Loading...
 

General documentation writing concepts, including structure, mechanics and language.

Structure

  • Descriptive Title – The title should be descriptive and include common search terms based on the subject of the document.
  • Introduction – A summary of the procedure, including context of the procedure, a high level purpose of the process and the technology involved.
  • Prerequisites – What needs to be in place before starting the procedure? What is needed to allow the procedure to be completed without disrupting the flow of the procedure?
  • Procedure – Document all steps needed to complete the procedure.

Mechanics

Mechanics can help with the readers’ understanding of the document.

  • Screenshots – Screens provide visual ques and context for steps of the process. Use tight screenshots, only including the part of the screen that is focus of the step or process. Do not capture the whole screen.
  • Related Assets – If a step or process is related to another asset (document, configuration, password, user, etc.) include a link to that other asset. This provides both context to the process and allows for quick access to the other asset. Relationships are bi-directional, meaning that a user can move between assets, from a process to a configuration, or from a configuration to a related process. For example, Creating an Active Directory User, linking the steps of the process to an organization AD server, provides information on where to create the user, and when viewing a server knowledge of what services / functions that server provides.
  • Bold Text – Use Bold Text to form onscreen buttons or text to help differentiate them from the rest of the text in a given step or procedure. This allows for text to be skimmed, and a user can quickly find links, text, or buttons that are needed for a process.
  • Italicized Text – Use Italicized Text for examples to also help differentiate them from the rest of the text.

Language

  • Audience – Who will be reading the document? Knowing your audience will help determine if and what jargon, acronyms or slang can / should be used.
  • Assumptions – Document assumptions should be added to the Prerequisites section of the document.
  • Brief – Keeps the steps short, clear and precise.
  • Avoid Time-Sensitive Information – Use job roles instead of an individual’s name, for example.

Reference

Chocolatey Package Manager for Windows

Chocolatey - Package Manager for Windows

“Chocolatey is a package manager for Windows (like apt-get or yum but for Windows). It was designed to be a decentralized framework for quickly installing applications and tools that you need. It is built on the NuGet infrastructure currently using PowerShell as its focus for delivering packages from the distros to your door, err computer.” - https://chocolatey.org/about

Chocolatey provides an easy to use process to install common applications. For Microsoft Windows System Administrators, it is a tool to install applications used on a daily basis, such as Git, Python 2 and 3, Java JRE, Notepad++, Putty, Sysinternals and FileZilla.

Requirements

  • Windows 7+ / Windows Server 2003+
  • PowerShell v2+
  • .NET Framework 4+ (the installation will attempt to install .NET 4.0 if you do not have it installed)

Installing Chocolatey with PowerShell

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

Git - Version Control

“Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.” - https://git-scm.com/

Git is needed to access countless public PowerShell and Python repositories on (Microsoft) GitHub. Git is used to manage Infrastructure-as-Code scripts and configuration files for both cloud and on-prem systems, for example Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Microsoft Office 365, Windows PowerShell Desired State Configuration, etc. Git is must have in any System Administrator’s toolbox.

Installing Git with Chocolatey

choco install git

Python - Programming Language

“Python is a programming language that lets you work quickly and integrate systems more effectively.” - https://www.python.org/

Python is a general purpose programming language that can be used by System Administrators to manage cloud services, such as Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Installing Python with Chocolatey

Python 2:
choco install python2
Python 3:
choco install python

Sysinternals

"The Sysinternals Troubleshooting Utilities have been rolled up into a single suite of tools.
This file contains the individual troubleshooting tools and help files.
It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault." - https://chocolatey.org/packages/sysinternals

Installing Sysinternals with Chocolatey

choco install sysinternals

Azure CLI

“The Azure CLI 2.0 is a command-line tool providing a great experience for managing Azure resources. The CLI is designed to make scripting easy, flexibly query data, support long-running operations as non-blocking processes, and more.” - https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest

Installing Azure CLI with Chocolatey

choco install azure-cli

Azure PowerShell

“Azure PowerShell provides a set of cmdlets that use the Azure Resource Manager model for managing your Azure resources.” - https://docs.microsoft.com/en-us/powershell/azure/overview?view=azurermps-6.7.0

Installing Azure PowerShell with Chocolatey

choco install azurepowershell


Chocolatey makes installing these and other System Administrator tools easy.

Monitoring Amazon Web Services (AWS) - AWS CloudTrail

Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.” (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

CIS Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

"Deficiencies in security logging and analysis allow attackers to hide their location, malicious software, and activities on victim machines. Even if the victims know that their systems have been compromised, without protected and complete logging records they are blind to the details of the attack and to subsequent actions taken by the attackers. Without solid audit logs, an attack may go unnoticed indefinitely and the particular damages done may be irreversible." (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

"Sometimes logging records are the only evidence of a successful attack. Many organizations keep audit records for compliance purposes, but attackers rely on the fact that such organizations rarely look at the audit logs, and they do not know that their systems have been compromised. Because of poor or nonexistent log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing, even though the evidence of the attack has been recorded in unexamined log files." (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

CloudTrail

“AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.” (https://aws.amazon.com/cloudtrail/)

Introduction

Creating a trail for all AWS regions, storing the logs in AWS Simple Storage Service (S3) and encrypting the logs using AWS Key Management Service (KMS).

Requirements

  • An AWS Account
  • An AWS user, preferably not the Root User, with access to AWS CloudTrail, S3, KMS, etc.

Instructions

Creating a Trail - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html

References

The NIST Definition of Cloud Computing

"Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models." - https://csrc.nist.gov/publications/detail/sp/800-145/final

Consistency Is the Hobgoblin of Little Minds

"As with most things, context matters, which is what makes this quote inappropriate almost everywhere I see it used. In the context of IT, with consistency, a great soul can trade meaningless & soul-crushing work for important & strategic tasks, moving their organization forward rather than struggling just to keep up." - https://lonesysadmin.net/2017/10/25/consistency-is-the-hobgoblin-of-little-minds/

IETF and RFCs

The Internet Engineering Task Force (IETF)

The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual. The IETF Mission Statement is documented in RFC 3935.1

Request for Comments (RFC)

A Request for Comments (RFC) is a type of publication from the Internet Engineering Task Force (IETF) and the Internet Society (ISOC), the principal technical development and standards-setting bodies for the Internet.

An RFC is authored by engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. It is submitted either for peer review or simply to convey new concepts, information, or (occasionally) engineering humor. The IETF adopts some of the proposals published as RFCs as Internet Standards.

Request for Comments documents were invented by Steve Crocker in 1969 to help record unofficial notes on the development of ARPANET. RFCs have since become official documents of Internet specifications, communications protocols, procedures, and events.2

References

The IETF Mission Statement - https://www.ietf.org/rfc/rfc3935.txt
Request for Comments (RFC) - https://www.ietf.org/rfc.html
RFC Index - https://www.rfc-editor.org/rfc-index.html

Books

2 Request for Comments. (2017, June 26). In Wikipedia, The Free Encyclopedia. Retrieved 19:13, July 29, 2017, from https://en.wikipedia.org/w/index.php?title=Request_for_Comments&oldid=787685236

Kaizen, Kanban, Lean, DevOps, Software Development, Deming

Kaizen

The Japanese word kaizen simply means "change for better", with no inherent meaning of either "continuous" or "philosophy" in Japanese dictionaries or in everyday use. The word refers to any improvement, one-time or continuous, large or small, in the same sense as the English word "improvement". However, given the common practice in Japan of labeling industrial or business improvement techniques with the word "kaizen", particularly the practices spearheaded by Toyota, the word "kaizen" in English is typically applied to measures for implementing continuous improvement, especially those with a "Japanese philosophy". 1

Kanban

Kanban is an approach to process change for organizations which uses visualization with a kanban board, allowing a better understanding of work and workflow. It advises limiting work in progress, which reduces waste from multitasking and context switching, exposes operational problems and stimulates collaboration to improve the system. Kanban is rooted in two sets of principles, for change management and service delivery, which emphasize evolutionary change and customer focus. The method does not prescribe a specific set of steps, but starts from existing context and stimulates continuous, incremental and evolutionary changes to the system. It aims to minimize resistance to change to facilitate it.

Kanban focuses on the customer and work which meets their needs, rather than individuals' activities. Kanban has six general practices: visualization, limiting work in progress, flow management, making policies explicit, using feedback loops, and collaborative or experimental evolution. They involve seeing the work and its process and improving the process, keeping and amplifying useful changes and learning from, reversing and dampening the ineffective.2

Reading List

  • Difference between Agile and Lean
  • The Toyota Way: 14 Management Principles from the World's Greatest Manufacturer - The Toyota Way reveals the management principles behind Toyota's worldwide reputation for quality and reliability. Dr. Jeffrey Liker, a renowned authority on Toyota's Lean methods, explains how you can adopt these principles - known as the "Toyota Production System" or "Lean Production" - to improve the speed of your business processes, improve product and service quality, and cut costs, no matter what your industry.
  • The Deming Management Method - Whether you are the owner of your own small business, a middle manager in a mid-sized company, or the CEO of a multinational, this book aims to show you how to improve your profits and productivity, following the principles of the Deming management method.
  • The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win - Learn how to recognize problems that happen in IT organizations; how these problems jeopardize nearly every commitment the business makes in Development, IT Operations, and Information Security; and how DevOps techniques can fix the problem to help the business win.
  • The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations - Increase profitability, elevate work culture, and exceed productivity goals through DevOps practices. More than ever, the effective management of technology is critical for business competitiveness. This non-fiction follow-up to The Phoenix Project shows leaders how to replicate these incredible outcomes, by demonstrating how to integrate Product Management, Development, QA, IT Operations, and Information Security to elevate your company and win in the marketplace.
  • Implementing Lean Software Development: From Concept to Cash - In 2003, Mary and Tom Poppendieck's Lean Software Development introduced breakthrough development techniques that leverage Lean principles to deliver unprecedented agility and value.

1 Kaizen. (2017, July 1). In Wikipedia, The Free Encyclopedia. Retrieved 14:16, July 7, 2017, from https://en.wikipedia.org/w/index.php?title=Kaizen&oldid=788434516
2 Kanban (development). (2017, June 21). In Wikipedia, The Free Encyclopedia. Retrieved 14:40, July 7, 2017, from https://en.wikipedia.org/w/index.php?title=Kanban_(development)&oldid=786767251

Microsoft Active Directory for SysAdmins

Active Directory (AD)

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. Starting with Windows Server 2008, however, Active Directory became an umbrella title for a broad range of directory-based identity-related services.

A server running Active Directory Domain Services (AD DS) is called a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user. Also, it allows management and storage of information, provides authentication and authorization mechanisms, and establishes a framework to deploy other related services: Certificate Services, Federated Services, Lightweight Directory Services and Rights Management Services.1

Terms / Concepts

Authentication, in AD terms, is the act of proving that you are who you say you are. This happens once when you first log on in the morning. You come in, boot up your machine, type in your logon name and password, and then you can get to your data.2

Authorization is the act of granting users appropriate access to resources—such as file shares, databases, applications, and mailboxes—once they’ve authenticated themselves to Active Directory. The concept of authorization is simply one of proving you have permission to do something.Error: Empty footnote

The forest is the whole of your Active Directory. It can contain one or more domains arranged in trees (that’s why it’s called a forest). The forest is named after the first domain created in the forest (known as the root domain, which can’t be changed).Error: Empty footnote

A domain is a container for the objects you’ll work with—users, computers, groups, and so on.Error: Empty footnote

An organizational unit (OU) is a container within a domain that can be used to hold user, computer, group, and other OU objects.Error: Empty footnote

Domains are inflexible objects, and reorganizing the domains in a forest is a major undertaking. In contrast, reorganizing the OUs (and their contents) within a domain is a relatively straightforward matter.Error: Empty footnote

Resources

  • Understanding Active Directory - This course provides students an introduction to Active Directory server roles in Windows Server. The course is intended for entry level students who want to get familiar with the Active Directory server roles and their basic functionality.

1 Active Directory. (2017, June 26). In Wikipedia, The Free Encyclopedia. Retrieved 02:04, July 6, 2017, from https://en.wikipedia.org/w/index.php?title=Active_Directory&oldid=787584651
2 Siddaway, Richard. Learn Active Directory Management in a Month of Lunches. Shelter Island, NY: Manning Publications, 2014. Print.

Linux Terminal and Windows PowerShell Commands

This will be an on-going post, with updates as needed..

TaskLinux TerminalWindows PowerShell
Get help man {command} Get-Help {cmdlet}
Get a directory listing ls -al Get-ChildItem
Create a user (local) adduser New-LocalUser
List system processes ps -ef Get-Process
Search for a file find / -name MyFile.txt Get-ChildItem C:\MyFolder -name -recurse MyFile.txt
Get network information ifconfig -a Get-NetIPConfiguration
Restart the system reboot Restart-Computer
Shutdown the system halt Stop-Computer
Edit a file vi, pico, nano notepad, edit


PowerShell Aliases
Microsoft was kind enough to alias PS cmdlets using common Linux / Unix commands:

PowerShell Cmdlet Alias
Get-Help man
Get-ChildItem ls
Get-Process ps

  • «
  • 1 (current)
  • 2