VeeamOn Tour Virtual 2017 – Reserve your spot!

Veeam is hosting their VeeamOn Tour Virtual 2017 event on December 5th, and I’ll be part of the panel of bloggers in the Expert Lounge!

Veeam describes the event like this:

The biggest online Availability event in EMEA — VeeamON Tour Virtual 2017 — is once again coming to your desktop! No need to leave your chair — Experience Availability simply by joining us for an ultimate digital journey!

VeeamON Tour Virtual runs from 11 am to 5 pm CET, and offers three separate tracks; Business, Technical and Cloud.

Check out the agenda and sign up for this free event now, find me in the Expert Lounge, and get your Veeam-on

Making Royal TSX Even More Awesome

For those who don’t know, Royal TSX is an awesome Remote Management solution, which supports RDP, VNC, SSH, S/FTP and even ESXi and vCenter. I’ve been using it for years, not just because they offer free licenses for vExperts (and others), but simply because it works really well. Store it’s config file on a synchronized file area (like Dropbox), and boom, your config follows you around from machine to machine, including custom icons. What’s not to like?

Following Ryan Johnson’s tweet, where he showed off his VMware Clarity inspired Royal TSX setup, I decided to do something similar. Unlike Ryan, I decided to run with the standard Clarity icons, and not invert them. Since the Clarity icons are in .svg format, I had to convert them to .png to be able to use them as icons in Royal TSX, I’ll post a separate post on how I batch converted them later.

Currently, my setup looks like this

Royal TSX with Clarity icons

Changing the icons for entries is pretty straight forward. For existing entries in your config file, simply open the items properties and click on the small icon besides the Display Name. This brings up a dialog showing the built-in icons, but also reveals an option to browse your filesystem for a new icon to use.

Update: Felix from Royal Applications left a nice comment, explaining that you can also drag-and-drop icons directory from finder into Royal TSX as well as the manual process described above.

To change the default icons, find Default Settings in the Navigation Panel on the left, and follow the same procedure.

While the primary goal was to prettify my setup with snazzy new icons, I discovered that I could do quite a few things besides that as well.

As seen in the screenshot, there are a couple of web pages added, but perhaps more interesting are the “PowerCLI” and “Connect VPN” entries.

Running PowerCLI Core from Royal TSX

I run the PowerCLI Core Docker container on my Macbook from time to time, so why not have the option to run it directly from Royal TSX? Once you have it up and running, adding it as a Command Task is pretty easy!

Add a new Command Task, and put in the docker run command in the Command: field

Update: Since originally posting, I’ve discovered that there is an even better ways of doing this, and at the same time keep your PowerCLI running in a tab inside of Royal TSX. Instead of adding it as a Command Task, add a new Terminal connection, but use Custom Terminal as the connection type:

Then add the command you want to run under Custom Commands

In my case, I want to run the following command:

docker run --rm -it --entrypoint='/usr/bin/powershell' vmware/powerclicore

Now, under “Advanced”, find the Session option. Enable “Run inside login shell” to make sure your applications, like Docker, are found without having to specify the complete path to it, and that’s it. As long as Docker runs locally, PowerCLI core can now be launched directly from the navigation bar, and it opens a new tab inside of Royal TSX!

This can also be used to run other things of course, I’ve added a new Terminal option to my sidebar as well, which opens iTerm2 in a new tab.

Connecting Tunnelblick VPN Royal TSX

I run OpenVPN at home, and use Tunnelblick as my client of choice. In order to connect to my home network, I’ve created another Command Task, with the “Run in Terminal” option configured, that runs a simple AppleScript command instructing Tunnelblick to connect.

osascript -e "tell application \"Tunnelblick\"" -e "connect \"[your-connection-name]\"" -e "end tell"

I guess I really understated the percentage of awesomeness increase by doing this, it should at least have been 84% 92,7%.


PSA: Protect Your Email with DMARC

In the last few months, I’ve seen an uptick in spoofed emails being sent with my own personal email domain. Not only is this extremely annoying, but more problematic is that recipients receive spam and phishing emails from what seems to be my personal mail account, simply by spoofing the from address. I don’t know why domain and email address has been “chosen” for this, but I guess this is fallout from the LinkedIn breach way back in 2012.

I didn’t think there was much I could do about this, but a recent tweet by my friend Per Thorsheim sent me down the rabbit hole.

So, obviously there are options available to me that I was completely unaware of. I haven’t managed any public facing email services for 6-7 years, so I’ve not kept up with whatever has been happening in that particular space. Also, my personal email domain has been hosted by Google since 2008, so I haven’t really managed that either. Set and forget, right? Well, not quite.

So, what is this DMARC thing? It stands for Domain-based Message Authentication, Reporting & Conformance, and is a way to try and validate that emails from a given domain is being sent using one of the valid mail servers configured for that domain. In order to be able to use DMARC, you first need to first have Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) configured for you domain.

Here are the resources I used to get all of this configured for my domain:

  1. Configure SPF records to work with G Suite
  2. Authenticate email with DKIM
  3. Add a DMARC record

Less than 24 hours after configuring everything, I received my first DMARC Aggregate Report which is basically an XML file showing what has been going on.

Since this file is a bit hard to read on it’s own, I uploaded it to DMARC Analyzer, and even though I knew a lot of email was being send with my email address as the reply to address, I was quite surprised to see that in less then 24 hours after I set up the DMARC DNS records, a total of 295 emails had been rejected by mail servers all over the world, most of them sent from mail servers in Vietnam. I do not send 295 emails a day with my personal email account, and absolutely none of them from Vietnam. In fact, during the time-frame of this initial aggregate report, I sent zero emails – as seen in the screenshot from the report.

I have now configured my DMARC DNS txt records to send emails directly to  DMARC Analyzer, and I’m looking forward to seeing how these numbers add up over time. I’m currently on a free trial plan, and looking to evaluate which of the available DMARC Analyzers out there I want to use permanently.

At least now receiving email servers have a fighting chance of rejecting fake emails from my domain, since it’s now possible to verify that they are sent through a valid source.

Even if you don’t have problems with someone spoofing your email addresses, please spend 10 minutes configuring this for your domain as well. You never know when something like this might occur, and it’s better to build your defences before you get attacked. That way you stand a chance of stopping it before it gets as ugly as it did in my case.

And Per, you are a gentleman and a scholar. Even if I did manage to investigate and set this up on my own, cake and coffee is still on me!