Category Archives: Uncategorized

about time , ssl and other things …

To see the certification information from linux cli (k is optional for without verification)

curl –vvIk https://<FQDN>or<IP&gt;

To read the certificate file human readable (you can use -inform parameter to change the output format)

openssl x509 -in <your_certificate_file_name_maybe_txt_pem_whatever>

Sometimes you can have broken/corrupted pem or certificate files could be ! maybe wrong copy past , windows to linux copy , ftp copy issues that time using “curl” for only debug could not help pls try more tool to double check for example “wget”

I faced Socket error: [X509] PEM lib (_ssl.c:2751) and couldn’t find any solution and wget helped me, wget show us some of certifications files are not readable.

Another option is using openssl with s_client parameter

openssl s_client -host FQDN -port 443 -quiet

tzdata = time zone database

Sometime people are mixing UTC and GMT , GMT is time zone and UTC is time standard but both of them share same current time practice. No any country or territory use UTC as a local time.

Debian change time zone 

dpkg-reconfigure tzdata

or

sudo cp /usr/share/zoneinfo/xxx/xxx /etc/localtime

About how ntp work , what is stratum, what is reference clock pls check the links below. Generally reference clock is stratum-0 and its atomic time(cesium clock) some more levels there startum-1 , 2 up to 16 and looks like we are querying time from mostly  startum-2 servers.

https://ntpserver.wordpress.com/2008/09/10/ntp-server-stratum-levels-explained/

http://www.ntp.org/ntpfaq/NTP-s-algo.htm

To update time with date command perfect article from nixCraft http://www.cyberciti.biz/faq/howto-set-date-time-from-linux-command-prompt/

I mostly needed this one

date +%T -s “10:13:13”

To password less sudo privileges  

sudo su

echo “noroot ALL=(ALL) NOPASSWD: ALL” >> /etc/sudoers

System Center DPM 2012 R2 Install Error ID: 812

Error id 812 is indicate that you have a problem with SQL Server Reporting Services

This is very clear and also its too clear that you forgot to configure SSRS

MSSQL installation do not auto configure SSRS

DPM also failed with default SSRS configuration because DPM use https to connect SSRS and default SSRS configuration work with http

Also another complexity is you have to create/generate self signed certificate

To create self signed certificate i advise you download selfssl why because automatically you can create and import it to trusted container of your server

Use such command in cli and pls pls do not care about error message what it out

Selfssl.exe /N:CN=MACHINENAME /V:365 /T

Also more important one is if your server in domain pls use FQDN for create self signed certificate otherwise you will see that you can not call reporting server url

And pls recreate reporting db  after you introduce and configure self signed certificate because otherwise you will get some can’t encrypt messaged from SSRS

After all you will install DPM lovely 🙂

Bye

No-Look VPN Configuration with Azure Pack :D

Hello All

After very long search on Google find only the Azure VPN configuration but there is no example and good explanation about how you can do it with Azure Pack.
DorukNET is COSN provider and we are preparing to offer Azure Pack in Turkey and want to clarify VPN configuration with our Fortigate expert Salih 😛

Before start let me explain ISP point of view VPN properties ;

  • First you ask peer ip address
  • Second you ask phase 1 config properties like IKE version , encryption , key life time and key
  • Third you ask phase 2 config properties , encryption , key life time , network remote and local one which you will encrypt
  • Also talk about other things dead peer detection  (DPD)
  • Policy service consideration also important , mostly we do not allow any to any communication

When you login as a customer to WAP Service Management Portal, you couldn’t see every properties you need to establish VPN , mostly things are preconfigured and customer point of view there is no way to see it. Also its little hard to discover by administrator point of view but at the end we succeeded .

This article is about establish VPN between Fortinet and Microsoft NVGRE GW

Fortigate FW Version : 5.0.patch5
DorukNET WAP Customer Site Network
Provider-SiteAzure : 10.0.0.0/24
NVGRE GW Peer IP Address : xxx.yyy.zzz.50
Customer OnPremise Site Network
LocalSite-OnPremise: xxx.102.yyy.240/28
Customer Peer IP Address :Note that WAP site NVGRE GW Peer ip is not available before you create a new site-to-site setup

Lets create it
Login to WAP Service Management Portal and go to Networks and double click your already created network and click Create VPN

Screen Shot 2014-06-09 at 15.20.10
Set your remote site VPN Device ip address, here we set our Fortigate FW outsite ip address and pre-shared key
Screen Shot 2014-06-09 at 15.23.49a
As a address space you have to set remote site ip address block which you would like to communicate encrypted
Important note, WAP GUI do not allow enter single ip address as a remote
Screen Shot 2014-06-09 at 15.41.14
Next two screen WAP allow you to set limitation about VPN configuration if you needed please enter , we did not test its working or not :)Then action time , WAP send the request to VMM to create VPN configuration on NVGRE GW

Screen Shot 2014-06-09 at 15.26.39 

Succeeded

Screen Shot 2014-06-09 at 15.27.38
Check VMM site if you are provider to confirm

Screen Shot 2014-06-09 at 15.27.49
Now you will start to understand why we described article subject as a No-Look !
Now customer can not see anything more than VPN configuration is Enabled  !  No any knowledge about Phase 1 , Phase 2 configuration . Here what provider need to do, well document everything and somehow if provider have some boundaries need to automate the configuration
For example after VPN configuration enabled we can see such properties for VPN

You can see that Microsoft configure each pre-shared key as an Run-As-Account

From WAP GUI there is no way to set certificate as a auth method , actually i do not need it , no need to push Microsoft here 😀

Screen Shot 2014-06-09 at 15.29.22
Routes section is easy, its remote network
Click the Advanced section , you will see the configuration of VPN but you have to understand which one is Phase1 and Phase 2 , very good , lovely
Screen Shot 2014-06-09 at 15.29.52
We find a pptx file after almost 50-100 search on Google , i know you thing maybe i m searching wrong key words , i m accepting 😀
This slide actually do not equal defaults but it help us a lot but funny thing you can see that there is no timeout for key life values for Phase 2 also we discover the Phase 1 key life from this slide too also you can find it from powershell “Get-VpnS2SInterface” command

Screen Shot 2014-06-09 at 17.43.48

We used related configuration for us

Screen Shot 2014-06-09 at 15.30.34

Easy part , go to Forti , which traditionally we know everything how to configure 😀

Screen Shot 2014-06-09 at 15.14.38
Phase 2
Screen Shot 2014-06-09 at 15.22.58
Rule for Forti
Screen Shot 2014-06-09 at 15.45.50
Monitor VPN Connectivity

Screen Shot 2014-06-09 at 15.33.10

Ping it or Remote it
Screen Shot 2014-06-09 at 15.59.57
Hope this article help for everyone
VM

What is the Cloud Storage ? What is DaaS ? What is the Object ?

What is Cloud Storage ? What is DaaS ? What is the Object ?

SNIA describing cloud storage is simply the delivery of virtualised storage on demand. Different explanations you can find 1 , 2 ,3 .

DaaS (Data Storage as a Service) very easy explanation its have ; without thinking about functional interface delivering it on demand. Functional interface means access method to data like block based  (ex:iscsi) or file based (NFS,WebDAV)

The keys are here, everything should be on demand , not fixed size , expandable , virtual and should be feed by different services compression, dedup, versioning , antivirus …….

Container or bucket S3 point of view are very popular terms, both of them have same meaning,  grouping, storing, organising the data. You can find out comparison of S3 Support and CDMI Support here.

CRUD is another term you have to know what is it, actually very easy Create, Retrieve , Update and Delete operations are described as a CRUD and mostly operate with HTTP protocol.

Screen Shot 2013-06-11 at 2.03.47 PM

You can understand what is Cloud Storage model , what is CDMI and its used for manage storage and offer service too ! if you know S3 then you can put S3 between Container and Object Storage Client which is CDMI in picture means with CDMI commands you can also do CRUD operations instead of S3.

Storage service is capacity or pool how you think, data services is describe data requirement.

CDMI can  manage the data as well as a means to store and retrieve the data.

CDMI may also be used by administrative and management applications to manage containers, domains,
security access, and monitoring/billing information, even for storage that is functionally accessible by legacy or proprietary protocols. The capabilities of the underlying storage and data services are exposed so that clients may understand the offering.
CDMI is a RESTful protocol

 

Object Model for CDMI 
Screen Shot 2013-06-20 at 11.35.29 AM
Just redefine file, directory,domain and ACLs…..
Using CDMI object model client can send a PUT via CDMI to the new container URI and create a new container with the specified name. Again client can use PUT command also for upload a file or data object to inside container and also using GET command to fetch it.
Capability of storage can be sound interesting and wonder what is it such link describe it but some quick examples ;
Query Capability of DaaS –> Do you support snapshot ?
Query Capability of DaaS –> Do you support encryption ?
Query Capability of DaaS –> Do you support geographic placement ?
Query Capability of DaaS –> Do you support export container iscsi ?
CDMI uses many different types of metadata, including HTTP metadata, data system metadata, user metadata, and storage system metadata.
Example of storage system metadata ;
Screen Shot 2013-06-20 at 2.04.38 PM
Example of data system metadata ;
Screen Shot 2013-06-20 at 2.13.14 PM

 Object ID

Every object stored in CDMI-Compliant system need to have unique identifier like GUID.

Every cloud storage system shall allow object ID-based access to stored objects by allowing the object’s ID to be appended to the root container URI. If the data object “MyDataObject.txt” has an object ID of “00006FFD001001CCE3B2B4F602032653”, the following pair of URIs access the same data object:
I find out many article from 2010 which SNIA first CDMI kickoff happen and now see that still S3 is the best because still soo much vendor use S3 for too many their own services.
I imagine that maybe in future all our Netapp , IBM , EMC and other storages can be part of the CDMI and client with querying the capability choose what they want and go go looks like its dream for now , still block and file access continue to run with old style , cloud storage mostly used a new way instead of use FTP 🙂
VM

IBM Tivoli Storage Productivity Center and Storwize v7000 PerfomanceMonitoring

Tivoli version 5.1.0.0
V7000 version 6.3.0.3 also i tried 6.4.1.3 too

First login management GUI of v7000 and left site “Access->Users” section (Lock Image) click New User ;

set what name you want, myself created admin
set auth mode local
set usergroup how you want but i selected SecurityAdmin
do not set pass we have set public key , to create a key download puttygen open it click Generate , move your mouse on blank area or take a coffee end of the generation pls save the public key and private key then use the public key at the generation of user.

Screen Shot 2013-02-15 at 9.08.01 PM

This is the user creation screen , here you have to provider generated SSH Public Key

Screen Shot 2013-02-15 at 9.06.37 PM

Now, go to Tivoli GUI

Step 1

Under Administrative Services –> Data Sources –> Storage Subsystems click Add
Device type should be IBM SAN Volume Controller / IBM Storwize V7000
Software Version 5+
IP Address , set you v7000 ip
Select Key, it should be Upload New Key
Administrator User Name , i used superuser
Administrator Password, give the superuser pass
User Name, i used new created user on top
Private SSH Key, i used puttygen generated private key, ppk extension
Click Add and wait little
You will see additional table become and show the storage, click next below

Discovery Process will be start, it should be success and then click next again

A new page will be appear which storage already selected , go next

Next page about data collection, you have a choose for custom or ready to use , choose Subsystem Advanced Group

Summary, next

Finish and click View job History and wait running job over success

Go to IBM Tivoli Storage Productivity Center –> Monitoring –> Probes –> TPCUser.Subsystem Advanced Probe you will see that newly added storage subsystem is under  Current selections, if you want you can remove or add storage subsystem to under another monitoring probe.

Also you can see the schedule under When to Run tab and can create an alerts too  !

Screen Shot 2013-02-15 at 9.09.07 PM Screen Shot 2013-02-15 at 9.15.44 PM Screen Shot 2013-02-15 at 9.16.31 PM Screen Shot 2013-02-15 at 9.16.55 PM Screen Shot 2013-02-15 at 9.17.04 PM Screen Shot 2013-02-15 at 9.19.29 PM

Step 2

Lets read to collect performance info from newly added storage subsystem

From Disk Manager tree go to Monitoring and open Subsystem Performance Monitors, right click on and select Create Subsystem Performance Monitors,
choose storage and move to right site, click Sampling and Scheduling do not change something only change the duration “Continue indefinitely”
save the config, set a performance monitor name, confirm creation, wait for job over and give some multiple 5 mins to get many data

Thats it !

Screen Shot 2013-02-15 at 9.38.36 PM Screen Shot 2013-02-15 at 9.39.34 PM Screen Shot 2013-02-15 at 9.40.34 PM Screen Shot 2013-02-15 at 9.40.57 PM Screen Shot 2013-02-15 at 9.49.44 PM Screen Shot 2013-02-15 at 9.49.54 PM

vCloud Director Auto Password Generation and SID Change bug/change at provisioning time ..

Hello….

After upgrade vCloud Director, there is an issue about Windows VM provisioning about SID change and password reset

Issue is on version 1.5 SID and password reset –> allow local administrator password option default selected but after upgrade this options come unchecked and you have to manually set it before power on the vm if you need it

Look Change SID and Allow local administrator password check box and

VM

vDirector 5.1, finally number of supported things increased

This is different look to whats new of vDirector 5.1
This article still in update ….

About Allocation Model

–vCpu Speed

A new parameter added to configuration, before it was available for only Pay-As-You-GFrow model now you can set it on Allocation Model. Be careful its not important you you set %0 guarantee for cpu if you set vCpu speed,  its counted and you can not power up VM if each vm vCpu Speed exceed the set of GHZ usage.

Looks like no %100 backward compatibility , you have to set 0.26 which is minimum value.

Very important this value after upgraded set 0.26 for all organisation for allocation model and its cause performances issue because all running VMs are limited to use 0.26 GHZ cpu , be careful

VMware support said that “engineering is preparing a workaround for this in a future update of vCloud director.

About Storage/Disk of vDC and VM

–Changing Organization vDC storage allocation (changing the vDC disk quota)

It’s moved under storage profile, you can not increase or decrease storage from properties of vDC

–Add disk and/or increase size of existing vm disk

At the end, its allowed now you can add disk or increase the disk size when vm running without stop it

Care about nodes local disk

After storage profile support local disks become useful by vDirector pls disable all locals on vDirector

Still we have a headaches , all vDirector admins pls make a feature request from right site of panel <Feature Request<

  1. No way to add vNIC when vm is running :((
  2. No way to change network when vm is running :((
  3. I don’t understand why still vDirector do not understand shouted down vm and indicate partially down message ?!
  4. Firewall user experience need to be improved like zone/aggregate rules like zone for inside to outside , zone for outside to inside, zone for other pares like between dmz1 to dmz2 or dmz1 to outside for better understanding

After minimal installation what i will do on Centos :)

Minimal configuration looks like good for need less package upgrade needs also for safe the OS but after over many commands are not there i was try to figure out something and please add command who read it i will update the article

First give ip address like below ;

ifconfig eth0 xxx.xxx.xxx.xxx netmask 255.255.255.0
route add default gw xxx.xxx.xxx.1

vi /etc/resolve.conf

nameserver 8.8.8.8
nameserver 8.8.4.4

yum upgrade

This is first round restart the server and go on …

yum install telnet

yum install bind-utils

yum install system-config-network-tui
….then run system-config-network-tui to configure ip address

before restart the system to check everything work

vi /etc/sysconfig/network-scripts/ifcfg-eth0  : Please set onboot=yes

chkconfig –level 3 iptables off
chkconfig –level 3 ip6tables off

yum install perl

yum install wget

Edit selinux config file

vi /etc/selinux/config and update SELINUX section like this SELINUX=disable

Time Config – Dell Blade Switchs

First enter to configuration mode and execute such commands (xx.yyy.zzz.ttt is your ip of ntp server)

sntp unicast client enable
sntp server xxx.yyy.zzz.ttt

to check everything pls execute command below

HEYBELIADA-M6348-A2#show sntp status

Client Mode:                       Unicast
Last Update Time:                  APR 13 11:39:14 2012

Unicast servers:
Server          Status                 Last response
————— ———————- ————————–
xxx.yyy.zzz.ttt    Success                11:38:09 Apr 13 2012

to check whole config execute command below

HEYBELIADA-M6348-A2#show sntp configuration

Polling interval: 64 seconds
MD5 Authentication keys:
Authentication is not required for synchronization.
Trusted keys:
No trusted keys.
Unicast clients: Enable

Unicast servers:
Server          Key             Polling         Priority
———       ———–     ———–     ———-
xxx.yyy.zzz.ttt    Disabled        Enabled        1

Same config is also working on M8024-k too.

VM

Dell M8024-k 10G Switch and QLogic QME8242-k 10GbE and vSphere5 and Network Performance Issue

Hi,

We have an issue about NPAR / VMWARE / QME8242-k. Issues and problems are below , we are waiting update from Dell , if we got it i will inform from this article.

  • We are using QME8242-k NICs connected to PCM8024-k switch.
  • When VMs are on the same host they can communicate.
  • When you migrate a VM it cannot communicate with the VMs on the other hosts.
  • When you make FTP or data transfer with E1000 card on VM after some minutes or seconds network card loose it self, same issue is not available on VXNET3
  • When you copy something between two nodes via FTP or CIFS you will see that transfer rate is so so small KB/s

VM