System Administration Archives

What is Zero Trust?

July 16, 2024 by Bob Plankers

Zero Trust means “trust no device and trust no user.” It constantly re-evaluates access for every user and system. All devices and user identities undergo continuous multifactor verification. This approach enhances security by minimizing the attack surface and reducing the impact of potential breaches. Zero Trust acknowledges that threats can originate from both inside and outside the network perimeter. Infrastructure services often differ because they must run and connect when no other services are available. Infrastructure software like VMware vSphere uses features such as Secure Boot, Trusted Platform Modules, VIB signing and verification, and host attestation. These features build assurances that the infrastructure can be trusted in its current configuration. …

VMware vSphere Patching Best Practices

July 16, 2024July 15, 2024 by Bob Plankers

Midjourney AI depiction of a metamorphosis and change, a painting of hundreds of butterflies fluttering in blue, orange, red, and yellow

Patching and updating VMware vSphere 8 is a LOT easier than it used to be, and has a lot less risk with the advent of vCenter Reduced Downtime Update and the creation of an internal LVM snapshot on the VCSA. That said, this is a collection of some VMware vSphere “patching best practices” that tend to make patching a smoother and more successful experience. Some of these ideas seem obvious, but in large environments things change without proper communications to downstream teams. When you assume nothing, and verify things before proceeding, you have a much more successful experience. Preparation Ensure Access to VCSA Root and SSO Administrator Accounts Ensure that …

Delete Files With Special Characters

May 10, 2024May 9, 2024 by Bob Plankers

Midjourney-generated image of a man standing in water looking at a city skyline with stars above

I use SecureCRT for my terminal application, partly because it supports native zmodem transfers, and that makes moving files back and forth between my desktop super easy (if you have lrzsz installed you can just “sz filename.txt” to send something over). Occasionally, though, the transfer aborts and the shell vomits things to files with special characters in their names, like: $ ls -rw-r–r–. 1 plankers plankers 0 May 9 14:00 ”$’\326”y’$’\342”[‘$’\305”X’ -rw-r–r–. 1 plankers plankers 0 May 9 14:00 ”$’\370\343”4’$’\361′ How do you deal with files with special characters? There are a number of tricks that work: The inode number method is super easy to use if you have shell …

Easy Dell PowerEdge Firmware Updates

May 10, 2024May 7, 2024 by Bob Plankers

With all the CPU and other hardware vulnerabilities present in modern servers it’s very important to keep your Dell firmware updated. Various operating systems, like VMware ESXi, Linux, and Microsoft Windows ship CPU microcode with their OSes, but that only updates the CPUs. There are still other vulnerabilities that exist, like in the Intel Management Engines, memory controllers, UEFI firmware, and so on that if left unpatched present an opportunity for attackers. I dislike complexity. A lot. Adding more tools to an environment in order to do a job, like managing Dell firmware updates on servers, also adds complexity. Thankfully, on Dell PowerEdge servers there are a couple of approaches …