Checking Encryption Status of Remote Windows Computers

Using the manage-bde command you can check the Bitlocker encryption status on both the local Windows computer but also remote devices on the local area network. For example, to check the encryption status of the C: drive on the computer “WS12345” the following command could be used

manage-bde -status -computername WS12345 C:

and the results might look something like this:

BitLocker Drive Encryption: Configuration Tool version 10.0.14393
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Computer Name: WS12345

Volume C: [OSDisk]
[OS Volume]

Size:                 237.99 GB
BitLocker Version:    2.0
Conversion Status:    Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method:    AES 256 with Diffuser
Protection Status:    Protection On
Lock Status:          Unlocked
Identification Field: None
Key Protectors:
    Numerical Password
    TPM

Expanding on this we could wrap some PowerShell around the command and read in a list of hostnames from a text file and report on the encryption status of each.

Firstly we need to format the output of manage-bde to only show us the value of the “Conversion Status” field- PowerShell’s string manupulation can come in handy here- we can locate the “Conversion Status” line, check that it is present (if the computer is not on the network, or access is denied the manage-bde command will not return a status), and then trim back the line so we only have the value of the field. For example:

#Check the Encryption Status of the C: drive, filter to the Conversion Status line
$EncryptionStatus=(manage-bde -status -computername "$hostname" C: | where {$_ -match 'Conversion Status'})
#Check a status was returned.
if ($EncryptionStatus)
{
  #Status was returned, tidy up the formatting
  $EncryptionStatus=$EncryptionStatus.Split(":")[1].trim()
}
else
{
  #Status was not returned. Explain why in the output
  $EncryptionStatus="Not Found On Network (or access denied)"
}

Once this is working, it’s just a case of reading in the text file using the get-content cmdlet and outputting a result. The full code (Get-EncryptionStatus.ps1) I used is available for downloading and/or improving on GitHub here- https://github.com/isjwuk/get-encryptionstatus


Advert:

Dell Latitude Numbering- 2017 Edition

Ever wondered what those four-digit model numbers used on Dell Latitude devices (for example “Latitude 7275”) mean? This helpful guide should answer your questions.

Dell Latitude Laptop

First Digit

This shows the range the device belongs to. 3 is used the entry level “Essential” models, 5 on the mid range “Mainstream”, and 7 the high end “Premium” devices. Also referred to as the 3000, 5000, and 7000 series.

Second Digit

The second number indicates the screen size. A 2 means the screen is roughly 12” diagonal, 3 means 13”, 4 means 14” and so on. For example the Latitude 7280 has a 12.5” inch screen

Third Digit

The third digit indicates the generation. At time of writing (Jan 2017) we’re currently seeing the tail of the generation 7 models (primarily based on the Intel Skylake chipsets), and the start of the generation 8 (primarily “Kaby Lake” but some Skylake devices will be available for Windows 7 compatibility)being released. Models are roughly equivalent between generations- for example the 7270 is superseded by the 7280 both are premium laptops with roughly 12 inch screens.

Fourth Digit

The final digit currently denotes the type of device. A 0 indicates a traditional laptop, a 5 indicates a device with a detachable keyboard (the style of the Microsoft Surface Pro)- for example the Latitude 7275, and a 9 indicates the new convertible, fold-back, device (similar in style to the Lenovo Yoga devices).

2016, a year of industry friendliness

You may have seen various posts in blogs and social media over the past few days about VMware staff accounts being blocked from joining the Nutanix community website, and the VMware User Group- VMUG- blocking Nutanix staff from leadership committees. I’m not party to the detail or the reasons behind these moves, but I’m surprised at the developments with the backdrop of 2016’s collaborative direction. As an industry we managed so well being friendly in 2016 despite the divisive world landscape with things like the US Election and Brexit, what happened over the Christmas break to mess this up? Here’s a few things I picked up on in the past year which paint a picture of much more inter-vendor friendliness, hopefully the issues in this particular case will be ironed out quickly and we can revert to business as usual.

VMware (and Amazon Web Services)

VMware’s 2016 announcement that you will soon be able to run their hypervisor on AWS may have rubbed a few of the vCloud Air vendors the wrong way by picking a collaboration with their biggest competitor. However, look at the positives- VMware are creating a standard platform whereby customers can take the workloads they run on AWS and port them to one of the smaller vendors if it makes sense to do so. This could even be automated- if AWS is more expensive in a particular month than another provider, some or all of the customers workloads can be migrated across.

The Dell purchase of EMC (and therefore VMware) had a few people worried that the hardware side of the VMware ecosystem would be destroyed- DellEMC would push their own traditional , storage, compute tin and hyperconverged platforms at the expense of the competition. Both Michael Dell and Pat Gelsinger have been consistent in their message that this won’t happen.

There’s also other good signs from VMware with their VM encryption package in vSphere. Rather than providing a VMware Key Management System, or insisting on an application provided elsewhere under the Dell Technologies umbrella- the requirement is just for a KMIP compliant service.

Microsoft Loves Everything

Microsoft also surprised a few people with their friendly approach to former competition recently- even to the extent that Steve Jobs and Amazon’s Alexa featured prominently in a Keynote at a recent Microsoft event I attended.

We’ve seen for some time that Microsoft Loves Linux  and Open Source. And these days they get on pretty well with Apple and Google these days, focusing on their flagship applications on Android, iOS, and MacOS and sometimes adding features there ahead of their own OS.

#VMUGgate

So, I hope this current grumbling between Nutanix and VMware either turns out to be nothing or everyone turns around and agrees to just get on. The London VMUG team sound like they agree:

Events Calendar 2016-2017

It’s that time of year again, when we change the calendar on the wall, look back at what happened in the previous 12 months, and look forward to what might be coming in the next 12. Here’s some of the in-person events I enjoyed in the last year and some rough plans for 2017. The right sort of in-person events are a great opportunity to get out of the office, learn about new and existing technologies, and meet your peers. I find such events invaluable in my day job to avert the risk of living in a tech-bubble, doing things how they’ve always been done, and only using the kit that my preferred supplier’s sales department recommends.

 

2016

Aside from my playing far too much Minecraft, I went to lots of exciting places in 2016, for example……

VMworld Europe 2016
I was here as an official Blogger seeing (amongst other things) the release of vSphere 6.5. I also managed to squeeze in my first vBrownbag presentation – I think adding “International Conference Speaker” to my CV might be a little excessive, but it was a great opportunity.

VMUG
This was the first year that I made it to the full set of London VMUG meetings, culminating in the annual UK UserCon in Birmingham in November. At the UserCon I chaired a roundtable discussion about IT in Higher Education.

Insight Technology Show – I’ve been to this annual springtime event in London for many years now as it’s a great opportunity to see lots of different vendors in one day all under one roof. This years’ was a bit of a more subdued affair (I’m guessing because of the economic climate), but a useful day out none the less.

-Microsoft tech day in February titled- “What’s new in Windows Server 2016: Building a more flexible infrastructure”. A great Hands-on event

Microsoft Future Decoded returned to the Excel centre in November, I attended the Technical Day. Future Decoded has an interesting mix of content- in a breakout session you can watch SCCM and SQL Server being deployed with PowerShell, and then walk into the Keynote and hear about how scientists are able to detect sound from silent video footage (Watch this TED presentation)

 

2017

The following year has some good events already in the calendar, more of the same and maybe even something new. I’m hoping to make as many as possible:

VMworld 2017The European leg has been moved from it’s usual slot in October to 11-14 September and is again in Barcelona.

London VMUG – Dates are 19th January, 6th April, 22nd June and I expect a UK VMUG Usercon to follow in November.

I’m also trying to put together a local vBeers event – out in the “Countryside” rather than in London. Details to follow, event will hopefully be in February.

Microsoft pulled their big European tech conference back in 2014 and there doesn’t look like any hopes of a resurrection (especially as even more conferences are being folded into Ignite), but there’s usually some good content at the smaller scale local events.

And who knows what else the year will bring?

ESXi UNMAP not working on Replicated EqualLogic Volume

Symptoms

  • The VMware vSphere ESXi UNMAP command doesn’t release space on some or all volumes on a Dell EqualLogic SAN array running v8 firmware (may apply to other versions too). Using the following command in an SSH session to a 6.0u2 host (again, will apply to other versions):
    esxcli storage vmfs unmap –l MYVOLUMENAME
  • The volumes are VMFS5 (and always have been- they haven’t been upgraded from VMFS3).
  • Replication is enabled for the volumes that won’t rethin.

image

Cause

UNMAP doesn’t work on the EqualLogic when Replication is enabled. It doesn’t return an error to the SSH session, and the temporary rethinning file is still created, but the disk is not thinned.

Solution

Disable replication on the volume, re-thin the volume using the UNMAP command, then re-configure replication. Unfortunately this means the entire volume must be re-copied to the replication partner and this may impact bandwidth usage and replication schedules on larger volumes.

image

Learning with Minecraft

There’s been a lot of coverage in the press about teaching with Minecraft- Microsoft even releasing an Educational version. So when the kids were set a homework project about “Super Structures” this got me thinking- let’s give Minecraft a go to supplement the project work set by the teacher. The project brief was to produce an informational poster or model on a structure of their choice, in our case The Eiffel Tower and Big Ben (or at least the tower which contains the bell by that name to be pedantic). Suitable amounts of craft paper, lolly sticks, straws, matchsticks and PVA were obtained and they set about construction, but once that was done and the glue was drying they turned to the Xbox One.

image

I’d prepared for this and we sat down and spent some time building Minecraft impressions of our Super Structures. This led to discussions about the materials to use (or at least the colour and texture), how big to make the model, and the shapes of the buildings. For example we before building tall towers we noted that in this case they both have a square base, the Eiffel Tower is made of iron and looks dark grey/black, we need to make the base wide enough in each that we have space to slope in to a point at the top but not so wide that we spend all day piling blocks up to make them tall enough, and so on.

It also led to discussions about the differences between Minecraft and real life. Gravity and other forces aren’t as much of a factor in the Minecraft world, and Augustus Pugin and Charles Barry didn’t have to design their structures to withstand marauding Creepers.

A new superflat world had been set up in advance, using Creative Mode (so players have access to unlimited resources without spending hours digging underground) and with the difficulty set to Peaceful (so that players are not distracted by Zombies crossing Westminster Bridge). To give us a bit of setting a short length of both the Thames and the Seine were included along with some trees from Champ des Mars, although with more time I might have practised some better topiary.

Minecraft Screenshot

Big Ben, The Eiffel Tower, and some trees.

Once finished, flying around the landscape allowed some screenshots of their creations to be taken which could then be printed, cropped, and glued (real old-skool Cut-and-Paste) onto the posters.

I’m not a qualified teacher, and have no idea if this will directly get them “better marks” on their homework, but it definitely sparked some conversation about the design of the structures, their location and history, and the materials used, which is really the point of the exercise. For an hour or so we managed to play in Minecraft whilst getting a bit of extra education relevant to their schoolwork- remember Kids, Learning is Fun!

VMworld Europe 2016 Social, Community, and vPeople

WP_20161017_09_39_34_Pro_LI

be_Connected – The people-networking side of VMworld is vital

VMworld is not all about announcements and sessions, some of the most valuable content is found in the social and community side of the event. It brings together over ten thousand people in the IT industry and there’s always lots to talk about and plenty to learn outside of the scheduled keynotes and breakouts. The social side isn’t just about popping out for a few vBeers courtesy of a sponsor- it’s the opportunity to meet your fellow professionals, hear what their up to, what they’ve seen at the show, what problems they are facing back at the datacentre or office, and possibly what solutions they can offer for your own issues. It makes for a week of long days, but it’s definitely worth it.

The community side of VMworld started for me even before leaving for Barcelona, as I had an impromptu meetup at London Gatwick with a couple of other vExperts (great to meet you Mark and Giuliano) who were waiting for the same flight.

vRockstar2Upon touchdown at El-Prat there was just time to check-in to the hotel and change before heading off for the opening social gatherings organised by the awesome events team that is Patrick Redknap and Marco Broeken– the Cohesity “Pre-Beer Party” at the Obama English Pub and then the annual vRockstar party held at the Hard Rock Cafe. Thanks to the vRockstar sponsorsRubrik, Nutanix, Veeam, VMUG, Hytrust, EMC Elect, Zerto, and Exelerys. These events were a great opportunity to catch up with old friends and make some new ones before the conference officially started the next day.

 

WP_20161017_11_29_36_Pro_LIMonday morning saw my first opportunity to get into the Gran Fira venue, register, and get down to the VMVillage for my first taste of the Hands-On Labs. There were prizes to be won, and I finally met Noell Grier when collecting a SocialLabs T-shirt from the Cloud Credibility booth. This area was also the scene of a “Team London VMUG” photo opportunity later that morning.

 

For me, Monday evening started with a walk down the beach to the Dell EMC reception at W Barcelona, right up the tower at the Eclipse bar. This featured VMworld themed cocktails such as the “vMojito” and an “All-Flash Martini” and stunning views across the city as the sun set. Later on in the evening I got a taxi across town to the Nutanix event at Cafe Ocana. Again, there were some regular faces and I met a whole host of new people, including Stephen Foskett of TechFieldDay fame.

WP_20161020_14_01_54_Pro_LIAs I mentioned in my session write up of the Tuesday, the day kicked off with the Keynote and as I was lucky enough to have a bloggers pass (thanks again Corey Romero and the team) I managed to get a reserved seat right down at the front. Tuesday morning was also the first opportunity to get into the Solutions Exchange. Here there’s the opportunity not only to pick up some vendor SWAG but, more importantly, find out what the latest product developments in the VMware ecosystem are.

WP_20161018_20_13_23_Moment (2)

OpenTechCast podcasters Gareth and Amit interviewing (or being photobombed by) Dave Simpson

Tuesday evening was the vExpert Reception held at L’eggs with a brief appearance by Pat Gelsinger himself. Also present were the OpenTechCast team conducting interviews.

After that drew to a close a small group of us took a trip to a local pub with London VMUG’s man on the ground, Alaric. Whilst the idea of a late-night party in a beach-front club is all well and good, the opportunity to have a chat with friends without having to shout was much appreciated.

Between sessions, much of my Wednesday was spent in the Hang Space and Bloggers area in the VMvillage including some last minute preparation for by vBrownbag presentation and some time to catch up on both my own blog posts and what others had been writing.

 



WP_20161019_18_53_26_Pro_LIFinishing up Wednesday was the VMworld Party. held in the keynote hall. This year the headline band was Australian outfit “Empire of the Sun”. Again the networking continued, the hall is large enough that even with the band or DJ in full flow at the front there is space at the other end of the arena for meet-ups and conversations.

Thursday is generally a quieter day at VMworld, and it offered the chance to do one last trawl through the Solutions Exchange- looking up those products and services that people had mentioned were worth a look at. The VMvillage got quieter and quieter as the afternoon went on as people left for the airport. An ideal time to take stock of the week’s happenings and finally get a go on that circular pool table!

WP_20161019_12_02_47_Pro_LI

Circular Pool Table in the Hang Space

VMworld Europe 2016 Day 3

Wednesday morning and VMworld continues…

Here’s a look at my sessions from another day in Barcelona.

General Session

WP_20161019_09_00_49_Pro_LIsm

The big announcements of Day 2 gave way to some more detail in the Day 3 Keynote, kicked off by Sanjay Poonen focusing on the digital transformation happening in the EUC world. VMware has 66,000 EUC customers and is promoting an any-app, any-device strategy through the Workspace One platform. Today 50% of business apps are web based, 40% are Windows Client-Server, and Mobile picks up the remainder. We saw a demo of how VMware use workspace one internally to provide access to all these services through one portal.

Sanjay was followed on stage by Ray O’Farrell who gave us further detail about the announcements in the SDDC. The vSphere 6.5 announcement was of course at the forefront, with Ray pointing out the advances that made the interface six times faster than 5.5 and gave a demo using PowerCLI which showed the realtime response of the new HTML5 client. He ran through a demo of the new VM encryption facilities in 6.5 and covered some of the advances in vRealize automation- including new support for containers.

imageNext up was Yanbing Li to talk about vSAN (lower case v, upper case SAN) which also has some advantages in the 6.5 release. First up is Direct-Connect options for 2-node deployments (think remote office/ branch office installs or setups requiring strict isolation of data). In this model the management and witness traffic is split out from the data traffic allowing for the two vSAN nodes to be linked directly together using Ethernet cables.

Secondly, vSAN 6.5 enables iSCSI support, so the storage infrastructure can now be used as a target for physical workloads. Yanbing also talked about the ongoing vSAN beta- future versions of the product are likely to offer data at-rest encryption and nested fault domains. vSAN has passed 5000 customers in 2.5 years, and now VMware hopes more affordable licensing with the offer of all-flash support on that Standard SKU.

Networking and Security was the next topic with Rajiv Ramaswami with the focus on NSX which is now giving 1700 NSX customers Micro-segmentation and Distributed Load Balancing. From my point of view NSX is continuing to gain weight as the product underpinning VMware’s SDDC- most of the presentations this week mentioned NSX in some form – and I expect this market to grow as the Private/Public/Hybrid cloud model expands.

Kit Colbert brought the Wednesday Keynote to a close with insights into container hosting and management VMware style using the Photon Platform. As with everything else here Photon is continuing to evolve and will be offering Kubernetes-as-a-service in Q4 this year. The Photon Controller and Photon OS are both open source- available for download from Github.

If you want to watch the full session yourself, check out the video here:

Day 2 Operations: A vCenter Server Administrator’s Diary [INF9128]

Adam Eckerle and Emad Younis gave this talk, catching up on what’s new in vCenter and how to keep it running smoothly after the install process has finished. I picked up some great takeaways here, and I’ve distilled my pages of notes to come up with the following highlights:

  • There are 5 web based clients for the vSphere environment in 6.5 :  vCenter Client and Web Client, the Appliance Manager UI (formerly VAMI) and so on. There is no support for the legacy Windows C# client.
  • The vCenter appliance upgrade preserves the identity of the old Windows-based vCenter so all connected applications and plugins should continue to operate. If the upgrade needs to be rolled back it’s just a case of turning off and removing the new VCSA and then powering on the old Windows Server and rejoining it to the domain (although any configuration changes made under the VCSA’s stewardship would then be lost) . Upgrades are possible from Windows vCenter 5.5 or 6.0
  • We were shown a demo of extending the disk in the vCenter appliance using LVM autogrow. Also, as of 6.5, the appliance will warn when the disk reaches 80% capacity and will auto-shutdown at 95% to prevent corruption
WP_20161019_11_25_11_Pro_LIsm

LVM Autogrow for logs on VCSA

  • The second half of the session included a whiteboarded overview of PSC migrations and topology. The linear ring topology was highlighted as being preferable over hub/spoke (limited in failover) and full mesh(too complicated) in larger (and expandable) deployments. Check out the poster for more details on choosing a PSC topology.

vBrownBag “The Amazing World of IT in Higher Education”

This time it was my turn to give a presentation, and in this quick ten minute talk at the vBrownBag stage I covered some of the unusual practices that an IT Pro might experience if dropped into a University environment and how various forms virtualisation can be used to save the day. If you want some more details check out my post and video link here.

Support Bundle taking up log file space on VCSA

Symptoms
The log file disk was nearly full on a vCenter Server Appliance instance, showing a warning message in the vCenter console and the VAMI (Login to https://vCenterHostName:5480). After a bit of investigation (and I’d recommend looking at this article by Brandon Lee and Knowledge Base 2143565 ) I found an old Support Bundle was taking up 2GB of the log disk unnecessarily and tripping the alert threshold.

Solution
SSH into the VCSA using the username root (see KB2143565) and navigate to the folder

/storage/log/vmware/vsphere-client/logbrowser/public/

And look for files named “*_vmsupport.tgz“, check the timestamp on these files and remove any old ones that are no longer required.
Hopefully the warning should clear and the health status should return to green in the vSphere Appliance Management Interface
Healthy VCSA

Photon, Photon, Photon

imageVMware’s cloud-native application stack is here, and it uses several things called “Photon”. In this quick post, I’ll have a look at what’s what in the stack and how the components of this container-optimised enterprise cloud platform fit together.

At the base level is Photon OS. This is a Linux distribution created from the ground up by VMware for this infrastructure.

The Photon Controller runs on Photon OS. This is a web-scale control plane which manages the workloads.

Photon Platform is the entire stack. This includes the Photon Controllers but also encompasses the underlying ESX Hypervisor, Network Virtualisation, and Storage underneath. Photon Platform is designed to be multi-tenant, so within one platform multiple tenants can be allocated resources using a hierarchical model and then individual tenants can divide their resources up across projects.

image