What is Cognitive Surplus?

In his famous TED talk about Cognitive Surplus, Clay Shirky shares an incident in Kenya from December of 2007. There was a disputed presidential election that resulted in an outbreak of ethnic violence. A lawyer in Nairobi, Ory Okolloh, began blogging about it on her site, Kenyan Pundit. Shortly after the election and the outbreak of violence, the government suddenly imposed a significant media blackout. So, Okolloh solicited more information about what was going on from her commenters. The comments began pouring in, and Okolloh would collate them, but there was more information than any one person could manage. So, she asked for help to automate this task.

Two programmers who read her blog held their hands up and said, “We could do that,” and in 72 hours, they launched Ushahidi. Ushahidi (which means “witness” or “testimony” in Swahili) is a straightforward way of taking reports from the field, whether it’s from the web or, critically, via mobile phones and SMS, aggregating it and putting it on a map.

Enough people looked at it and found a value that the programmers who created Ushahidi decided they would make it open source and turn it into a platform. It’s since been deployed in Mexico to track electoral fraud and Washington D.C. to track snow cleanup.

Shirky credits the idea of Cognitive Surplus behind the creation of Ushahidi. According to Shirky, Cognitive Surplus has two parts:

  1. Time: The world’s population’s ability to volunteer and contribute and collaborate on large, sometimes global, projects. According to Shirky, the world has over a trillion hours a year to commit to shared projects.
  2. Tools: Primarily for collaboration. Internet, mobile phones, social media, and more.

Shirky acknowledges that not all cognitive surplus products are as helpful as Ushahidi. We also get LOL Cats (cute pictures of cats made more adorable by adding cute captions). While LOL Cats may not seem beneficial (unless you are looking for cute cat pictures), it is essential to note that it is still a creative and communal act. Freedom to contribute means freedom to contribute anything. The important takeaway is that the contributor of a LOL Cat picture has crossed a vital participation threshold.

In ur folder   Failed Password

Cognitive Surplus in an Enterprise

Can Shirky’s notion of Cognitive Surplus be applied to an enterprise? A typical enterprise has employees in between projects, not being utilized to the fullest on their current assignments for whatever reason, or motivated by creating value not just for themselves (e.g., self-learning) but for everyone in the enterprise. Cognitive Surplus encourages this resource of precious employee time for building something of value to the employees and the enterprise.

Beyond time, enterprises also need a framework that engenders participation. Such a framework would include:

  1. A starting point for a framework is tools for collaboration. Examples include collaboration tools like Github, Teams, and Slack.
  2. A collection of tasks that employees can contribute towards. These tasks don’t have to be well-defined like a product backlog. But an absence of defined tasks to choose from can significantly hamper employees from getting started. Ideas for tasks can come from ongoing projects (a nagging problem or an optimization that the product team has no time to spend on or research on upcoming features and features in an area of interest.
  3. Each task needs to be broken up into “byte-sized” chunks. A rule of thumb is 40 hours. This is typically an employee’s time between projects before they are pulled into their next assignment. It is also important to encapsulate the task to hide or decouple it from underlying dependencies. Doing so allows employees to contribute without spending hours or days setting up the environment before they start contributing.
  4. Ability to get feedback early and often is crucial to making the employees’ contribution productive. Therefore, it is essential to scale the feedback loop. The way to scale the feedback loop is to crowdsource it, i.e., get a representative from the team that suggested the task or a member of COI to pair with the employee working on the task. Even a 15-minute daily sync-up can go a long way.
  5. Celebrate the successful completion of a task. Recognize people’s contributions via a blog, internal communication, social media shares, and more. No matter how small the contribution, it should be recognized.

Cognitive Surplus at AIS

At AIS, we have worked to put the Cognitive Surplus to good use. Here are a few recent examples.

    1. Cameo Contributors for Value Creation projects. New hire and not yet on a project? In between projects? Our team is working to support more internal efforts by matchmaking individuals who have availability with the needs of our internal Cloud Acceleration Hub​ (HUB) team. The HUB is a dedicated team of AIS consultants organized to help AIS project teams deliver successful cloud services modernization projects.​ The HUB team consolidates knowledge and experience to provide rapid research and guidance for cloud migration and modernization projects. Cameo contributions can range from project-specific problem solving or solution reviews to contributing to IP development or internal skilling efforts. The HUB team has manageable chunks of work that they engage individuals for and mature this capability with ramp-up guides, task partners, and more.
    2. Creation of open-source tool ddl2dbt tool. The team wanted to automate the creation of DBT YML files based on ErWin models but had no cycles to build this tool. Cognitive Surplus made it possible to develop this tool – AppliedIS/ddl2dbt: CLI to generate DBT and dbtvault models from DDL and Source To Target Mappings (github.com).

How Do You Exercise Cognitive Surplus? Tangible and Intangible Benefits

Dean Kamen, the inventor, and entrepreneur, said, “Free cultures get what they celebrate.” In a similar vein, “Enterprises get what they celebrate.” Enterprises need to create a culture that celebrates participation, no matter how small the contribution is or how directly impactful the contribution is. The value created for the enterprise is not just a by-product of the participation; it is what they collectively make of participation.

Enterprises have hundreds of hours of participatory value up for grabs, year-in and year-out. Enterprises designed around a culture of participation and a framework for common value creation can achieve incredible results.

We have been able to integrate more individuals across the organization while providing value to the broader company. Those who have participated in these exercises have provided excellent feedback on the experience and how it gave them a positive experience with AIS, allowing them to contribute value to the company between delivery and billability. There are intangible benefits to this, including valuable impacts on culture, employee passion, and motivation. How is your organization using cognitive surplus?

First-time Feedback from Peers and Mentors

An AIS employee was invited to share his experience when participating in project work.


“I had the opportunity to work with an internal AIS HUB project earlier this year and came away with a new perspective when it came to my critical thinking. I was asked to write specific articles dealing with PowerShell, Pester, and PSScriptAnalyzer as well as a working example code to compliment the article. This was the first time in my career I had a group of Engineers and Developers providing feedback and guidance as I was producing a WiKi and code. The guidance and feedback were outstanding!

By the end of my time with the HUB team not only was my WiKi writing substantially better, but the feedback I received from the HUB team made my thought process much clearer and more refined. As a DevOps Engineer, being able to work with a client in a clear and concise manner is critical to successfully providing implementation guidelines and also results. The HUB Team took me under their wing and taught me how to be a better DevOps Engineer. My current project requires a lot of critical thinking, WiKi’s, and code blocks. I work with developers who need example code and instructions on how to get started. If I had not had the time I had with the HUB team, I would not be able to provide better documentation and code for their WiKi’s.”

– David Dracoules, AIS Cloud Infrastructure Consultant


JOIN OUR GROWING TEAM
AIS provides employees with opportunities to learn and grow in their careers. Won't you join us?

We used the following techniques for an ESXi upgrade. Although upgrading is a standard process, I’ve compiled some tips and best practices that worked well for the team. Read on to learn how we did it.

Why is it Essential to Upgrade the Environment?

It’s recommended to upgrade VMware vSphere as per VMware standards because VMware vSphere adds many features, which helps to scale up the infrastructure and efficiently manages new or existing infrastructure. To be compatible and benefit from all the latest features like the Advanced Hypervisor feature, better memory management, protection from security vulnerabilities, and more, it is vital to upgrade the existing host to the latest version.

Advantages of Upgrading ESXi Host

If the server runs on ESXi 6.5 version, the VMware environment has certain advantages when upgraded to 6.7 or 7. A few benefits are fault tolerance support to 8 Vcpu, Cross vCenter Encrypted VMotion, Maximum vCenter Server request latency, and high performance. Have an admin crosscheck if the processor is compatible before the upgrade. The old processors may not be compatible with ESXi 6.7 or higher.

Download the correct compatible version from My.Vmware.com. After downloading the correct image, an admin creates a baseline to import the image from vCenter.

Prerequisites

Before the upgrade, have an admin crosscheck if the host is in maintenance mode, and all the VMs should be migrated to another host in the cluster. Below are a few possible reasons why VM migration could fail.

  • Different VMotion Port Groups: All the hosts in the cluster are to be aligned in the same VMotion port group. If they are in different port groups, the VMs will not migrate, then the host may fail to move to maintenance mode.
  • Affinity/Anti Affinity Rules: While upgrading ESXi host in a cluster where SQL VMs are hosted, it is required to check any affinity rules are applied. If yes, then migrate VM within the host group where VM is allowed to migrate.
  • High CPU Reservations: VMs will not migrate if any VM has a CPU reservation and another host cannot accommodate the VM. In this case, try to vacate a few VMs from another host and move the VM to that host with enough CPU space to accommodate.
  • Snapshots: VMs will also fail to migrate if they have active snapshots.
  • DRS (Distributed Resource Management): VMs trigger the VMotion when the host is in maintenance mode; hence set the DRS settings to automated mode. If the DRS settings are in manual mode, manually migrate the VMs to a different host.

When all these set conditions are met, move the VM to another host and proceed to the ESXi upgrade activity. If you are not using vCenter, power off the VMs residing on the host, then upgrade.

Roll Back: If the user encounters any issues after the ESXi upgrade, one can easily opt to roll back the upgrade to the previous version post activity.

  • To roll back to the previous version of ESXi, select <Shift+R: Recovery mode>
  • Press Y and for the rollback to be initiated, and it boots up with the old version.

We evaluated two techniques to Upgrade ESXiUgrade

  • Option 1: Sphere Update Manager (VUM)
  • Option 2: ESXCLI command line

Option 1: Sphere Update Manager (VUM)

VUM is widely used to manage the upgrade of the ESXi host from vSphere 6.0 to vSphere 6.7. However, before upgrading the vSphere ESXi host, we need to download VMware vSphere Hypervisor (ESXi) 6.7 installation ISO, downloaded from My.VMware.com.

Creating a baseline is required as we will be using VUM to perform the upgrades of our ESXi host. This article will also explain how to make the baseline that is used during VUM upgrade. Last, we need at least one vSphere ESXi host to upgrade with our VUM baseline.

After completing ESXi 6.7 installation ISO download, we need to import the image and create a baseline, as shown below.

Let us take a deep dive through the screenshots below to understand the process. Illustrated images are used only for reference purposes.

Importing the Image

    1. Click on Update Manager from the Menu buttonImporting Image
    1. Click on ESXi Images and select ImportImport image with ESXi
    1. Click on Browse and upload the download imageImport
    1. Click Import once the action has reached 100%Import Filename from URL
    1. The image is imported (the complete image after the import)Complete Import

Create Base Line

    1. From the Update Manager window, click on Baseline > New > New BaselineCreate New Baseline
    1. Provide the required information, i.e., name and description and select upgrade, then select nextUpgrade Baseline
    1. Select the image and click nextSelect Image for release
    1. Review and click FinishReview Image and Finish

Upgrade Host Using the New Baseline

    1. The Host needs to be in Maintenance Mode before the upgrade
    1. From Host and Cluster View: select the host which requires an upgrade from the right pane. Select UpdatesSelect Host to Upgrade
    1. Select Attach Baseline or Baseline Group from the Baseline tabIdentify Baseline Group
    1. Select the newly configured BaselineNew Configured Baseline
    1. Once the baseline is populated, select on RemediateRemediate Baseline
    1. Select the End User License Agreement and select OKEnd User License Agreement
    1. Select Remediate option and upgrade will startChoose Remediate Option
    1. The server will reboot after the completion of the upgradeReboot after completion of upgrade

Option 2: Upgrading Using ESXCLI Command Line

  1. To upgrade the server Via CLI, ensure SSH service is enabled, otherwise the connection is not established for the server via putty.
  2. Download the required image on your local desktop
  3. Host to be in Maintenance Mode
  4. Copy the image to local ESXi host using WINSCP tool to Var/Temp folder
  5. SSH and login to the server using the Putty tool
  6. Navigate to the path CD / var/tmp
  7. Run the below Command:
    “esxcli software profile update -p ESXI-6.7.0-XXXXXXX-standard -d /VMFS/Volumes/XXXXXXXXXX/Var/temp/Vmare-ESXI-6.7.0-XXXXXXX-depot.zip”

Learn the Command in Detail

  • esxcli software profile update:- is going to perform an update
  • -p ESXI-6.7.0-XXXXXXX-standard :- is the patch release name
  • -d /VMFS/Volumes/XXXXXXXXXX/Var/temp/ :- is the directory where ISO is copied
  • VMware-ESXi-6.7.0-XXXXXXX-depot.zip :- An update to be performed

Once the update is successful, the server will need a reboot. Good luck!

What is Azure Web Application Firewall (WAF)?

Azure Web Application Firewall (WAF) filters, monitors, and blocks HTTP traffic. It uses Open Web Application Security Project® (OWASP) rules to protect your application. It also provides centralized protection to web applications from common exploits and vulnerabilities and protects against threats and intrusions.

Supported Services

We have three different options to create a WAF in Azure:

  • Azure Front Door: Global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications.
  • Azure Content Delivery Network (CDN): Global CDN solution for delivering high-bandwidth content. It can be hosted in Azure or any other location.
  • Azure Application Gateway: Web traffic load balancer that enables you to manage traffic to your web applications.

Azure Front Door

Azure Front Door provides centralized protection for our web applications. It prevents malicious attacks close to the attack sources before they enter your virtual network.

As shown in the below image, we placed WAF at Azure network edge locations. It will inspect every incoming traffic, so it will prevent malicious attacks from entering the virtual network.

Global WAF Policy
Reference – https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview

Azure Content Delivery Network (CDN) Service from Microsoft

Azure Content Delivery Network (CDN) provides a global and centralized solution for our web content. It will reduce load times, bandwidth, and speed responsiveness of the application.

As shown in the image, WAF deployed on Azure network edge locations around the globe. A WAF policy easily links to any CDN endpoint in your subscription. New rules can be deployed within minutes and respond quickly to changing threat patterns.

Content Delivery Network
Reference – https://docs.microsoft.com/en-us/azure/web-application-firewall/cdn/cdn-overview

Azure Application Gateway WAF

Application security is strengthened by WAF integration into Application Gateway. Protect your web applications from web vulnerabilities and attacks without modification to back-end code. We can protect multiple web applications at the same time. An instance of Application Gateway can host up to 40 websites protected by a web application firewall. In addition, we can custom WAF policies for different sites behind the same WAF. As shown below, we can also Protect our web applications from malicious bots and XSS attacks, SQL Injection, and other vulnerabilities by using Application Gateway WAF.

Application Gateway
Reference – https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

WAF Modes

WAF policy can be configured to run in the following two modes:

  • Detection mode: When running in detection mode, WAF doesn’t take any actions other than monitoring and logs the request and its matched WAF rule to WAF logs.
  • Prevention mode: In prevention mode, WAF takes the specified action if a request matches a rule. If a match is found, no further rules with lower priority are evaluated. Any matched requests are also logged in the WAF logs.

WAF Policy and Rules

WAF policy consists of two types of security rules:

  • Custom rules that are authored by the customer
  • Managed rule sets that are a collection of Azure-managed pre-configured set of rules

Custom rules are reviewed before processing the rules in a managed rule set. A rule is made of a match condition, a priority, and action. If such a match is processed, rules with lower priorities aren’t processed. We can create rules that meet our requirements by combining managed and custom rules. For example, we can configure custom rules based on IP address, Geographical location, HTTP parameters, size constraint, rate limiting.

WAF Actions

WAF customers can choose to run from one of the actions when a request matches a rule’s conditions:

  • Allow: Request passes through the WAF and is forwarded to the back-end. No further lower priority rules can block this request.
  • Block: The request is blocked, and WAF responds to the client without forwarding the request to the back end.
  • Log: Request is logged in the WAF logs, and WAF continues evaluating lower priority rules.
  • Redirect: WAF redirects the request to the specified URI. The URI specified it is a policy-level setting. Once configured, all requests that match the Redirect action will be sent to that URI.

WAF Monitoring

Monitoring the health of your WAF and the applications that it protects is supported by integration with Azure Security Center, Azure Sentinel, and Azure Monitor logs. WAF instances are integrated and send alerts and health information to Security Center for reporting. Azure Monitor allows us to track diagnostic information, including WAF alerts and logs.

Monitor and track diagnostics
Reference – https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

How To Deploy Azure Web Application Firewall (WAF) with Azure Application Gateway

  1. Create WAF Policy to configure the firewall. Search Web Application Firewall Policy click and Add policy. Then we need to select the type of WAF, Resource Group, Policy Name, and state.
    Basics of creating WAF Policy
    Reference – https://docs.microsoft.com/en-us/azure/web-application-firewall/cdn/waf-cdn-create-portal
  2. Select Prevent or Detect mode based on the requirement.
  3. We can configure a custom rules section to match the rule and rate limit rules. As shown in the image below, we can limit the threshold value and duration.
  4. Review your settings, then create!
Adding rate limit rule to match
Reference – https://docs.microsoft.com/en-us/azure/web-application-firewall/cdn/waf-cdn-create-portal

Conclusion

All organizations are exposed to a variety of malicious attacks. To protect from such, we can use Azure WAF to protect the application even from the most sophisticated threats before they reach your servers. To learn more, check out Microsoft documentation on Azure WAF or reach out to AIS.

SECURE YOUR CLOUD SOLUTIONS
Your cloud adoption efforts require sound security, compliance, and governance. It is our mission to make those requirements a reality. Contact AIS about our Security and Compliance Consulting Services.