Self-Directed Reality

Actions are greater than Thoughts

user experience

Automated VPN Account Management – Philadelphia Museum of Art

by

Brief/Challenge

As the Museum moves to a mobile-first environment brought on by the Pandemic, managing the Virtual Private Network (VPN) became my responsibility. I handled all the account creation, troubleshooting, password resets, connection issues and everything else associated with the VPN accounts on our Dell laptops.

However, the process for managing the VPN account became a little more challenging due to the competing workloads. Some requests would come through our Spiceworks ticketing system, emails, chats in Microsoft Teams, face to face, and even phone calls.

And of course, if an account was modified, no record existed of when and what was performed to the account. I quickly moved into action to streamline this process, not just for me but also for the current and future members of the IT department.

Solution

Step One – Assessment

Returning to an old standby, I created another Microsoft Form, this time with only 3 simple questions with the understanding that only those in the IT department will be filling out this form so it can be short and sweet. Currently, there are NO plans to share the VPN passwords with end users so it helps to have a central place for requests AND a central place to confirm previous passwords and/or VPN account status.

  1. What would you like to do?
    1. CREATE NEW VPN  Account
    2. CHANGE a password for VPN account
    3. DELETE a VPN account
  2. What is the FIRST NAME on the VPN account? (before the period in the email address)
  3. What is the LAST NAME on the VPN account? (after the period in the email address)

The reason the form specifically asks for the first and last name is because some names have to be modified in our systems due to length, hyphens, and/or entirely different preferred names.

This ensures that the VPN account details will match up evenly with the spelling of their company email address. This helps limit confusion and makes troubleshooting easier in the future if needed.

An additional benefit is that it consolidates all of the previous methods of requesting VPN account management into a single funnel.

Instead of simply replying to chat messages with the status of a VPN account (which ends up being lost in the shuffle), I can now point to one location for requests and share the result files with the IT department so anyone can see the status of an end user’s VPN account.

And in this format, it is easy to see what is going on and the date it occurred on (which I manually fill in).

Step Two – Deploy and Track

The next step is to refer to check the requests on the backend, create an account and password as needed, and then inform the requestor directly of the changes (through email). Even though in Step One, I stated that a requestor can check the backend to see the status of all VPN accounts since this system was setup, it is a fallback plan.

I don’t think any process should rely on someone manually checking a spreadsheet to see if their request was processed. So let’s walk though the next steps by looking at a a request on the backend.

The account we are working on today is Killua Zoldyck (the real ones know). I am NOT creating a company VPN account for Killua but highlighting the process works for a real VPN account request.

There are some things to note on the backend. I can send the date and time the request came in along with the name and email address of the requestor. That is important for the next step. Notice that the Password | Account Status and Completed Date are blank. I fill those in after I create the account.

Previously, I was creating the VPN passwords by hand using a system where I decided to take whatever was on my mind and then turn it into a password by counting the letters and adding the number after the word and then slapping on a exclamation point.

For example: Zero4Chill5! would be a VPN password

I ended up automating this password creation process by using Python and made a Windows installer to generate offline passwords on demand (Python Password Generator – Philadelphia Museum of Art).

For Killua’s account, let’s use the hypothetical password of Zero4Chill5! and plug it into the spreadsheet back end.

Now how to get that account information over to the requestor (me in this case) in the least steps as possible?

Enter Microsoft Flow (under Microsoft Automate) where I created an automation which emails that account status and password to the requestor with the click of one button directly from the spreadsheet on Excel Online. By simply highlighting the Password | Account Status cell, then clicking DATA on the Excel menu bar and clicking FLOW, my VPN Email option will appears.

The next screen confirms what the flow will be accessing (Excel Online and Office 365 Outlook in this case)

And here is a screenshot of the email I received from the Flow I started and finished all through Excel Online (with the template I created ahead of time):

Outcome

Currently, the Museum has over 250+ employees eligible for laptops and therefore VPN accounts. By streamlining the process, it saves collective hours between me and the rest of the IT Department, especially when it comes time to setup or replace hardware for new or current employees.

And this process can be modified easily for any other sort of requests which are quick in nature but can easily fall between the cracks. We have proper ticket systems to request New Hires for example but becomes too cumbersome for a simple request such as this one.

By removing the additional friction, it ensures that the IT Department (myself included) uses the form to keep our records straight. And even if someone requests a VPN account using the previous methods (a Teams chat request for example), I enter their request into this form so the request is recorded.

*NOTE: While I could have automated the entire process using Python and/or Microsoft Power Automate, I decided against since that meant the VPN admin credentials would have to be baked into the code and that’s no bueno.

Retail POS iPad Status Tracker – Philadelphia Museum of Art

by

In early June 2022, all of the Retail iPads started experiencing intermittent disconnections from the employee Wi-Fi which sometimes happened in the MIDDLE of transactions, causing collateral problems.

In an effort to track down exactly what is happening, I suggested we keep a written list of disconnects and intermittent issues. With this information, so we can check the network logs and related data to determine if it is an hardware problem and/or a network problem.

Brief/Challenge

I decided to streamline the written process since the POS iPads are used by multiple staff members during peak weekend times (when IT is not onsite) and any resolution would require the combined efforts of the Retail and the IT department. The design cues for this project is an easy to use and centrally managed reporting system.

This form DOES NOT replace entering a normal help desk ticket, it is an additional component which can be helpful in the future for diagnostics where manual logs and/or a record of the issue makes resolutions quick and easier for all parties involved.

Solution

Step One – Assessment

In the first step of this project, I created the Retail Operations iPad Status Tracker form using Microsoft Forms to allow any staff member to report the timely status of an iPad from ANY other Retail iPad. As a note, the form link can be accessed from any internet connected device by PMA staff for reporting.

The form provides a list of Retail iPads, asks for the date, the rough time and a summary of the issue which goes into a spreadsheet which the IT department can read and review as these issues crop up. To assist with troubleshooting,

Question 1: Please select the affected iPad(s) from the list below.

I included all of the information for each iPad for the IT department to check the relevant systems for details without burdening the Retail staff.

  • Store Name: The iPad location and the designated register number.
  • Serial Number: This the department name + the serial number of the device. The full name (i.e. RETAIL-GG7YW73AJF8M) is the naming scheme for JAMF where the device can be managed through the MDM.
  • MAC Address & Bluetooth MAC Address: These MAC addresses are used to track down networking issues through the network logs of the IT Department.

Question 2: What date did the issue occur?

A date picker will appear on the screen where a user can select the appropriate date.

Question 3: Please enter the time that your issue occurred (in 15-minute increments)

This makes it easier to check network logs and the like if there is a specific time frame to focus on. In addition, I can assume that a user may be off 10-15 minutes in either direction depending on how busy they are.

Question 4: Please record your issue below and any additional notes.

This an open text form where a user can type in any relevant information to the Retail iPad POS so the IT department can have an idea of what to look for.

Step Two – Deploy and Track

Using our MDM system JAMF, I automatically pushed out the POS Status Track to all of the Retail iPads home screen. I used a sad emoji and the iPad as the icon because it will be easy to recognize and understand for the changing Retail staff. Additionally, any new iPad added to the Retail group in JAMF will automatically get this form link automatically installed.

36 second demo of the Retail POS Tracker app on iPad

The form data can be accessed through the back end of Microsoft Forms and downloaded and viewed in Excel. You can see screenshots of the Microsoft Forms backend below.

Outcome

This system is still being used to report the status of the Retail POS iPads in the Philadelphia Museum of Art and allows data to be easily captured for effective trend analysis. After a month of reporting so far, there seems to be something specifically wrong with the iPads in the American Store and/or the wireless network in that that area, which gives us a concrete angle.

Currently, the American Store was on a different network and now I am testing to see if the reported issues fall in line with the other iPads in the different stores (i.e. sub-10 reported issues over a month).

Further testing and troubleshooting will be required to narrow down the specific issue since all of the Retail iPads are the same model and on the same version of iPadOS.

As for the Status Tracker, it will be rolled out to other large deployments of iPad through JAMF so other departments can have a quick way to report sporadic and hard to document issues.

Future versions of this tracker could include a file/photo uploader in case screenshots/video footage is needed (i.e. a glitchy screen that only happens at a certain time, etc) which pairs well with the built in screen recording and screenshot software of the iPads.