Web Admin I am Not… yet

I threw myself into an argument I started about SSL and TCP at work over the past couple days.

It all started when I asked the networking guy to look into why downloads from an https web app weren’t going as fast as the customer wanted. I ruled out internal CPU/RAM/Disk bottlenecks, and any testing from within the data center was amazingly fast – it was only the connection point between the server and the outside world that seemed to be slow. The network guy said “It’s because it’s HTTPS and this is expected”

I made the unfortunate assumption that calling out HTTPS implied that an HTTP connection would have no problems at all. A coworker threw out a bunch of math related to TCP and latency. This threw me down quite the rabbit hole of what kind of overhead SSL has, but at least I learned a lot on the way. Some of it seems rather elementary, but having it reinforced helps my confidence, putting me in a better position to win this argument.

  • An established TCP connection does not wait for each packet to be acknowledged before sending the next. Each bit of data gets numbered sequentially as it goes out. If it’s not arriving in order, the data is buffered until it gets the next pack in the sequence. And if the source doesn’t receive acknowledgements in a timely fashion, it will throttle its send rate until it does
  • The SSL performance hit is mostly in the CPU on the server for encryption. Even that is mitigated depending on the algorithm being used and the CPU features. There is a latency hit while an SSL handshake is established but after that the network adapter should be sweeping any other noticeable overhead under the carpet.
  • Fiddler is a great tool for looking at what’s going on with your website communication. I used it to show that an SSL handshake is only happening once when downloading a single large file.
  • Satellite and cellular networks have a lot of cool tricks up their sleeves to get better throughput. For example, they will put CRC checks for the previous TCP packet into the current one to make validation quicker. Or they’ll use a gateway to pre-fetch content on your behalf, bringing it closer to you and reducing the latency
  • There are straightforward formulas for calculating max TCP throughput. There are no such formulas for HTTPS over TCP throughput


Happy SysAdmin Day!

I’ll have a bigger, real post next week, but I just wanted to wish those one or two people who might follow this blog to have a great day. May your ticket queue be small, and your projects be successful!



The Interview

I wish this post title didn’t coincide with a movie of the same name, despite the fact that both are about job opportunities at Google.

So yeah. Now that I’ve admitted my job opportunity to my boss I feel more comfortable blogging about this. I will have to write myself an IOU for 2 blog posts – one about ComicCon and the other about my recent adventures with a Raspberry Pi.

In two weeks I fly up to Mountain View, CA for a 5-hour interview. I don’t think even the Engineering positions at Sony had that long of an interview, but I am looking forward to it. I just hope I have some time to decompress and recompress between ComicCon ending Sunday and my flight leaving Monday morning. I hear my hotel room will have a Rubix Cube and/or Etch-A-Sketch in it… I think I’ll be alright!

During my most recent phone interview at Google I didn’t put my best foot forward – I didn’t vocalize my thought process enough, I stumbled through a couple technical questions I really should know better, and I didn’t demonstrate my ability to prioritize and make quick and effective judgement calls. But somewhere in there I guess they must have seen my Diamond in the Rough skillset; I am really looking forward to sitting down and bumping elbows with some interesting IT/tech leaders, whether or not I end up with a job offer after the experience.




Microsoft recently announced that they are discontinuing TechNet Subscriptions. For the uninitiated, these are annual packages for ~$275 that gives you unresetricted testing/development licenses for every MS operating system, as well as most software (e.g. Office, Sharepoint).

With that package, I’m able to run a home lab for professional development. It enables me to have my professional career also be a hobby at home without breaking the bank.

The big counterpoint from Microsoft is that virtually everything they offer can be run in Evaluation mode, giving up to 180 days of free access. My problem with that is that my lab well outlives the 180 days. I don’t want to have to set up a brand new lab every 6 months because the time I take to set that up is going to seriously cut into whatever time I had set aside to do new things in the lab. Microsoft is removing incentive for the IT industry that supports it to continue doing so.

On the bright side, maybe next time I set up a server for something I’ll be learning a lot more about CentOS!



Want to Buy – One Network Admin

I’ve been working for a while now on an asset management tool based entirely in PowerShell. Here’s my cocktail napkin elevator pitch:

An asset management system that requires few system resources to run, gathers data automatically (while allowing overrides). Minimal PowerShell knowledge is needed, and data can be displayed in a GUI web format or output as an object for other PowerShell scripts to tie in. Asset data and collection tools can be centralized or decentralized. Cheap and easy for small to medium sized businesses. And most importantly, it will beat the hell out of an Excel spreadsheet.

Here’s what I have built so far:

  • Collect info via WMI, WinRM, etc. on a local machine
  • Same as above but with multiple remote machines asynchronously with a customizable timeout
  • Prompt for data that can’t be mined
  • Calculate other data based on the gathered/queried stuff
  • Take all this information and present it as a single object with nested arrays. Any number of assets with any number of NICs and any number of HDDs, etc.
  • Spit it out to XML (Export-CliXml)

And here’s what’s left:

  • Stress test (at what point would I need an actual DB? Hopefully > 5000 assets)
  • Display data as XML (ConvertTo-Xml) + HTTP
  • Add infrastructure properties, like a list of possible VLANs, routers, etc.
  • A GUI way to prompt for custom data or overrides of collected data
  • Better data curating
  • Encryption
  • A method for merging assets being input from multiple sources
  • Handle infrastructure data (VLANs, routers, virtualization, etc.)
  • Discovery via VMware, Hyper-V, AD, DNS, DHCP, etc.


IPv6 and the Dancing Turtle

So I recently attended a LOPSA meeting where I got to listen to a rather familiar presentation about IPv6, how to pitch it to a business and how to get started with it. The silly/fun motivation for getting it to work is to load up – if you are IPv6 enabled, the turtle will dance (more like swim). Otherwise it sits there like a bump on a log.

Well, this weekend I courted the fickle turtle, but after a day and a half (plus a router upgrade), the turtle now dances to my whims. I encountered some trickiness that others hopefully wont, regarding ATT’s uVerse service and the 2WIRE modem/router/combo unit:

  • The 2WIRE won’t give you native IPv6
  • There is no way to configure an IPv6 tunnel on the 2WIRE
  • There’s no bridge mode that drops the NAT to let a downstream router that IS capable be in charge of your network

The solution was to buy an Apple AirPort Extreme (my Linksys didn’t support IPv6 and I’m too lazy to keep up with and constantly support a DD-WRT setup). Here’s the list of steps I performed to get up and running, hopefully written so anyone can follow suit.



Flip The Switch

I made a new PowerShell script at work recently. It’s not as big as it looks – all it does is shut down a VMware guest. This assumes you have the PowerCLI modules loaded and are already connected to a VIserver.

Since the “Shutdown-VM” command just initiates a shutdown of a VM guest, I wanted to script something out that would actually pause until the VM is completely shut down.



SuperBowl v2

Whoops! Since my last “IT Superbowl Party” I updated my RAID drivers and lost the drives holding my awesome Server 2012 Core environment I build out. And I lost the notes on how to build it to boot! But my birthday recently came and went and I treated myself to some extra RAM so I could run more virtual machines. It’s time to rebuild, and just so I don’t lose my notes, here’s what I have now.

Apologies for the very raw format. Oh, and I decided to up the ante and make sure that everything is IPv6 compatible, complete with DHCPv6 and what not.



The Wall of Shame

It’s weird talking about The Wall of Shame not in relation to something I’ve screwed up myself. Not that I screw up often – it’s just that I never thought I’d be the one maintaining said Wall.

At work I’ve been struggling to focus hard on certain projects and everyday work. In my last post I talked about standing up for myself and making a name for myself as someone other than the Virt Build guy. I’ve already seen great progress in this regard, but it’s only partially fixed the uphill battle I feel every time I set out to get work done.

I wasn’t sure why until today when I thought about how upset I was that certain Windows deployments weren’t being sysprepped and I was part of the problem. I’d sure put myself on the Wall of Shame for that, but only one other person at work seems to comprehend the problem with it – and unfortunately he’s not in a position to help solve it. So if I’m the only one who knows enough to be worried and do something about the situation, that means it’s up to me to declare it an offence belonging on the Wall.

I added a total of 14 things to the Wall (actually to the white board by my desk) but I already feel a little better about things just having enumerated the problems. These aren’t trivial – they’re objectively important infrastructure and security components that should be part of any strong IT foundation. They might not be part of my current projects or responsibilities but as I make time to chip away at them little by little, things will continue looking up.

Now I’m off to become a Deployment Wizard and cast Smite against the very building block that started my Wall of Shame.



Putting my flag on the Moon

Now that I’m wrapping up my second month of work with the new company, I’m hitting that barrier where I’m no longer “the new guy”.

I’ve been a little frustrated at the kinds of work being assigned to me – I fought hard to make sure the roles and responsibilities I would have here were in line with a move up (with a salary to match), but frankly they’re paying me too much to just do basic server installs all day long. I’ve been thinking about why that is, and especially after hearing someone else say what I was thinking, I need to take a stand and really own my destiny. As the bright-eyed new guy I’ve had no qualms taking on “virt builds” but in doing so I’ve accidentally made a name for myself in that role.

So when I hit that barrier and I’m just “old news” I need to make sure my position is solid. My company is a good company. They’re good people and they need skills I can provide. They need virt builds too. But in the imaginary Venn diagram in my head I need to shrink the space where those two things overlap.

Also, I just have to say it. I hate when people call a VM guest a virt. It’s the most brogrammer thing I’ve ever heard.