Category Archives: other

Twitter For Mac

Twitter just announced (via a tweet of course) that the native Mac app is officially dead and they will be moving an “experience that’s consistent across platforms”.

Well that’s great. The Twitter for Mac app has been a crap app for years, not really supported (slow up to be updated and I would say a lack of meaningful updates when it is actually updated. It’s basically a piece of crap. I’ve been a loyal Tweetbot user since almost day of using Twitter. Twitterific is pretty awesome too. I highly recommend either one. Both don’t display the nasty in-line ads in the recently deceased Mac app and they both sync timeline position with their iOS counterpart (if you care about such things; I do 😀).

Try either one out, I’m sure you’ll find yourself actually liking Twitter again.

Update:  Twitterific is on sale.  Get it now!

https://itunes.apple.com/us/app/twitterrific-5-for-twitter/id1289378661?mt=12

WWDC 2016 Prediction

Everyone these days has a WWDC prediction. New hardware, Xcode for IOS, OS X getting renamed to mac OS, the list goes on and on.

So here’s my quick prediction.

Apple recently announced subscription pricing across all of the App Stores. So what better way to lead the change than to move all of thier professional apps over to a subscription? Logic & Final Cut on a subscription from the Mac App Store! You heard it here first!

Desktop Central Forwarding Agent

Desktop Central has the ability to manage smartphones via the standard MDM APIs. It can do much of the same things any MDM solution can offer, and if you already have it in place for employee computers you might be interested in using it for your MDM solution as well.

One of the optional components is simply called the Desktop Central Forwarding Server. You install this on a server in your DMZ, open a few ports between it and the internal Desktop Central server, a few ports between it and the Internet, and your mobile devices can be managed when not on the internal network. All without exposing your Desktop Central server to the Internet. However, there is one key step that isn’t clearly explained in the documentation.

There is a step when you install the Fowarding Server that you need to to copy over a couple encrpytion keys from Desktop Central for the installer to import. You also need to generate Apple MDM certificates from apple.com and import those into Desktop Central. The first step is so the traffic between the Forwarding Server and Desktop Central is encrypted and you don’t run into any issues with the Forwarding Server complaining about not trusting the Self Signed Certs on Desktop Central. The certs from Apple that get imported into Desktop Central are to allow Desktop Central to be able to manage iOS devices (send push notifications, remotely lock and wipe the device, etc). However, if you import the files from Desktop Central to the Forwarding Server and then import the Apple certs you will break the connection between Desktop Central and the Forwarding Server. It is critical that you import the Apple certs to Desktop Central first, and then copy Desktop Central’s keys over to the Forwarding Server. Otherwise you end up stuck on an extremely unhelpful error message when trying to enroll an iOS device remotely. The exact error you get is:

** PROFILE INSTALLATION FAILED**

Profile Failed To Install

With no explanation as to why that is happening.

Make sure you do the certs in the order specificed above. Your day will go a lot smoother if you do.

Release Notes & Patches

It’s been a while since I’ve posted to the blog. I had (and have) aspirations of writing here on a regular basis, not every day but certainly more often than I have been lately. I don’t have time to post every day (or multiple times a day) about news happening in the Sysadmin part of the world. There are better sites out there for that type of thing, this site doesn’t need to replicate work that already being done better elsewhere.

I want to focus more on longer/better but less frequent articles. I want to continue writing posts more like the Unifi post. This one is about the importance of reading release notes for all the bits of software sysadmins are responsible for in a modern datacenter.

I just finished a major software upgrade for my company’s production VMware cluster. It was running vSphere 5.5 xxxx and needed to be upgraded to 5.5 update 3, both to address a bug we were experiencing at the version we were at but to also get the wide range of security fixes that had been patched between the two builds. Seems simple enough, right? I mean just login to the vSphere client, connect to the vSphere Update Manager and go to town.

Not so much. I’ve got an approved maintenance window of 3 hours a week, same 3 hours every Thursday. The business knows that’s the time upgrades happen, but everything needs to be back in a running state before 10 PM. I can’t get all of this done in one 3 hour block, so things need to be kept happy and running between maintenance windows.

Besides vSphere, I also needed to account for the following:

  • Trend Micro Deep Security
    • Has various hooks into each host in order to be able to inspect and product the guest VMs. Needs to support both the existing ESXi build as well update 3. Also needed to confirm that the new version of DSM would work with the existing appliances since they could only be upgraded as each host was upgraded in turn.
      -vShield Networking and Security
    • Needed upgraded to address bugs, etc but also needs to be upgraded to a version that is supported by Deep Security, the version of ESXi I was currently running, as well as the version of ESXi I would be going to.
  • Nutanix Controller VMs (NOS)
    • Although there were no known issues at the time of update 3a’s release, I waited approximately 2 weeks for Nutanix to do internal QA with their code and Update 3a to ensure there were no tricky gotchas waiting for me. That’s great because that’s one less thing I need to worry about and it isn’t like I didn’t have a couple maintenance windows worth of other updates that needed to be applied for prior to rolling out the update hypervisor anyway.
  • Horizon View Desktops
    • Needed to upgrade to a version of Horizon View that supported both the current build of ESXi I was on as well as the Update 3a. The VMware Product Interoperability listed no such version. I had to open a ticket with VMware support to verify which build of View I should go to. The matrix has since been updated to show version 6.1.1 was the magic build for me.

After a lot of checking, double checking, and note taking I had a comprehensive set of steps in Omnifocus that would result in an updated cluster that could be completed in chunks spread across several weeks with no downtime outside of the Thursday night maintenance window.

That process was:

  • Upgrade vShield Network
  • Update Deep Security Manager
  • Upgrade vCenter Server Appliance
  • Upgrade Horizon View Connection Server
  • Upgrade Nutanix Controller software
  • Begin updating the hypervisor on each host, one at a time.
    • Pick first host
      • Put host in maintenance mode
        • Upgrade vShield Endpoint Driver
        • Upgrade Trend Micro Filter Driver
        • Upgrade physical NIC drivers for ESXi (update needed)
        • Reboot
        • Remove old Trend Micro appliance
        • Provision new Trend Micro appliance
        • Apply vSphere updates
        • Reboot
        • Exit maintenance mode
    • Verify Nutanix Controller services restarted and rejoined the cluster
  • Repeat for additional hosts

I was lucky. I managed to just barely squeak by without needing to do multiple updates of a single product to get up to date. If I had waited much longer, I’d have had to upgrade vSphere partway, upgrade View, then upgraded vSphere the rest of the way, then finish updating View.

I’ve got resources in the cluster such that we can continue to run at 100% load with one host out of the cluster. I could power off test VMs and other non-critical servers to free up resources so that more than one host could be down at a time. But at the end of the day, I decided that the time savings from jumping through all the hoops to be able to reboot multiple hosts at once would likely be the same as if I just took down one host a time and vMotion’d everything around. In the end, I just did it one host a time. To get everything updated and make it through two reboots of a physical server (rebooting a VM has us all so spoiled, such a fast reboot cycle versus booting a physical server) took about an hour each. I ended up doing two hosts (back to back) in a maintenance window, so it took a few weeks to get everything done.

In news that will come as a shock to absolutely no one who reads a Sysadmin blog, before I got all my hosts upgraded to the latest and greatest build…….a new round of patches was released. Don’t get me wrong, bugs need fixed and security holes need patched. I’m glad to receive improvements and updates. I just need to not let it go so long between update cycles. It makes it a real pain to get it all sorted out.

Ghost

It’s been a while since I’ve posted last, but things have been changing behind the scenes at the site. Yep, yet another CMS and hosting provider change.

I’ll have a more indepth post later, but for the time being if you get a SSL certificate error, it’s because of moving the site and I haven’t got everything updated yet (Yay for working from guest wifi while your car is being worked on). 🙂

Installing Plex on a VPS

Plex is a great piece of software, if you’ve never heard it before think of it as an easy to use service that runs on a computer at home that streams just about any format of audio/video to a smart TV, Apple TV, Roku, or modern console. You can even easily configure it so that your iOS device can stream content from your media server across the Internet. Perfect!

However, maybe your home Internet upload speed is not very good. Or you have a data cap. Or you are trying to upload a massive amount of data to Amazon or Backblaze for backups and you don’t need to make that process even slower by using precious upload bandwidth for Plex. This site is hosted on a VPS instance with way more disk space than I need for a small blog, so I’ve plenty of disk space and bandwidth to stream my music from that instead of my from my home computer.

First of all, it’s as simple as downloading the .deb file from Plex’s site and following the simple install instructions to get the service installed. Really the one and only hiccup I ran into (and the reason I decided to write this blog post about it) is that once you’ve installed the service it is expecting you to configure it by visiting http://localhost:32400/web. However it’s a command line only Linux environment and Lynx doesn’t get the job done (I tried).

After much Googling, all I could find was references to using ssh to setup a tunnel and changing your browser’s proxy setting so that the Plex service thought you were accessing it from the local machine. That was, in my experience, a bunch of crap and never worked. Eventually I found a forum post that simply said to edit the Plex config file that restricted the initial setup to only happen from the local host. A quick trip to https://www.whatismyip.com and a quick edit in vi, and I was in business.

Here’s all you have to do:

  • Change into /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/
  • Edit the Preferences.xml file
  • There should be two lines, the second line is very long. It starts with Preferences in brackets.
    • After that tag, add the following:
      • allowedNetworks=”your.ip.address.here/your.subnet.mask.here”
  • For example, you’d put allowedNetworks=”1.2.3.4/255.255.255.255″
  • Save the file, restart the Plex service, and POOF! You can now login and configure the server via http://server-ip-address:32400/web

After you configure the service, be sure you remove the “allowedNetworks” tag from the XML file and restart the service.

And You Think You Have Legacy Systems To Support?

The NYC Metro system is upgrading the systems that controls the NYC subway system.  There’s a video over at Laughing Squid that details it all much better than I can in blog post, you should check it out.  Just be sure and remember this the next time you are feeling sorry for yourself with your last remaining Windows 2003 server.  🙂