Tuesday, October 20, 2015

Useful Office365 Command - Removal of Email

So in the aftermath of a targeted Phishing attack, we had several users who were the grand prize winners of the NDR floods. Now if you were a normal user how would you deal with 20,000 NDR messages in your inbox, I know most would freak out and not know what to do.

What are some of the methods to clean that up?

Inbox rule to delete the messages. Sounds like an OK thing to do. Took 4 hours for the rule to run. Yeah that is helpful.

Use the Compliance Center of Office 365 ? That is closer, but through the management console you can find the messages but putting a legal hold is not quite what I had in mind.

It turns out that you can use the Search-Mailbox powershell command with a -DeleteContent to remove the email from the users mailbox. You will need some of the Compliance Center permissions for the cmdlet to show up for you.

Using remote powershell connected to your Office 365 Tenant you can run the following command:

get-mailbox <users mailbox> | Search-mailbox -SearchQuery 'Subject:"Insert Subject Line"' -DeleteContent

The SearchQuery has a few options to use to search the mail, subject, to, from, and attachments.

Hey that is a little easier, since you don't have to open the users mailbox to place a rule inside it.

There is a limit to the number of items in the search query, it is limited to 10,000. So if you have more matches you will need to run multiple times. This still takes time to run. I have found it does run faster off-peak hours. (Unscientific)



Tuesday, July 21, 2015

Rambling Thoughts - July 21th

Thoughts for the week/day:

  • SD-WAN: Lots of buzz about SD-WAN in media and such.  This got me thinking. For me the killer app piece of this would be to easily change the path for software deployments to the branch. Instead of trying to push it down the higher cost "Private Circuit" switch that traffic over to a VPN tunnel on a low cost cable/dxl circuit that maybe in the branch. Why push software from a central SCCM server down the private circuit because it didn't fit in the QOS model that you may or may not have setup. I mean really how many of us have time to change QOS models on the WAN?

Projects: PacketFence Upgrade, Switching out HP 5412 in our Data Center to 4 - Brocade VDX 6740's.

Monday, July 13, 2015

Core Network Replacement Part 1

Core Network Replacement

I read a timely post by Tom Hollingsworth @NetworkingNerd about writing. I've realized that I have not written anything on my blog in quite sometime. I could write down a list of excuses but what is the point in that? Most others have the same or similar. And when did I actually get this posted?

I decided to capture some of the thought processes and steps that have and are going into the network core replacement at the $DayJob.


Last Core network replacement was in was in 2007. Link to the vendor press release: http://www.thefreelibrary.com/Indiana+Tech+Builds+High+Performance+Campus+Network+With+Force10...-a0168505385

That update brought 10 gig between serveral buildings on campus and a push to 1 gb to the computer labs on campus. This also moved us away from a very Cisco centric network. It was new and different. The design contained Force10 E300 as well as a handful of S50 "classic" switches. 3 line cards in the E300, 8 port 10gig card, 24 port 1 gb SFP card, and a 48 port 1 gb copper card. At the time this seemed reasonable with room for growth. The 8 ports of 10 gig was not completely populated at first, but moving from 1 gb between buildings to 10 gig seemed like a huge jump. The 1 gig connections were not being used up, so 10 gig was a super highway.
After a couple of years a few flaws showed up. 1. My S50's didn't make the cut for running FTOS and continue to run STOS. 2. Some vlan troubles between STOS devices and no Force10 gear. 3. End of Sale / Dell purchase 4. Account forgotten.

In the pursuing years I found HP Procurve switch gear to be suitable and cost effective for use in my campus and branch offices. The last few building projects I used HP 5400 series switches either standalone or in a VRRP pair. I thought through whenever the next core upgrade came around, that maybe a good starting point. Possibly the 8200 series (Due to multiple "supervisors").

With the last building built Brocade offered a solution with their ICX 6610 and 6450 switches. I was intrigued with the performance in the 1 RU form factor. Being able to stack the switches across 10gig Ethernet links was very useful as the closets changed around from 3 to 4 due to design changes to the building. I had to compromise on the redundancy of each closet due to the change in cable paths and overloaded a closet from initial design. Since I wasn't stuck with fixed chassis I was able to shift one switch to the other closet. The use of high performance 1 ru switches showed value.

Current Selection:

So the ICX 6610 seemed to offer a redundant scalable cost effective solution to network core. Stack multiple to expand available 10gig ports. I was a bit concerned about having to stack multiple switches just to scale the 10gig ports without using the other ports on the switch.

Enter ICX 7750, 6 40gig Ports and 48 10gig port put that in a redundant pair. That is a lot of 10gig ports in 2U of switches. Which maybe more than I need at this point but the nice thing about SFP+ ports is the use of 1gig SFP's in them. So this is the direction that I went.

Next post will be a quick step through of the process that I used to swap them out.

Thursday, July 9, 2015

Rambling Thoughts - July 9th

In an effort to post a few more things I am going to write down some idea's and opinions on current goings on.

  • Network Break podcast - I really enjoy the Network Break podcasts from @packetpushers. Drew Conry-Murry @Drew_CM brings a new dynamic to the conversations between Ethan and Greg.

  • On the recent announcement by @OpenDNS about being acquired by Cisco. First reaction was the flying F-bomb. Why? Because I like OpenDNS, I like the team. Culture swallowed by Corporate Giant Cisco - doesn't end well. But I am waiting to see the final outcome. Still a customer and still an advocate.

Project that I am working on:

  • Packetfence upgrade/refresh - Many of my post cover things with Packetfence. I have used it for many years and advocate the use, especially if you don't have the budget for the Commercial products. Inverse has done a great job in development and also providing support.

  • Just finished swapping out the core of my network. Replaced a Force10 E300 with a pair of Brocade 7750's. Write-up forth coming.

Also would have to mention Nick @buraglio for telling me once again to write more.