vExpert Pro Announcement

vExpert Pro Announcement

So yesterday a very special announcement came out and I am very honour to be one of the selected VPRO’s for the vExpert sub program of which the reasoning behind the program can be found here http://blogs.vmware.com/vexpert/2018/10/10/vmware-vexpert-pro-program-launch/

I am fully aware this has caused some noise amongst the community, I know for myself anyway all I would love to achieve from this program is being able to spark/ignite the passion of someone out there and get them into the vCommunity.

The reason I say this is I know around a decade ago I would have been the very silent type sneaking into a conference or community event like a VMUG and barely would have interacted with anyone as I was stupidly shy. That is one thing the community has provided me is the ability to open up and actually not be afraid to speak to people. The whole concept of doing speeches I will cover in another post!

So firstly I certainly would not be here if it was for the continued support of my fellow co-hosts on the OpenTechCast and some of them were the spark of all this passion that got me here today.

There are also some other special mentions of which they know but the London VMUG crew new and previous, with a special mention to Jane Rimmer as her phase of ‘you won’t know if you don’t throw your hat in the ring’ is still with me today. I still refer to that if I doubt myself in any applications for things or even roles over the last few years as you will never know if you don’t try.

There are also others who might not know it but I also look up to and aspire even from our brief chats but to name a few Erik Bussink, Andy Nash, Rob Bishop, Mike England, Ryan Harris, Angelo Luciani, Eric Wright, vmiss33 and I have to mention Ariel Sanchez as it was his kind email that got me engaged when I first became a vExpert.

Also a few key others who I believe had some belief in me and their guidance is why I am pushing myself harder this year are Rebecca Fitzhugh, René van den Bedem, Chris Porter, Kyle Jenner

Again it’s so hard to name everyone and I am sure I have missed people and it is not supposed to be that way but in this the point I am trying to make is the community is a powerful thing. Every single little interaction with others and colleagues in the past help you grow and if I can assist, help or mentor someone I will. Sometimes it just that first conversation or belief that drives the passion.

I of course can not forget to thank the hard work from Corey, Elsa, Valdecir, Julia, Katie and Erik who have all helped me along the way.

The other thing that I think stops people is the have the expectation that you have to be an expert in everything especially VMware and every discipline. Please do not think this, I can assure you this is not the case and yes there are plenty of experts out there in some of the specialisms but that is what makes this group great. If you have no idea ask someone! I have also found sometimes being a generalist is better as this can work well and help build bridges. I am by no means a networking expert or a SQL expert but if I can sit these people down and explain to them how the hypervisor works along with the storage background I have (unless you are running VSAN of course) you have a chance to get everyone on the same page especially when you are having issues with your systems.

So finally take that first step by say Hi to someone new at your next event or even try doing a presentation to your peers. Also if you do want a chat if you are worried about your first talk do feel free to reach out as I know for myself along with others we would happily help guide you.

 

#vAllStars 2018

#vAllStars 2018

So this year at VMworld I was very fortunate to be part of the Rubrik #vAllStars 2018. I think this is a great thing and was great to see them win yet another best in show. A full list of people included can be found here. I certainly love some of the comical ones!

Below are some great tweets about the event

 

I have also been made aware these are coming the VMworld in Barcelona so I cannot wait to get a physical copy of my card and also get some of my peers to sign theirs to collect. I also hope to work out what each of the colours may mean if there is anything to that too!

It was great to see myself and quite a few new people to the deck but I wonder if like others I can get on it next year too!

If you want yours signed for any reason catch me at VMworld or even at a local VMUG or tech event.

Using Uber Conference in the UK

Using Uber Conference in the UK

I have recently been introduced to Uber Conference along with many others that could be named but this is a great way to join up with people on browsers or people I know in the US. One of the features that made me giggle is a particular music on hold you can choose which is Rick Astley so you get to #RickRoll people whilst they wait for you.

The only downside is there is no free UK dial in number but I found this service that allows me to use my inclusive minutes to dial US numbers https://www.freecallstousa.co.uk 

I know that I like to have many of my conference bridges to auto dial if I don’t have access to the app or weak data or even if I am driving. With this method I can ask Siri to start UberConference and it adds me as the host automatically and enters my PIN

What you need to do is enter the following into a contact card

+44 330 117 3872,ConferenceNumber#,,,,OrganizerPIN

You can get the details from your settings page within your account.

If it take ages to connect you can play with the , as each carrier adds different delays and find the sweet spot for yourself. Below is a demo of this working

 

DISCLAIMER:- I have not tested the security of either service and I am not liable for any loses or charges. Also please check with your telephony provider this number is included as again I am not liable for any charges 

Facebook Workplace:- SSO ADFS

Facebook Workplace:- SSO ADFS

I decided to write this article as if anyone is an early adopter like us for Facebook Workplace and has SSO issues on ADFS as the documentation here at the time of writing is limited and makes some assumptions. I will try and save you some of the time with a few tips below

TLDR:- If like me the main issue for login loops is either the users are not set to SSO or you get the following error

SSO Not Authenticated
The SAML Response was invalid. Please check that all fields are correct and try again. 

Well, this part is most likely down to the email address not matching or even better a trailing / at the end of the ADFS URL’s! (I wasted an hour or so on this)

The next piece of advise I will give you is if you are going to use Azure AD as an IDP provider for the user’s detail get the SSO working before setting this up. Otherwise, you need to delete the users or use the bulk edit tool to set everyone to SSO within the People menu. Press the Edit People button

Within this menu select download CSV, this will then generate an email to the admin user you are logged in as.

Once downloaded open the file and you will now see that you can change users on mass from password to SSO

The way you can tell that a user is SSO or not is by hitting the … at the end of a user, below is a pre-synced user before SSO

And this is an SSO user, as you can see the force SAML authentication part appears

But of course first you need to get SSO working and this is probably why you are here. Firstly the documentation you follow from Facebook may differ as this all depends on the version of ADFS you are using. I was using Server 2016 and not 2012 like their screenshots so just follow this the best you can. You will also notice at the time of writing when you follow the hyperlink for next steps in the PDF you get this page, don’t panic! I listed out what I did below.

I fumbled along and came up with the below from what I gathered from the data in the PDF guide

 

Now you will hit Test SSO and now get the same error as I did

I even got the following error in my ADFS logs whilst I was playing around with the transforms. If you get this then you may have a typo in them as the E-Mail Address field is case sensitive and slightly different and again typed wrong in the PDF versus the screenshot

Description:
The SAML authentication request had a NameID Policy that could not be satisfied.
Requestor: https://www.facebook.com/company/COMPANYID
Name identifier format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
SPNameQualifier:
Exception details:
MSIS7070: The SAML request contained a NameIDPolicy that was not satisfied by the issued token. Requested NameIDPolicy: AllowCreate: True Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress SPNameQualifier: . Actual NameID properties: null.

I played around with this for a bit thinking I had done something wrong as when you copy the URLs from your ADFS config like below they have a / at the end of them, ignore this… it appears the URL generated by the SSO in Facebook already adds this. Remove this from your URLs above so they now look like this

If you press Test SSO again now if all things are in order you should now see the following

You will also notice the form will refuse to save until you get the above message. You may also need to add additional email domains to allow single sign-on depending on their primary email address.

Toggling Users:- If you need to toggle a specific user between password and SSO select the … at the end of the user and scroll to the bottom and change the login with

 

Installing Adobe Creative Cloud with VMware AirWatch

Installing Adobe Creative Cloud with VMware AirWatch

So this week I have been playing with AirWatch (AKA WorkSpace One) and the latest version. I have been slowly working on fully automated MacOS build and I came across a bit of a snag with deploying some of the application or rather to my surprise, AirWatch could do apps that are not in the App Store.

One main application I have always had issues with is Adobe and getting this to package nicely has always been a pain down for various reasons. I did try and see if this would work with AirWatch natively and well it doesn’t but thankfully digging into some of their code it appears at the time of writing this they are using a Munki backend of which I am quite familiar with. In essence, it’s like SCCM for Windows.

The first point I need to make is I am offering this advice assuming you are correctly licensed for Creative Cloud and you take the relevant steps to ensure it only goes to the intended users despite them needing a registered email to activate the software.

If you want to learn more about AirWatch I am going to be doing a series of posts to complment this one or head over here for more information

TLDR:- Basically you need to create a managed package as the self-service isn’t signed and Apple Gatekeeper blocks this (a few hours wasted here). This then also caused the install to fail in a managed package but you also need to make this a managed install for it to work. Hopefully I can do a video guide soon

TLDR2:- I want to keep working on this and see if I can just get the Creative Cloud App so it reduces the install size

One of the first steps to do is generate the installer for Creative Cloud. You can do this by logging into https://adminconsole.adobe.com/ and selecting Packages at the top.

Once in here select create a package and select Managed package.

Select all the options you need within here such as locale

From here select Photoshop, I know this one works and to be fair most people using the cloud apps will need this. I did try Adobe Reader but again for some reason the install would fail

In this next screen it will confirm the application selected. Use a name that will be displayed on AirWatch, for example, I used Adobe Cloud to make it obvious to my users. It appears that you cannot change this in the main console which would be a nice feature to see in the future.

Once the package has built, download this if it doesn’t start automatically. You will now need the VMware AirWatch Admin Assistant which you can get here.  Open this and then drag you Adobe Cloud Install PKG file that is in the build folder of your download from Adobe

The application will sit there for a little while whilst it process the PKG file depending on its size as you may want to push the whole suite. Once it completes it should ask you to reveal this in finder

You should now see a folder with your application name, go into this and it usually has the please edit me at the end

In here you will find a .plist file you need to open this up in an editor and change the unattended_install value to true , I am using Xcode that allows me to select yes. At this stage, you could rename the DMG file and plist to something nicer reflecting this in here but it’s always best to test this as is first

Now due to the size limitation of 200mb at the time of writing this you need to upload the DMG that is within the same folder to a web server you clients can see. I would suggest protecting this still by HTTPS if you can and ensure you have this URL for the next step. In your AirWatch console select Apps & Books from the left and then Native. Within the sub window select App Application

Within this window select upload

In this window select Link and paste the in the URL to your web server hosting this file, select save and continue on the previous window

On the next window we need to upload the plist file you modified so the App Store knows how to install your app, do this by hitting choose file and then locate the file. Once done you will be back at the add application screen and select continue

You should now see the following screen and if possible at this point I add an icon so it doesn’t get the standard AirWatch icon. Fill in your categories and also and other details the like description you want and hit save and assign.

In this screen this selects which users will get the application shown in the app store, Press add assignment and fill in the details you want. I have selected All Devices just for demonstration purposes but do this to a group licensed for Adobe

I have found a bug on this next screen especially on Safari but select the radio button and then save and publish otherwise the assignment may not be saved.

You should now see a list of users this may affect if they are already in the correct groups and press publish

From here head back to the users machine and see if the application now exists, select Install and then confirm the installation

The icon should then change and this next bit can take some time depending on your web server and network

Eventually, this should go green and state installed. If you head into the users application folder you should now see Photoshop and the Creative Cloud Launcher where they can sign in for more applications