SSL fingerprint mismatch

Actually i do not have something more then what you find from google but have some correction or if you have some misunderstanding maybe i can help

We have two vCloud Director cells , mostly configurations are single cell

We fallowed this article http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2021877
if you have pfx pls start from step 2

in article alias numer shown like one but i saw that its like a GUID number, very long id

Also if you create a new key store, mostly no need to add root and intermediate certificates but if you want you can import too ! I have some links for keytool which can be helpful

Included root certificates in java http://superuser.com/questions/55470/which-trusted-root-certificates-are-included-in-java
How to import root and intermediate certificates to keystore http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html and http://www.sslshopper.com/tomcat-ssl-installation-instructions.html

What is not described if you have multiple cells you have to apply “To update the vCloud Director cell service:” section for all , when you start to activate its saying DB updated bla bla and you fill like no need to touch other cells , but you have too …

Actually load balancer persistence  option do not solve any problem

Also this problem is not available in older versions

SSL Offload, many word on google actually no way to do SSL Offload because cell do not accept connection from port 80 BUT on load balancer you can configure port 443 and access backend via 443 too !

Need to know something about pfx , pkcs

http://en.wikipedia.org/wiki/PKCS

http://security.stackexchange.com/questions/29425/difference-between-pfx-and-cert-certificates

Regards
VM

How SCVMM balance between NVGRE GWs

Today, we focused how SCVMM balance virtual networks(VN) and services between NVGRE GWs or Network Services(NS) with my team mate Gokhan Acar.

We have two NS configured in SCVMM

Screen Shot 2014-06-19 at 13.30.05

First what we faced, second or last added gateway (sorry no time to add 3th one) become first responsible unit to manage and provide NAT, VPN services to related VNs. We deployed “internetgwservice1″ first and create some VN on it then deploy “internetgwservice2″ and SCVMM start to create a new requests on it.

Then we try to understand how SCVMM really try to balance between two NS. Old one already have seven VN then we start to create additional VNs. its start to deploy every VN on newly added gw. I expect that after eight it will start to load balance but not !

To shorten the time, try to change the limit 50 to lower value to make easy test, but discover that its not possible to do :(

Screen Shot 2014-06-19 at 13.41.50

You should be faced with such error below

Error (21426)

Execution of Microsoft.SystemCenter.NetworkService::RegisterGatewayVMNetwork on the configuration provider 4ee559f1-f479-480c-9458-d14b8b1c1779 failed. Detailed exception: Microsoft.VirtualManager.Utils.CarmineException: Unable to add routing domain information to the Remote Access server. (A Hardware Management error has occurred trying to contact server hv3nvgnode02.dorukcosn.azure :n:CannotProcessFilter :HRESULT 0x8033801a:No instance found with given property values. .
WinRM: URL: [http://hv3nvgnode02.dorukcosn.azure:5985], Verb: [ENUMERATE], Resource: [http://schemas.microsoft.com/wbem/wsman/1/wmi/root/virtualization/v2/*], Filter: [associators of {Msvm_EthernetPortAllocationSettingData.InstanceID="Microsoft:A449D45C-53B9-4B0A-9E98-C0E3BFB9ECBD\\BB614953-7878-4C15-A915-A587B429D7B1\\C"}where AssocClass=Msvm_EthernetPortSettingDataComponent ResultClass=Msvm_EthernetSwitchPortRoutingDomainSettingData]
Check that WinRM is installed and running on server hv3nvgnode02.dorukcosn.azure. For more information use the command “winrm helpmsg hresult” and http://support.microsoft.com/kb/2742275 .)
Fix the issue in Remote Access server and retry the operation.
Recommended Action
Check the documentation for the configuration provider or contact the publisher support.
Then we back and try to create more VN with NAT services enabled
Until reach 50th VN everything created on last added NVGRE GW but when we try to create 51th VN we faced same error like above. We are very sure that some cache things happen because the next GW is not run on related host
I guess need to wait little but we try to restart SCVMM services :D and push to create 51th VN again , its worked ! :)
Continue creating 52,53,54 and its working
Looks like SCVMM do not make round robin based balance, first over the related NVGRE GW then switch to next ….
VM

 

No-Look VPN Configuration with Azure Pack :D

Hello All

After very long search on Google find only the Azure VPN configuration but there is no example and good explanation about how you can do it with Azure Pack.
DorukNET is COSN provider and we are preparing to offer Azure Pack in Turkey and want to clarify VPN configuration with our Fortigate expert Salih :P

Before start let me explain ISP point of view VPN properties ;

  • First you ask peer ip address
  • Second you ask phase 1 config properties like IKE version , encryption , key life time and key
  • Third you ask phase 2 config properties , encryption , key life time , network remote and local one which you will encrypt
  • Also talk about other things dead peer detection  (DPD)
  • Policy service consideration also important , mostly we do not allow any to any communication

When you login as a customer to WAP Service Management Portal, you couldn’t see every properties you need to establish VPN , mostly things are preconfigured and customer point of view there is no way to see it. Also its little hard to discover by administrator point of view but at the end we succeeded .

This article is about establish VPN between Fortinet and Microsoft NVGRE GW

Fortigate FW Version : 5.0.patch5
DorukNET WAP Customer Site Network
Provider-SiteAzure : 10.0.0.0/24
NVGRE GW Peer IP Address : xxx.yyy.zzz.50
Customer OnPremise Site Network
LocalSite-OnPremise: xxx.102.yyy.240/28
Customer Peer IP Address :Note that WAP site NVGRE GW Peer ip is not available before you create a new site-to-site setup

Lets create it
Login to WAP Service Management Portal and go to Networks and double click your already created network and click Create VPN

Screen Shot 2014-06-09 at 15.20.10
Set your remote site VPN Device ip address, here we set our Fortigate FW outsite ip address and pre-shared key
Screen Shot 2014-06-09 at 15.23.49a
As a address space you have to set remote site ip address block which you would like to communicate encrypted
Important note, WAP GUI do not allow enter single ip address as a remote
Screen Shot 2014-06-09 at 15.41.14
Next two screen WAP allow you to set limitation about VPN configuration if you needed please enter , we did not test its working or not :)Then action time , WAP send the request to VMM to create VPN configuration on NVGRE GW

Screen Shot 2014-06-09 at 15.26.39 

Succeeded

Screen Shot 2014-06-09 at 15.27.38
Check VMM site if you are provider to confirm

Screen Shot 2014-06-09 at 15.27.49
Now you will start to understand why we described article subject as a No-Look !
Now customer can not see anything more than VPN configuration is Enabled  !  No any knowledge about Phase 1 , Phase 2 configuration . Here what provider need to do, well document everything and somehow if provider have some boundaries need to automate the configuration
For example after VPN configuration enabled we can see such properties for VPN

You can see that Microsoft configure each pre-shared key as an Run-As-Account

From WAP GUI there is no way to set certificate as a auth method , actually i do not need it , no need to push Microsoft here :D

Screen Shot 2014-06-09 at 15.29.22
Routes section is easy, its remote network
Click the Advanced section , you will see the configuration of VPN but you have to understand which one is Phase1 and Phase 2 , very good , lovely
Screen Shot 2014-06-09 at 15.29.52
We find a pptx file after almost 50-100 search on Google , i know you thing maybe i m searching wrong key words , i m accepting :D
This slide actually do not equal defaults but it help us a lot but funny thing you can see that there is no timeout for key life values for Phase 2 also we discover the Phase 1 key life from this slide too also you can find it from powershell “Get-VpnS2SInterface” command

Screen Shot 2014-06-09 at 17.43.48

We used related configuration for us

Screen Shot 2014-06-09 at 15.30.34

Easy part , go to Forti , which traditionally we know everything how to configure :D

Screen Shot 2014-06-09 at 15.14.38
Phase 2
Screen Shot 2014-06-09 at 15.22.58
Rule for Forti
Screen Shot 2014-06-09 at 15.45.50
Monitor VPN Connectivity

Screen Shot 2014-06-09 at 15.33.10

Ping it or Remote it
Screen Shot 2014-06-09 at 15.59.57
Hope this article help for everyone
VM

Parallels Automation use XML-RPC via PHP to get data from system

Parallels Automation is shortly OSS/BSS system which you can integrate , automate everything how you want via APS packages , you can find out more from this link.

I’m so new programming and want to start understand how to communicate/manage with 3th party system with REST API , XML-RPC.  Parallels have a XML-RPC to communicate with it externally alsso i expect to learn PHP with this integration.

Lets start ;

You can find out all Parallels Automation documentation from this link.

At the startup please read what is XML-RPC and how is looks like.

I do not have enough experience about PHP but to find out good explanations about PHP Tools please check the book ” Essential PHP Tools: Modules,Extensions and Acceleratiors”

tcpdump , yes, tcpdump its very very important because after long time i discover that sending wrong things and because of this i couldn’t query the Parallels Automation.  My environment is ; code uploaded to linux server which cpanel run on it , use pear and on the console executed command bellow to understand what XML-RPC request i am sending to RPC Server.

tcpdump -nl -s 0 -A -i eth1 -c 500 port 80
You can see that , your request will appear like below, its important because you will see many many XML-RPC request examples with PHP and every example do not work how you expected because of it i wasted almost a day until think to use debug somehow to see what i am sending (very clever yeah :))) )

Screen Shot 2014-05-30 at 14.39.51
Also i learn a lot about PHP , of course its nothing but its good start for me
First before start need to understand what kind of XML-RPC request i will send to Parallels Automation . Open the API pdf from link i already described above and choose one of method , i choose the method below
AccountDetailsGet_API
First need to read example to what kind of request need to send  what response you will get , use curl from cli with such xml file and memory the request and response.
This is the file ;

vahric:Apicall vahricmuhtaryan$ cat accountdetail.xml

<?xml version=”1.0″ encoding=”UTF-8″ ?>

<methodCall>

<methodName>Execute</methodName>

<params>

<param>

<value>

<struct>

<member>

<name>

Server</name>

<value>BM</value>

</member>

<member>

<name>Method</name>

<value>AccountDetailsGet_API</value>

</member>

<member>

<name>Params</name>

<value>

<array>

<data>

<value><i4>1000019</i4></value>

</data>

</array>

</value>

</member>

</struct>

</value>

</param>

</params>

</methodCall>

 

this is the curl command from cli

curl –connect-timeout 10 -d @accountdetail.xml -H ‘Content-type:text/xml’ http://192.168.179.2:5224/RPC2

and this is the result

<?xml version=”1.0″ encoding=”UTF-8″?>

<methodResponse><params><param><value><struct><member><name>Result</name><value><array><data><value><array><data><value><i4>1000019</i4></value><value><i4>1</i4></value><value><string>Son Mohican</string></value><value><string>Son Mohican address 1 </string></value><value><string></string></value><value><string>istanbul</string></value><value><string></string></value><value><string>34349</string></value><value><string>tr</string></value><value><string></string></value><value><string>Vahric</string></value><value><string></string></value><value><string>Muhtaryan</string></value><value><string>vahric@doruk.net.tr</string></value><value><string>90</string></value><value><string>212</string></value><value><string>3269200</string></value><value><string></string></value><value><string></string></value><value><string></string></value><value><string></string></value><value><string></string></value><value><i4>1401023839</i4></value><value><i4>2</i4></value><value><i4>0</i4></value><value><i4>1</i4></value></data></array></value></data></array></value></member></struct></value></param></params></methodResponse>

 

Now we have to prepare same request via PHP to query and get same result  , i explained the command inside the code with //
<?php
// All usable XML-RPC functions are inside RPC.php , please include it in your code
require_once ‘XML/RPC.php’ ;
// its good to activate/increase the level of error reporting
error_reporting(E_ALL);
ini_set(‘display_errors’, true);

//We have to describe RPC server access informations , in this example my RPC Server is 192.168.179.8 and listening 5224, because of related server also work

//for different things generally its url is described RPC2, if you want to know what is RPC2.
$xmlrpc = new XML_RPC_Client( ‘/RPC2′, ’192.168.179.8′, 5224 );

//Need to construct XML-RPC request, you know some Name and Values we have to set

// <struct><member><name>Server</name><value>BM</value></member>
//struct is kind of value type , you can see the its have something inside <member> tags
//new XML_RPC_Value create values
//”Server” => new XML_RPC_Value(“BM”, “string”) is key and value pair and we are using => because of our value type is struct, means Server is key
// BM is value and its type string
// Important part is Params section  , you will see another array is created because get many value inside and all are under <data> tag but you can see that
//There is no <data> tag described like inside accountdetail.xml because its automatically added to request , read http://xmlrpc.scripting.com

params = array(new XML_RPC_Value(array(

“Server” => new XML_RPC_Value(“BM”, “string”),

“Method” => new XML_RPC_Value(“AccountDetailsGet_API”, “string”),

“Params” => new XML_RPC_Value(

array(

new XML_RPC_Value(1000019, “int”)

), “array”)

),  ‘struct’ ) );

//We almost have same view of accountdetail.xml
//With XML_RPC_Message we %100 construct the accountdetail.xml  file means request , first value Execute is XML-RPC Method, you can see many example

//like XML_RPC_Message(‘system.load’);
$msg = new XML_RPC_Message(‘Execute’,$params);
//Now need to send request to XML-RPC server
$resp = $xmlrpc->send($msg);

//Get the response and out it inside veritable (here i used value as veritable )

$value = $resp->value();

//When you execute the php file you will get response as a object
//object(XML_RPC_Value)#34 (2) {
//                   ["me"]=>
//               array(1) {
//                 ["i4"]=>
//                 string(10) “1401023839″
//               }
//Need to convert object to array to use it
//XML_RPC_decode do it for you
$m = XML_RPC_decode($value);

//You can print it to see
print_r($m);

//I told you I’m so new to programming , try to understand key(s) to access array
//you will see that some subarray will be in the result
//print_r(array_keys($m));

I learned that array key is Result and all values are under the subarray which key is 0 and i tried to access second element which is the name of the account
echo $m['Result'][0][2];

?>
Hope this help to who use PA and need to make XML-RPC query and new programers to discover how to make XML-RPC request(s) with PHP
VM

Sometimes storage IOPS , latency and cpu usage can not say something about the reason of performance issue on MSSQL

We faced very interesting customer complaints about MSSQL server performance

Problem is related sp run very slow and the source should be the virtualization :(

At the startup its looks like very common complaints and how storage and system admins do check the storage side like global read and write latency on storage , related sql server LUN based latencies , cache configurations , frontend (host latency) and backend (disk subsystem latency )  also on server site via Resource Manager check the cpu , ram usages and also disk latencies too ! Nothing wrong …

As a system guy , usually focused on sp and check the whats going on , how to tune the sp bla bla . By SQL admin some tunings done and its effect the overall process but its was not enough. Asked so much guys about how to deeply understand the issue , mostly the answer is use profile manager or check the execution plan, find the cost and try to do it better

Then we discover the how to see the Process and Resource Waits , problem is mostly described is about not often but problem could be indexes but mostly disk bottleneck which is looks like impossible storage point of view because we do not try only on the SAN, DAS with different level of raid levels and number of the disk almost have same results also MSSQL run on physical server too !

Screen Shot 2014-05-08 at 01.28.20

 

Screen Shot 2014-05-08 at 01.30.06

 

The last thing is move everything %100 SSD Volumes , wait times are decrease incredible and SUSPENDED things are start to happen less then before

Now you can say to me that really the problem is disk , san  , raid , rpms or similar things but still i do not believe that the problem is non-SSD disks or arrays because there is no so much io , write latency any cache latency or SAN Network latency but single SSD solution somehow solve all things.

What i learned, its not enough to check MSSQL performance via only some very usual values like latency, cache and IOPS

VM

SCVMM2012 R2 Storage Automation With the IBM XIV

Before start to create an article about storage automation with IBM XIV in VMM need to summarize something.

We are using storage systems and to manage them all need a software or cli access.Everybody know that if you are using Netapp, you have different software, different software too for EMC , also for IBM and others too ! There is not single softwate, framework or others to manage them all via single interface and there is no standards.

SNIA, they are very important because they are trying to model and create a framework for storage world. They developed SMI-S which aim is very clear “SMI-S standardizes and streamlines storage management functions and features into a common set of tools that address the day-to-day tasks of the IT environment” to read more go to this link.

Microsoft with Windows Server 2012 introduce storage management and they create a model or framework about it too. They are member or fallowing SNIA. With Storage Management API (SMAPI) using SMI-S they can manage storage systems. Not only SMI-S also its possible to manage other storage systems with SMP or storage vendor specific agent. SMP is WMI based provider, which means storage vendor put something inside their storage understand WMI request and response. You can find out development link here.

Screen Shot 2014-03-18 at 11.25.49

On the XIV site you have to learn more, CIM , DMTF, WBEM. CIM is common information model and its defined and published by the Distributed Management Task Force (DMTF). On WIKIPEDIA very good overview you can find out “One way to describe CIM is to say that it allows multiple parties to exchange management information about these managed elements. However, this falls short in expressing that CIM not only represents these managed elements and the management information, but also provides means to actively control and manage these elements. By using a common model of information, management software can be written once and work with many implementations of the common model without complex and costly conversion operations or loss of information. “

WBEM as being “web-based.”

On IBM storage systems like Storwize, XIV , SVC you could face embedded CIM agents, enabled automaticly and preconfigured. You can manage the XIV system from the CIM agent that is bundled with the admistrative module.

CIM agent services in the fallowing form

service:wbem:https://admin_module_IP:5989

Screen Shot 2014-03-18 at 14.15.36

Okay, ready to go …

Open VMM console, access Fabric  –> Storage section and add a provider

Screen Shot 2014-03-18 at 14.21.48

To find out all SCVMM supported storage arrays , pls google like “Supported Storage Arrays for System Center 2012 VMM”
Choose option two “SAN and NAS devices dicovered and managed by a SMI-S provider”

Screen Shot 2014-03-18 at 14.24.48

Keep protocol “SMI-S CIMXML”
Set ip address of your storage system , https is mostly used one
Also you should create a Run As Account which credentials should be admin username and password of XIV

Screen Shot 2014-03-18 at 14.26.48

Discovery Process

Screen Shot 2014-03-18 at 14.29.00

Device is discovered

Screen Shot 2014-03-18 at 14.29.50

You should see the all storage pools on XIV, select what pool you would like to create logical units
Choose the pool which VMM will involve and set the classification like gold,silver like usual

Screen Shot 2014-03-18 at 14.39.50

Summary

Screen Shot 2014-03-18 at 14.43.30

Fallow the process from Jobs

Screen Shot 2014-03-18 at 14.44.30

Now its okay , check it everything is fine in GUI or via powershell

Screen Shot 2014-03-18 at 14.46.13

Screen Shot 2014-03-18 at 14.47.03

To test everything is going well create small LUN on the pool Click to Array and top of the screen click “Create Logical Unit”

Screen Shot 2014-03-18 at 14.55.24

Choose the pool, set the name , size , fixed (Thick)  or dynamic (Thin) and OK
Fallow the Jobs

Screen Shot 2014-03-18 at 14.57.08

Check from both site VMM and Storage

Screen Shot 2014-03-18 at 15.00.23

Screen Shot 2014-03-18 at 15.13.09

Lovely :D

Not over, you can want to assign the LUN to host or something , via VMM Classifications and Pools –> Choose the LUN –> Properties –> Logical Unit Assignment –> Add

:D ISCSI :D HEHHEHEHE Sorry, looks like before i have to configure Fabric Channel maybe to see the SAN informations there

Screen Shot 2014-03-18 at 15.23.24

Another note, related pool will be not appear when you go to one of cluster and try to add Logical Unit there …

Screen Shot 2014-03-18 at 15.27.19

In VMM, Storage tab click Allocate Capacity

Screen Shot 2014-03-18 at 15.29.30

Choose the Host groups to assign , click Allocate Storage Pools

Screen Shot 2014-03-18 at 15.30.39

You will see the available storage pool there , click add to send it bottom

Screen Shot 2014-03-18 at 15.30.49

Perfect

Screen Shot 2014-03-18 at 15.31.31

Thats it
Please care about SAN zoning manually

VM

SCVMM 2012 R2 ile Bare Metal Hyper-v Kurulumu – Adım 3

Son kısım Bare Metal kurulumu

Fiziksel makineleri doman’e katmak için Active Directory’de bir kullanıcı açın ve daha sonra VMM üzerinde RAA yaratın, örneğin ;

Screen Shot 2014-01-13 at 23.00.38

Şimdi Bare Metal kurulumu için Physical Computer Profile oluşturacağız , Library – Profile – Physical Computer Profiles kısmından yeni bir fiziksel sunucu profili yaratın

Screen Shot 2014-01-13 at 23.03.01

VM Host seçeneği işaretlenmiş olmalı

Screen Shot 2014-01-13 at 23.04.03

Kütüphane’den bir önceki adımda kopyaladığınız VHDX dosyasını seçin

Screen Shot 2014-01-13 at 23.05.22

Şimdi gelecek olan ekran oldukca önemli ilk management için yönetim için belirlediğimiz ethernet kartının fiziksel bir adaptör mü yoksa vNIC diye yine 2012 R2 ile beraber tanıştığımız sanal kartlardan birini mi Management/Yönetim için kullanacağınızı belirtiyorsunuz, bu kurulum serisinde HP DL380 G7 ‘ler üzerindeki fiziksel ethernet kart’larından biri yönetim için kullanılacağından ilk opsiyon seçili kalacak. Burada sunucu üzerinde 4 adet gigabit kart var veya 10G’lik iki adet kartınız olabilir, bunlardan hangisini management olarak belirleyecek bunu kurulum için aksiyon aldığımızda göreceğiz

Screen Shot 2014-01-13 at 23.07.33

Fakat HP’de G8′lerle beraber , diğer sunucu tiplerindede olan CDN adlı bir yapı var, bu yapı aslında sunucu üzerindeki adaptör’lerin tanınmasına ve bir önceki paragaft’da belirttiğim hangi network kartı managment olacağını direkt olarak belirleyen bir opsiyon, burada bu opsiyonu elimdeki donanım desteklemediğinden kullanamıyorum

Screen Shot 2014-01-13 at 23.07.49

ve yönetim için atayacağım kart’a hangi ip vereceğim, bunuda daha önceden IPAM ayarı yaptığım Logical Network’ü seçerek devam ediyorum

Screen Shot 2014-01-13 at 23.08.02

Diğer opsiyonlara ihityacım olmadığından bir sonraki ekran’a ilerleyin, burada en önemli adım ilgili domain ve domain’e katılmak için gerekli bilgiler set etmek bundan sonra sırasıyla, Admin Password kısmında ilgili Hyper-V node’a set edilecek local Administrator şifresi(istediğiniz şekilde set edebilirsiniz) , OS Kullanıcı bilgileri , Product Key ve timezone gibi ayarları ek olarak belirtmek istediğiniz RunOnce veya cevap dosyası var ise onları belirtin

Screen Shot 2014-01-13 at 23.17.10

Host Settings adımında herhangi bir işlem yapmayıp, Summary ekrarnında sihirbazı sonladırın. Aşağıdaki gibi bir PCP olacak ;

Screen Shot 2014-01-13 at 23.24.21

Kuruluma başlayalım ;

Fabric bölümünde Servers altından All Host üzerinden sağ tuş yapın Add Hyper-V Hosts and Cluster ‘ı opsiyonunu seçin

Screen Shot 2014-01-13 at 23.28.03

En son opsiyon Physical computer to be provisioned seçeneği işaretleyin

Screen Shot 2014-01-13 at 23.30.34

Daha önceden OOB için yarattığınız RAA hesabını seçin, HP iLO 3 ile beraber IPMI desteğini vermektedir

Screen Shot 2014-01-13 at 23.30.50

Sunulardan ilkinin OOB ip adresini yazıp ilerleyin

Screen Shot 2014-01-13 at 23.33.38

Fiziksel sunucu kurulup hazır olduğunda hangi dizin altına yerleştirileceği ve hangi PCP kullanacağınızı seçin

Screen Shot 2014-01-13 at 23.33.52

ve VMM OOB üzerinden sunucu üzerindeki bilgilere erişmek için tarama yapmaya başlıyor

Screen Shot 2014-01-13 at 23.34.06

Deep Discover işlemi bittikten sonra istediğiniz , AD kaydı olmayan bir bilgisayar ismi seçin

Screen Shot 2014-01-13 at 23.53.01

Yönetim ip adresini atayacağınız ethernet kartını bu ekranda seçebilirsiniz, CDN olsa idi bu işlem otomatik gerçekleşecek idi

Screen Shot 2014-01-13 at 23.53.22

İlgili kartlardan hangisine ethernet kablosu taktığınızı unuttuysanız , Management NIC bölümündeki boş gri alan tıklayabilirsiniz, açılan ekranda bağlantıyı görebiliyor olmanız lazım , aynı zamanda IP Assignment Static IP olarak gözükmektedir çünkü VMM üzerinden yarattığımız Logical Network üzeriden IP dağıtımı yaptığımız için

Screen Shot 2014-01-13 at 23.53.35

ve kurulum işlemlerini Job Status’den görebilirsiniz

Screen Shot 2014-01-13 at 23.54.19

Önemli Notlar :

  1. Microsoft dökümantasyonlarında VMM kurulurken kullanılacak kullanıcının admin yetkisi olmasına gerek yok gibi ibareler var, bu ne yazıkki böyle çalışmıyor, herzaman domain admin gurubuna üye bir kullanıcı yaratın, unutmayın domain admin kullanıcıları AD’e join olur olmaz otomatik olarak local administrator gurubuna üyü olacaktır
  2. Adım 2 ‘de IP dağıtımı VMM üzerinden yaoılmıştır fakat domain’e join olma ve bir sonraki adımlara gemiçlerde problem çıkmıştır, bunun için management ip adresini DHCP’den alarak başarıya ulaşılmıştır, benzer problemlere karşılaşanlar görülmüş fakat benzer şekilde çözüme ulaşılamamıştır.
  3. Olası kaynaklanacak problemler için domain’e join edilecek makineleride domain admin gurubuna üyü olan bir kullanıcı kullanılması önerilir.

VM

SCVMM 2012 R2 ile Bare Metal Hyper-v Kurulumu – Adım 2

DHCP Server Kurulumu

VMM’e PXE server eklemeden önce sistemde DHCP serverımızı kurup konfigre edeceğiz, bu şekilde PXE uzantısını kullanarak PXE client’lar boot edip ilgili boot server ve konfigrasyon bilgilerine erişebilecekler. İlgili adımlar hakkında bu link‘de ayrıntılı bilgiye erişebilirsiniz.

DHCP üzerinde PXE Blok adlı bir scope yaratın ve aralık olarak 10.222.100.70 ile 10.222.100.90 iplerini verin. Henüz bare metal kurulumu yapacağımız makineler DHCP ‘den ip alamayacaklar taki PXE option’ını DHCP’deki PXE Blok scope’una ekleyinceye kadar.

VMM’e PXE Server Ekleme

Birinci adımda bahsi geçen Windows Deployment Servisi(WDS) aynı zamanda PXE Server olarak VMM’e tanıtılacaktır. Bu makine domain’e katılmış olup fqdn’i DS.HOPA.NET dir.

Kuruluma geçmeden önce DS.HOPA.NET sunucusu üzerinde local Administrator hakları olan bir kullanıcıya ihtiyacınız olacak bunu ya RAA olarak VMM’e kaydedebilir veya elle bu bilgiyi kurulum sırasında verebilirsiniz. Eğer VMM servisi ile aynı kullanıcı adını kullanırsanız VMM hata verecektir, bunun için farklı bir kullanıcı kullanmalısınız. Ben kendi test ortamımda Active Directory üzerinde pxeadmin diye bir kullanıcı yarattım ve Domain Admins gurubuna üye ettim.

Screen Shot 2014-01-13 at 13.54.30

DS.HOPA.NET üzerinde WDS kurmamıza rağmen üzerinde herhangi bir şablon tutmayacağız, VMM kendi kütüphanesindeki VHD veya VHDX ‘i bare metal kurulumu için kullanacak

DS.HOPA.NET sunucusunun firewall ayarlarını gözden geçirin , VMM agent kuracağından ilgili işlemin bloklanmadığından emin olun.

Öncelikle DS üzerinde ilgili feature’ları kurun

Install-WindowsFeature -Name WDS-Transport -IncludeManagementTools
Install-WindowsFeature -Name WDS-Deployment -IncludeManagementTools

Ardından WDS için başlangıç ayarlarını yapın bunu için ;

WDS -> Configure Server

Screen Shot 2014-01-13 at 14.33.46

Sunucu AD’de , Next

Screen Shot 2014-01-13 at 15.13.55

Bizim imajlarımızın duracağı alan VMM olacağından bu alanın büyüklüğü hakkında bir sıkıntımız olmayacak, Next

Screen Shot 2014-01-13 at 15.15.04

PXE Sunucumuz tüm gelen PXE Client isteklerine cevap vermesini sağlıyoruz. Burada resimde görünen Respond to all client değil, Do not respond to any client computers seçeneğini seçin çünkü aksi taktirde VMM PXE kurulumu hata veriyor (resim yanıltıcı olabilir dikkat!!!), sebebini henüz bilmiyorum bir şekilde VMM Windows Deployment Servisini durduramıyor

Screen Shot 2014-01-13 at 15.19.37

VMM -> Fabric -> Add Resources -> PXE Server diyip gerekli bilgileri set edin

Screen Shot 2014-01-13 at 13.37.20

Screen Shot 2014-01-13 at 14.00.39

Screen Shot 2014-01-13 at 14.01.22

Screen Shot 2014-01-13 at 18.14.18

Şimdi bu adımda ayarlayacağımız son iki şey, ilki bare metal kurulumu yapacağımız makinelere VMM üzerinden IP dağıtmak ve VMM’in kurulum için kullanacağı VHDX dosyasını hazırlamak.

VMM ile beraber artık IP dağıtımınıda tek bir noktadan yönetebilirsiniz, IPAM(IP Address Management) VMM 2012 ile beraber gelen özelliklerden biri. Hyper-V node’larının yönetimi için belirlediğiniz IP adreslerini VMM üzerinde dağıtmak için Logical Network ayarlarını yapacağız.

Logical Network yaratıyoruz , adını istediğiniz gibi set edebilirsiniz , burada network olarak bu makaledeki örneğe göre 10.222.0.0/16 network’ü ve vlan 0 , yani access port veya native vlan olarak kullandığımızdan herhangi bir vlan değeri girmiyoruz

Screen Shot 2014-01-13 at 22.18.30

Screen Shot 2014-01-13 at 22.19.23

Screen Shot 2014-01-13 at 22.20.50

Next diyip, Summary ekranında işlemi sonlandırın, şimdi IP yönetimi için yarattığınız logical network üzerinde sağ tuş yapıp Create IP Pool diyelim

Screen Shot 2014-01-13 at 22.27.52

IP Pool’un adını atayın ve ilgili Logical Network’ü seçin

Screen Shot 2014-01-13 at 22.28.49

Bir Logical Network altında birden fazla Site olabilir ve her site’da altında birden fazla subnet bulunduruabilir, bu örnekte tek bir site ve IP bloğu var bizde bunu seçiyoruz

Screen Shot 2014-01-13 at 22.29.10

DHCP gibi hangi ip aralığını bu iş için ayırdığımızı belirtiyoruz

Screen Shot 2014-01-13 at 22.30.02

Yine DHCP’de olduğu gibi gerekli gw , dns ayarlarını yapıp sihirbazı kapatıyoruz.

Screen Shot 2014-01-13 at 22.30.26

Screen Shot 2014-01-13 at 22.30.55

Kurulum için VHDX dosyasının hazırlanması ;

Bunun için ufak bir sanak makine oluşturup , Windows Core kurulumu gerçekletiriyoruz. Kurulum sonrası kurduğumuz sanal makine DHCP üzerinden zaten ip alıyor olacaktır, sconfig ile ayarlamak istediğiniz Remote Desktop erişim ayarları  , windows update ayarları , time gibi opsiyonları ayarlayabilirsiniz, ilgili sanal sunucuyu herhang bir şekilde sahip olduğumuz doman’e katmıyoruz bunu VMM sayesinde bare metal kurulumunda gerçekletireceğiz. Şimdi sıra sysprep ‘lemede yani ilgili imajı her bir yeni fiziksel kurulum için sıfır bir windows kurulumuymuş gibi hazırlamakta bunu için sadece resimde gördüğünüz dizine girip , sysprep yazıp ilgili opsiyonu işaretlemeniz yeterli.

Screen Shot 2014-01-13 at 18.45.29

Bu işlemden sonra ilgili sunucuya ait VHDX dosyayını VMM’i kurarlen belirttiğiniz shared library’e kopyamanız yeterli. Sysprep yaparken isterseniz Shutdown Options ‘ı Shutdown olarakda seçebilirsiniz, böylece VHDX’i kopyalamak için makineyide durudumak için ekstra işlem yapmak zorunda kalmazsınız. Kopyalama işleminden sonra VMM kütüphanesi aşağıdaki şekilde olacaktır ;

Screen Shot 2014-01-13 at 22.55.19

Önemli Not : Autodeploy büyük resim aşağıdaki gibidir.

BareMetalInstalltionBigPicture

SCVMM 2012 R2 ile Bare Metal Hyper-v Kurulumu – Adım 1

Hızlıca başlayalım, gereksinimler ;

Active Directory ve gerekli diğe yapıların koşması için bir veya iki adet sunucu, kendi kurulumumda bir sunucu üzerinde gerekli sunucuları sanallaştırarak ilerledim.

Screen Shot 2014-01-13 at 09.37.34

Bare metal kurulumu yapılacak Hyper-V node’ları için iki adet fiziksel DL 380 G7 sunucu, burada farklı version sunucular kullanılabilir, önemli olan PXE boot destekli ethernet kartı ve out-of-band managment’ı olması mesela iLO, iDRAC gibi veya supermicro gibi sunucularda IPMI için ayrılmış bir ethernet portu.
Out-of-band(OOB) denilen yapı, işletim sistemi yüklenmeden veya işletim sistemi kapandıktan sonra fiziksel makinenin kapatılıp açılması, sahip olduğu arabirimlerinin listelenmesi gibi durumlarda yardımcı olacaktır. IPMI bu arabirimlerden biridir. iLO ise HP firmasının geliştirdiği ek olarak sunucunun sağlık kontrollerini yapan, ısı ve bunu gibi ek bilgileri bildiren diğer bir arayüzdür

İki Domain Controller rolünde sunucu, sanal veya fiziksel makine – (ugraşmak istemiyorsanız bir tane olabilir)
Domain : hopa.net
NetBIOS Domain name: HOPA
IP Bilgileri :
DC1- 10.222.100.10
DC2- 10.222.100.11

VMM2012R2 sunucusu, ip adresi 10.222.100.20

DHCP sunucusu olarak çalışacak sanal veya fiziksel makine, bu sunucu PXE boot sırasında fiziksel makinelere ip bağlantısı sağlayabilmek için ip dağıtacak sunucu olacak.
DHCP – 10.222.100.21

DS Sunucusu, bu sunucu Windows Deployment servisinin üzerinde çalışacağı makine olacak, WDS sayesinden network üzerinden işletim sistemi kurulumlarını gereçekleştirebilirsiniz.
DS – 10.222.100.22

ILO/IPMI Network : 192.168.0.0/24
Bare Metal kurulumunda VMM ‘in ilgili fiziksel sunucuyu keşfetmek için kullanacağı network, VMM ile Fiziksel sunucuların OOB üzerinden konuşacaklar

HP iLO Konfigrasyonu

Varsayılı olarak HP iLO konfigrasyonu DHCP ayarlıdır fakat ilgili test’de sadece iki adet makine olduğundan sırasıyla DHCP kapatılı, 192.168.0.10 ve 11 ipleri set edilmiş, iloadmin adlı bir kullanıcı yaratılmıştır.

Bare Metal Hyper-V kurulumu yapılacak makineleri açın ve iLO konfigrasyonu için F8 tuşuna basın, Network bölümünden DHCP’i devre dışı bırakın

20140113_103915

20140113_103926

IP adreslerini set edin

20140113_103946

iloadmin adlı bir kullanıcı yaratın ve bir şifre atayın

20140113_103953

20140113_104044

Konfigrasyonu kaydedin, iLO arayüzü bu konfigrasyon sonrası kendini güncelleyecektir

VMM üzerinde bare metal kurulumunda kullanmak üzere Run As Account(RAA) yaratıyoruz, burada bir önce set ettiğiniz kullanıcı adı ve şifrenizi “ilo” adından bir RAA oluşturun

Screen Shot 2014-01-13 at 11.44.11

Bir sonraki adımda WDS ve bare metal kurulumu için gerekli şablon ayarlamalarını yapacağız.

Make a Teaming and set ip address to teaming interface with Powershell on Windows 2012 R2

Invoke the Powershell console

First get the list of nics

PS C:\Users\Administrator> Get-NetAdapter

Name                      InterfaceDescription                    ifIndex Status       MacAddress             LinkSpeed
—-                      ——————–                    ——- ——       ———-             ———
Ethernet                  Intel(R) 82576 Gigabit Dual Port Net…      12 Up           1C-C1-DE-03-DD-A5         1 Gbps
Ethernet 2                Intel(R) 82576 Gigabit Dual Port N…#2      13 Up           1C-C1-DE-03-DD-A4         1 Gbps

Powershell is really easy and helpful :D just put “-” after New-NetLbfoTeam and fallow the Name parameters until LoadBalancing and choose the required ones :D

PS C:\Users\Administrator> New-NetLbfoTeam -Name Generic -TeamMembers Ethernet,”Ethernet 2″ -TeamNicName Generic -TeamingMode SwitchIndependent -LoadBalancingAlgorithm Dynamic

Confirm
Are you sure you want to perform this action?
Creates Team:’Generic’ with TeamMembers:{‘Ethernet’, ‘Ethernet 2′}, TeamNicName:’Generic’,
TeamingMode:’SwitchIndependent’ and LoadBalancingAlgorithm:’Dynamic’.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is “Y”):

Name                   : Generic
Members                : {Ethernet 2, Ethernet}
TeamNics               : Generic
TeamingMode            : SwitchIndependent
LoadBalancingAlgorithm : Dynamic
Status                 : Down

Get the our created teaming information

PS C:\Users\Administrator> Get-NetLbfoTeam Generic

Name                   : Generic
Members                : {Ethernet 2, Ethernet}
TeamNics               : Generic
TeamingMode            : SwitchIndependent
LoadBalancingAlgorithm : Dynamic
Status                 : Up

In my case i created virtual switch with using Multiplexor Driver which name is vEthernet (ADandMNG) and need to send ip address , go

Invoke the Powershell console if you leave and execute such cmdlets

New-NetIPAddress -IPAddress 10.110.6.6 -InterfaceAlias “vEthernet (ADandMNG)” -DefaultGateway 10.110.1.1 -AddressFamily IPv4 -PrefixLength 16

Not : Myself instead of using -InterfaceAlias, use the ifindex which is -InterfaceIndex parameter which you can get it out from Get-NetAdapter

Need to set DNS

Set-DnsClientServerAddress -InterfaceAlias “vEthernet (ADandMNG)” -ServerAddresses 8.8.8.8,8.8.4.4

Thats it
VM

Follow

Get every new post delivered to your Inbox.

Join 79 other followers