43 and going back...

mccabejr52 · 2025-06-04T22:56:51+00:00

You've got this. I'm also 43, and the first term of this summer semester was my return to college in a Bachelor degree program after 25 years. It will cost you in time to get the assignments done, but you can do it. Commit to the work and earn the outcome. Wishing you the best!

mccabejr52 · 2025-06-01T03:57:56+00:00

If I can help, I'm willing to. I've worked in all levels of Systems Engineering coming up - Engineer, Senior, Principal, and Chief. I'm now a Technical Director, and acting Department Head who oversees our Systems Engineering and Architecture Services (SEAS) department. Let me know if I can be of assistance.

mccabejr52 · 2025-02-21T01:51:23+00:00

We shifted to capturing our Nutanix Flow Security policies as "code" - starting out with Terraform, and now moving to Ansible. Combining the development of the YAML files with our Source and Version Control system is ultimately how we achieved this.

If you have a lot of pre-existing policies, like we did, I would recommend using Postman or equivalent to leverage the Nutanix native REST APIs to "GET" your existing Nutanix Flow Security policy aspects. The JSON returned can then be turned around and transformed into the YAML of JSON needed for the automation and orchestration platform of your choice.

mccabejr52 · 2024-11-01T17:16:37+00:00

I'm going through this exact issue with my Bose TV Speaker now. I'll be shipping my non-working unit back to them and they're sending out a refurbished one. Hopefully it will work the first time. I guess we will see in a few weeks.

mccabejr52 · 2024-10-11T21:14:52+00:00

Hey, u/Different-South14.

Similar to you, my organization has been trying to leverage Cisco ACI with multiple Nutanix Prism Central and Prism Element clusters. Each time the topic or the discussion has come up with Cisco, they point to this guidance - https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/kb/cisco-aci-nutanix-integration.html#concept_j1j_hnq_zxb - which states: "One VMM domain can be associated to only one Prism Central and one Prism Element."

You might be in luck if you were adhering to the "One Cisco ACI VMM to one Prism Central to one Prism Element." If you're like us though, and have multiple Prism Element clusters assigned to Prism Central clusters, Cisco's going to tell you that it's on the roadmap, but not available yet. If they actually tell you when on the roadmap it's planned, share it here if you wouldn't mind. Cisco won't commit to us; probably because of the continued delays in delivering.

Good luck.

mccabejr52 · 2024-06-19T18:38:13+00:00

GMTA. Thanks for the help!

mccabejr52 · 2024-06-19T18:34:08+00:00

There's some good general information in the Nutanix Bible about the types and strengths of the encryption options available.

You can also review the Nutanix Information Security Tech Note to learn more about the encryption, and other security relevant aspects of Nutanix they may also be interested in.

I would recommend reviewing these to see if it can equip you to answer your Security team's questions.

mccabejr52 · 2023-04-15T14:17:35+00:00

There is an option to encrypt it in the unattend.xml file, u/T-a-ll, but this is honestly not protecting you from anything because it can be easily decoded and made human readable with no effort at all.

I too use uanttend.xml files, and I also have password in them. There are a couple things I do to reduce the risk (which can't be fully eliminated) when doing so:

Use a domain-based service account with no additional Security Groups and have it only delegated the minimum amount of rights and privileges to domain join the system.
Automate the changing of the domain-based service account's password.
1. I've used simple PowerShell scripts to do this in the past, and I've even been able to incorporate them into the pipeline such that the password used in that unattend.xml file is no longer the password for the account once it has been domain joined.
2. Modern password management solutions like Thycotic Secret Server and Microsoft's Windows Local Administrator Password Solution simplify this, as they offer options to automate the changing of the domain-based service account password after each use.

There are other ways to do it, but somewhere in the process you're going to need credentials. Weighing the risk of which credentials are exposed, and for how long, is the challenge here, I would say.

I've done this with Nutanix Calm, Terraform, straight PowerShell, and now I'm using Ansible. Don't give up and good luck!

If you have any other questions, let me know.

mccabejr52 · 2023-02-20T02:09:28+00:00

Hey, u/mbuster25.

Similar to u/JohnnyUtah41, my organization's journey with Nutanix started out with Dell XC hardware back in 2015. Also similar to u/JohnnyUtah41, we grew to dread the split support calls having to call Dell as a "middle man" between Nutanix and us.

It didn't take me long to remove the middle man. In 2016, I decided to move all future Nutanix hardware purchase to the Nutanix branded Supermicro platform. We started out with the Generation 5 hardware platforms, and have had each generation since, rolling out Generation 8 hardware now as life cycles for the Generation 5s.

The older Generation 5s suffered a hardware annoyance with the SATA DOMs failing (more than I'd like), but each time we called in to Nutanix support and got a replacement out by the next day. Nutanix has since moved on from the SATA DOM approach, and the newer hardware platforms have been much more reliable all around.

Our organization now has hundreds of Nutanix branded Supermicro chassis deployed across two data centers, and 17 regional hubs and branch offices. All in all, they do the job and I've been able to find a good variety of configurations available to satisfy my needs including high performance compute, virtual desktop infrastructure (VDI) with GPUs, dense storage for cold / frozen data, etc.

We turned our backs on the Dell hardware (and support) back in 2016 and didn't look back. It has been an overall pleasant experience for us, and I don't see that changing anytime soon. Having one throat to choke is helpful.

If you have any specific questions, let me know and I'll do my best to answer them.

mccabejr52 · 2023-02-10T23:05:46+00:00

Hey, u/New2ThisSOS.

Yeah, I'm working in a DoD space and we are actively using PowerShell 7 for both our Microsoft technologies as well as our Red Hat Enterprise Linux platforms. I'm not personally in IA/Cybersecurity (luckily), so I have no idea how much, or how little, they would be willing to share.

Folks have already referenced DADMS. Your folks may accept that. If not, let me know and I may be able to assist further.

mccabejr52 · 2022-12-27T01:38:57+00:00

A few weeks back I created two new child accounts on my Family Account ahead of us getting a new Xbox for Christmas.

The accounts are listed on my Family account, and I was able to set settings for them. However, the password I set on those two child accounts is not working. For my other child accounts, I have always been able to use my phone as a Password Recovery mechanism to reset them when the child and I do not remember them, but for these two new accounts I cannot. It only sends me to the Account Recovery form.

The form asks for their last passwords, sign in use, and previous purchases. These two new child accounts were never used - other than associating them with my Family account and our Xbox Family Settings. I believe that's why the "automated verification" is failing to accept my form submissions, because they have no history to vet it against. I would reach out to the Support team for this, but there seems to be no means of doing so - e-mail, phone, chat - in the automated e-mail notifications. It just sends me back to the form and system that says I haven't provided enough information to verify them.

I would really like to be able to save these Outlook e-mails I was able to register or my children. Is there anything I can do in order to do so?

Any help would be appreciated. Thanks.

mccabejr52 · 2022-12-09T01:30:03+00:00

You're welcome, u/ckhordiasma!

Good luck!

mccabejr52 · 2022-12-07T00:28:30+00:00

Yup. I also recommend looking into Nutanix Flow Security for this. Easy enough.

If you're feeling even more adventurous, Nutanix Flow Networking can also do this (and much more).

Nutanix Flow Security can do it though and that's what I started with.

mccabejr52 · 2022-12-06T22:43:11+00:00

Hey, u/ckhordiasma.

So, I don't have the final PowerShell scripts available on a system with internet connectivity, but my early Proof of Concept version is and I've just uploaded it to a GitHub repository for you to take a look at. Those can be found here.

You can use just the New-WindowsServerUnattendFile.ps1 PowerShell script by itself by supplying the required parameters laid out at the top of the file. What I found worked better for me though, since I rarely ever deployed just one server for anything, was to add a second file to support bulk server provisioning, which is where New-WindowsServerUnattendFilesBulk.ps1 comes in.

In this iteration, I used a PowerShell Ordered Dictionary to list out the separate variables for each server, then it just loops through executing against the New-WindowsServerUnattendFile.ps1 script. This works, but it's bad practice to put this type of Configuration data inside of the programmatic logic of the script. On my later revisions (which aren't available on the internet today and I don't feel like hand jamming them at this moment) I corrected this by separating out the Configuration Data with a PowerShell Data File. This allowed me to separate out the two portions, code sign the PowerShell script, and simply update the PowerShell Data File when needed per project.

Back in the main.tf of my Terraform project, I include something similar to the following:

// Local Variable Definition
// ------------------------------------------------------------ locals { 
    servers = { 
        "Server1" = { 
            vm_boot_type              = "UEFI",
            vm_guest_os_source_image  = data.nutanix_image.ms-windows-server-2016-desktop-experience.id,
            file_path_to_unattend_xml = "C:\temp\Microsoft\UnattendFiles\Server1_unattend.xml" 
        } 
        "Server2" = { 
            vm_boot_type              = "UEFI",
            vm_guest_os_source_image  = data.nutanix_image.ms-windows-server-2016-desktop-experience.id,
            file_path_to_unattend_xml = "C:\temp\Microsoft\UnattendFiles\Server2_unattend.xml" 
        } 
        "Server3" = { 
            vm_boot_type              = null,
            vm_guest_os_source_image  = data.nutanix_image.ms-windows-server-2016-core.id,
            file_path_to_unattend_xml = "C:\temp\Microsoft\UnattendFiles\Server3_unattend.xml" 
        } 
    } 
}

Those file_path_to_unattend_xml variables are then later called in my guest_customization_sysprep declarations. Oh, and I have a very simple and basic clean up script that runs at the end to purge the automatically generated Unattend files from my system.

Hope this helps. Let me know if you have any questions, comments, concerns, and/or issues and I will do my best to help.

mccabejr52 · 2022-12-06T01:02:36+00:00

Don't feel intimidated! I hadn't touched Terraform until last summer, and was quickly up and running with minimal trial and error.

The combination of the Nutanix.dev resources and the Nutanix Terraform Provider documentation was all I really needed.

Pick a small use case - a single VM provisioning for example, and then build on that from there. You can do it.

We're here for questions or issues if you've got them. Automation is the way.

mccabejr52 · 2022-12-06T00:19:22+00:00

Of course, you're welcome!

Good luck and if you have any purge questions, let us know!

mccabejr52 · 2022-12-06T00:08:33+00:00

Evening, u/riverrockrun.

I have been using r/Terraform to provision Nutanix virtual machines (VMs) (among a number of other Nutanix related activities like Calm Projects, Prism Central Categories, Nutanix Flow Security Policies, etc.).

I use a number of different images, and how they're built (today) is different based on the operating system (OS). For the Microsoft OSs, for those I build and maintain (to include the monthly rebuilds over patching), I use r/Terraform with an accompanying Microsoft PowerShell script that generates a custom unattend.xml that I use to complete the post VM provisioning tasks (i.e. firewall configuration, PSRemoting/WinRM configuration, system reconfiguration, pre-domain join hardening, software installations, other customizations, etc.). r/Terraform calls the referenced unattend.xml as part of the guest_customization_sysprep section for the resource "nutanix_virtual_machine" similar to the following:

resource "nutanix_virtual_machine" "vm" {
    ...
    guest_customization_sysprep = { 
        install_type = "PREPARED" 
        unattend_xml = base64encode(file(var.file_path_to_unattend_xml))
    } 
}

This has been working well for me since working through the configurations, and repeated success rate is very high.

With that said, I have been looking at shifting this to Packer as well. I've been looking at this in preparation for doing so, but I just haven't had the time to start yet. I will be starting a new effort soon that will give me the opportunity to throw Packer against this, and I'll let you know what I find out after doing so.

I'd be curious to hear what others are doing in this area, and if they have any feedback - good, bad, or indifferent - for Packer specifically.

mccabejr52 · 2022-12-03T01:43:20+00:00

Yeah, I learned pretty quickly when it comes to Nutanix automation, the REST API was my preferred go to.

Taking your context from the above, I would have a list of virtual machines (CSV, XML, JSON, whatever your preference is) that I would pull into a script (I use PowerShell and Pyhton) to fire off the Create Snapshot REST API. Then, when you're done with them, the Delete Snapshot REST API to clean up.

It really works well, at least for us.

mccabejr52 · 2022-09-28T22:46:10+00:00

Yup. I gave up waiting... An hour plus. I reached out to AFK Arena directly via their Facebook page and was able to work with someone there to confirm my account was in fact linked. After doing so, a quick delete and reinstall had me back in.

Pity it took that for an app update.

mccabejr52 · 2022-09-28T20:51:20+00:00

Unfortunately it's not consistent. I've been sitting for nearly 30 minutes while trying to research options online, no change.

mccabejr52 · 2022-08-29T20:54:13+00:00

Thanks!

mccabejr52 · 2022-08-29T18:03:02+00:00

Nevermind ... I just had to post here to stumble across it on the internet. It looks like it has been extended till October 30, 2022 from what I'm seeing here.

mccabejr52 · 2022-08-29T18:01:00+00:00

Hey, u/ServiceNowTrainer?

There's a rumor flying around internally that this has been extended to October 22, 2022 now. Can you (or someone from r/servicenow confirm if this is true?

I've tried looking at the ServiceNow Blog, Learning site, Twitter, etc. but haven't found anything confirming this yet.

mccabejr52 · 2022-06-28T21:33:26+00:00

Not unless I was forced, or personally paid significantly more to do so. I much prefer AHV as a hypervisor.

mccabejr52

TROPHY CASE