Category Archives: Uncategorized
NSX-T ile beraber dinamik routing protokollerindede, yapıdada bir sadeleşme oldu. Artık OSPF veya IS-IS gibi protokoller, Logical Router Control VM’ler yok. Tek haşır neşir olacağımız BGP ve VRF ki VRF’lede bizim görünürde aktif olarak üzerinde yaptığımız bir şey yok.
Sistemciler için kısa bir özet geçelim BGP hakkında ;
*Not: Belirtilenlerin genel olarak BGP’i anlamak, birtakım terimlerden uzak kalmamak için yazılmıştır.
*Not : Aşağıdaki resimler açıklamalarda kullanılacaktır.
İyisi ile kötüsü ile bir yıl daha geçiyor, geçti, geçmek üzere hatta geçti bile 😀
Kimilerine göre yeni bir sayfa açmanın, kimilerine göre anlamı olmayan bir döngü.
Dinsel anlamlar bir yana en azından bir motivasyon kaynağı olarak bile bir anlamı olabilir.
Bazıları için ise anılarda kalan eski günlerin, geleceğin belirsizliği içersinde sahilden açığa giden dalgalar gibi kayboluşun habercisi olabilir.
Yeni doğacakları bekleyenler için ise güneşten bile daha sıcak olabilir.
Şu gerçek ki artık dayanışma zamanı, edindiklerimizin, sahip olduklarımızın değil, o güzel gelecek var ise onun uğruna taşın altına eline koymanın zamanı.
Neyse, bu bir IT bloğu ve o şekildede sonlanmalı , yeni yılda kimler için artık eskimiş bile olabilir ama benim için yeni, keşfedilip üzerinde oynama zamanı.
Büyük bir merakla beklediğim vCloud Director 9.1 ve yeni tenant GUI’yi sonunuda test edip kurma şansım oldu.
Sadece vCloud Director değil, vCenter 6.7 , vSphere 6.7 , NSX 6.4 , vSAN 6.7 hatırlama ve kurma şansıda verdi bana.
Kurulumu tamamlanıp ile organizasyonu açıp login olduğunuzda eksi ara yüzü görünce bir dumur oluyorsunuz.
Akabinde yeni tenant link’ini keşfediyorsunuz. https://v91.dorukcloud.com/tenant/vahrictest/
Sonra artçı depremler gibi , önünüze bomboş bir sayfa ve “No Datacenters are available” gibi bir ekranla karşılaşıyorsunuz.
Aklınız Public Address kısmı geliyor ayarlarda eskiden iki üç ayarın yapıldığı 🙂 şimdi ise http için ayrı https için ayrı hatta sertifika zincirini bile girmeniz gerekiyor.
Sertifikayı browser’ınızdan alıp x.509 formatında root, intermediate ve domain sertifikası ile beraber ilgili kısma eklemeniz gerekiyor….
Ama değdi , güzel olmuş …
Sağol Mert Erdil kardeşim uyardığın için , ilk post problemin kendisi gibi boş olmuş ….
To see the certification information from linux cli (k is optional for without verification)
curl –vvIk https://<FQDN>or<IP>
To read the certificate file human readable (you can use -inform parameter to change the output format)
openssl x509 -in <your_certificate_file_name_maybe_txt_pem_whatever>
Sometimes you can have broken/corrupted pem or certificate files could be ! maybe wrong copy past , windows to linux copy , ftp copy issues that time using “curl” for only debug could not help pls try more tool to double check for example “wget”
I faced Socket error: [X509] PEM lib (_ssl.c:2751) and couldn’t find any solution and wget helped me, wget show us some of certifications files are not readable.
Another option is using openssl with s_client parameter
openssl s_client -host FQDN -port 443 -quiet
tzdata = time zone database
Sometime people are mixing UTC and GMT , GMT is time zone and UTC is time standard but both of them share same current time practice. No any country or territory use UTC as a local time.
Debian change time zone
sudo cp /usr/share/zoneinfo/xxx/xxx /etc/localtime
About how ntp work , what is stratum, what is reference clock pls check the links below. Generally reference clock is stratum-0 and its atomic time(cesium clock) some more levels there startum-1 , 2 up to 16 and looks like we are querying time from mostly startum-2 servers.
To update time with date command perfect article from nixCraft http://www.cyberciti.biz/faq/howto-set-date-time-from-linux-command-prompt/
I mostly needed this one
date +%T -s “10:13:13”
To password less sudo privileges
echo “noroot ALL=(ALL) NOPASSWD: ALL” >> /etc/sudoers
Error id 812 is indicate that you have a problem with SQL Server Reporting Services
This is very clear and also its too clear that you forgot to configure SSRS
MSSQL installation do not auto configure SSRS
DPM also failed with default SSRS configuration because DPM use https to connect SSRS and default SSRS configuration work with http
Also another complexity is you have to create/generate self signed certificate
To create self signed certificate i advise you download selfssl why because automatically you can create and import it to trusted container of your server
Use such command in cli and pls pls do not care about error message what it out
Selfssl.exe /N:CN=MACHINENAME /V:365 /T
Also more important one is if your server in domain pls use FQDN for create self signed certificate otherwise you will see that you can not call reporting server url
And pls recreate reporting db after you introduce and configure self signed certificate because otherwise you will get some can’t encrypt messaged from SSRS
After all you will install DPM lovely 🙂
After very long search on Google find only the Azure VPN configuration but there is no example and good explanation about how you can do it with Azure Pack.
DorukNET is COSN provider and we are preparing to offer Azure Pack in Turkey and want to clarify VPN configuration with our Fortigate expert Salih 😛
Before start let me explain ISP point of view VPN properties ;
- First you ask peer ip address
- Second you ask phase 1 config properties like IKE version , encryption , key life time and key
- Third you ask phase 2 config properties , encryption , key life time , network remote and local one which you will encrypt
- Also talk about other things dead peer detection (DPD)
- Policy service consideration also important , mostly we do not allow any to any communication
When you login as a customer to WAP Service Management Portal, you couldn’t see every properties you need to establish VPN , mostly things are preconfigured and customer point of view there is no way to see it. Also its little hard to discover by administrator point of view but at the end we succeeded .
This article is about establish VPN between Fortinet and Microsoft NVGRE GW
NVGRE GW Peer IP Address : xxx.yyy.zzz.50
Customer Peer IP Address :Note that WAP site NVGRE GW Peer ip is not available before you create a new site-to-site setup
Important note, WAP GUI do not allow enter single ip address as a remote
You can see that Microsoft configure each pre-shared key as an Run-As-Account
From WAP GUI there is no way to set certificate as a auth method , actually i do not need it , no need to push Microsoft here 😀
Easy part , go to Forti , which traditionally we know everything how to configure 😀
What is Cloud Storage ? What is DaaS ? What is the Object ?
DaaS (Data Storage as a Service) very easy explanation its have ; without thinking about functional interface delivering it on demand. Functional interface means access method to data like block based (ex:iscsi) or file based (NFS,WebDAV)
The keys are here, everything should be on demand , not fixed size , expandable , virtual and should be feed by different services compression, dedup, versioning , antivirus …….
Container or bucket S3 point of view are very popular terms, both of them have same meaning, grouping, storing, organising the data. You can find out comparison of S3 Support and CDMI Support here.
CRUD is another term you have to know what is it, actually very easy Create, Retrieve , Update and Delete operations are described as a CRUD and mostly operate with HTTP protocol.
You can understand what is Cloud Storage model , what is CDMI and its used for manage storage and offer service too ! if you know S3 then you can put S3 between Container and Object Storage Client which is CDMI in picture means with CDMI commands you can also do CRUD operations instead of S3.
Storage service is capacity or pool how you think, data services is describe data requirement.
CDMI can manage the data as well as a means to store and retrieve the data.
Every object stored in CDMI-Compliant system need to have unique identifier like GUID.
Tivoli version 22.214.171.124
V7000 version 126.96.36.199 also i tried 188.8.131.52 too
First login management GUI of v7000 and left site “Access->Users” section (Lock Image) click New User ;
set what name you want, myself created admin
set auth mode local
set usergroup how you want but i selected SecurityAdmin
do not set pass we have set public key , to create a key download puttygen open it click Generate , move your mouse on blank area or take a coffee end of the generation pls save the public key and private key then use the public key at the generation of user.
This is the user creation screen , here you have to provider generated SSH Public Key
Now, go to Tivoli GUI
Under Administrative Services –> Data Sources –> Storage Subsystems click Add
Device type should be IBM SAN Volume Controller / IBM Storwize V7000
Software Version 5+
IP Address , set you v7000 ip
Select Key, it should be Upload New Key
Administrator User Name , i used superuser
Administrator Password, give the superuser pass
User Name, i used new created user on top
Private SSH Key, i used puttygen generated private key, ppk extension
Click Add and wait little
You will see additional table become and show the storage, click next below
Discovery Process will be start, it should be success and then click next again
A new page will be appear which storage already selected , go next
Next page about data collection, you have a choose for custom or ready to use , choose Subsystem Advanced Group
Finish and click View job History and wait running job over success
Go to IBM Tivoli Storage Productivity Center –> Monitoring –> Probes –> TPCUser.Subsystem Advanced Probe you will see that newly added storage subsystem is under Current selections, if you want you can remove or add storage subsystem to under another monitoring probe.
Also you can see the schedule under When to Run tab and can create an alerts too !
Lets read to collect performance info from newly added storage subsystem
From Disk Manager tree go to Monitoring and open Subsystem Performance Monitors, right click on and select Create Subsystem Performance Monitors,
choose storage and move to right site, click Sampling and Scheduling do not change something only change the duration “Continue indefinitely”
save the config, set a performance monitor name, confirm creation, wait for job over and give some multiple 5 mins to get many data
Thats it !
After upgrade vCloud Director, there is an issue about Windows VM provisioning about SID change and password reset
Issue is on version 1.5 SID and password reset –> allow local administrator password option default selected but after upgrade this options come unchecked and you have to manually set it before power on the vm if you need it
Look Change SID and Allow local administrator password check box and
This is different look to whats new of vDirector 5.1
This article still in update ….
About Allocation Model
A new parameter added to configuration, before it was available for only Pay-As-You-GFrow model now you can set it on Allocation Model.
Be careful its not important you you set %0 guarantee for cpu if you set vCpu speed, its counted and you can not power up VM if each vm vCpu Speed exceed the set of GHZ usage.
Looks like no %100 backward compatibility ,
you have to set 0.26 which is minimum value.
Very important this value after upgraded set 0.26 for all organisation for allocation model and its cause performances issue because all running VMs are limited to use 0.26 GHZ cpu , be careful
VMware support said that “engineering is preparing a workaround for this in a future update of vCloud director.
About Storage/Disk of vDC and VM
–Changing Organization vDC storage allocation (changing the vDC disk quota)
It’s moved under storage profile, you can not increase or decrease storage from properties of vDC
–Add disk and/or increase size of existing vm disk
At the end, its allowed now you can add disk or increase the disk size when vm running without stop it
—Care about nodes local disk
After storage profile support local disks become useful by vDirector pls disable all locals on vDirector
Still we have a headaches , all vDirector admins pls make a feature request from right site of panel <Feature Request<
- No way to add vNIC when vm is running :((
- No way to change network when vm is running :((
- I don’t understand why still vDirector do not understand shouted down vm and indicate partially down message ?!
- Firewall user experience need to be improved like zone/aggregate rules like zone for inside to outside , zone for outside to inside, zone for other pares like between dmz1 to dmz2 or dmz1 to outside for better understanding