Twitter
Wednesday
Nov212012

How To Securely Access Your Windows Home Computer–pt2

In part one I showed you how to setup Bitvise to allow you to make a secure connection to a computer over SSH. That is a great start but now you need to be able to access that machine from anywhere. You could use the IP address of the computer if it was directly connected to your cable/DSL modem, but the chances are that you have everything sitting behind a router and so there is a little extra configuration that you need to do.

 

Configuring your router to forward port requests

The process will differ for various routers but the same process needs to be performed whatever the model. You will need to setup port forwarding to the computer on your home network that Bitvise is configured and listening on.

I’m using a Cisco router and that’s what I will use in this example.

  • Firstly, grab the IP address of your computer by running ipconfig. Keep this handy.
  • Now login to your router and look for a setting for port forwarding. On my router that is under Applications & Gaming.
  • Add a new external port on 22 and an internal port 22 and set the IP address to the one you grabbed before
  • Enable the port and save the settings

Below you can see how I have Bitvise on port 22 forwarded to the internal IP 192.168.1.127

image

Hint: if you have multiple home machines that you would like to connect to you could setup different external ports that point to port 22 on different internal IP addresses

 

While you have the router options open go to the status page and note your Internet IP Address. This is the IP that you will use for connecting over the internet (it is possible, for a small cost, to use a dynamic dns service to manage this for you, that’s an optional step I will cover later).

 

Testing your Bitvise connection over the internet

As in part 1, open up your Bitvise client on another machine. This time use the Internet IP Address you captured earlier as the Host entry.

Your connection should work just as before. If it does not work double check the Internet IP Address and ensure that you enabled the port on your router.

 

Using Remote Desktop over SSH

Now that everything is setup with Bitvise and you can make a SSH connection over the internet it is time to get Remote Desktop up and running.

Open up Control Panel – System and Security – System – Advanced system settings and set your computer to allow Remote Desktop connections. By default administrators will be allowed access, if you want to grant access to another user just hit the Select Users… button and add them.

image

 

By default Remote Desktop will listen on port 3389, unless you are comfortable messing around with this stuff I do not recommend changing it.

Now open up your Bitvise client and go over to the C2S tab to enable Client to Server Port Forwarding. Here you will add a local port for listening and the remote port that you home computer is listening on.

Note: your listening port cannot be 3389 if you already have your client computer setup for Remote Desktop connections

Here I like to use port 13389 for the listener port and we set the destination port to be 3389 for the Remote Desktop on the remote computer side.

image

 

Now connect again and once the connection is made open up Remote Desktop and use 127.0.0.1:13389

image

 

Now your connection should be made and you are good to go. Remote access to a home Windows machine from anywhere.

 

Shortcut – Opening Remote Desktop

If you don’t want to go through the hassle of opening Remote Desktop every time why not let Bitvise take care of that for you? On the Options screen under On Login you can check the box for Open Remote Desktop (and uncheck the ones for Open SFTP and Open Terminal) so that whenever you connect it will start up that Remote Desktop session for you and connect.

image

 

Shortcut – Keeping track of your external IP address

Knowing your external (Internet) IP address is one thing, but what happens if your provider goes and changes that IP on you when you are out of town? Well you are out of luck.

If you get concerned that this might happen to you I highly recommend going out to DynDns.org and signing up for their $20 a year DynDNS Pro service. This fantastic service integrates with most routers. You enter your DynDns credentials on the router and it updates the DynDNS service with your current IP address. They provide you with a standard domain name that you can use. That makes life a great deal easier and can be used to set your mind at ease. Even if your router does not support this they also have a client side option that you can load on to the computer which will communicate your external IP back to them. Not bad for $20, and it’s the only thing in this solution that costs you anything.

 

Quick summary

  • Download and install Bitvise SSH Server on your home computer
    • Add the required users to Bitvise
    • Enable Remote Desktop access
    • Add port forwarding to your router
    • Capture your external IP address
    • Get a DynDNS account so you can connect using a hostname (optional)
  • Download and install Bitvise Client on your laptop
    • Add a C2S entry so a local port gets mapped to a different remote port
    • Enter the host and login
    • Open up Remote Desktop and enjoy a secure working connection to home

There really are just a few simple steps to completing this process. It seems daunting at first but Bitvise really makes things easy.

I suspect that any good SSH client like Putty will allow you to do the self same things the Bitvise client does, I have just not tested that yet.

 

Give this a try yourself. It will make a good weekend project. Let me know how it works out for you.

I have also created a downloadable PDF document so you can have the information in one place.

Monday
Nov192012

How To Securely Access Your Windows Home Computer–pt1

Sometimes you are sitting at the office, or are away on vacation and you need to either get to files on a computer at home, or you need to login to a machine and do some work. There are some great paid options, such as GoToMyPC which will allow you to do this. There are downsides to that kind of solution, they cost money and they usually use Java, which brings with it a whole bunch of security issues.

 

A free alternative

I was looking around for free alternatives to the commercial products someone recommended trying out a product called Bitvise which would allow me to tunnel a remote desktop session over SSH and login to home completely securely, without needing Java.

Bitvise seemed to have everything I wanted, and it is free for non-commercial personal users. Sounds like a bargain. But does it work? It sure, and here’s how to get it up and running with the minimal amount of fuss.

 

Install the Bitvise SSH Server

Download WinSSHD server from Bitvise and open up the installer.

image

Accept the license term, leave the defaults and hit the install button.

Next choose the edition. We’ll be going with personal (which does have limitations, but as this is for personal use we aren’t going to run into those).

image

The installer will then go about it’s merry way and complete in under a minute leaving you with a message box letting you know that you are good to go.

image

 

Configure Bitvise SSH Server

Once the installation has completed you will be presented with the SSH Server control panel. In here you can manage the SSH Server service, work with your host keys and manage your settings.

image

Hit the Open easy settings link to configure access.

Leave the defaults for the Server Settings. This will allow you to listen on IPv4 & v6 on port 22 and open up a hole in the Windows Firewall for access.

image

On the Windows account page uncheck the “Allow login to any Windows account” box (this is good for security) and add only the users that you want to give access to.

image

Hit ok to add the user and then save the changes.

That’s it, you are now ready to go.

 

Connecting to the Bitvise SSH Server

Now that the SSH Server is setup and configured we need to be able to access it somehow. The simplest way to do this is to download and use the Bitvise SSH Client.

The installation is as straightforward as the SSH Server install, just accept the license and the default settings (do this on a different machine in your house to ensure that it is working as intended)

image

image

Then attempt to connect and see if you can get in by entering the IP of your SSH Server and the username.

image

You will be asked to accept the host key and then to enter your password.

image

If you entered your information correctly you will be logged in and a terminal session and SFTP session will be launched on the client machine.

image

 

This completes your basic connectivity tests from inside your network.

 

In part two I will go over configuring some basic router settings so that you can access the SSH Server from outside of your home network, and how to utilize these tools to give you remote access on to your Windows machine.

Thursday
Nov152012

Issues With Slipstreaming Service Pack 2 on to SQL 2008 R2

One of the great things Microsoft introduced a few years ago was the ability to slipstream service packs on to the install media of SQL 2008 and 2008 R2. It was a bit of a painful experience to do, but the results were great as it made deployment of standardized builds a breeze, and when you also added cumulative updates to the mix it became ridiculously easy to ensure every new SQL instance was at the right revision of the product.

Slipstreaming has gone by the wayside with SQL Server 2012. Now, instead of extracting the service pack and doing a bunch of file work you just have to stick the service pack into a folder and add the PCUSOURCE information in your default configuration.ini file.

 

How to slipstream a service pack into SQL 2008 & 2008 R2

The manual process of updating the original source media is not the worst thing in the world, but it’s not intuitive either. Peter Saddow over at Microsoft posted something last year that clearly outline the steps involved to make this happen. You can find the full details on how over at http://blogs.msdn.com/b/petersad/archive/2011/07/13/how-to-slipstream-sql-server-2008-r2-and-a-sql-server-2008-r2-service-pack-1-sp1.aspx

I used those steps for creating slipstreamed versions of SQL 2008 R2 with Service Pack1 and SQL 2008 R2 with Service Pack 2.

 

Testing slipstreamed service pack 2

I’ve been using the slipstream of service pack 1 for quite a while now and have never encountered an issue. When SQL Server 2008 R2 Service Pack 2 came out a little while ago I worked to get it deployed on my preprod and production machines, then decided a couple of weeks ago that it was time to slipstream my installation media so that this would not need to happen for future deployments. We have a lot of QA and test deployments of SQL Server coming up, so I felt it a good use of my time.

I followed Peter’s steps and built myself some new installation media that included service pack 2. Being the good DBA that I am I got a couple of virtual machine spun up so that I could perform some installation testing. I wanted to be sure that all the components were installed at the relevant levels and that my configuration files did not need any tweaking.

The install of just SQL Server 2008 R2 w/SP2 along with replication, full-text search and the client tools went fine. There were no problems with the install and all of the components were at the service pack 2 level when I checked. This being good I moved on to an install that included Reporting Services. This is where I started encountering problems.

 

Installation errors

All of the pre-installation steps went without a hitch, and the components seemed to install without any problems, but then it attempted to start the Reporting Services service, at which point things went sideways.

The install was unable to bring the service online and the installation failed. The SQL Server engine and tools all installed successfully, I was able to access those, but no matter what I could not get Reporting Services to start. I took a while to go through the install logs and found the error:

Parameter 0 : SQL Server 2008 R2@RTM@
Parameter 2 : Microsoft.SqlServer.Configuration.Sco.Service.StartService
Parameter 3 : Microsoft.SqlServer.Configuration.Sco.ScoException@1211@1
Parameter 4 : System.ComponentModel.Win32Exception@-2147467259
Parameter 5 : SqlRSConfigAction_install_Startup
Parameter 7 : ReportServer
Parameter 8 : ReportServer
Final Parameter Values
Parameter 0 : SQL Server 2008 R2@RTM@
Parameter 2 : 0xDC112D1C
Parameter 3 : 0xD3BEBD98@1211@1
Parameter 4 : 0xDC80C325
Parameter 5 : SqlRSConfigAction_install_Startup
Parameter 7 : 0x22C8A7B3
Parameter 8 : 0x22C8A7B3

 

Strangely it appears as though Reporting Services is running at the RTM level, and this causes a problem as everything else is at the service pack 2 revision.

I wondered if I had done something wrong, so I tried to slipstream the service pack again, just in case I missed something. I got the same result.

Then I tried putting it over the top of service pack 1 slipstreamed media, but was met with the same result.

No matter what I tried I could not get it to work. Even worse,  I could not apply service pack 2 to the failed Reporting Services installation in an attempt to bring it online. At this point I decided it must be a bug and gave up.

 

Filing a connect item

After multiple attempts with different media on different servers and under different conditions I was no closer to getting Reporting Services installed. Not being able to figure out a way to get it on there (short of deploying media with service pack 1 and then updating it to service pack 2) I decided to use Microsoft Connect to file it as a bug.

Connect ID 771260 is open for this. I fully expect it not to get fixed, as there are only a couple of years left on the support lifecycle, but it’s important that these things are at least brought to the attention of the product team.

 

What you can do

If you slipstream your SQL installs and have encountered this issue please go and upvote the connect item (and say that you can reproduce it). If you slipstream and have not come across this please let me know.

Tuesday
Nov132012

Fun With Recruiters

I love it when I get those special kinds of emails from recruitment agencies who claim they have the perfect position. I got one of those kinds of emails last week, I thought I would share it (as well as my response).

 

Title: Front End Web Development Lead
Position Type: Direct Placement
Location: Bothell, WA, United States
Description:

Duration: 0-6 month(s)
Job Description:
Front-End Web Development Lead - Bothell, WA
Every day over 19,000 Amdocs employees, serving customers in more than 60 countries, collaborate to help our customers realize their vision. We have a 30-year track record of ensuring service providers¿ success by embracing their most complex, mission-critical challenges. 100% of Fortune¿s Global 500 quad-play providers rely on Amdocs to help them run their businesses better.
Amdocs is a ¿can do¿ company that leads the industry, is fully accountable and most importantly, always delivers. This is our DNA. Our success has been sparked and sustained by hiring exceptional people. If this sounds like you--- if you have the drive, focus and passion to succeed in a fast-paced, delivery-focused, global environment-- then Amdocs would like to talk with you. Amdocs: Embrace Challenge, Experience Success.
- Please Note: All applicants must be currently authorized to work in the United States without employer sponsorship now or in the future.
Role Overview:
We are looking for a Front-End Web Development Lead to be a team lead directing a multi-shore group of developers tasked with providing issue resolution support for a very large-scale web retail store. Some of the responsibilities and duties include, but are not limited to:
Interface with defect assurance team to accept inbound production issues for resolution
Direct and coordinate work of offshore development team to ensure accurate and timely resolution of front-end production issues
Interface with customer development, business, and other teams as needed to provide good service, promote team visibility and positive perception
As team grows, evaluate potential additional team candidates and support Amdocs executive management by providing expert advice as required to grow our presence with the customer and provide continuous improvement
Provide analytical support to identify, develop, and drive strategic improvement initiatives involving functionality improvements, innovation solutions, and development and implementation methodologies
Serve as trusted advisor to management and client
Work day-to-day with key client management, development fulfillment partner, QA testing organization, providing expert support to each as needed and appropriate
Support development of improved governance of production defect management, including definitions of severity, criteria for prioritization, and defect management lifecycle processes.
Requirements:
5+ years front-end web development experience
5+ years hands on experience with the following key technologies: JSP Integration, HTML / HTML 5, AJAX, CSS, JavaScript, JSON, XML, JQuery
Strong leadership skills
Preferences:
Large scale /enterprise web retail experience
Integration with ATG Commerce
Integration with Adobe CQ
Experience with other industry standard integration technologies (e.g. WebLogic)
Technical leadership experiences in relevant technologies
Telecom experience
All Amdocs roles require strong verbal and written communications skills, position-appropriate mentoring/leadership abilities, ability to quickly master new systems and/or processes, capacity to stay organized while managing competing priorities, and a deep customer service orientation, both internally and externally.

 

I’m a database guy, I’ve never been a developer let alone a dev lead, and so I replied…

 

As a solutions provider I would expect you have have some great analytics. This leads me to ask the question as to what part of my skillset or background leads you, or anyone at your company to believe that I would be a good fit for, or consider the opportunity that you list below.

 

If I ever get a response I’ll be sure to post it.

Sunday
Nov112012

PASS Summit 2012 By The Numbers

Last week was the 2012 Summit. I thought I might just provide some interesting data points rather than give you a bunch of talk about the awesome presentations I saw, people I met, and things I did.

 

Steps taken: 49,404
Floors climbed: 126
Miles walked: 24.08
Hours slept: 23.7
Precons attended: 1
Sessions attended: 9
Sessions I left early 1
Time spent in keynote 1: 100
Time wasted attending keynote 2: 45
Flashmobs danced in: 1
Sponsored events attended outside of Summit: 4
# nights at Bush Gardens 1
# days pants were worn 1
Best session award: Adam Machanic
Funniest stalker award: Mike Fal