Sunday, December 2, 2018

Using a Powershell wrapper to securely authenticate to Neo4J to execute CYPHER using Bolt.

I've been busily developing some of my automation leveraging Neo4j with our CommitCRM and Check_MK (Nagios) monitoring platform.

I wanted to automate my process for updating the graph database and generating tickets.  In order to do this securely I wanted to execute CYPHER scripts with windows task scheduler.

To make this easier I've built a powershell wrapper to run my scripts.  This consists of defining a neo4j datasource with the server location, user and password:

ServerURL bolt://server.fqdn.or.ip:7687
DSPW         01000000d08c9ddf0115d1118c7a00c04fc297e...
DSUser        neo4j

Download/install the Neo4j.Driver nuget package

Check out this post by Glenn Sarti for more information.

Configure your datasource:

First you will be prompted to locate the Neo4j.Driver.

Next supply the datasource name

Now the URL to your Neo4j database

Then the user/password

Now the script will attempt to connect using the provided information, and if successful will store the information in your registry under HKCU\Software\neo4j-wrapper\Datasource\your-datasource-name.

set-n4credentials.ps1 can be used to store multiple named datasources and will store each server URL, user, and password combination within a seperate reg key

Retrieve the datasource

Now you can use the execute-cypher-query.ps1 to securely retrieve the credentials from the registry and run your CYPHER code within powershell.

If the server is accessible and the credentials are correct, it will run whatever cypher code you run in the $query variable.  For example I've included a simple query to count the number of nodes in the graph database and return the results.

and here's the output:

In Summary

This should provide a secure way to run CYPHER scripts natively from powershell using the BOLT protocol. to allow for authentication without putting clear-text passwords within your powershell scripts.
Here's the example scripts in github
In a future version I'd like to use paramters to provide external .cypher scripts to run to truly use this as a wrapper.  I'd also like to store datasources that I reference fromWITHIN my cypher scripts.  (for instance apoc.load.json where I am required to provide API key or user credentials within the URL or as a header).

Friday, November 9, 2018

My journey building a connected enterprise with CommitCRM using a Neo4j Graph database


Last September I attended GraphConnect 2018 in New York.  If you are not familiar with what graph databases or Neo4j is here's an excellent primer.

The first session I attended immediately got my wheels spinning.  The example use case  was a customer service ticketing/support platform and bring together data that is normally stuck in silos of many different systems (HR, CRM, ticketing, asset management, etc).  Hey, I've got that problem!

We have been using CommitCRM for several years.  It is serving as our CRM, and PSA tool to provide IT services and support for our clients.

But the challenge has always long been, how can we bring holistic views and queries together with CommitCRM and from other systems, but we don't have a native integration into CommitCRM?

Here's a few systems that are very relevant, but don't currently integrate into CommitCRM:
  • Active Directory (both ours, and our clients') users, contacts, groups, computer objects
  • Office365 / Azure (CSP subscriptions, mailboxes, and users)
  • VMware (VMs and hosts)
  • Check_MK (a Nagios monitoring platform we use)
  • Avast Managed Workplace RMM tool (formerly AVG Level Platforms) 
  • DNS
Enter Neo4j Graph database.  This data platform solves several problems for us.  It allows us to ingest data from several platforms.  It's wicked fast, and allows us to ask complex relationship questions about our data to help decision support.  This essentially becomes a hyper-flexible reporting database that lets us ask questions about our clients' environments.

Another benefit to this platform, is you instantly have a visualization tool you can use to explore your environment.

I will be posting more about my experience integrating CommitCRM and our other systems using Neo4j to created a connected enterprise