ESX and disk issues

ESX 4 & 5: Resolving SCSI reservation conflicts
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1002293
In this KB article is described the process how to find which ESX host has SCSI reservation on LUN

ESX 5: Vmware vSphere 5 dead LUN and pathing issues and resultant SCSI errors
http://raj2796.wordpress.com/2012/03/14/vmware-vsphere-5-dead-lun-and-pathing-issues-and-resultant-scsi-errors/

All ESX versions: After repeated SAN path failovers, operations that involve VMFS changes might fail for all hosts accessing a particular LUN
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009899

ESX 4.x: ESX/ESXi hosts in APD may appear Not Responding in vCenter Server
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1030980

ESX 4.1: Virtual machines stop responding when any LUN on the host is in an all-paths-down (APD) condition
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1016626

ESX 5.1 has significant improvements with APD a PDL
http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Storage-Technical-Whitepaper.pdf

vCenter Server 5.1 Required Ports

http://www.vladan.fr/vcenter-server-5-1-required-ports/

ESX Automated Provisioning on CISCO UCS

This is the demo of automation showing how VMware vSphere ESX host can be
 automatically deploy to CISCO UCS Service Profile which is booted from SAN.


If you want to know more don't hesitate to write comment bellow the blog post.

Home wind power station

http://www.taawin.cz/

VAAI Comparison – Block versus NAS

http://cormachogan.com/2012/11/08/vaai-comparison-block-versus-nas/

VMware Support Alert – Implementing CA signed SSL certificates with vSphere 5.1

http://vmwaretips.com/wp/2012/10/31/vmware-support-alert-implementing-ca-signed-ssl-certificates-with-vsphere-5-1/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+VMwareTips+%28VMwareTips%29

How to defend against ARP poisoning/spoofing attack in vSphere infrastructure

There are few vSphere Infrastructure enterprise possibilities how to deal with this type of attack.
I know about two ... Vmware vShield  and CISCO Nexus1000v.

However here I would like to share idea how to do it with open source tools integrated into enterprise infrastructure.

Disclaimer: 
Please be aware that this is not out of box enterprise solution and you have to know what you are doing and you have full responsibility for all impacts.

How we can simulate the attack?
Bellow is tutorial inspired by another tutorial from
http://blog.facilelogin.com/2011/01/arp-poisoning-with-dsniff.html
You can simply change installation procedures based on your OS distribution.

ARP poisoning with dsniff
dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

To install dsniff on CentOS 6.

yum -y install wget

cd /usr/src
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
rpm -ivh epel-release-6-7.noarch.rpm
yum –y install openssl gcc flex bison libpcap-devel libnet

yum install dsniff

Now you need to find out two things,

1. IP address of the target machine - say 192.168.1.4
2. IP address of the Gateway - say 192.168.1.1

Let's start ARP poisoning from the attacker's machine - with arpspoof tool which comes with dsniff.

$ sudo arpspoof -i en1 -t 192.168.1.4 192.168.1.1

This will update target machine's ARP table with attacker's MAC address against the IP address of the gateway.

Now - start a tcpdump on the same interface from your machine - start viewing all the traffic going to and from the target machine.

$ sudo tcpdump -i en1

How we can detect the attack?
We can use aprwatch for example on my favorite OS FreeBSD running in virtual machine,

Installation is simple as
cd /usr/ports/net-mgmt/arpwatch/
make install
...
then you have to add
arpwatch_enable="YES"
in to your /etc/rc.conf
...
 
And last but not least is to enable promiscuous mode on VMware vSwitch portgroup where arpwatch vm is connected to. The best way is to create another portgroup (single port is enough) with the same VLAN ID as protected VLAN and in Security we have to set Promiscuous Mode to Accept. 

... then arpwatch send message to syslog. So you can see something similar in your /var/log/messages
Oct 31 09:08:02 ips arpwatch: flip flop a.b.c.d 0:50:56:8d:2e:bc (54:52:0:fe:47:95)

Arpwatch can also send a e-mail message about incident. The message looks like

hostname:
ip address: 95.80.240.1
ethernet address: 54:52:0:fe:47:95
ethernet vendor:
old ethernet address: 0:50:56:8d:2e:bc
old ethernet vendor: VMWare, Inc.
timestamp: Wednesday, October 31, 2012 8:57:33 +0100
previous timestamp: Wednesday, October 31, 2012 8:57:33 +0100
delta: 0 seconds

How we can protect against the attack?

Well this is another story. It really depends on your environment but in my environment I have vSphere Distributed Switch and all virtual machines have VMtools installed so I trust VMware MAC:IP associations and based on these information (MAC) I can find the attacker port in distributed switch and disable it.

And that's just a small step to do it in automated way by leveraging VMware vCLI (aka VMware Perl SDK).

WARNING!!!

Currently described solution works only on single ESX host and doesn't work among more ESX hosts because of virtual networking principles. VMware virtual switch (or module of distributed switch) is not a switch but port extender. The difference is significant. The ARP poisoning attack is based on permanently unicasting ARP replies to the victim so when Arpwatch server is not on the same ESX as the attacker or the victim then even promiscuous port on distributed switch portgroup will not help us to catch it because arp reply packet is not visible on Arpwatch server.

The solution would be to have arpwatch VM on each ESX host. VMware introduced the concept of ESX agents (aka Agent Virtual Machines) so I believe this is the right use case for ESX agent implementation.
For more information about "Deploying vSphere Solutions, vServices, and ESX Agents" read this document.

I have to test this architecture ... so stay tuned.

Any comments or thoughts are appreciated.

Accessing Microsoft SQL Server from Linux using DBD::Sybase

Citation from: http://www.perlmonks.org/?node_id=392385
Author:  Lindsay Leeds (2004 Sep 20)

Recently, I made yet another attempt to get Perl to access Microsoft SQL Server using DBD.  Usually, when I want to connect to a Microsoft SQL Server, it is from Perl on Windows.  So I take the easy route and use DBD::ODBC and use an ODBC connection.  This time though, I wanted to connect to Microsoft SQL Server 2000 from a Linux box.  Having no ODBC to fall back on, I looked for native DBD driver of some sort.
It took me several hours of struggling to make it work.  I almost gave up several times, so I am writing outline to help anyone else trying to accomplish this same task.
In the end, we will use the DBD::Sybase perl module from CPAN to access the Microsoft SQL Server.  Before we can do that however, we must first compile the freetds library.

Note: From now on I will refer to Microsoft SQL Server as SQL Server.  Please do not confuse this with a generic sql server.  We can all now pause to gripe about the lack of imagination in product naming at Microsoft.
Compiling Freetds
Download and compile freetds from http://www.freetds.org/.

once you unzip and untar it, enter the directory and run:

./configure --prefix=/usr/local/freetds --with-tdsver=7.0
make
make install

Configuring Freetds
Now we have the freetds compiled, but we still have configure it.  This is the part that threw me off and is so different from other DBD drivers.  The DBD::Sybase driver will ultimately be affected by the contents of the /usr/local/freetds/etc/freetds.conf file.  If that file is not configured correctly, your DBD::Sybase connection will fail.
Okay, now that we have established there is a  relationship between the freetds.conf file and the DBD::Sybase module, let's edit the freetds.conf file.
The strategic modifications I made to the freetds.conf file were:
1) uncomment the following lines and modify if necessary:

try server login = yes
try domain login = no

Note: this forces the module to attempt a database login instead of a domain login.  I could not get domain login to work, though I will admit I did not try very hard.
2) uncomment the following line and modify if necessary:

tds version = 7.0

This supposedly sets the default tds version to establish a connection with.  I have only SQL Server 2000 servers, and they won't talk at any lower version.  So I set it to 7.0.  If for some reason you had older SQL Servers, you might leave it at the default 4.2.
3) create a server entry for my server sql1:

[sql1]
        host = sql1
        port = 1433
        tds version = 8.0
    


[download]

Note: My server here is sql1.  Ping sql1 worked, so I am sure I can resolve it using DNS.  You can also specifcy an ip address instead of the host name.  The sql1 in the brackets is just a descriptor.  It could be 'superduperserver' and it would still work as long as my 'host =' is set correctly.  I tried 'tds version 7.0' for my SQL Sever 2000 and it worked.  Version 5.0 though resulted in an error.  You might want to verify your SQL Server is listening on port 1433 with a 'netstat -a -n' run from the command line on the SQL Server.
At this point you can verify your configuration.

/usr/local/freetds/bin/tsql -S sql1 -U sqluser

You will then be prompted for a password and if everything is well, you will see a '1)' waiting for you to enter a command.  If you can't get the 1) using tsql, I doubt your DBD::Sybase perl code is going to work.  Please note that sqluser is not an Active Directory/Windows Domain user, but an SQL Server user.
Compiling DBD::Sybase
Now that we have the freetds library prerequisite for DBD::Sybase installed and configured, we can compile the DBD::Sybase perl module.  Obtain it from www.cpan.org if you haven't already.
once you have untarred it and are in the directory, run:

export SYBASE=/usr/local/freetds
perl Makefile.PL
make
make install

Note: The export line is to let the compilation process know where to find the freetds libraries.

Using DBD::Sybase
You are now ready to test your DBD::Sybase module.

#!/usr/bin/perl

use DBI;

$dsn = 'DBI:Sybase:server=sql1';

my $dbh = DBI->connect($dsn, "sqluser", 'password');
die "unable to connect to server $DBI::errstr" unless $dbh;

$dbh->do("use mydatabase");

$query = "SELECT * FROM MYTABLE";
$sth = $dbh->prepare ($query) or die "prepare failed\n";
$sth->execute( ) or die "unable to execute query $query   error $DBI::errstr";

$rows = $sth->rows ;
print "$row rows returned by query\n";

while ( @first = $sth->fetchrow_array ) {
   foreach $field (@first) {
      print "field: $field\n";
   }
}

Good luck!

Adding ESXi 5.1 to "5.1 vCenter Appliance" fail

Finally I found time to install vSphere 5.1 in my home lab. I have 5.0 environment running so I've bought another old DELL PE 2950 on czech "ebay like" system Aukro (www.aukro.cz) for just 6.500 CZK (approx. 330 USD) to leave my current lab untouched and try 5.1.

So, I upgraded BIOS and DRAC to latest firmwares and installed DELL version of ESXi 5.1 (embedded) on my DELL PE 2950. Then I installed vCenter appliance (OVF) on top of this new ESX.

I was able to add my old ESX5.0 to this new vCenter but not the new one.

WHAT'S WRONG???

Troubleshooting process ...

In vCenter event log I can see message: "A general system error occurred: Timed waiting for vpxa to start".

In /var/log/vpxa.log ...

2012-10-07T08:33:29.941Z [FFFE1B90 error 'SoapAdapter'] Unsupported namespace "urn:vpxa3" in content of SOAP body
-->
--> while parsing SOAP body
--> at line 9, column 0
-->
--> while parsing SOAP envelope
--> at line 2, column 0
-->
--> while parsing HTTP request before method was determined
--> at line 1, column 0

So, what  versions am I running?


ESXi 5.1.0 (799733)
vCenter Appliance 5.0.0 (755629)


Oooops ... I believed I installed vCenter 5.1 because in my local install archive it is stored as
VMware-vCenter-Server-Appliance-5.1.0.5100-799730_OVF10


So the cause is clear ... bad installation image management cost me one hour of troubleshooting :-(

NAKIVO - another virtual infrastructure backup software

NAKIVO (http://nakivo.com) is another virtual infrastructure backup software. It can be installed on Windows or Linux (Ubuntu) server. Linux installation is something which interest me. I have to test it and compare it against Veeam Backup and Replication. 

New Nexus 1000v (2.1) will be also available as free edition

Source

Nexus 1000v version 2.1 will have (2.1 is currently beta) two editions. Essential edition is free of charge so VMware Enterprise Plus customers can leverage CISCO virtual networking. Advanced edition is paid version but with significantly enhanced features. The most interesting thing is that VSG (Virtual Security Gateway) is also included in Nexus 1000v advanced edition.

Enabling Nested ESXi in vSphere 5.1

Nice article how to check physical ESX host capability to virtualize ESX (aka nested ESX).

esxcli for vSphere 5

Excellent introduction into esxcli.

Automating ESXi 5 Kickstart Tips & Tricks

Here is the link to excellent blog post.

iReasoning MIB browser - Free MIB Browser

iReasoning MIB browser is a powerful and easy-to-use tool powered by iReasoning SNMP API . MIB browser is an indispensable tool for engineers to manage SNMP enabled network devices and applications. It allows users to load standard, proprietary MIBs, and even some mal-formed MIBs. It also allows them to issue SNMP requests to retrieve agent's data, or make changes to the agent. A built-in trap receiver can receive SNMP traps and handle trap storm.

Major features:

    Intuitive GUI
    Complete SNMPv1, v2c and v3 (USM and VACM) support
    Complete SNMPv3 USM support, including HMAC-MD5, HMAC-SHA, CBC-DES, CFB128-AES-128, CFB128-AES-192, CFB128-AES-256 (128-bit, 192-bit and 256-bit AES) algorithms
    Robust and powerful SMIv1/SMIv2 MIB parser
    IPv6 support
    Trap Receiver
    Trap Sender
    Log window to display application log and SNMP packets exchanged between browser and agents
    Port view (bandwidth utilization, error percentages) for network interface cards
    Switch port mapper for mapping switch ports
    Table view for MIB tables
    SNMPv3 USM user management (usmUserTable in SNMP-USER-BASED-SM-MIB)
    Device snapshot
    Cisco device snapshot
    Performance graph tool for monitoring of numerical OID values
    Ping and traceroute tools
    SNMP Agents Comparison
    Network discovery tool
    Runs on Windows, Mac OS X, Linux and other UNIX platforms

http://ireasoning.com/mibbrowser.shtml

Note: another free MIB browsers is getif, mibble

Spaning Tree Protocol

It is always good to go back to the basics.

Spanning Tree Protocol (STP, RSTP, MSTP) is the protocol often overlooked in modern data center networks but it still has critical impact for operation excellence.

So here are few interesting links explains the basics:
Understanding STP and RSTP Convergence
How Are Evaluated Forward Delay and Max Age Timers in STP?

Upgrading an ESX/ESXi 4.x host with the Cisco Nexus 1000V to ESXi 5.0 using Update Manager

Upgrading an ESX 4.x host that is presently a member of the Cisco Nexus 1000V DVS should be performed using VMware Update Manager.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2021363

DELL vSphere Hypervisor 5.1

ESXi 5.1 Recovery Image Build# 799733 (A00) This ISO image should be used only to recover/reinstall the ESXi image to SD Card/USB Key on Dell Platforms.

http://www.dell.com/support/drivers/en/en/rc1077983/DriverDetails/Product/poweredge-r620?driverId=XWYR5&osCode=XI51&fileId=3005015335

Top 10 What’s New Cool Features in Hyper-V 3

From a virtualization perspective, here’s the Top 10 What’s New Cool Features in Windows Server 2012 with Hyper-V—or just Hyper-V 3 for short.

1.    VMs with up to 32 vCPUs
2.    VMs with up to 512GB vRAM
3.    VHDX (=VMDK) up to 16TB
4.    Multiple concurrent Live Migrations & Live Storage Migrations
5.    Hyper-V Replicas (This + SC Orchestrator = SRM Replacement)
6.    Extensible Virtual Switch (There’s a 1000v for Hyper-V)
7.    63-Node Clusters
8.    Built-In NIC Teaming/Trunking & QoS
9.    VM Affinity Rules
10.    No dedicated Live Migration Network needed
11.    Hyper-V Client (This is Hyper-V inside Win8 for client-side virtualization!)

1

Not able to install SqlServer 2008 says Restart computer failed?

Not able to install SqlServer 2008 says Restart computer failed?

I've found answer at 
http://social.msdn.microsoft.com/Forums/en-US/sqlsetupandupgrade/thread/ca182f5d-114a-4516-99d4-0854ad176fbf/
 
setup.exe /SkipRules=RebootRequiredCheck /ACTION=install

SNMP Trap Receiver on FreeBSD

Net-SNMP is the package for all SNMP operations. It can also acts as SNMP Trap Receiver.

First of all, it's good idea to read the section about traps in Net-SNMP Tutorial.
http://www.net-snmp.org/tutorial/tutorial-5/commands/snmptrap.html

Step by step blog post about Sending and Receiving SNMP Traps in FreeBSD can be also found in
http://taosecurity.blogspot.cz/2006/08/sending-and-receiving-snmp-traps.html

Test trap can be send by following command:
snmptrap -v 1 -c public localhost '' localhost 6 1 ''

The daemon for snmp trap receiver is snmptrapd which uses configuration file snmptrapd.conf

Here is example of snmptrapd.conf file:

 ###########################################################################
#
# snmptrapd.conf
############################################################################
# SECTION: Output formatting for traps received.
#
#   Output from snmptrapd is formatted according to the
#   rules defined by the formatting configuration directives.

# format1: How SNMPv1 traps are formatted.
#   See the snmptrapd.conf manual page for format string details.
#   arguments: formatstring

format1 '%y-%m-%l ?%h:%j:%k ?%b ?%P ?%N ?%W ?%v\n'

# format2: How SNMPv2 and SNMPv3 traps are formatted.
#   See the snmptrapd.conf manual page for format string details.
#   arguments: formatstring

format2 '%y-%m-%l ?%h:%j:%k ?%b ?%P ?%N ?%W ?%v\n'

logOption f /var/log/snmptraps.log
ignoreauthfailure yes
disableAuthorization yes

SAN Switch cheat sheet

B-Series
B-Series (Brocade) switches uses both web and CLI, the table below displays some but not all the CLI commands.

help	prints available commands
switchdisabled	disable the switch
switchenable	enable the switch
licensehelp	license commands
diaghelp	diagnostic commands
configure	change switch parameters (BB credits, etc)
diagshow	POST results since last boot
routehelp	routing commands
switchshow	display switch show (normally first command to run to obtain switch configuration)
supportshow	full detailed switch info
portshow #	display port info
nsshow	namesever contents
nsallshow	NS for full fabric
fabricshow	Fabric information
version	firmware code revision
reboot	full reboot with POST
fastboot	reboot without POST

B-Series (Brocade) zoning commands are detailed in the below table

zonecreate (zone)	create a zone
zoneshow	shows defined and effective zones and configurations
zoneadd	adds a member to a zone
zoneremove	removes a member from a zone
zonedelete	delete a zone
cfgcreate (zoneset)	create a zoneset configuration
cfgadd	adds a zone to a zone configuration
cfgshow	display the zoning information
cfgenable	enable a zone set
cfgsave	saves defined config to all switches in fabric across reboots
cfgremove	removes a zone from a zone configuration
cfgdelete	deletes a zone from a zone configuration
cfgclear	clears all zoning information (must disable the effective config first)
cfgdisable	disables the effective zone set

B-series creating a zone commands

Creating zone by WWN	zonecreate "zone1", "20:00:00:e0:69:40:07:08 ; 50:06:04:82:b8:90:c1:8d"
Create a zone configuration	cfgcreate "test_cfg", "zone1 ; zone2"
saving the zone configuration	cfgsave (this will save across reboots)
enable the zone configuration	cfgenable "test_cfg"
saving the zone configuration	cfgsave
view zoning information	zoneshow or cfgshow

MDS-Series
B-Series (Cisco) switches uses both web and CLI, the table below displays some but not all the CLI commands, the ones highlighted will be the ones used most often.
EXEC mode commands:

attach	connect to a specific linecard
bios	BIOS related commands
callhome	callhome commands
clear	reset functions
clock	manage the system clock
config	enter configuration mode
debug	debug functions
discover	discover information
exit	exit ffrom the submode
fcping	Ping a N_Port
fctrace	trace a route for a N_Port
load	load system image
no	disable debugging functions
reload	reboot the switch
setup	run the basic setup command facility
show	display running system information
system	system management commands
test	test command
write	write the current configuration
zone	zoning server commands

CONFIG mode commands:

aaa	config aaa
boot	configure boot variables
callhome	enter the callhome configuration mode
clock	configure time and date
fcalias	fcalias configuration commands
fcanalyzer	configure fabric analyzer
fcc	configure FCC congestion control
fcdomain	enter the fcdomain configuration mode
fcdroplatency	configure switch or network latency
fcflow	configure fcflow
fcinterop	interop commands
fcns	Name server configuration
fcroute	configure FC routes
fcs	Configure fabric config server
fctimer	configure fibre channel timers
fspf	configure fspf
interface	select an interface to configure
ip	configure IP features
no	Negate a command or set its default
ntp	NTP configuration
power	configure power supply
poweroff	power off module in switch
qos	Configure priority of FC control frames
radius-server	configure radius related parameters
role	configure roles
snmp-server	configure snmp
span	enter SPAN configuration mode
ssh	configure ssh parameters
switchname	configure systems network name
system	system config command
trunk	configure switch wide trunk protocol
username	configure username information
vsan	enter the vsan configuration mode
zone	zoning configuration commands
zoneset	zoneset configuration commands

There are several commands that allow you to navigate through the switch "cd", "copy", "dir", "find", "mkdir", "move", "rmdir" and "tail".
MDS-series creating a zone

create a zone and place it in the vsan	# zone name testzone1 vsan 4
add a member (port wwn example)	# member pwwn 10:00:00:00:c9:21:40:b8 (port on the host)
add a member (fabric port wwn example)	# member fwwn 10:01:10:01:10:ab:cd:ef (port on the switch)
add a member (FCID example - hard zoning)	# member fcid 0x7f0000 (24 bit address)
add a member (FC alias example)	# member fcalias payroll

MDS-series common commands

display logged in WWN, display vsan information	# show flogi database
display the specific vsan logins	# show fcns database vsan 4
activatng a zoneset	# zoneset activate name zone1 vsan 4
delete a zoneset	# clear zone dataabse vsan 4
configure the default zone	# zone default-zone permit vsan 4
display zones and zonsets	# show zoneset active # show zoneset # show zoneset active vsan 4
copy active zone set to the full zone set	# zone copy active-zoneset full-zoneset vsan 4
distribute the full zoning database to others switches	# zoneset distribute full vsan 4

 
M-Series
M-Series (Mcdata) switches uses both web and CLI, the table below displays some but not all the CLI commands.

commadelim	Toggle comma-demlimited display mode
config	configure settings
login	login into CLI with different access rights
maint	maintenance settings
perf	Performance statistics
reserved	reserved for future development
show	display attributes
features	configure feature settings
ip	configure IP settings
logout	logout of the CLI
port	configure port data
security	configure security settings
snmp	configure snmp
switch	configure switch data
system	configure system data
zoning	confgiure zoning settings

There are several commands that allow you to navigate through the switch "..", "ctrl-U" and "root" .
M-Series (Mcdata) zoning commands are detailed in the below table

showactive	show actively running zoneSet
clearzone	clear WWN's in a zone
deletezone	remove zone from running config
activezoneset	activation of changes
addzone	add a new zone to the working area
addwwnmem	add a WWN to a zone
showpending	show pending zones
renamezone	rename a zone
deletewwn	delete a WWN from a zone
renamezoneset	rename a zone set

Zoning limits

• 64 zone sets (max)
• 2000 zones (max)
• 1024 zones per zone set (max)
• deafult should all ways be disabled (causes all port to see each other creating ghosts in a FA's login table)

Reset the password on a Dell EqualLogic Storage Array

This is just copy from original article at:
http://www.vmguru.nl/wordpress/2010/03/resetting-the-grpadmin-password-on-a-dell-equallogic-san/

If you really don’t know the password set on the grpadmin but still have physical access to it you can start a recovery procedure to reset the grpadmin account back to the default password: grpadmin.
Important: Because you must power-cycle one group member as part of the password reset procedure, volumes with data stored on that member will be unavailable and active iSCSI connections to those volumes will be lost until the member is restarted. You may want to warn users of any impending offline volumes and iSCSI disconnections before resetting the password.
To temporarily reset the grpadmin account password to the default factory-set password, follow these steps:
1.) On one group member, connect the appropriate serial cable to serial port 0 (the correct cable will be different on different models of the PS Array) on the active control module. The active control module is indicated by the green control module status LED labeled ACT. The status LEDs are located on the controllers sometimes on the left side or next to the serial port on other controllers.
2.) Turn off power to the member (if you have dual power supplies, turn off both power supplies). Volumes with data located on the member will be offline and iSCSI connections to those volumes will be lost until the member is restarted.

3.) If the member has two control modules, after it is shut down, remove the controller that your serial cable is not connected to. This is to ensure that, while you are setting password-recovery mode on one controller, the other controller doesn’t run past us and start the array up.  Controllers just have to be removed a little so they don’t make contact any more to be disabled. (2 cm out is far enough)
4.) Turn on power to the member by turning on all the power supplies.
5.) While the member is restarting, press Ctrl/p when the following message appears on the console: Press Ctrl/p to enter setup mode. This will halt the boot process and allow you to enter commands to the boot monitor.
6.) At the CFE> prompt, enter the following commands, which are case-sensitive and must be typed exactly as shown:
CFE> setenv RESETPASSWORD 1
CFE> reload
7.) When the member restarts, the PeerStorage login prompt appears. After a short pause, the following message should appear: WARNING:Password recovery mode… Temporarily resetting grpadmin password.
If you get the previous message, log in the the group using the grpadmin account and its factory-set password, grpadmin:
Login: grpadmin
Password: grpadmin
At this point, you are logged in to the group with read-write permission and can perform any group administration task. At this point, you should set the grpadmin account password to a known value. Use the procedure described in the Modifying Accounts section in the Group Administration manual or use the following command:
> account select grpadmin passwd
Enter New Password: xxxxxxx
Retype password: xxxxxxx
Note: Unless you set the grpadmin account password within five minutes after the password recovery mode message appears, the grpadmin password will revert back to the value it had prior to the password reset procedure (that is, you will no longer be able to log in with the factory-set password).
However, as long as you remain logged in to the grpadmin account, you can set the password to a known value. If the password recovery mode message does not appear, the password reset procedure did not succeed (for example, because you did not enter the CFE commands exactly as shown). In this case, allow the member to completely start up, and then retry the password reset procedure, shutting down the member and following the steps above.
8.) If the member has two control modules, after logging in to the group and setting the grpadmin password, reinsert the second controller,  this restarts the secondary control module and allows it to be used. Within one minute, you should see a console message, indicating that the secondary control module is operational.

FTDI - Virtual COM port for Mac OS X

FTDI - specialists in converting peripherals to Universal Serial Bus (USB).
http://www.ftdichip.com

Virtual COM port (VCP) drivers cause the USB device to appear as an additional COM port available to the PC.  Application software can access the USB device in the same way as it would access a standard COM port. 

http://www.ftdichip.com/Drivers/VCP.htm

Wind Power

WIND TURBINES
http://p.floris.sweb.cz/index.html

PowerConnect 8024-k : link is up even the switch is power cycled or reloaded

“The below is from the release notes for 4.2.2.3 (listed under the 4.2.1.3 section):

Internal ports are up during most of the switch POST Internal ports were up while switch is booting, this was causing traffic loss in network.

Corrected the initialization of the internal ports. CPLD Code Update is required.

1. Update the CPLD using the command 'dev cpldUpdate'

Console#dev cpldUpdate

2. Power cycle the switch. (Power Cycle from CMC WebUI. Do not run “reload” from the console prompt)

Converting between CPU RDY summation and CPU % ready values

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2002181

To convert between the CPU ready summation value in vCenter's performance charts and the CPU ready % value that you see in esxtop, you must use a formula.
The formula requires you to know the default update intervals for the performance charts. These are the default update intervals for each chart:

• Realtime: 20 seconds
• Past Day: 5 minutes (300 seconds)
• Past Week: 30 minutes (1800 seconds)
• Past Month: 2 hours (7200 seconds)
• Past Year: 1 day (86400 seconds)

CPU ready %

To calculate the CPU ready % from the CPU ready summation value, use this formula:
(CPU summation value / ([chart default update interval in seconds] * 1000)) * 100 = CPU ready %
Example: The Realtime stats for a virtual machine in vCenter might have an average CPU ready summation value of 1000. Use the appropriate values with the formula to get the CPU ready %.
(1000 / (20s * 1000)) * 100 = 5% CPU ready

CPU ready summation value

To convert the CPU ready % into a CPU ready summation value, reverse the calculation and use this formula:
(CPU ready % / 100) * ([chart default update interval in seconds] * 1000 = CPU summation value
Example: If a virtual machine has a CPU ready % of 5m, its CPU ready summation value on the Realtime performance chart is calculated like this:
(5 / 100) * 20s * 1000 = 1000 CPU ready

ls* Commands Are Even More Useful Than You May Have Thought

Information is copied from
http://www.cyberciti.biz/open-source/command-line-hacks/linux-ls-commands-examples/

lsscsi
list SCSI devices

lsblk
list block devices

lsb_release
list linux distribution and release information

lsusb
list usb devices

lsblk
list block devices


lscpu
list cpu information

lspci
list PCI devices


lshw
list information about hardware configuration

lsof
list open files, network ports, active process, ...

lsattr
list extended file attributes







 

DELL OMSA 7.0 LiveCD

http://linux.dell.com/files/openmanage-contributions/omsa-70-live/OMSA70-CentOS6-x86_64-LiveDVD.iso

What is DELL OMSA?
Dell OpenManage Server Administrator (OMSA) is a software agent that provides a comprehensive, one-to-one systems management solution in two ways: from an integrated, Web browser-based graphical user interface (GUI) and from a command line interface (CLI) through the operating system.


More info at http://en.community.dell.com/techcenter/systems-management/w/wiki/1760.openmanage-server-administrator-omsa.aspx

www.vexperienced.co.uk blog

http://www.vexperienced.co.uk/ is very good blog about vSphere maintain by Edward Grigson.

I would like to read Edward's VCAP-DCA Study Guide.

http://www.google.cz/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&cad=rja&ved=0CE0QFjAAOAo&url=http%3A%2F%2Fwww.vexperienced.co.uk%2Fwp-content%2Fuploads%2F2010%2F10%2FVCAP-study-guide-published-version.pdf&ei=r9YtUNnUGcv0sgaW_4GoBA&usg=AFQjCNHT1yl2pp9ZCDf0itx8Muh7XLHp1w&sig2=5Z3wQtGDeuWY6pMEh4TxeA

Getting the NAA ID of the LUN

Getting the NAA ID of the LUN to be removed

From the vSphere Client, this information is visible from the Properties window of the datastore.

From the ESXi host, run the command:

# esxcli storage vmfs extent list

VMware vSphere 5 - Cluster Resource Allocations

Total capacities

Cluster Resource Allocation "Memory - Total Capacity" is "Total Cluster Memory" (what you see in Summary Tab) minus approx. 2576MB of RAM reserved for each ESX host.

So if I have two ESX hosts each with 8GB physical RAM I can see 16GB Total Cluster Memory in Summary Tab. However I have two ESX hosts which has together reserved 2 x 2576MB which is approximately 5GB of memory reservations. So in Cluster Resource Allocation I have 16GB-5GB which is around 11GB of RAM.

The same should apply to Cluster Resource Allocation "CPU - Total Capacity". Each ESX host has reservation of 2341 MHz.

So if I have two ESX hosts each with 10.636 GHz  I can see 21GHz Total Cluster CPU Resources in Summary Tab. However I have two ESX hosts which has together reserved 2 x 2421MHz which is approximately 4.8GHz of CPU reservations. So in Cluster Resource Allocation I should have 21GHz-4.8GHz which is around 16.2GHz. But during my tests I see there 18.4GHz which looks like only one ESX host reservations are subtract. What is the magic and why? Can someone comment it bellow the article?

If you want to know what amount of MEMORY and CPU reservations are reserved for particular ESX hypervisor component you can select some ESX host in the cluster and go to Configuration->System Resource Allocation and switch from simple to advanced view. You have to go through all components and sum all CPU and MEMORY reservations.

Reserved capacities

Cluster Allocation "Reserved Capacity" is sum of reservations of virtual machines and resource pools. Sometimes people are confused and surprised that reserved capacity is very high. That's usually because HA cluster is enabled and fail-over capacity is also reserved and not available for use.

So if I have two node cluster with N+1 redundancy and at least one protected VM is running then half of cluster capacity is reserved by HA.

Intel Server CPU generations

Intel Xeon 5400 = Harpertown
    » Penryn microarchitecture
    » Intel 64
    » 0.045 micron (45 nm)
    » Up to 4 cores
    » Up to 3.33 GHz
    » Up to 2x6 MB L2 cache
    » MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1
    » Demand-Based Switching except E5405, L5408
    » Enhanced Intel SpeedStep Technology (EIST) - except E5405
    » XD bit (an NX bit implementation)
    » HyperThreading
    » Virtualization (Intel VT-x, Intel VT-d)

Intel Xeon 5500 = Nehalem-EP
    » Nehalem microarchitecture
    » Intel 64
    » 0.045 micron (45 nm)
    » Up to 4 cores
    » Up to 3.33 GHz
    » Up to 8 MB L3 cache
    » MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2
    » Enhanced Intel SpeedStep Technology (EIST)
    » XD bit (an NX bit implementation)
    » HyperThreading
    » Virtualization (Intel VT-x, Intel VT-d)
  
Intel Xeon 5600 = Westmere-EP
    » Nehalem microarchitecture
    » Intel 64
    » 0.032 micron (32 nm)
    » Up to 6 cores
    » Up to 4.4 GHz
    » Up to 12 MB L3 cache
    » MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2,
    » Enhanced Intel SpeedStep Technology (EIST)  
    » XD bit (an NX bit implementation)
    » TXT
    » AES-NI
    » Smart Cache
    » Demand-Based Switching
    » HyperThreading
    » Virtualization (Intel VT-x, Intel VT-d)
    » Turbo Boost (except E5603, E5606, E5607, L5609)

Intel Xeon E5-2600 = Sandy Bridge-EP   
    » Sandy Bridge microarchitecture
    » Intel 64
    » 0.032 micron (32 nm)
    » Up to 8 cores
    » Up to 3.3 GHz
    » Up to 20 MB L3 cache
    » MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AVX
    » Enhanced Intel SpeedStep Technology (EIST)
    » XD bit (an NX bit implementation)
    » TXT
    » AES-NI
    » Smart Cache
    » Demand-Based Switching
    » HyperThreading
    » Virtualization (Intel VT-x, Intel VT-d)
    » Turbo Boost (except E5-2603, E5-2609)

Caution: Information was collected from various public sources therefore the completeness and correctness is not guaranteed.

VMware - Software and Hardware Techniques for x86 Virtualization

In the early days of x86 virtualization, uniformity ruled: all CPUs implemented essentially the same 32-bit architecture and the virtual machine monitor (VMM) always used software techniques to run guest operating systems. This uniformity no longer exists. CPUs today come in 32- and 64-bit variants. Some CPUs have hardware support for virtualization; others do not. Moreover, this hardware support comes in multiple forms for virtualizing different aspects of the x86 architecture.  This document describes the x86 architecture from a virtualization point of view, relating critical architectural features to the major releases of VMware ESX. The goal is to provide, for each version of VMware ESX, an understanding of:

* Which CPU features are required
* Which CPU features can be utilized (but are not required)
* Which CPU features can be virtualized—that is, made available to software running in the virtual machine

With a better understanding of how CPU features are required, used, and virtualized by VMware ESX, you can reason more precisely about what can be virtualized, what performance levels may result for a given combination of CPU, guest operating system, and version of VMware ESX, and how workloads may respond to adjusting configuration parameters both for software running in the virtual machine and at the VMware ESX level.

Full white paper is located at
http://www.vmware.com/files/pdf/software_hardware_tech_x86_virt.pdf

DELL Lab

dell-lab.uw.cz - 62.168.43.218

ARP Spoofing - Man-in-the-middle attack (demo)

http://www.youtube.com/watch?v=hI9J_tnNDCc

PowerCLI Script to automatically setup vCenter Alarm Email Notification.

http://fixingitpro.com/2012/07/09/powercli-script-to-automatically-setup-vcenter-alarm-email-notification/

Linux / Unix: lftp Command Mirror Files and Directories

lftp command is a file transfer program that allows sophisticated ftp, http and other connections to other hosts. lftp command has builtin mirror which can download or update a whole directory tree. There is also reverse mirror (mirror -R) which uploads or updates a directory tree on server. Mirror can also synchronize directories between two remote servers, using FXP if available.

More info at http://www.cyberciti.biz/faq/lftp-mirror-example/

Install and Use nmon Tool To Monitor Linux Systems Performance

This systems administrator, tuner, benchmark tool gives you a huge amount of important performance information in one go with a single binary.

It works on Linux, IBM AIX Unix, Power, x86, amd64 and ARM based system such as Raspberry Pi. The nmon command displays and records local system information. The command can run either in interactive or recording mode.

More info at http://www.cyberciti.biz/faq/nmon-performance-analyzer-linux-server-tool/

VMware ESX - Enable flow control on the 10Gb NICs used for SAN

First, update the ESXi 5 host applying all VMware patches. The recommended way to do this is by using VMware Update Manager. Be sure patch ESXi500-201112001 is installed.

1.    At the ESXi console, press [F2] and login as root, select Troubleshooting Options and press [Enter].

2.   Select Enable ESXi Shell and press [Enter].

3.   Press [Alt]+[F1] to open the local console and login as root.

4.   At the ESXi console type:

esxcfg-nics –l

5.   The available NICs are displayed (example: vmnic0, vmnic1, vmnic2…).

Using the output, determine which “vmnic” labels are assigned to adapters used for SAN
connectivity. For example, the two ports on the Broadcom 57711 may be listed as vminc4 and vmnic5.
This will vary depending on the system configuration.

6.   At the ESXi console type:

vi /etc/rc.local

7.   Go to the end of file
Press [Esc], type :$, and then press [Enter] to go to the end of file.
Type the letter “o” (lowercase) to append a new line to the file

8.   Type:

ethtool --pause tx on rx on vmnicX
Substitute the number that corresponds to the NICs identified in step 5 above. Press
[Enter]. Repeat this for each NIC that is connected to the SAN before proceeding to the next step.

9.   Press [Esc], type :wq, and then press [Enter] to save the file.

10. Type:

/sbin/auto-backup.sh

Rapid EqualLogic Configuration Portal

The Dell Rapid EqualLogic Configuration Series of documents is intended to assist users in deploying EqualLogic iSCSI SAN solutions. The following documents employ tested and proven, Dell best practices for EqualLogic SAN environments.

http://en.community.dell.com/techcenter/storage/w/wiki/3615.rapid-equallogic-configuration-portal-by-sis.aspx

Designing VMware Infrastructure - Video Course

Learn to properly design a vSphere environment to avoid performance problems and downtime in this infrastructure design course by VCDX Scott Lowe. Create sound network designs and prepare for the VMware VCAP-DCD certification exam as an IT architect mastered in data center design.

http://www.trainsignal.com/Designing-VMware-Infrastructure.aspx

Host/Lun Queue Depths, Command Tag Queuing

Very nice explanation of HOST queues and LUN queues.

http://dsstos.blogspot.cz/2008/12/hostlun-queue-depths-command-taq.html

Force power off vmware virtual machine on ESXi 5

1/ Temporarily allow SSH on ESXi
2/ SSH to ESXi
3/ esxcli vm process list
4/ find world-id of vm you want to shutdown
5/ esxcli vm process kill --type=force --world-id=

More info:
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1014165