went pretty smoothly

Fingers crossed for our next meeting on July 16th – details here

What did you think? do virtual VMUGs work – even post-COVID is it something we should consider doing more often?

Also, vmug.com/London is working again now 🙂

 

Pairing IKEA FLOALT lights with more than one wireless remote controller

I now have a pair of IKEA Floalt LED panel lights in my home office, during winter these add a great amount of natural-ish light (with controllable colour temperature/brightness) to my desk-space when there isn’t much coming in from outside.

The website lists the 30x90cm panels as £115 but I managed to get a pair for £80 each in the Greenwich store – you may have similar luck.

Each panel comes with its own wireless remote (TRADFRI), from the instructions it’s straight forward enough to pair each remote (1:1) with a panel.

If you want a single remote to pair with multiple panels you just rinse and repeat the pairing process with each panel (I found I had to switch them off at the power to make it sync up after pairing)

But, it’s not obvious how you have have the 2 remotes working at the same time to control multiple panels. So, for example you have a control by the door and one on your desk (so you don’t need to get up to change the lights, lazy? yes.. but).

So, to do this you need to follow these steps..

  1. Press the pairing button on the remote 4 times in quick secession, do this on both remotes to be safe as they both need to be un-paired for this to work.
  2. Hold the two remotes next to each other and hold the pairing button for 10 seconds – red light on the remote will come on and then fade – the remotes are now paired with each other
  3. Hold either of the remotes to the first panel and pair as normal (press the pair button for >10 seconds), panel will flash.
  4. Repeat step 3 for the remaining panels that you want to be controlled by these remotes
  5. Now, when you turn on/off dim etc. you can use either remote and all the lights in the set will have the same brightness/colour temperature.

I hope that helps someone, it took me a while to figure out, most of the online articles relate to the smartphone gateway and app which I don’t have.

On the whole, I can’t recommend these panels enough, they’re great.

UKVMUG 2019 Summary and Links

We held the 9th annual UKVMUG in 2019 at the National Space Centre in Leicester recently, it was a fantastic event attended by approximately 400 people enjoying a great mix of community, sponsor and VMware content.

Selected sessions from the Sir Patrick Moore Planetarium were recorded and can be found on our YouTube channel (along with the last couple of years content)

You can also find the slides from most of our presenters at this link

I’ve also uploaded the photos from the event, and you can find them at this link

Hope to see you next year, or at a local VMUG meeting in the meantime..!

 

What to drink when you’re not drinking

I have a problem, it’s not technically with alcohol it’s more that drinking alcohol *really* doesn’t agree with some medication I take for a very painful nerve problem so this isn’t an I’m getting sober post, it’s more I have to be sober, I like(d) drinking.. a lot. So, what do I do to make it suck less?

I generally work in London, a large historic and cosmopolitan city where driving to work is either really expensive, or takes way too long and despite our general genetic predisposition as English people to complain about it we generally have a pretty good public transport system. A side-effect of this is that social drinking after work is commonplace rather than a rarity.

Drinking soft-drinks all evening just isn’t pleasant for me, too much sugar or artificial sweetener, and given I like(d) beer… a lot I’ve tried to find something that still tastes like beer without the dizzy juice bit, you may ask what’s the point? well it still /feels/ like you’re out, being sociable – and if you like(d) the taste of beer that part is self-explanatory

Availability of low (0.5%)/no (0%) alcohol drinks in bars, pubs and clubs in London is very poor, maybe a dusty bottle in the fridge. it has got noticeably better in the last year but products available are generally at the awful end of the scale.

Since my unplanned diversion into sobriety I’ve experimented with many of the alcohol alternatives (in the name of science, obviously dear reader) and here is my top 8 (there are so few I couldn’t even make a top 10 and the last 3 are touch and go!) that you can purchase to drink at home (…or sneak into the pub and consume at your warm :/ leisure), sadly most of these are only available in shops rather than pubs (apart from the Brewdog ones – see the end of this page)

  1. Brewdog Punk AF
  2. Brewdog Nanny State
  3. Adnams Ghost Ship Alcohol free
  4. Infinite Session Ale
  5. Estrella FreeDAMM – I’ve only found this in Spain so far but understand Morrisons stock it
  6. Sin – I’ve only seen this in Lidl in Spain
  7. Heineken 0 if it’s the only choice
  8. Peroni Libera – this is where we start scraping the bottom of the barrel, literally
  9. Budweiser Prohibition – about my tolerable limit of drinkable, if I have to.

My Avoid at all costs list – e.g. drink if someone is holding a gun to your head and making you do it..

  • Becks Blue (very common, but disgusting)
  • Cobra Zero (zero taste, dishwater is tastier)
  • San Miguel 0 (to be fair the >with< alcohol version doesn’t taste much better

The only drinkable one I’ve found in pubs that is on my top 8 is Nanny State (v.nice, but not that common) or Heineken (more common, ok-ish) However, never fear.. Brewdog have their own chain of pubs and cafes in the UK – the one in Tower Hill usually has Nanny State on DRAFT… yes DRAFT, cold, cold in a proper pint glass DRAFT. and they do great food too – BrewDog I love you – highly recommended if you’re in the UK. Brewdog are clear innovators (and winners!) in the Low/No-Alcohol space – see their range here 

Overall the situation is getting better, but still has a way to go. Given the choice is so poor in post pubs I’ve generally taken to bringing my own, which isn’t really in the spirit of things, warm :/ and I’m sure the pub owner would not be happy with that. So, if you own a pub.. maybe time to widen your horizons for us, the leppers of London post-work society 🙂

If you’ve found something (or somewhere better).. feel free to post it in the comments below, I’d love to hear from you.