Not all applications or companies will take advantage of the new Privacy Platform. Reasons being they may be large social media companies such as Facebook (et all), Google (et all), Apple, Microsoft…etc.
Why? Because they implement something on their own. Its their best try at giving you something to appease the regulators in Europe, California or wherever else you may have regulations.
Ok, good to know they can’t use the platform so what’s the point?
The SaaS platform, www.privacycentral.com, allows for what are called “Redirect Applications”. These are applications that will redirect to the companies data request form or link. These links are usually hidden or only visible as a logged in user. These are the applications we are targeted for Privacy Scores. Although, there are some instances such as SalesForce, Dynamics, etc that will also get a privacy score.
What is the Privacy Score? It is a proprietary set of evaluation points (over 75+) that evaluate a company or a specific company’s application to tell you how safe it is. The specifics of the score are a close secret, but a couple things I can share is that some of the points are evaluated on the privacy policy and the terms of usage.
The goal is to add 2-3 Privacy Scores every week and post them to the PrivacyInc twitter handle along with the score to the SaaS platform. Eventually all major applications will be scored you will have a full view as to what applications are safe, and which ones are incredibly lacking.
You can get a view of the current set of scores here. Notice Instagram is the worst application you could possible utilize. And to think of all the children that are using that thing…not good.
Yes, you can do it! Utilizing the Privacy Central privacy platform and its application stub framework, you can seamlessly operationalize your privacy requests for on-premises applications like SharePoint or any homegrown application.
Yes, you can do it. Utilizing the Privacy Central privacy platform and its application stub framework, you can seamlessly operationalize your privacy requests for Office 365 and any other SaaS or homegrown application.
I, just like you, have 20+ years of hard work and ‘potential’.
We have startups galore under our belts.
And oh so many years of “keeping up” with the technology (for all you MCTs).
Let downs.
Beat downs.
Stock market disappointments
Divorce.
Life.
The dreaded, mid-life crisis.
Death.
We entirely…on our accord…”own” this “disappointing” world of ours.
Just like you, we are smart.
We know what the world wants.
We get it.
We know things before others do, yet we fail to act.
We lack the experience, yet we have…the “know-how”.
Some of you. Entire-ly possess it.
Call it…”courage”, if you will.
Yet….will you be one?
Will you, can you?
Take the risk?
We put in days. Months. Years.
Our entire life-force is put into something.
Something others may or may not ever appreciate. Or even know existed.
Creations.
Creations that change the very fabric of reality. Of humanity?
Of us? Or of we?
Visions…
Thoughts…
Life.
From these.
“we” create.
Good for some, evil for others.
We create.
Things that people never thought could ever exist.
Paths, not evolved until we showed the way.
So, I present…my symphony.
Based on privacy. Built on honor.
Done for the greater good.
May we preserve our dignity and rights, as Martin Luther King envisioned for all humans and guided by the musical greatness and creativity of “Chopin”.
May we all enjoy what I consider to be…
My life’s work….
I look forward to all the things that evolve from it as it is now presented to the human race.
After moving from Seattle with a big friend base, we found ourselves starting all over again. It didn’t take us long, but eventually we found intelligence gold! A very knowledgeable individual was doing a deep dive presentation on Windows Workflow Foundation. I was quite impressed and made it a point to strike up a conversation. Little did I know would this person, Zoiner Tejada, would eventually end up being one of my best friends, but also introducing me to his boss at the time, Tom Castiglia, co-owner of Hershey Technologies.
Hershey had a competitive product to SharePoint and Zoiner thought it a good idea to do a review of features between the two. I ended up meeting Tom and chatting for a few hours about the feature gaps between the two and if they should continue development. I was impressed with Tom’s quick acumen to pick up what I was saying…in typical Tom fashion:
“Gotcha”
Being that I had just left an incredible user group in Seattle (Puget Sound User Group) I was looking for something similar in San Diego. We had one, but it wasn’t doing what I felt it needed to do at the time, so I created SanSPUG.org. I was lucky enough to have my friend Kevin Landry offer his facilities at New Horizons Miramar and after the first couple of meetings, Tom started attending. He offered up to be a sponsor and eventually became my founding member and vice president. As it started to grow, Galen and Tony came into the picture and joined our board.
Little did I know that these friendships would evolve into something magical. SharePoint Saturday’s were still in there beginnings back then and were on the upswing. I decided to pursue our first SPSSAN and we went big. I was able to call in a lot of personal favors and we had an amazing budget that allowed us to host it at the San Diego convention center.
If you run a user group or a SPS, you know how much work it is. After the first couple and $20K of my own money into it I decided to pass on the reins and Tom gladly accepted the role as President. He did an amazing job with the group and eventually convinced Microsoft to host us at the La Jolla office. And that’s where the lovely Sal Rosales came into the picture. He has been our sponsor and biggest fan. Through the years we were able to create incredible presentations and invite speakers from all over the world. Our user group and our events are, in my opinion, second to none. I believe that to be true due to the incredible bond we all have with each other.
It was always nice to go out afterwards and have a beer…that was definitely Tom’s favorite. He loved to go to Brewski’s Bar & Arcade. We’d all meet and talk about our month and what we were working on, do a little gossip of the what’s happening around town, they were insightful chats. In many cases, raw, unfiltered and full of trust.
As we worked more and more with the user group, I came to appreciate Tom’s hard work and dedication. It was at this time I was approached by eBay/PayPal to look at performing their SharePoint migration. I knew that it would be a big project and I’d need help. I approached Tom and he gladly accepted the challenge and trusted my estimate of the work. Hershey and I was able to complete the project successfully and within $5K of my original estimate.
It was quite the project and Tom and I talked almost every day for 4 months and we had a blast running around San Jose and San Francisco together. After we finished the project, we continued our user group activities and then Tom and his wife would join me on all my SharePoint conference adventures. eBay was featured that year as a reference customer and we had the Microsoft video crew out to eBay to film all our hard work.
As the years went by, Tom made a global name for himself and took advantage of every opportunity. I watched him from a far and we talked about a lot of stuff (selling Hershey, hiring Joel, leaving Konica and doing his own thing….). We trusted each other and he was a good friend that had his opinions on things but always accepted my crazy odd-ballness over the years. He was a true friend in every sense.
I’d have parties at my house, he and Martha was at every one. He had parties and we would go over and we had a blast!
Just last year I made it a point to get out of the country more. I was able to join Joel and Paul for China; Sheila and I went to Singapore. But more importantly, we also were able to make it down to Cuba. Running around Havana with Tom and Martha was a once in a lifetime experience and I’m happy that we got to have it with them.
Since the original crew started (Tom, Galen, Tony, etc), we have only grown our family here in San Diego. We now have Joel and David, and Ryan. Ryan has been generous enough to step in to take over the San Diego user group reins. With Tom no longer here, Ryan’s help is even more needed to keep things going as we all have so many things going on.
It’s hard to come to terms with the fact I won’t get to see him again. It’s also tough to know that he had such a exponential curve going for him; business, career and life-wise. He had big plans, and although the road was slow going, he kept at it. Everyday.
Knowing that this didn’t have to happen and could have been prevented is one of the tougher parts to deal with. We can only focus on the “butterfly flaps its wings” purpose of it happening and how we’ll change ourselves to honor his memory. I’m by no means the person Tom was, but he gave me a template and something to work towards. It’s the best way I can honor his memory till it’s my time one day.
It’s inevitable that people will come and go in your life, some will be more influential than others. For Tom, he leaves a hole in our local and global community that can’t be filled by any one person. It will take a little bit of everyone to help fill that gap. Tom represented Satya’s and Microsoft’s vision of empathy and caring. The world could use more Tom’s, not less. I encourage you (and even more-so myself), to try to be like Tom.
Miss you brother. Love.
If you have a story or pictures that you’d like to share about Tom, please post them to the memorial site we setup in his honor:
Another year, another conference! Microsoft and SharePoint has evolved immensely in the past 20 years. For those of us that have been around that long (inside and outside Microsoft, and those that were outside and are now inside), watching it grow with the industry and web technologies has been exciting and at times maybe not so much.
Probably the most interesting thing to watch has been seeing the community evolve. Just like the stock market, it comes and goes in cycles. Newbies come in, experts go out. Some strike it rich, others not so much. Entire ecosystems were built from SharePoint; companies were created, companies died.
So where do we reside today? From someone that has been around a while (yeah, there are a few left standing that have been around much longer), I see a new cycle starting. Lots of fresh newbies have arrived with energy and fresh ideas (well kinda, its hard to not think of something that someone hasn’t tried, but nice to watch someone attempt it again even if it may not go anywhere). I have always promoted finding super smart new speakers to fill the conference pool and now I find myself working for Solliance which has been a long time conference participant in conferences like DevIntersection, Azure AI, AngleBrackets and a few others. As part of that my voice is a bit bigger given all the time and energy I contribute (yes, I do most of this work for free as part of my contributing back to the community).
Running a conference is a lot of work. More than you could imagine. SharePoint Saturday’s are one thing, a full blown conference with 5000+ attendees and demanding speakers and conference owner(s) can drive any person a bit crazy at times (next time you see Lyman, you should buy him a a nice stiff drink).
This year has been a bit different from the logistics side as we have moved to the new Hubb platform for speaker and session management. This presents some interesting challenges as we have to sync the data from the Hubb to the Solliance backend. As a PowerShell master, I was able to take from the many millions lines of PowerShell I have laying around and easily build a sync layer (multi layers of auth, two different web technologies). This layer works great as a point to point sync, but as you start to add new rules and requirements such as:
Only speakers that have accepted and signed
Session must be approved
Only community ones should be published
Titles change with no static session codes
etc etc etc
As you can imagine and may have noticed once or twice, not a simple or well oiled machine starting out. However, things have converged and its working well now. Unfortunately, the back-end needed some work as we were not utilizing the awesome new “slot” technology of Azure Web Apps nor were we fully utilizing the CD/CI of AzureDev ops. And let’s just say there wasn’t really a naming convention implemented so managing the Azure resources was a real pain in the a$$. That has since been resolved and all of the Git repos are tied to build and release in AzureDev ops that then push to our staging slots. From there our release manager can then switch the production and stage slots for instant deployment. I am thoroughly enjoying not having to manage any of this now…automation is beautiful.
In addition to all the above, I have been busy running through security and testing of our GDPR\AB375\PIPEDA platform (which is the topic of my SPC19 session). Building a platform makes you realize just how much people don’t know about GDPR technical implementations. It is by far the best content I have ever produced and I guarantee you will learn things that the EU or CA lawyers never would be able to tell you.
Looking forward to seeing you at SPC19 in May! Register here for $50 off registration.
Here is the code to set the document template for a Content Type such that when adding it the “Content Type” field in the library will be set properly. Notice how you have to get the XmlSchema property for the _cts folder name (the content type name now, may not be the name later). function SetDocumentTemplate($ctName, $filePath) { $fi = new-object system.io.fileinfo($filePath); if (!$fi.exists) { return; } $contentTypes = $context.Site.RootWeb.ContentTypes $context.Load($contentTypes) try{ $context.executeQuery() write-host "Getting Content Types - done." -ForegroundColor Green } catch{ write-host "Error While Fetching content types $($_.Exception.Message)" -foregroundcolor red } $contentType = $contentTypes | Where {$_.Name -eq $ctname} $context.Load($contentType) try{ $context.executeQuery() write-host "Getting Content Type - done." -ForegroundColor Green } catch{ write-host "Error While Fetching $($ctName) content type $($_.Exception.Message)" -foregroundcolor red } [xml]$data = $contenttype.SchemaXml; $folder = $context.Site.RootWeb.GetFolderByServerRelativeUrl("$($data.ContentType.Folder.Attributes["TargetName"].Value)"); #$folder = $context.Site.RootWeb.GetFolderByServerRelativeUrl("Document Templates") #$ctsfolder = $context.Site.RootWeb.GetFolderByServerRelativeUrl("_cts"); #$subfolders = $ctsFolder.Folders; $context.Load($folder) #$context.Load($ctsfolder) #$context.Load($subfolders) try{ $context.executeQuery() write-host "Loading folder done." -ForegroundColor Green } catch{ write-host "Error While Getting $($ctname) content type information $($_.Exception.Message)" -foregroundcolor red } <# $enum = $subFolders.GetEnumerator(); while($enum.MoveNext()) { write-host $enum.Current.ServerRelativeUrl; } #> $templateName = $folder.ServerRelativeUrl + "/" + $fi.Name; write-host "Uploading $($templateName) document template... " -NoNewline $FileStream = New-Object IO.FileStream($filePath,[System.IO.FileMode]::Open) $FileCreationInfo = New-Object Microsoft.SharePoint.Client.FileCreationInformation $FileCreationInfo.Overwrite = $true $FileCreationInfo.ContentStream = $FileStream $FileCreationInfo.URL = $fi.Name; $Upload = $folder.Files.Add($FileCreationInfo) $contentType = $contentTypes | Where {$_.Name -eq $ctname} $context.Load($contentType) try{ $context.executeQuery() write-host " done." -ForegroundColor Green } catch{ write-host "Error While Uploading $($templateName) document template $($_.Exception.Message)" -foregroundcolor red } write-host "Setting $($ctname) content type document template... " -NoNewline $contentType.DocumentTemplate = $fi.Name; $contentType.Update($true) try{ $context.executeQuery() write-host " done." -ForegroundColor Green } catch{ write-host "Error While Setting $($ctname) content type document template $($_.Exception.Message)" -foregroundcolor red } }
I have about five different Microsoft Cloud Workshops (MCW)s that I support. Every couple of months we have to update them due to the changes that are made to Azure UI and changes to the core functionality.
One of the MCWs is based on serverless architecture. Part of the labs has you deploy an Azure function from Visual Studio, and another part has you manually create the Azure functions. The thing is, they utilize CosmosDB as the output from a Event Grid trigger with “JavaScript”.
Turns out, they removed “JavaScript” from the list of options (actually, there are no more options) for some reason, although they did hint at it being an unsupported language. So what does that mean for us? Well, I had to convert the javascript to C# 2.0 function code and let’s just say, it took a while. Here’s the original code for the JavaScript version of the function:
module.exports = function (context, eventGridEvent) {
#r "Microsoft.Azure.EventGrid" #r "Microsoft.Azure.WebJobs" #r "Newtonsoft.Json" #r "Microsoft.Azure.DocumentDB.Core" #r "Microsoft.Azure.WebJobs.Extensions.CosmosDB" using Microsoft.Azure.EventGrid.Models; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using Microsoft.Azure.WebJobs; using Microsoft.Azure.WebJobs.Extensions.CosmosDB; using Microsoft.Azure.WebJobs.Host; using System.Collections.Generic; using Microsoft.Extensions.Logging; public static void Run(JObject eventGridEvent, out JObject outputDocument, ILogger log) { log.LogInformation(eventGridEvent.ToString()); dynamic data = eventGridEvent["data"]; outputDocument = new JObject(); outputDocument["fileName"] = data.fileName; outputDocument["licensePlateText"] = data.licensePlateText; outputDocument["timeStamp"] = data.timeStamp; outputDocument["exported"] = false; }
Some exciting news in the land of CJG. I’ll have made the move over to Solliance.net! Solliance
This is exciting for me on many levels. The first being the incredibly smart people I’ll be working with that include, not one, not two, but THREE Microsoft Regional Directors (Michele, Zoiner and Brian) with a fourth (Tim) but a stone throw away! That’s 4 of 150 in the world!
For those of you that know all the things that Solliance actually does, I’m sure you are running through your mind all the ramifications of this move!
Solliance has gained an incredible trust with Microsoft internally and with customers globally and I’m looking forward to getting big things done in 2018! Some of the fun things I can talk about include the Microsoft Partner Playbooks (which were a highlight of WPC\Inspire last year), high level internal Microsoft training and external partner training based on the partner playbooks, and so much more!
Without divulging the entire 2018 strategy, I’ll simply say that you’ll be seeing a lot of me (and possibly some other familiar names) out in the field when it comes to security and compliance work! So what happened with ShareSquared?
The last two years have been spent working with the folks at ShareSquared building some cool products and doing some very interesting projects in the state and local government space. I was able to build a product called PowerStreamECM that implemented many more features than the more marketed migration tools such as AvePoint or ShareGate. Additionally Shannon Bray and I were able to build a very advanced Desired State Configuration (DSC) deployment configuration and execution engine that automated deployment of every top SharePoint vendor product (yes I decompiled all of them into deployable modules) with enforced governance and configuration (in ways that DSC was not originally destined to do).
Additionally, we also automated many of the operational things that come with running a consulting company to levels that I have never seen before in other consulting companies. Oh and I moved us from on-premises to full Azure\Office 365 this year as well (I had to do something as CTO right?).
We got a lot of stuff done in two years and I’m proud of that, but its time to take my skills and my life to the next chapter! Life
2015-2017 marked one of the more difficult periods of my life. I wouldn’t exactly call it a “mid-life-crisis” but life certainly gave me a few scares and those crisis’ taught me it doesn’t get any easier the older you get, just more complex and that anything can happen at any time.
Ultimately, it’s how you handle it, grow from it and evolve. Lucky to have so many supportive and wonderful people that were there for me throughout that crazy period and continue to be!
The best thing I can do now is to follow through and be an example for others to reference and show those that have faith in me that “I got this”.
From this past weekend at our SharePoint Saturday San Diego, the comments and compliments towards the notice in my “change” were very much appreciated. As many of you know…lots of credit to Sheila E. and just the fact you have to grow up at some point! 2018
Bring on 2018 and the rest of our lives, let’s change the world!
Enjoy!
Chris
One of the last tasks in my CTO tenure at ShareSquared was to move us fully to Azure. Like many SoCal organizations, we had a data center location in Los Angeles with a couple of racks of equipment.
This included several large machines for running our virtual environments with SharePoint and 3rd party products. As part of another separate goal, I was able to get Sharesquared to Gold cloud partner and that gave us $12K in yearly spend for an Azure subscription. This means we can do many of the things we were doing in the data center via IaaS in Azure.
The data center included the following:
ForeFront TMG for data center firewall
Domain Controllers
ADFS (serving our O365 logins)
Misc servers to support development (SharePoint, SQL Server, TFS, etc)
Moving the Domain Controller:
We wanted to have a backup strategy in case we ended up needing to fail back to ADFS. The only way that would work is to have a domain controller in Azure with ADFS enabled. There are some issues with doing this of course. The first is you can’t simply make one of your current domain controllers a VHD and upload it. Azure VMs need lots of “agents” to support all that fancy security and configuration. Therefore, I had to make a DC in the Azure tenant. This meant I had to create a VPN from our data center to the Azure VM.
Creating a VPN connection to Azure isn’t totally straight forward, but luckily Apple iOS already forced me to move to L2TP and SSL VPN end points. Unfortunately, Azure only supports SSL VPN connections directory from the VMs. Setting up the VPN:
ForeFront TMG was out gateway firewall. TMG has many cool features even for how old it is. Originally I wanted the VPN traffic to go straight to the DC with RAS but that proved to be difficult with the whole SSL VPN configuration. If I had been able to use L2TP or PPTP then life would have been a breeze. But its not, so had to fall back to SSL VPN that terminated at the ForeFront device. The TMG software is very flexible, probably too much so. After some serious testing/configuring, I was able to setup and connect to the SSL VPN from the Azure VM. Unfortunately, TMG puts everything into “virtual networks” so I ended up having to create firewall rules between VPN clients, local network, internet for every possible path, that took the most time of the entire migration. Creating the Domain Controller and Moving the Roles
Once the VPN was working and all the firewall allow rules were setup I was able to promote the Azure VM to a DC. Once that once done I was able to move all the DC roles to the Azure VM.
I also installed the Azure AD Connect client and had it take over as the primary replication services.
Unfortunately, running a DC in Azure comes with some price when you don’t do things quite right, hey, you live an learn! What I will simply say is…
Understand how to do authoritative restore (the whole D3 method) aka DFS sucks
Back up your sysvol in case you need it later – for us this wasn’t as important as we didn’t need to apply GPO or run any login scripts anymore
Migrating ADFS
Similar to Active Directory Domain Controller, ADFS has a primary server and secondary servers. You can’t really configure a second ADFS server and have your external services point at it. You have to make the ADFS server a part of the ADFS farm, then make it the primary server. The old ADFS will still work and accept traffic, but the UI will only work on the primary. Breaking the links
At some point you have to break the linkage. That means demoting the DCs in your data center and breaking the ADFS secondary link. Additionally you will need to make sure your ADFS login\DNS is switched to point to your new Azure ADFS server.
Be sure that you put some effort into your Network Security Groups for your virtual network! PAW machines are your friend! And spend the extra money for Azure Security Center. Your machines are going to get hammered. Testing the changes
#1 – Doing One user (Me)
Before I broke all the linkages I wanted to test moving my account to “Cloud Only”. This was pretty much a disaster so my account ended up in deleted limbo hell over and over. Why? Well, you have to move your account out of the AD Connect Sync set, this will cause it to get “deleted” from Azure AD (at least it goes into a “Deleted” state). After this happens you should be able to restore it from deleted and then clear the “ImmutableId”. Unfortunately, this does not work and nothing I did would allow me to clear it. So I decided to change my email alias away from the chris@blah.com to chris@blah.onmicrosoft.com. This worked to get me away from any time of account deletion every sync, but it came at a big price:
Delve page broke with a correlation error
Project Server broke because it couldn’t match me to my enterprise resource or email alias, so I couldn’t submit time or see any tasks – this was a big ouch!
Final steps
Once I determined that the final product would not produce the weird errors above we picked a weekend for me to do the migration. It was incredibly easy once all the plumbing was setup. I ran a few commands to break the federation and boom, all done. The Azure AD Connect was still running with password write back so we had a working fallback just in case we decide later to move to a full Azure AD environment. But with the progress on the new Active Directory Services in Azure, that seems like a 0% chance.
The last gotcah was that I put the Azure VM in our non-gold partner subscription (the one with $12K to use), mainly because we didn’t have it setup at the time. Moving the VM was a bit painful (hint, you do not need to download the VHD, let Azure move it directly between subscriptions). But once I successfully moved it, it fired up, but I had to do the authoritative restore again (seems like you should be prepared to do this often in Azure). Result
ShareSquared is moved fully to Azure IaaS and PaaS. No more monthly fee from a co-lo. And we are utilizing out IUR for Azure for being a Gold Partner saving us quite a bit every month!
If you need help moving your organization fully to Azure, I’m always available to help!
chris@solliance.net @givenscj
Enjoy!
Chris
