But making the job easier is a good thing, not bad. Its kind of a paradox but it really is part of every sysadmin's job to make himself unnecessary if possible. Its kind of like being a doctor. If you can say "You're all good, you don't need me anymore," that's a win. On 7/5/20 7:32 PM, billy.irwin@outlook.com wrote:
Hi Darragh,
I am sorry, but you made my point for me. If you can't make your on prem setup reliable and you want to pay MS to do it for you, then I think it is an easy way out. I've been doing this stuff for over 20+ years and I still don't see the need to do away with on prem environments. I do see the need for hybrid for DR purposes. Most admins I know that have shifted their stuff off site really don't do anything anymore. If we depend on AWS and MS to do all this for us we then will not be independent and able to take care of our organizations without big tech holding our hands. Saying that we wouldn't have to worry about security is not correct either. We just shift the blame. If I screw up making a system less secure it's my fault but if big tech does it oh well, we will just shift providers. Again, having a hybrid solution is one thing. I will never recommend an entire business rely on a cloud provider as I have worked for them and I believe it to be a rip off. Admins just don't want to take care of security, patching, and all the rest that comes with it including the physical hardware. We will just start to see less and less people with the knowledge to take care of that. We are going backwards at the end of the day like the days of dummy terminals and main frames.
Just how I see it. I can buy one exchange license and run that environment legally and efficiently and it run faster than Office 365.. It is over priced. I do own my own tenant and like it for what it is but it is better to have full control and ensure backups are made. Microsoft for example doesn't back your data up for you. If you loose your server instance you are screwed.
Nothing personal,
Best,
Billy
-----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: Sunday, July 5, 2020 19:44 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW
Billy, what a weird statement to make. That moving workloads to the cloud makes for lazy and incompetent IT people.
Moving workloads to the cloud is often a logical step. Especially where ADDS to Azure AD is concerned. Look at all of the support infrastructure that's been moved from on-prem to the cloud. Intune, ATP and Office365 remove the need for any infrastructure on prem for anti-virus, email, file hosting etc however anyone who thinks this makes a sys admins job easier frankly hasn't got a clue. It requires that the admin upskills in PowerShell as for any kind of large numbers, it's not practical to work in the web UI. Then Microsoft change and add features very regularlarly so keeping up with everything is nearly a job in itself! This kind of platform changes the focus from platforms and infrastructure to service delivery. It's often places different expectations on a sys admin as billing and resource usage now becomes very important. So if you know a job where I can become lazy and incompetent Because workloads are moving to the cloud, sign me up! Because if anything, the cloud gives me more work to do. Not less.
I just want to say that IAAS in the cloud isn't as interesting to me asSAAS and PAAS. That's why I have specifically called out Azure AD, Intune, Office365 and aTP. Think about it. There are no servers to administer when delivering these core services. To provide the same solution on-prem, you would needseveral servers for aDDS, SCCM, MBAM, SQL, SSRS and probably a bolt-on Anti virus application as well. And still you wouldn't have the unified UI provided by ATP. You would spent time worrying about patching, security, high availability, virtualization, disk arrays,SAN connectivity,storage pool allocation and all that kind of stuff that until now has been really interesting. But with this delivered as a service, we actually get to focus on what's important. Providing really high quality usability, reliability and security to our users. Instead of using something like federated AD or IdP for SSO, we just plug into Azure AD's SAML2 functionality and we let users drive where that takes us.
I spent weeks a few years ago configuring SCCM and MBAM. With Intune, I had it ready with comprehensive profiles and groups within a few days.
-----Original Message----- From: Billy Irwin <billy.irwin@outlook.com> Sent: Sunday 5 July 2020 6:35 p.m. To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW
Hi All,
It has been interesting over the last few years when it relates to the idea of moving AD off site vs keeping something in house. I worked for a company where we made the decision to bring it back in house. It was the best decision to do so. I personally think moving everything to a cloud provider with limited stuff on prem makes for lazy and incompetent I.T. people. I am now working for a large university where we are putting stuff in AWS which makes no sense to me at all when we have a 50,000 sq. ft. data center with everything we could ever need. We have 360 I.T. employees too. Just my $0.02
Best Regards,
Billy -----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: Sunday, July 5, 2020 10:25 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW
I'm using ADCS.
The conversation about moving off on-prem AD has begun. I'm the primary responsible for AD. I began looking at this in January 2019 but it's only recently that it seems to be viable.
The VPN is pulse. Formally owned by Juniper.
-----Original Message----- From: Andrew Hodgson <andrew@hodgson.io> Sent: Sunday 5 July 2020 1:58 p.m. To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW
Hi,
Thanks. What are you doing with certificates, are you using ADCS certs or doing something with LetsEncrypt or going self signed route? Our company has removed ADCS in prep for removing on-premise AD altogether (interesting decision imho).
In terms of the proxy server and VPN what are you using for these?
Thanks. Andrew.
-----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: 05 July 2020 13:53 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW
Yes. PowerShell remoting via HTTPS.
I have a proxy server set up that requires a VPN connection to gain access to it for additional security.
For servers in the same trust domain, the invoke command for short blocks is also fine.
-----Original Message----- From: Andrew Hodgson <andrew@hodgson.io> Sent: Sunday 5 July 2020 1:43 p.m. To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW
Hi,
I will be using PowerShell mostly in this environment as well as a few commands, the main reason I need to do this on another VM is I will be running SQL backups (using dacpacs) and moving them around to Azure SQL. If I did this on my machine I would end up having to download the files (over 100GB each) for manipulation.
When using PowerShell are you using PS Remoteing via HTTPS or something else?
Andrew.
-----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: 05 July 2020 13:33 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW
I've run on the old Windows 2016 VM's with 2GB RAM. I would frequently get out of memory errors especially when server manager opened. I think that was the A1. I have never had a problem with the D series.
I'm trying to encourage PowerShell and server core at the moment. -----Original Message----- From: Andrew Hodgson <andrew@hodgson.io> Sent: Sunday 5 July 2020 11:18 a.m. To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Azure Virtual Machines and JFW
Hi,
I need to do some heavy lifting with DB migrations in a few weeks and I want to run this on a VM in Azure using JFW with RDP. I haven't done this in a while as any Windows VM stuff I run uses DSC and outputs data out elsewhere or I can just test the web services etc without logging onto the box at all. When I last did this I had trouble starting JFW on some of the VMs and when contacting Sight and Sound (UK dealer) about this they believed the issue was because of lack of video RAM on the cheaper VMs.
Does anyone have any VM SKU they know JFW runs on ok? I will be keeping the VM stopped in most instances to reduce cost.
Thanks. Andrew. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- John G. Heim, jheim@math.wisc.edu 608-263-4189