Last week my 2nd son, Haydn arrived. He weighed in at 7lbs 14oz. He was born on his due date which was 4/21/08. It just so happens that the week I take off of work to be with him is the week that the RDM environment was being installed. So, I kind of missed out on the brutal install but, the other good news is that we'll hopefully be finishing up today. Yesterday I was looking into extending our AD Schema to add an attribute to the User class that will represent the 2 digit country code. The software needs that to associate restaurants in different countries. So, hopefully I will have more details on that soon.
Today I'm troubleshooting our Juniper SSL VPN. It seems to timeout the sessions when users are RDP'n to the servers in our RSM Lab. I will also be finishing the Biztalk configuration for RDM today. Now next week I'll be in Biztalk training so I will have details on that soon.
Other than that, at home I've been watching "Carrier" on PBS. It's a great series that dives into the lives of the crew onboard the USS Nimitz.
Wednesday, April 30, 2008
Thursday, April 17, 2008
Cash Crunch Lunch
The Bennigan's is having a cash crunch lunch for the next 2 months (4/14/08 to 6/16/08). For $4.99 you can have a whole lunch of your choice.
Choices are:
- Items include the Turkey O’Toole, American Burger, Monte Cristo, Grilled Chicken Club Sandwich, and Golden Chicken Tenders
- New Fresh Options include Kilkenny’s Grilled Chicken Salad, Turkey Deli Sandwich & Soup, Soup & Salad Lunch Combo, Irish Grilled Cheese & Tomato Basil Soup, and Chicken Platter Lunch
- Drink choices include fountain drinks, iced tea, coffee or Deja Blue bottled water
I had the American Burger with fries and Ice tea. I would say it wasn't bad for 5 bucks! But your options are limited.
Choices are:
- Items include the Turkey O’Toole, American Burger, Monte Cristo, Grilled Chicken Club Sandwich, and Golden Chicken Tenders
- New Fresh Options include Kilkenny’s Grilled Chicken Salad, Turkey Deli Sandwich & Soup, Soup & Salad Lunch Combo, Irish Grilled Cheese & Tomato Basil Soup, and Chicken Platter Lunch
- Drink choices include fountain drinks, iced tea, coffee or Deja Blue bottled water
I had the American Burger with fries and Ice tea. I would say it wasn't bad for 5 bucks! But your options are limited.
Wednesday, April 16, 2008
Authorization Store
What is an Authorization Store?
This week I had to configure the Authorization Store for the RDM software. I must admit that this was a first for me. I didn't even know what a Authorization Store was before I did this. I soon found out that an authorization store is use to provide the authorization part of security. What I mean is that when you log into the software you have passed the authentication part. In other words, the system knows who you are and now comes the authorization part. The system now needs to know what kind of access is associated to your account. That is where Authorization Store comes in. In the software is some functions that do certain things like create distribution list, write log files, and request file transfers. Each function has an access list associated with it. It looks to see who has access to perform these functions from Authorization Store.
Configuring an Authorization Store -
To configure Authorization Store you must open Authorization Manager (AzMan) by added it as a snap-in in MMC or Start>Run>AzMan.msc. Once open, click on Action>New Authorization Store. You can use AD (must be in 2003 function mode) or and XML file. We chose to use AD. Add "CN=StoreName" to the left of the LDAP string. Next you will right-click on the store name and choose "New Application". Name the application. Next you would want to start by creating some Operation Definitions. Drill down to Definitions>Operation Definitions. Here you will start added definitions that that software uses based on the operation number. We got this list from our application developers. Once all the Operation Definitions are complete you would want to start adding Task Definitions. Task Definitions are linked to a series of Operations Definitions. Again, we got this list from our application developers. After that we now have Role Definitions. Create a new Role Definition and name it like Administrators. Then add Task and/or Operations definitions. For the case of Administrators we added all the tasks which is everything. For the sake of Power Users you must add Operations or Task that you seem fit. For common users just add Read and Execute Operations that you created and so on. Further on, we created Scopes to represent the Global and Country people. Global people will have access on every machine while country users will have access to their specific country based on a country code in AD user account. So after creating the Global scope we create 2 role definitions called Global Admins and Global Users. Then in the Global Admins definitions we add the Administrator role that we created in the last paragraph. For Global User you would add the Common User role and so on. Then do the same with Country scope but for Country Admins and Country Users as the role definitions.
Did I confuse you yet? Good. Let’s do a Recap. In the Auth Store we have applications, in applications we have Scopes, and inside scopes are definitions (Roles, Tasks, and Operations) and Role Assignments. In the root Scope lies the 3 Role Definitions we created (Admin, Power User, Common User), A few Task Definitions, and a whole bunch of Operation Definitions. Now we added 2 more scopes (Global and Country) each with their own 2 Role Definitions (Ex. Global Admins and Global Users) that are linked to Admins and Common Users in the Root Role Definitions.
Good?? Now let's finish up. Next we want to Assign Roles. So then, on the "Role Assignment" folder we would right-click and choose "Assign Roles". Then pick the Role Definition you just created (ex. Global Admins). After that we would want to assign windows users and groups. Right-click on the Role under Role Assignments and choose "Assign Windows Users and Groups", pick the AD group you are using for this (ex. US-RDM Global Admins) and then you are down. Recap Again. Each scope has 2 Role Assignments (ex. Global Admins and Global Users) that have Active Directory Groups assign to them call "US-RDM Global Admins" and "US-RDM Global Users". In these AD groups we assign user accounts to fit these roles.
To conclude, the hierarchical structure from the user to the software goes something like this:
AD Users>AD Groups>Scope Role Assignments>Scope Role Definitions>Root Role Definitions>Assigned Root Task Definitions>Assigned Root Operations Definitions>Then linked to the ACL on the function inside the software.
This week I had to configure the Authorization Store for the RDM software. I must admit that this was a first for me. I didn't even know what a Authorization Store was before I did this. I soon found out that an authorization store is use to provide the authorization part of security. What I mean is that when you log into the software you have passed the authentication part. In other words, the system knows who you are and now comes the authorization part. The system now needs to know what kind of access is associated to your account. That is where Authorization Store comes in. In the software is some functions that do certain things like create distribution list, write log files, and request file transfers. Each function has an access list associated with it. It looks to see who has access to perform these functions from Authorization Store.
Configuring an Authorization Store -
To configure Authorization Store you must open Authorization Manager (AzMan) by added it as a snap-in in MMC or Start>Run>AzMan.msc. Once open, click on Action>New Authorization Store. You can use AD (must be in 2003 function mode) or and XML file. We chose to use AD. Add "CN=StoreName" to the left of the LDAP string. Next you will right-click on the store name and choose "New Application". Name the application. Next you would want to start by creating some Operation Definitions. Drill down to Definitions>Operation Definitions. Here you will start added definitions that that software uses based on the operation number. We got this list from our application developers. Once all the Operation Definitions are complete you would want to start adding Task Definitions. Task Definitions are linked to a series of Operations Definitions. Again, we got this list from our application developers. After that we now have Role Definitions. Create a new Role Definition and name it like Administrators. Then add Task and/or Operations definitions. For the case of Administrators we added all the tasks which is everything. For the sake of Power Users you must add Operations or Task that you seem fit. For common users just add Read and Execute Operations that you created and so on. Further on, we created Scopes to represent the Global and Country people. Global people will have access on every machine while country users will have access to their specific country based on a country code in AD user account. So after creating the Global scope we create 2 role definitions called Global Admins and Global Users. Then in the Global Admins definitions we add the Administrator role that we created in the last paragraph. For Global User you would add the Common User role and so on. Then do the same with Country scope but for Country Admins and Country Users as the role definitions.
Did I confuse you yet? Good. Let’s do a Recap. In the Auth Store we have applications, in applications we have Scopes, and inside scopes are definitions (Roles, Tasks, and Operations) and Role Assignments. In the root Scope lies the 3 Role Definitions we created (Admin, Power User, Common User), A few Task Definitions, and a whole bunch of Operation Definitions. Now we added 2 more scopes (Global and Country) each with their own 2 Role Definitions (Ex. Global Admins and Global Users) that are linked to Admins and Common Users in the Root Role Definitions.
Good?? Now let's finish up. Next we want to Assign Roles. So then, on the "Role Assignment" folder we would right-click and choose "Assign Roles". Then pick the Role Definition you just created (ex. Global Admins). After that we would want to assign windows users and groups. Right-click on the Role under Role Assignments and choose "Assign Windows Users and Groups", pick the AD group you are using for this (ex. US-RDM Global Admins) and then you are down. Recap Again. Each scope has 2 Role Assignments (ex. Global Admins and Global Users) that have Active Directory Groups assign to them call "US-RDM Global Admins" and "US-RDM Global Users". In these AD groups we assign user accounts to fit these roles.
To conclude, the hierarchical structure from the user to the software goes something like this:
AD Users>AD Groups>Scope Role Assignments>Scope Role Definitions>Root Role Definitions>Assigned Root Task Definitions>Assigned Root Operations Definitions>Then linked to the ACL on the function inside the software.
Friday, April 11, 2008
Catch Up
Well as may already know I am working at McDonald's Corporation in Oak Brook, IL. The main reason I was brought here was to implement this active directory that they designed. So, first few months here I was busy at intergrating myself into their environment. I believe I that down now. Last month, I built 4 Domain Controllers in our retail hosting environment provided by our outside vendor. They are 4 VMware virtual machines that will be simulating production environment. 2 server as a empty forest root and the other 2 are a child domain that will host all the restaurant objects.
The AD install went pretty smooth. The only difficult part was setting up DNS. Yes, I know that DNS is pretty easy to install if there was only one DNS server. But, I still yet have fully set it up as how they want it. We have all 4 servers running as DNS which is active directory intergrated. We have the root servers delagating the child domain zone to the two child domain servers. What still needs to be done? One, is forwarding all other request to our 3rd party hosting internet facign DNS servers. Second, is tying the old DNS zone back to our DNS servers so other devices are not left out.
So why are we building this out? Well, McDonalds wants to manage the devices in the restaurant like the POS server and the POS machine. In order to do this the must first be on a high-speed internet connection. Second, they need to have a VPN link back to the home office. Third, the machines must be joined to the domain. And finally, the SCCM agent must be installed. FYI- SCCM is Microsoft System Center Configuration Manager otherwise known as SMS. So with AD we'll provide a means to manage security accounts for support people and admins. As always, companies must keep up on meeting complientcy request.
Last week, I was busy taking inventory of our lab environment. I used the microsoft tool called Microsoft Assessment and Planning Solution Accelerator. Get it here. It scans your network using WMI and allows you to enter multiply credentials for a mixed environment. It is geared towards moving to Vista but the hardware inventory that is provides is priceless.
So this week, I'll be working on the RDM project which means setting up AD for the RDM servers and starting the installation of the custom software. The install will be pretty painful.
more to come.....
The AD install went pretty smooth. The only difficult part was setting up DNS. Yes, I know that DNS is pretty easy to install if there was only one DNS server. But, I still yet have fully set it up as how they want it. We have all 4 servers running as DNS which is active directory intergrated. We have the root servers delagating the child domain zone to the two child domain servers. What still needs to be done? One, is forwarding all other request to our 3rd party hosting internet facign DNS servers. Second, is tying the old DNS zone back to our DNS servers so other devices are not left out.
So why are we building this out? Well, McDonalds wants to manage the devices in the restaurant like the POS server and the POS machine. In order to do this the must first be on a high-speed internet connection. Second, they need to have a VPN link back to the home office. Third, the machines must be joined to the domain. And finally, the SCCM agent must be installed. FYI- SCCM is Microsoft System Center Configuration Manager otherwise known as SMS. So with AD we'll provide a means to manage security accounts for support people and admins. As always, companies must keep up on meeting complientcy request.
Last week, I was busy taking inventory of our lab environment. I used the microsoft tool called Microsoft Assessment and Planning Solution Accelerator. Get it here. It scans your network using WMI and allows you to enter multiply credentials for a mixed environment. It is geared towards moving to Vista but the hardware inventory that is provides is priceless.
So this week, I'll be working on the RDM project which means setting up AD for the RDM servers and starting the installation of the custom software. The install will be pretty painful.
more to come.....
My first entry (about me)
Okay, my first entry. The reason I am creating this blog is to keep track of some of the things that I have been doing at my job and in my free time. I plan on entering some little tidbits of things that I am learning and my daily experience. I hope to share these experiences with you as I mature in my career. Speaking of experience, I should start off with how I became a Windows Server Guy.
My Life from 2004 and on.
Country Insurance - It all started long ago in a land far far away (Bloomington, IL). I was going to Illinois State University studying Computer Science/Telecommunications Management because I thought that I wanted to work with networking components. In my junior year I applied for a 9 Month internship at Country Insurance & Financial Services. Although they weren't taking networking interns, I decide to go for a Server Admin internship. Low and behold I got it and the pay wasn't bad at all. So, I start my internship in April of 2004 because they wanted me to start training with the old intern (Mike). To make a long story short, I try to soak up as much of information that I could within the time I was there. Just my luck, the intern that was going to be replacing me found another job at the last minute and so they asked me if I wanted to stay on until August. I said sure and continued to learn more.
State Farm - After sadly leaving there I thought I was able to go to school full time and finish up my education. That is until I got a phone call from Teksystems to inform me that they had a server position open at State Farm. So I bit. I started there in October working on the Server Hands-On Team (SHOT). In a few months I increased my salary by half and was now working for the largest insurance firm. At first, I really enjoyed it there. They had a 3 floor Datacenter that each floor was as large as a football field. Thousands and thousands of servers on each floor! When a new project was started we would install the servers by the rack full. But, one thing that I couldn’t get used to was doing the same thing everyday and not working on problems that would require a high level of skill. The people were great and the job fit right into my school schedule. I would work Friday though Monday and then have the rest of the week off to attend classes. Then all of a sudden came the big surprise, my wife was pregnant.
During that time my wife was going to school to be a Dental Hygienist in the Chicago South Suburbs while I was finishing up my school and now my job at State Farm. So I graduated in May of 2006 and my son was born on June 30th. After that, I informed State Farm that I will not be renewing my contract in October in order to be with my wife and soon to be baby boy. So after October I started a new Job at Oce.
Oce North America - The beginning of November was a new beginning for me. I moved back home, moved my wife and baby in, kicked my parents out (they actually moved to Michigan), and started a new job at Oce. Oce produced and sold large office printers and wide-format plotters. They are based out of the Netherlands and the Chicago office was the North American head quarters. I was hired on as a Wintel Engineer and my compensation doubled my last salary. I was stoked! I thought I was going to be rich and retire by 40 but, that did not become true. See, with a wife and kid there is a need to buy a house, a minivan, and with these comes bills and more bills. So, I noticed that as soon as I made the money it was already being spent. Thankfully though, my wife is now able to stay home with my son. At Oce I improve my skills and brought in some new ones. Here I was able to learn new things like Exchange, SQL, Dell hardware, Blackberry Enterprise Server, and improve my skills in Active Directory. I was able to learn some much because there were only 2 other guys (Sam and Pete) to share the work with. I had to learn fast. Remember, I went from a huge corporation where I was a small fish in a big pond to a 250 server environment with about 3 thousand users which was a lot of work for 3 guys. I also mastered the skill of having children because now my wife was pregnant again!!!
McDonald's Corp - Even though I learned a lot of stuff there, the company was making some drastic changes and I was a part of it. I actually was a contractor for Veritude and was contracted to CGI, the largest consulting firm in Canada, which then contracted me to their Oce account in the U.S. Yes I know, that was confusing to me as well. CGI was planning to take over Oce’s Infrastructure and Help Desk. At first, I was looked upon as the devil for taking these peoples jobs away but I soon felt just like an Oce employee whose job was on the chopping block. During this time I was like the only CGI employee there. In October, things started changing faster. CGI had finalized the contract with Oce and my 3-6month contract was turning into a year. I wanted so much to be hired on in a permanent position because of my family was growing larger. So the stress of driving an hour to work and not wondering what was coming next had taken its toll. I was on the verge of finding a new position that was closer to home. So I, and I am sure a lot others, were secretly conducting interviews with other potential employers. I interviewed with about 10 different companies. Two interviews that caught my attention were FTD the floral company and McDonald's Corporation. FTD had a very relaxed atmosphere and was only about ½ hour from my house. McDonald's Corporation was another large corporation but was about 40 minutes from my house. The guys at FTD thought that I did not have the skill set that they were looking for. I then went on site interview with McDonald's and in a few weeks I was accepted. So now the big decision had to be made. I told the guys I worked with and then my boss at CGI. My boss said that he’ll get an offer for me right away to be hired on. He then came back with about $20,000 less than what I was making now. There would be no way that I could live comfortable and have my wife home with my kids for that. So I kindly passed on the offer and started at McDonald's as a consultant once again on January 7th.
I now work on the US Network team as a Server Engineer. The team manages the restaurant connectivity to the home office. We design solutions for all the restaurants in the US. I have been tasked to three projects. The main one is the Active Directory, then Restaurant Data Movement, and Restaurant Systems Management. RDM is using a custom built application to transfer data to and from the home office. RSM is incorporating SCCM and SCOM to manage the devices in the restaurants. You’ll hear my experiences with these projects and others as I continue my career path.
Enjoy!
My Life from 2004 and on.
Country Insurance - It all started long ago in a land far far away (Bloomington, IL). I was going to Illinois State University studying Computer Science/Telecommunications Management because I thought that I wanted to work with networking components. In my junior year I applied for a 9 Month internship at Country Insurance & Financial Services. Although they weren't taking networking interns, I decide to go for a Server Admin internship. Low and behold I got it and the pay wasn't bad at all. So, I start my internship in April of 2004 because they wanted me to start training with the old intern (Mike). To make a long story short, I try to soak up as much of information that I could within the time I was there. Just my luck, the intern that was going to be replacing me found another job at the last minute and so they asked me if I wanted to stay on until August. I said sure and continued to learn more.
State Farm - After sadly leaving there I thought I was able to go to school full time and finish up my education. That is until I got a phone call from Teksystems to inform me that they had a server position open at State Farm. So I bit. I started there in October working on the Server Hands-On Team (SHOT). In a few months I increased my salary by half and was now working for the largest insurance firm. At first, I really enjoyed it there. They had a 3 floor Datacenter that each floor was as large as a football field. Thousands and thousands of servers on each floor! When a new project was started we would install the servers by the rack full. But, one thing that I couldn’t get used to was doing the same thing everyday and not working on problems that would require a high level of skill. The people were great and the job fit right into my school schedule. I would work Friday though Monday and then have the rest of the week off to attend classes. Then all of a sudden came the big surprise, my wife was pregnant.
During that time my wife was going to school to be a Dental Hygienist in the Chicago South Suburbs while I was finishing up my school and now my job at State Farm. So I graduated in May of 2006 and my son was born on June 30th. After that, I informed State Farm that I will not be renewing my contract in October in order to be with my wife and soon to be baby boy. So after October I started a new Job at Oce.
Oce North America - The beginning of November was a new beginning for me. I moved back home, moved my wife and baby in, kicked my parents out (they actually moved to Michigan), and started a new job at Oce. Oce produced and sold large office printers and wide-format plotters. They are based out of the Netherlands and the Chicago office was the North American head quarters. I was hired on as a Wintel Engineer and my compensation doubled my last salary. I was stoked! I thought I was going to be rich and retire by 40 but, that did not become true. See, with a wife and kid there is a need to buy a house, a minivan, and with these comes bills and more bills. So, I noticed that as soon as I made the money it was already being spent. Thankfully though, my wife is now able to stay home with my son. At Oce I improve my skills and brought in some new ones. Here I was able to learn new things like Exchange, SQL, Dell hardware, Blackberry Enterprise Server, and improve my skills in Active Directory. I was able to learn some much because there were only 2 other guys (Sam and Pete) to share the work with. I had to learn fast. Remember, I went from a huge corporation where I was a small fish in a big pond to a 250 server environment with about 3 thousand users which was a lot of work for 3 guys. I also mastered the skill of having children because now my wife was pregnant again!!!
McDonald's Corp - Even though I learned a lot of stuff there, the company was making some drastic changes and I was a part of it. I actually was a contractor for Veritude and was contracted to CGI, the largest consulting firm in Canada, which then contracted me to their Oce account in the U.S. Yes I know, that was confusing to me as well. CGI was planning to take over Oce’s Infrastructure and Help Desk. At first, I was looked upon as the devil for taking these peoples jobs away but I soon felt just like an Oce employee whose job was on the chopping block. During this time I was like the only CGI employee there. In October, things started changing faster. CGI had finalized the contract with Oce and my 3-6month contract was turning into a year. I wanted so much to be hired on in a permanent position because of my family was growing larger. So the stress of driving an hour to work and not wondering what was coming next had taken its toll. I was on the verge of finding a new position that was closer to home. So I, and I am sure a lot others, were secretly conducting interviews with other potential employers. I interviewed with about 10 different companies. Two interviews that caught my attention were FTD the floral company and McDonald's Corporation. FTD had a very relaxed atmosphere and was only about ½ hour from my house. McDonald's Corporation was another large corporation but was about 40 minutes from my house. The guys at FTD thought that I did not have the skill set that they were looking for. I then went on site interview with McDonald's and in a few weeks I was accepted. So now the big decision had to be made. I told the guys I worked with and then my boss at CGI. My boss said that he’ll get an offer for me right away to be hired on. He then came back with about $20,000 less than what I was making now. There would be no way that I could live comfortable and have my wife home with my kids for that. So I kindly passed on the offer and started at McDonald's as a consultant once again on January 7th.
I now work on the US Network team as a Server Engineer. The team manages the restaurant connectivity to the home office. We design solutions for all the restaurants in the US. I have been tasked to three projects. The main one is the Active Directory, then Restaurant Data Movement, and Restaurant Systems Management. RDM is using a custom built application to transfer data to and from the home office. RSM is incorporating SCCM and SCOM to manage the devices in the restaurants. You’ll hear my experiences with these projects and others as I continue my career path.
Enjoy!
Subscribe to:
Posts (Atom)
