Hi, I suspect the companies that don't move to the cloud offerings for products like Exchange will end up paying a huge premium. The minimum requirements for Exchange 2019 are huge now (120GB minimum memory I believe). For me I feel the cloud computing initiative has given me opportunities I wouldn't have had before. I could already see my career becoming fairly stale before moving to a Devops type role, mainly the fact I couldn't operate on my own in the datacentre and even though there are ways round this type of issue employers don't always want to see it. The tools and way I work now are very much usable with screen readers and are in demand by a lot of companies, though not always for the right reason. Especially now though with so many factors it is so important to have troubleshooting skills and can understand the different network layers. A typical example is a guy did a really good job writing automation to connect a bunch of VMs to a deployment server. |He couldn't work out why the deployment server wouldn't register the deployment agents, only after several days of troubleshooting was it discovered that when the vnet was set up no internal DNS servers were set up so the agent couldn't connect to the deployment server. Its key info like that which in my view is still gold no matter the platform. I do worry about IT shops ditching all their known tech for cloud alternatives which operate differently, Active Directory Domain Services being one huge example, AD offers so much in terms of authentication, account management, DNS etc, its easy to just replace it with Azure AD then realise you have lost a huge amount of internal infrastructure services that is still required, bearing in mind most businesses still use a large amount of on-prem style applications that use virtual machines, integrated Windows authentication etc. The other issue which keeps coming up is how to manage the sprawling network. Do you just ditch any idea of a network perimeter at all, or do you keep everything within a set of known IP addresses. Trying to do both usually ends up in tears. Lastly of course we have the whole communications and planning aspect. I see a lot of cloud based people like me potentially look down on infrastructure type roles or not explain fully the benefits of running systems in the way we do, which leads to conflicts between older style infrastructure and newer style cloud based roles. This can lead to really silly situations when one half of the business is trying to remove on-prem services such as AD and go cloud based, when the other half starts a major SCCM deployment. That is just one example, but I have seen it so many times now. Andrew. -----Original Message----- From: Billy Irwin <billy.irwin@outlook.com> Sent: 06 July 2020 14:09 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW Hi John, I do partially agree with that. However we will loose jobs to only big tech thus companies will be held hostage to what has already proven to be a corrupt industry. I just can't get on board with out sourcing in our industry. We can work smarter and not harder, but we don't need the cloud to be the end all be all. With more and more locations providing access to fiber connectivity, you can do some amazing low cost things to both save money and time. Most businesses I've been to recently, have to have appliances on prem to backup their AWS/365 data. If your network is down nothing works. Bank of America is a prime example of this. Their CIO stated they will not our source nor move anything to the cloud. Kindly, Billy -----Original Message----- From: John G. Heim <jheim@math.wisc.edu> Sent: Monday, July 6, 2020 08:53 To: blind-sysadmins@lists.hodgsonfamily.org Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW But making the job easier is a good thing, not bad. Its kind of a paradox but it really is part of every sysadmin's job to make himself unnecessary if possible. Its kind of like being a doctor. If you can say "You're all good, you don't need me anymore," that's a win. On 7/5/20 7:32 PM, billy.irwin@outlook.com wrote:

Hi Darragh,

I am sorry, but you made my point for me. If you can't make your on prem setup reliable and you want to pay MS to do it for you, then I think it is an easy way out. I've been doing this stuff for over 20+ years and I still don't see the need to do away with on prem environments. I do see the need for hybrid for DR purposes. Most admins I know that have shifted their stuff off site really don't do anything anymore. If we depend on AWS and MS to do all this for us we then will not be independent and able to take care of our organizations without big tech holding our hands. Saying that we wouldn't have to worry about security is not correct either. We just shift the blame. If I screw up making a system less secure it's my fault but if big tech does it oh well, we will just shift providers. Again, having a hybrid solution is one thing. I will never recommend an entire business rely on a cloud provider as I have worked for them and I believe it to be a rip off. Admins just don't want to take care of security, patching, and all the rest that comes with it including the physical hardware. We will just start to see less and less people with the knowledge to take care of that. We are going backwards at the end of the day like the days of dummy terminals and main frames.

Just how I see it. I can buy one exchange license and run that environment legally and efficiently and it run faster than Office 365.. It is over priced. I do own my own tenant and like it for what it is but it is better to have full control and ensure backups are made. Microsoft for example doesn't back your data up for you. If you loose your server instance you are screwed.

Nothing personal,

Best,

Billy

-----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: Sunday, July 5, 2020 19:44 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW

Billy, what a weird statement to make. That moving workloads to the cloud makes for lazy and incompetent IT people.

Moving workloads to the cloud is often a logical step. Especially where ADDS to Azure AD is concerned. Look at all of the support infrastructure that's been moved from on-prem to the cloud. Intune, ATP and Office365 remove the need for any infrastructure on prem for anti-virus, email, file hosting etc however anyone who thinks this makes a sys admins job easier frankly hasn't got a clue. It requires that the admin upskills in PowerShell as for any kind of large numbers, it's not practical to work in the web UI. Then Microsoft change and add features very regularlarly so keeping up with everything is nearly a job in itself! This kind of platform changes the focus from platforms and infrastructure to service delivery. It's often places different expectations on a sys admin as billing and resource usage now becomes very important. So if you know a job where I can become lazy and incompetent Because workloads are moving to the cloud, sign me up! Because if anything, the cloud gives me more work to do. Not less.

I just want to say that IAAS in the cloud isn't as interesting to me asSAAS and PAAS. That's why I have specifically called out Azure AD, Intune, Office365 and aTP. Think about it. There are no servers to administer when delivering these core services. To provide the same solution on-prem, you would needseveral servers for aDDS, SCCM, MBAM, SQL, SSRS and probably a bolt-on Anti virus application as well. And still you wouldn't have the unified UI provided by ATP. You would spent time worrying about patching, security, high availability, virtualization, disk arrays,SAN connectivity,storage pool allocation and all that kind of stuff that until now has been really interesting. But with this delivered as a service, we actually get to focus on what's important. Providing really high quality usability, reliability and security to our users. Instead of using something like federated AD or IdP for SSO, we just plug into Azure AD's SAML2 functionality and we let users drive where that takes us.

I spent weeks a few years ago configuring SCCM and MBAM. With Intune, I had it ready with comprehensive profiles and groups within a few days.

-----Original Message----- From: Billy Irwin <billy.irwin@outlook.com> Sent: Sunday 5 July 2020 6:35 p.m. To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW

Hi All,

It has been interesting over the last few years when it relates to the idea of moving AD off site vs keeping something in house. I worked for a company where we made the decision to bring it back in house. It was the best decision to do so. I personally think moving everything to a cloud provider with limited stuff on prem makes for lazy and incompetent I.T. people. I am now working for a large university where we are putting stuff in AWS which makes no sense to me at all when we have a 50,000 sq. ft. data center with everything we could ever need. We have 360 I.T. employees too. Just my $0.02

Best Regards,

Billy -----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: Sunday, July 5, 2020 10:25 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW

I'm using ADCS.

The conversation about moving off on-prem AD has begun. I'm the primary responsible for AD. I began looking at this in January 2019 but it's only recently that it seems to be viable.

The VPN is pulse. Formally owned by Juniper.

-----Original Message----- From: Andrew Hodgson <andrew@hodgson.io> Sent: Sunday 5 July 2020 1:58 p.m. To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW

Hi,

Thanks. What are you doing with certificates, are you using ADCS certs or doing something with LetsEncrypt or going self signed route? Our company has removed ADCS in prep for removing on-premise AD altogether (interesting decision imho).

In terms of the proxy server and VPN what are you using for these?

Thanks. Andrew.

-----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: 05 July 2020 13:53 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW

Yes. PowerShell remoting via HTTPS.

I have a proxy server set up that requires a VPN connection to gain access to it for additional security.

For servers in the same trust domain, the invoke command for short blocks is also fine.

-----Original Message----- From: Andrew Hodgson <andrew@hodgson.io> Sent: Sunday 5 July 2020 1:43 p.m. To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW

Hi,

I will be using PowerShell mostly in this environment as well as a few commands, the main reason I need to do this on another VM is I will be running SQL backups (using dacpacs) and moving them around to Azure SQL. If I did this on my machine I would end up having to download the files (over 100GB each) for manipulation.

When using PowerShell are you using PS Remoteing via HTTPS or something else?

Andrew.

-----Original Message----- From: Darragh Ó Héiligh <d@digitaldarragh.com> Sent: 05 July 2020 13:33 To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Re: Azure Virtual Machines and JFW

I've run on the old Windows 2016 VM's with 2GB RAM. I would frequently get out of memory errors especially when server manager opened. I think that was the A1. I have never had a problem with the D series.

I'm trying to encourage PowerShell and server core at the moment. -----Original Message----- From: Andrew Hodgson <andrew@hodgson.io> Sent: Sunday 5 July 2020 11:18 a.m. To: Mailing list for blind system administrators <blind-sysadmins@lists.hodgsonfamily.org> Subject: [Blind-sysadmins] Azure Virtual Machines and JFW

Hi,

I need to do some heavy lifting with DB migrations in a few weeks and I want to run this on a VM in Azure using JFW with RDP. I haven't done this in a while as any Windows VM stuff I run uses DSC and outputs data out elsewhere or I can just test the web services etc without logging onto the box at all. When I last did this I had trouble starting JFW on some of the VMs and when contacting Sight and Sound (UK dealer) about this they believed the issue was because of lack of video RAM on the cheaper VMs.

Does anyone have any VM SKU they know JFW runs on ok? I will be keeping the VM stopped in most instances to reduce cost.

Thanks. Andrew. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org

-- John G. Heim, jheim@math.wisc.edu 608-263-4189 _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org