EdRoyston

Staging Software - Where there is a will there is a way

Blog Post created by EdRoyston Employee on Aug 2, 2018

I have been preparing a series of upgrades for a customer - in this case CA PM. As part of the preparation routine, the first step is getting the software out onto the systems. Like usual, in checking my own repo, it looks like there has been a recent update to a newer release. This is usually something like a patch release update or other bug fixes - usually sourced from one of the internal CA repos in the US (one of the advantages of engaging CA Services to handle these activities, unlike a third party that would normally not have this sort of access).

 

Now for the challenge... One of the (many) "unwritten rules" that I encounter with customers is that whatever their primary purpose for business, internally they aren't usually very good at it. A couple of examples:

  • When onsite at a bank (or other financial institution), when heading to lunch and you need to get some cash to pay for your meal - can you find an ATM (as in "magic money machine")? Ahh.. no...
    • For purposes of clarity, I work in a lot of different places that take different currencies and cards (in particular AMEX) are not accepted.
  • When onsite at a Service Provider, can you get decent internet access? Well...
    • I do have more stories on this one but will refrain to protect the not-so innocent (including some interesting security related activities).

 

This posting is about the last example. Where I am (at an MSP), the network connection that they allow us to use can be patchy at times - including random resets of the Wifi access points (in the aim of security, supposedly). As such, the fastest 'net connection that I have is at the hotel (am working remote). Amazingly enough the hotel's 'net connection speed is very fast and pretty reliable! It is certainly fast enough to get a VPN connection into CA and pull the 4GB that I need for the upgrade. Therefore, for large downloads I usually pull them down in the evenings rather than kill the connection (and run the risk of file corruption onsite).

 

Talking about file corruption, this is one of the things that I always do (and have suggested this to colleagues in the past) - make sure that you perform checksum hashes on files! There is nothing worse than downloading something only to find out that the file you have spent the last hour (or two/three/four) is corrupted in the transmission (luckily CA provides these sorts of checksums - you see them in the CA Support site).

 

So, the next challenge - and this is where we come to "hacking the system" - where I am using the word "hack" in the original sense. I am NOT referring to "cracking" the system - as in breaking through passwords and security, I am referring to determining a process in order to achieve a goal involving various software challenges. In this case, I have left my laptop locked up at work (it is a big beast to lug around), am back at the hotel with my mobile and need to get a hold of the software downloads.

 

It turns out that CA Global Protect (the corporate VPN that we use) is available for not just Windows/Mac boxes but is also available under Android as well. You can get it from (including details on setup):

http://gp.ca.com

The Android app version of it is available from the Google App Store. So, a couple of clicks and I have it installed. Following the instructions indicates the server/username/password combo that I need to use for it. It is also linked into to the CA OTP (One Time Password/multi-factor auth) system - also on my mobile. Now I have a connection through to the CA network - though you have to be careful, using a VPN can drain your battery quickly. I should add that I am doing this over a Wifi connection as well (don't want to hammer the 4G data service for no real reason).

 

The next challenge is getting onto the fileshare. Luckily, with Android there are a couple of Windows fileshare browsers (unfortunately the build servers in the US are not SSH'able). After having a muck around with username/password/domain combinations I finally am able to connect up using a SMBv2 connection (for those that want to know, it has a higher level of password authentication than the original SMB protocol - and under the new MS AD setups, this is the thing that you have to use though they can be a little pernickety at times). Browsing the share I am now able to kick off the download, which completes after an hour or so (Windows fileshares aren't known for their speed).

 

So, at long last, and after jumping through a few hoops, I have the new version of the software that I need to do the install on site (complete with hash checks, etc.). So, with a few challenges in setup, I would highly recommend having a look at some of these mobile options. Sure, they have their foibles but they can be made to work.

 

Where there is a will there is a way!

Outcomes