Pages

12/31/2012

VMware KB: Disabling auto-registration to EMC CX-4 storage arrays

VMware KB: Disabling auto-registration to EMC CX-4 storage arrays:
In some cases, you may need to disable the auto-registration feature that is enabled by default for EMC CLARiiON arrays on vSphere and use manual registration. To perform manual registration using storage management software, turn off the ESX/ESXi auto-registration feature.

To disable the auto-registration feature:
  1. In the vSphere Client, select the host in the inventory.
  2. Click the Configuration tab and click Advanced Settings under Software.
  3. Select Disk in the left panel and scroll to Disk.EnableNaviReg.
  4. Change the default value to 0.
  5. Reboot the ESX host for the changes to take effect.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1027029

Test if any website is Blocked in China in real-time

Test if any website is Blocked in China in real-time
http://www.blockedinchina.net/

12/17/2012

Cisco UCS with VNX and vSphere: Booting from SAN | Menno de Liège

Cisco UCS with VNX and vSphere: Booting from SAN | Menno de Liège: VMWare Auto Deploy

VMware Communities: Boot from SAN issue - UCS B-series, VNX...

Boot from SAN:  VNX, UCS, VMWare
Need Cisco drivers during the VMWare installation

- Find the drivers you need (the Cisco drivers were here: https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_0#drivers_tools?cc=www&client=VMware_Site&entqr=0&ud=1&num=20&output=xml_no_dtd&proxystylesheet=VMware_gsa_Site&site=VMware_Site&ie=UTF-8&oe=UTF-8&q=download%20drivers&x=0&y=0 )

- Use this KB (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2005205) to add async drives to the ISO.

11/14/2012

RouterGeek » How to Configure Site-to-Site VPN in Cisco Routers

RouterGeek » How to Configure Site-to-Site VPN in Cisco Routers:
How to Configure Site-to-Site VPN in Cisco Routers

When would you need this: When you want to create a secure tunnel to transfer data between two sites without the use of VPN concentrator or other security devices.
Special Requirements: The routers used must support IPSec. Most of Cisco routers do. Another need is that both sides use a static public IP address to connect to the Internet.

We will go through the steps to be done on one side and the same steps must be repeated on the other side too. The encryption of data will depend on a shared-key. This way, we will not need specialized CAs or RSA methodologies. If you have a hub-and-spoke topology, refer to the note in the bottom.
1. Create Internet Key Exchange (IKE) key policy. The policy used for our case is policy number 9, because this policy requires a pre-shared key.
Router(config)#crypto isakmp policy 9
Router(config-isakmp)#hash md5
Router(config-isakmp)#authentication pre-share
2. Setup the shared key that would be used in the VPN,
Router(config)#crypto isakmp key VPNKEY address XXX.XXX.XXX.XXX
where,
VPNKEY is the shared key that you will use for the VPN, and remember to set the same key on the other end.
XXX.XXX.XXX.XXX the static public IP address of the other end.
3. Now we set lifetime for the IPSec security associations,
Router(config)#crypto ipsec security-association lifetime seconds YYYYY
where YYYYY is the associations lifetime in seconds. It is usually used as 86400, which is one day.
4. Configure an extended access-list to define the traffic that is allowed to be directed through the VPN link,
Router(config)#access-list AAA permit ip SSS.SSS.SSS.SSS WIL.DCA.RDM.ASK DDD.DDD.DDD.DDD WIL.DCA.RDM.ASK
where,
AAA is the access-list number
SSS.SSS.SSS.SSS WIL.DCA.RDM.ASK is the source of the data allowed to use the VPN link.
DDD.DDD.DDD.DDD WIL.DCA.RDM.ASK is the destination of the data that need to pass though the VPN link.
5. Define the transformations set that will be used for this VPN connection,
Router(config)#crypto ipsec transform-set SETNAME BBBB CCCCC
where,
SETNAME is the name of the transformations set. You can choose any name you like.
BBBB and CCCCC is the transformation set. I recommend the use of “esp-3des esp-md5-hmac”. You can also use “esp-3des esp-sha-hmac”. Any one of these two will do the job.

11/06/2012

Packet Life

Packet Life: Community Lab

This is a great site.  Including this link to a lab with modern equipment available for training purposes.

10/18/2012

Cisco ASA: SSL VPN - Backup Connection


I gave up fighting with setting up client profiles on the ASA.  Eventually able to adjust the existing preferences file on workstation to successfully configure a secondary connection that would be used if the primary was down--without any additional user actions.

10/05/2012

Notepad++

Notepad++ Home: Notepad++

I've used Textpad for years but it costs $.  Notepad++ supports regular expressions and looks pretty good.  I may make it my new default text editor.

10/03/2012

Excel Shortcut

Excel Shortcut for @sum(....)
Select the data to do a sum for and hit ALT= =

9/18/2012

IPv6

IPv6 - Quick Notes
- 128 bit address
    - repeating 0's are abbreviated
      fd59:8f91:f52d::1:0:0:1 ->
           fd59:8f91:f52d:0000:0001:0000:0000:0001
- Loopback - ::1/128
- Link-local - fe80::/10 - can communicate with other machines on same switch
     - could end up with interfaces that have the same address
     - resolved using scope id
- Scope ID
     - only non-global IP's
     - only valid on same machine -- don't put on wire.
     - postfixed with %
         - e.g. http://[fe80::1:2%2]:80/index.html
                for interface "2"
- Site-local - fec0::/10
     - (like 192.168.0.0/16)
     - not officially usable - use unique-local instead
     - Useful for lab
- unique-local - fc00::/8, fd00::/8
     - fc00::/8 - from allocation authoritiy
     - fd00::/8 - randomly assigned via rfc4193
     - block these numbers - do not route
- Global - 2000::/3
     - All publicly accessible IP's
     - No NAT
- Tunnel IPV6 over IPV4
     - 6to4 requires endpoint have public IP
          - 2002::/16
     - Teredo - encapsulate ipv6 packet in IPv4 UDP
          - 2001::/16
- IPv4 Mapped - ::ffff/96
     - ::ffff:10.67.12.12
     - Dual stack (have both)
     - security! - will firewall rules apply?  tunneling will bypass firewall?

9/14/2012

Investigator Freeware | NetWitness Corporation

Investigator Freeware | NetWitness Corporation: Investigator Freeware
NetWitness freeware tool
And NetWitness "Live" - access to security community for latest threat info.

9/11/2012

VMWare 5 Converter will fix disk alignment of virtual machines!
Check box for "create optimized partition layout"

Understanding Disk Alignment


 
 
 
The graphic above shows that SAN’s, VMFS, and NTFS virtual disks all have different block sizes.  Aligning all these layers to start their disk units at the same place can make disk operations more efficient and keep the physical disks from working harder than necessary.  For example, if these are not aligned, a call to read a single NTFS block may require the SAN to read three blocks as shown below:

 
 
 
The greatest efficiency is achieved when these layers are aligned so that the desired NTFS block requires only one SAN block to be read:





 
 
 

 

VMFS Alignment

When VMFS volumes are created by the vSphere client, they are aligned on a 64K boundary. Check your SAN vendor’s documentation but in most cases the default 64K boundary will work.

NTFS Alignment

Windows 2003 and older align on 32K which will not match up with the 64K for VMFS. Windows 2008 by default will align on a 1024K boundary – this works with VMFS because 1024K is divisible by 64K.

8/31/2012

Powershell: Server Software Inventory

Example of gathering software inventory from the registry. I used it to report on what version of Symantec products are installed on servers.

###################################################################
#
#  SAV-Inv.ps1
#
# Go through all Windows Server machine accounts in AD
# Report OS version from AD
# Look in registry Uninstall Key and report Symantec items
#
# Produce CSV output
#
###################################################################

$outfile = "Symantec-Inventory.csv"

if ( test-path $outfile ) { remove-item $outfile }

# Find AD machine accounts that are Windows Servers 
$strCategory = "computer" 
$strOS = "Windows*Server*"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry 
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher 
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("OperatingSystem=$strOS")
$colProplist = "OperatingSystem","dnshostname"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
$array = @()
$index = 0

# Look at each server
foreach ($objResult in $colResults) 
 { 
  $found=''
  $version=''
  $objComputer = $objResult.Properties;  
  $Server = [string]$objComputer.dnshostname
  $Server = $Server -replace "\s{2,}", ""
  $Server = $Server -replace "\.usa\.DOMAIN\.com", ""
  $OS = [string]$objComputer.operatingsystem
  $computername = $Server
  $computername
  "    $OS"
  $reg=''
  $regkey=''
  $subkeys=''
  $obj=''
  if (Test-Connection -ComputerName $Server -quiet -count 1) { #responds to PING
    #Define the variable to hold the location of Currently Installed Programs
    $UninstallKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" 
    #Create an instance of the Registry Object and open the HKLM base key
    $reg=[microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$computername)
 if (-not $reg) { #Failed to open registry
  $obj = New-Object PSObject
  $obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $computername
  $obj | Add-Member -MemberType NoteProperty -Name "OperatingSystem" -Value $OS
  $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayName" -Value "ERROR:  Cannot Access Remote Registry"
  $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayVersion" -Value "N/A"
  $obj | Add-Member -MemberType NoteProperty -Name "InstallLocation" -Value "N/A"
  $obj | Add-Member -MemberType NoteProperty -Name "Publisher" -Value "N/A"
  $array = $array + $obj
  "    ERR-Registry"
  continue
 }#registry fail
 #Drill down into the Uninstall key using the OpenSubKey Method
 $regkey=$reg.OpenSubKey($UninstallKey) 
 if (-not $regkey) { #Failed to open registry
  $obj = New-Object PSObject
  $obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $computername
  $obj | Add-Member -MemberType NoteProperty -Name "OperatingSystem" -Value $OS
  $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayName" -Value "ERROR:  Cannot Access Remote Registry"
  $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayVersion" -Value "N/A"
  $obj | Add-Member -MemberType NoteProperty -Name "InstallLocation" -Value "N/A"
  $obj | Add-Member -MemberType NoteProperty -Name "Publisher" -Value "N/A"
  $array = $array + $obj
  "    ERR-Registry"
  continue
  }#registry fail
 else {#registry success
  #Retrieve an array of strings that contain all the subkey names
  $subkeys=$regkey.GetSubKeyNames() 
  #Open each Subkey and use GetValue Method to return the required values for each
  foreach($key in $subkeys){
   $thisKey=$UninstallKey+"\\"+$key 
   $thisSubKey=$reg.OpenSubKey($thisKey) 
   $obj = New-Object PSObject
   $obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $computername
   $obj | Add-Member -MemberType NoteProperty -Name "OperatingSystem" -Value $OS
   $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayName" -Value $($thisSubKey.GetValue("DisplayName"))
   $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayVersion" -Value $($thisSubKey.GetValue("DisplayVersion"))
   $obj | Add-Member -MemberType NoteProperty -Name "InstallLocation" -Value $($thisSubKey.GetValue("InstallLocation"))
   $obj | Add-Member -MemberType NoteProperty -Name "Publisher" -Value $($thisSubKey.GetValue("Publisher"))
   if ($obj.Publisher -match "Symantec") {
    $array = $array + $obj
    "    FOUND"
    $found = "1"
    }#if
   }#else   
  } #foreach key
  if (-not $found) { # No Symantec found
    $obj = New-Object PSObject
    $obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $computername
    $obj | Add-Member -MemberType NoteProperty -Name "OperatingSystem" -Value $OS
    $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayName" -Value "No Symantec Published Apps Installed"
    $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayVersion" -Value "N/A"
    $obj | Add-Member -MemberType NoteProperty -Name "InstallLocation" -Value "N/A"
    $obj | Add-Member -MemberType NoteProperty -Name "Publisher" -Value "N/A"
    $array = $array + $obj
    "    NOT FOUND"
 }#registry success
  }#if
  else {#no ping response
        $obj = New-Object PSObject
        $obj | Add-Member -MemberType NoteProperty -Name "ComputerName" -Value $computername
        $obj | Add-Member -MemberType NoteProperty -Name "OperatingSystem" -Value $OS
        $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayName" -Value "ERROR:  No PING response"
        $obj | Add-Member -MemberType NoteProperty -Name "AppDisplayVersion" -Value "N/A"
        $obj | Add-Member -MemberType NoteProperty -Name "InstallLocation" -Value "N/A"
        $obj | Add-Member -MemberType NoteProperty -Name "Publisher" -Value "N/A"
        $array = $array + $obj
        "    NO RESPONSE"
  }#else

}#foreach

$array | Where-Object { $_.AppDisplayName } | select ComputerName, OperatingSystem, AppDisplayName, AppDisplayVersion, Publisher | Export-CSV  $outfile -notype

7/20/2012

Export DNS Zone

DNS::Microsoft::Export Zone
DNSCMD is a great utility
One of the many things you can do is backup a zone:
dnscmd SERVERNAME /ZoneExport domain.com DNS-BACKUP.TXT
Oddly, you can't put that output anyplace other than the default:
C:\WINDOWS\SYSTEM32\DNS\

7/16/2012

Windows DNS TTL

Microsoft DNS::The pain of "simplicity"

I guess a lot of people just  are going to say "DUH!!!" but I had to look hard today to figure out how to add a TTL to an individual DNS entry on MS DNS server.

VIEW > ADVANCED gives you the secret field to fill in the TTL

Sheesh!

5/21/2012

How to fix a messed up domain controller

Just get rid of it!
  • Disconnect the DC from the network
  • Run dcpromo /forceremoval
  • From 2003, use NTDSUTIL to do a "metadata cleanup" to clean the DC out of your AD.  (See below) If you have at least one Windows Server 2008 DC, then open Active Directory Users and Computers from a 2008 DC, find the bad DC, right-click and delete.
Metadata Cleanup using NTDSUTIL
MS Article 216498 explains how to forcibly remove a domain controller account from AD using NTDSUTIL.
http://support.microsoft.com/kb/216498
Time to Check Sysvol
Sysvol is a share you can find on every domain controller, a share that contains files needed by DCs -- the big ones are the file components of group policy objects (GPOs), pieces called "group policy templates" or GPTs, as well as login scripts. Sysvol is a neat, built-in implementation of DFS (Distributed File Services) that is multi-master, meaning that if you have four DCs named DC1, DC2, DC3 and DC4, then you can drop a file into any one of those four Sysvol folders, and eventually DFS will ensure that there's a copy of that file in each of the other three Sysvols. The fact that you can introduce a new file into the family of Sysvols is why it's said to be "multi-master." On 2003 SP3 and later, there's a command that lets you force replication between a source DC (DC3, in this example) and a destination DC (DC2, in this example) that looks like this:
ntfrsutl.exe forcerepl DC2 /r "Domain System Volume (SYSVOL share)" /p DC3
Check SYSVOL before upgrading
Go to a DC. In its Sysvol, create a file, such as [dcname].txt. After you have created a small text file on each DC whose name reflects the DC that you created it on. Wait a while and go to each DC and look in its Sysvol... there should be a file for each domain controller. If, for example, DC4's dc4.txt shows up nowhere, then DC4 probably has the problem. To fix it, run DCPROMO to demote it and, if the rest of the network doesn't see that you've demoted it, remove the DC's account from the Domain Controllers OU and remove its metadata. Once it is successfully removed, test again by creating another unique file in each DC's Sysvol and be sure everything is cool.

Thanks to:
http://www.minasi.com/newsletters/nws1205.htm

5/07/2012

Building a Daily Systems Report Email With PowerShell

This is an excellent example of how to make your life easier with PowerShell.
The challenge is to run this on hundreds of servers.
Building a Daily Systems Report Email With PowerShell

3/28/2012

SIEM Group Test - SC Magazine

SIEM Group Test - SC Magazine: Security information and event managers (SIEM) have pretty much reached their plateau in terms of product-type maturity. In terms of functionality, we did not see much that was new this year. However, the tools we looked at exhibited many improvements in the depth to which they analyze data and present it to the administrator.

3/26/2012

Powershell - Bulk change home directory for AD users

#Change home directory
# must be logged on with administrative permission for AD
$ou = "TestOU"
$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"LDAP://OU=$ou,DC=USA,DC=DOMAIN,DC=COM")
$Search.filter = "(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" #users, not disabled
Foreach($result in $Search.Findall()){
 $user = $result.GetDirectoryEntry()
 $updHome = $($user.HomeDirectory)
 #$new = $updHome.ToLower().Replace("\\priricfs01\users\","\\pricifs\ricusers\")
$new = $updHome.ToLower().Replace("\\pricifs\ricusers\","\\priricfs01\users\")
 $new = $new.Replace("(","")
 $new = $new.Replace(")","")
 $objUser = [ADSI]"$($User.Path)" # Get user object
 $objUser.put("HomeDirectory", "$new") # Make change
 $objUser.SetInfo() # Commit change
}

Powershell - List AD users and Home Directory

#LIST Home Directories
#AD List users & home dirs
$outfile = "c:\dev\home-list.csv"
$ou = "TestOU"
$ou = ""
$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"LDAP://OU=$ou,DC=USA,DC=DOMAIN,DC=COM")
$Search.filter = "(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" #users, not disabled
Foreach($result in $Search.Findall()){
 $user = $result.GetDirectoryEntry()
 $report = write-host "$($user.sAMAccountName),$($user.HomeDirectory)"
 $report
 $report | out-file -encoding ASCII $outfile -append
}

Use PowerShell and Active Directory Cmdlets to Update Users in Active Directory

Use PowerShell and Active Directory Cmdlets to Update Users in Active Directory

3/02/2012

Cisco IOS - Connection refused

there may be too many logged on: show users Get rid of phantom connections: clear line vty 1

2/27/2012

networking - How much network latency is "typical" for east - west coast USA? - Server Fault

networking - How much network latency is "typical" for east - west coast USA? - Server Fault: the actual math is: 3000 mi / c = 16.1ms

So, light can travel from east coast USA to west coast USA in just over 16ms.

minimum PING response:
- it has to come back too.
- it is traveling over glass fiber, not in a vacuum
- many other components can introduce latency.

a 40 something ms response is the best it's ever going to get.

networking - How much network latency is "typical" for east - west coast USA? - Server Fault

networking - How much network latency is "typical" for east - west coast USA? - Server Fault: In a vacuum a photon can travel the equator in roughly 134 ms. The same photon in glass would take around 200 ms. A 3,000 mile piece of fiber has 24 ms. of delay without any devices.

2/20/2012

Cisco IOS supported protocols

Supported IP Protocols in Cisco IOS Software

These IP protocols are supported by Cisco IOS Software:

· 1 – ICMP

· 2 – IGMP

· 3 – GGP

· 4 – IP in IP encapsulation

· 6 – TCP

· 8 – EGP

· 9 – IGRP

· 17 – UDP

· 20 – HMP

· 27 – RDP

· 41 – IPv6 in IPv4 tunneling

· 46 – RSVP

· 47 – GRE

· 50 – ESP

· 51 – AH

· 53 – SWIPE

· 54 – NARP

· 55 – IP mobility

· 63 – any local network

· 77 – Sun ND

· 80 – ISO IP

· 88 – EIGRP

· 89 – OSPF

· 90 – Sprite RPC

· 91 – LARP

· 94 – KA9Q/NOS compatible IP over IP

· 103 – PIM

· 108 – IP compression

· 112 – VRRP

· 113 – PGM

· 115 – L2TP

· 120 – UTI

· 132 – SCTP

2/19/2012

Cisco solutions

Flexpod

Exchange: Report mailboxes and size

get-mailboxstatistics -server PRIEXS01CCR | ft DisplayName, TotalItemSize > mailboxes.txt

Cisco console

Go from the aux port on the router to the console port on the switch with a rollover cable. Do a show line on the router. The aux port is probably 2001. Telnet to the router ip port 2001 and it will be the switch console port.

Esxi

I don't understand why the service console had to go away.  Now it is a mess of confusing junk to get things done.
TIP
When you SSH to a ESXi host, you can get the console by typing: dcui

Excessive VMWare vcenter notifications

Problem: A bunch of “check new notifications” tasks are “queued” in vCenter Solution: From the vCenter server console, restart “vmware vcenter update manager service”

2/15/2012

VMWare io stats

VMWare 4 Statistics:  Get iops per vm on VMFS datastores


################################################################################
# GatherIOPS.ps1
#
# Thanks to:
# Curtis Salinas, # http://virtualcurtis.wordpress.com, October 2010 
################################################################################
# 
# Given a list of datastore names in file named store.txt & a vCenter Server FQDN,
# this script will return a table of IOPS by every virtual machine
# on those datastores over a 60 minute interval. This data
# is output to the PowerShell screen and to a csv file
#
#Run the following to create credentials file with password to username that is 
#defined by $username:
#read-host -prompt "enter password" -assecurestring | convertfrom-securestring | out-file cred.txt
#
#$username is a local account on each host
#
################################################################################


#param($datastores, $server, $numsamples)

$today = get-date
$day = $today.Day
$mth = $today.Month
$year = $today.Year
$hour = $today.Hour
$min = $today.Minute
$sec = $today.Second
$date = "$year-$mth-$day-$hour$min$sec"

$outfile = "IO-VM-$date.CSV"

$datastores = get-content .\stores.txt
$server = "vcs01.domain.com"
$numsamples = 180
 # number of samples = x time
 # 180 = 60min
 # 90 = 30min
 # 45 = 15min
 # 15 = 5min
 # 3 = 1min
 # 1 = 20sec (.33 min)

$username = "root"
$password = get-content cred.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $username,$password


# add VMware PS snapin
if (-not (Get-PSSnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue)) {
    Add-PSSnapin VMware.VimAutomation.Core
}

# connect vCenter server session
Connect-VIServer $server -NotDefault -WarningAction SilentlyContinue | Out-Null


# function to get iops for a vm on a particular host
function GetAvgStat($vmhost,$vm,$ds,$samples,$stat){

 # connect to host
 connect-viserver -server $vmhost -credential $credentials -NotDefault -WarningAction SilentlyContinue | Out-Null
 
 # identify device id for datastore
 $myDatastoreID = ((Get-Datastore $ds -server $vmhost) | Get-View).info.vmfs.extent[0].diskname
 
 # gather iops generated by vm
 $rawVMStats = get-stat -entity (get-vm $vm -server $vmhost) -stat $stat -maxSamples $samples
 $results = @()
 
 foreach ($stat in $rawVMStats) {
  if ($stat.instance.Equals($myDatastoreID)) {
   $results += $stat.Value
  }
 }
 
 $totalIOPS = 0
 foreach ($res in $results) {
  $totalIOPS += $res 
 }
 
 return [int] ($totalIOPS/$samples/20)
}

$IOPSReport = @()

$i = 0
$dstotal = $datastores.length + 1
foreach ($datastore in $datastores) {
  write-progress -id 1 -activity "Gathering IOPS Data" -status "% Datastores Complete" -percentcomplete (($i / $dstotal)*100)
  
  # Grab datastore and find VMs on that datastore
  $myDatastore = Get-Datastore -Name $datastore -server $server
  $myVMs = Get-VM -Datastore $myDatastore -server $server | Where {$_.PowerState -eq "PoweredOn"}
  
  if ($myVMs -eq $null) { continue } #go to next in foreach if no VM's listed
  
  # Gather current IO snapshot for each VM
  $dataArray = @()
  
  $j = 0
  $vmtotal = $myVMs.length + 1
  foreach ($vm in $myVMs) {
   write-progress -id 2 -parentID 1 -activity "Gathering IOPS Data" -status "% VMs in $datastore" -percentcomplete (($j / $vmtotal)*100)
   $data = ""| Select "Time", "VM", "Interval (minutes)", "Avg Write IOPS", "Avg Read IOPS", "Total IOPS"
   $data."Time" = $date
   $data."VM" = $vm.name
   $data."Interval (minutes)" = ($numsamples*20)/60
   $data."Avg Write IOPS" = GetAvgStat -vmhost $vm.host.name -vm $vm.name -ds $datastore -samples $numsamples -stat disk.numberWrite.summation
   $data."Avg Read IOPS" = GetAvgStat -vmhost $vm.host.name -vm $vm.name -ds $datastore -samples $numsamples -stat disk.numberRead.summation
   $data."Total IOPS" = $data."Avg Write IOPS" + $data."Avg Read IOPS"
   $dataArray += $data
   $j++
   }
  
  # Do something with the array of data
  $IOPSReport += $dataArray
  
  $i++

}

$IOPSReport
$IOPSReport | Export-CSV $outfile -NoType

2/07/2012

VMWare Statistics

esxtop has "commands per second" metric - what is that?
  • IOPS = Input/Output Operations Per Second
    • Within esxtop this would be the outcome of “Number of Read commands(READS/s) + Number of Write commands(WRITES/s)”
  • CMDS/s = Total commands per second
    • Within esxtop this includes any command(for instance SCSI reservations) and not necessary only read/write IOs
  • 1/25/2012

    Script to push config changes to switches and routers.

    Perl::Cisco::Script to push config changes to switches and routers.

    
    #reconfig.pl
    #
    #############
    use Net::Telnet;
    #
    my $list = "./list.txt";
    my $cmd = "./cmds.txt";
    my $login = "config";
    my $password = "XXXXXXXXXX";
    open HOSTS, "<", $list or die "$list not found!";
        my @all = ;
    close HOSTS;
    open CMDS, "<", $cmd or die "$cmd not found!";
        my @todo = ;
    close CMDS;
    ###############
    foreach $host (@all) {
    $host =~ s/^\s+//;
    $host =~ s/\s+$//;
    my $outfile = "./$host-log.txt";
    open OUT, ">", $outfile or die "Unable to create $outfile!";
    print $host;
     if ($host =~ m/#/i) { #skip
      next;
     }
     print OUT "HOST=$host\n";
     $telnet = new Net::Telnet ( 
         Timeout=>15,
      Errmode=> sub{&ConnErr},
      Prompt => '/.*#$/');
     $telnet->open($host);
     $telnet->login($login, $password);
     foreach $task (@todo) {
      if ($task =~ m/#/i) { #skip
       next;
       }
      print OUT " -> $task  <-\t";
      @result = $telnet->cmd(String =>$task, Prompt => '/.*#$/');
      $telnet->waitfor('/#/');
      print OUT @result;
      print OUT "\r\n";
      foreach $line (@result) {
       if (($line =~ m/%/i)or($line =~ m/Translating/i)) { #Woah there!
        print OUT "ERROR:  Terminating\r\n";
        print "ERROR:  Check Log\r\n";
        exit;
       }
      }
      $telnet->waitfor('/#/');
     } #foreach task
    print OUT "----------------------------------------\r\n";
    #$telnet->waitfor('/#/');
    close OUT;
    } #foreach host
    
    #END MAIN
    
    ################
    sub ConnErr {
        print OUT "ERROR:  Connection Failed to $host\r\n";
        print OUT "----------------------------------------\r\n";
        next;
    }
    ################
    

    1/23/2012

    Robert Chase: VMware ESXi SSH CLI commands

    Robert Chase: VMware ESXi SSH CLI commands
    • vim-cmd vmsvc/getallvms
      • Lists all vm's running on hypervisor and provides vmid
    • vim-cmd vmsvc/power.off vmid
      • Powers off vmid referenced from getallvms command
    • vim-cmd vmsvc/power.on vmid
      • Powers off vmid referenced from getallvms command
    • vim-cmd vmsvc/power.reboot vmid
      • Reboots vmid referenced from getallvms command
    • vim-cmd vmsvc/destroy vmid
      • Deletes the vmdk and vmx files from disk
    • vim-cmd hostsvc/maintenance_mode_enter
      • Puts hypervisor into maintenance mode
    • vim-cmd hostsvc/maintenance_mode_exit
      • Takes hypervisor out of maintenance mode
    • vim-cmd solo/registervm /vmfs/vol/datastore/dir/vm.vmx
      • Registers vm in hypervisor inventory
    • vim-cmd vmsvc/unregister vmid
      • Unregisters vm with hypervisor
    • vim-cmd vmsvc/tools.install vmid
      • Starts vmware tools installation for VM
    • vim-cmd hostsvc/net/info
      • Provides information about hypervisor networking
    • chkconfig -l
      • Shows daemons running on hypervisor. Can also be used for configuration.
    • esxtop
      • Same as linux top for vmware
    • vmkerrcode -l
      • List of vmkernel errors
    • esxcfg-info
      • Lists a LOT of information about the esx host
    • esxcfg-nics -l
      • Lists information about NIC's. Can also be used for configuration.
    • esxcfg-vswitch -l
      • Lists information about virtual switching. Can also be used for configuration.
    • dcui
      • Provides console screen to ssh session
    • vsish
      • Vmware interactive shell
    • decodeSel /var/log/ipmi_sel.raw
      • Read System Event Log of server

    1/18/2012

    Vsphere 5

    UCS & VMWare: 
    Suppress Management Network Redundancy Warning
    PROBLEM
    With UCS we have NIC redundancy built in.  So I can make vmnic0 the interface on the management network on the "local" vswitch and put vmnic1 on the distributed vswitch.  The vmware virtual NIC's will map to the UCS vnic1-A and vnic1-B interfaces which failover to each other at the UCS layer. 
    But VMWare warns me that the host has no management network redundancy when I add it to the HA cluster.  I could create more vNIC's in UCS but that "wastes" a virtual interface in UCS just to make VMWare shut up about it.
    SOLUTION
    This warning can be suppressed under advanced options.  Set das.ignoreRedundantNetWarning to true to suppress the warning on hosts not configured in an HA cluster. Then tell it to reconfigure HA.

    1/17/2012

    Cisco sfp+ fiber modules


    Cisco SFP+ Modules Fiber Info


    Cisco SFP-10G-SR
    The Cisco 10GBASE-SR Module supports a link length of 26m on standard Fiber Distributed Data Interface (FDDI)-grade multimode fiber (MMF). Using 2000MHz*km MMF (OM3), up to 300m link lengths are possible. Using 4700MHz*km MMF (OM4), up to 400m link lengths are possible.

    Cisco SFP-10G-LRM
    The Cisco 10GBASE-LRM Module supports link lengths of 220m on standard Fiber Distributed Data Interface (FDDI) grade multimode fiber (MMF). To ensure that specifications are met over FDDI-grade, OM1 and OM2 fibers, the transmitter should be coupled through a mode conditioning patch cord. No mode conditioning patch cord is required for applications over OM3 or OM4. For additional information on mode conditioning patch cord requirements please see: http://www.cisco.com/en/US/prod/collateral/modules/ps5455/product_bulletin_c25-530836.html.
    The Cisco 10GBASE-LRM Module also supports link lengths of 300m on standard single-mode fiber (SMF, G.652).

    Cisco FET-10G
    The Cisco FET-10G Fabric Extender Transceiver support link lengths up to 100m on laser-optimized OM3 or OM4 multimode fiber. It is supported on fabric links only from a Nexus 2000 to a Cisco parent switch. Note this product is not orderable individually. For more information refer to Nexus 2000 datasheet: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps10110/data_sheet_c78-507093.html.

    Cisco SFP-10G-LR
    The Cisco 10GBASE-LR Module supports a link length of 10 kilometers on standard single-mode fiber (SMF, G.652).

    Cisco SFP-10G-ER
    The Cisco 10GBASE-ER Module supports a link length of up to 40 kilometers on standard single-mode fiber (SMF, G.652).

    Cisco SFP-10G-ZR
    The Cisco 10GBASE-ZR Module supports link lengths of up to about 80 kilometers on standard single-mode fiber (SMF, G.652). This interface is not specified as part of the 10 Gigabit Ethernet standard and is instead built according to Cisco specifications.

    Cisco SFP+ Copper - (twinax)
    Cisco SFP+ Copper Twinax cables are suitable for very short distances and offer a highly cost-effective way to connect within racks and across adjacent racks. Cisco offers passive Twinax cables in lengths of 1, 3 and 5 meters, and active Twinax cables in lengths of 7 and 10 meters.

    Wireless info